Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Improve ivc bench #4242

Merged
merged 21 commits into from
Jan 30, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion barretenberg/cpp/scripts/benchmark.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
set -eu

BENCHMARK=${1:-goblin_bench}
COMMAND=${2:-./bin/$BENCHMARK}

# Move above script dir.
cd $(dirname $0)/..
Expand All @@ -11,4 +12,6 @@ cmake --preset clang16
cmake --build --preset clang16 --target $BENCHMARK

cd build
./bin/$BENCHMARK
# Consistency with _wasm.sh targets / shorter $COMMAND.
cp ./bin/$BENCHMARK .
$COMMAND
5 changes: 4 additions & 1 deletion barretenberg/cpp/scripts/benchmark_wasm.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
set -eu

BENCHMARK=${1:-goblin_bench}
COMMAND=${2:-./bin/$BENCHMARK}

# Move above script dir.
cd $(dirname $0)/..
Expand All @@ -11,4 +12,6 @@ cmake --preset wasm-bench
cmake --build --preset wasm-bench --target $BENCHMARK

cd build-wasm-bench
wasmtime run -Wthreads=y -Sthreads=y ./bin/$BENCHMARK
# Consistency with _wasm.sh targets / shorter $COMMAND.
cp ./bin/$BENCHMARK .
wasmtime run -Wthreads=y -Sthreads=y $COMMAND
Original file line number Diff line number Diff line change
@@ -1 +1 @@
barretenberg_module(goblin_bench ultra_honk eccvm stdlib_recursion)
barretenberg_module(goblin_bench ultra_honk eccvm stdlib_recursion stdlib_sha256 stdlib_merkle_tree stdlib_primitives)
Original file line number Diff line number Diff line change
Expand Up @@ -11,128 +11,143 @@ using namespace benchmark;
using namespace bb;

namespace {
void goblin_full(State& state) noexcept
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;
class GoblinBench : public benchmark::Fixture {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The restructuring of this suite is substantial enough that it may be easier to review in isolation rather than via the diff.

public:
Goblin::AccumulationOutput kernel_accum;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);
// Number of function circuits to accumulate(based on Zacs target numbers)
static constexpr size_t NUM_ITERATIONS_MEDIUM_COMPLEXITY = 6;

Goblin::Proof proof;
for (auto _ : state) {
// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
void SetUp([[maybe_unused]] const ::benchmark::State& state) override
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");
}

/**
* @brief Perform a specified number of function circuit accumulation rounds
* @details Each round "accumulates" a mock function circuit and a mock kernel circuit. Each round thus consists of
* the generation of two circuits, two UGH proofs and two Merge proofs. To match the sizes called out in the spec
* (https://github.com/AztecProtocol/aztec-packages/blob/master/yellow-paper/docs/cryptography/performance-targets.md)
* we set the size of the function circuit to be 2^17 except for the first one which is 2^19.
*
* @param state
*/
void perform_goblin_accumulation_rounds(State& state, Goblin& goblin)
{
auto NUM_CIRCUITS = static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
}
// Construct and accumulate a mock function circuit
GoblinUltraCircuitBuilder function_circuit{ goblin.op_queue };
// On the first iteration construct a "large" function circuit (2^19), otherwise medium (2^17)
GoblinMockCircuits::construct_mock_function_circuit(function_circuit, /*large=*/circuit_idx == 0);
auto function_accum = goblin.accumulate(function_circuit);

proof = goblin.prove();
// Verify the final ultra proof
// Construct and accumulate the mock kernel circuit
// Note: in first round, kernel_accum is empty since there is no previous kernel to recursively verify
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, function_accum, kernel_accum);
kernel_accum = goblin.accumulate(circuit_builder);
}
}
honk::GoblinUltraVerifier ultra_verifier{ kernel_input.verification_key };
ultra_verifier.verify_proof(kernel_input.proof);
// Verify the goblin proof (eccvm, translator, merge)
goblin.verify(proof);
}
};

void goblin_accumulate(State& state) noexcept
/**
* @brief Benchmark the full Goblin IVC protocol
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinFull)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);
// TODO(https://github.com/AztecProtocol/barretenberg/issues/723): Simply populate the OpQueue with some data
// and corresponding commitments so the merge protocol has "prev" data into which it can accumulate
GoblinMockCircuits::perform_op_queue_interactions_for_mock_first_circuit(goblin.op_queue);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (auto _ : state) {
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);
// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state, goblin);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
}
// Construct proofs for ECCVM and Translator
goblin.prove();
}
}

void goblin_eccvm_prove(State& state) noexcept
/**
* @brief Benchmark only the accumulation rounds
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinAccumulate)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);
// TODO(https://github.com/AztecProtocol/barretenberg/issues/723)
GoblinMockCircuits::perform_op_queue_interactions_for_mock_first_circuit(goblin.op_queue);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
// Perform a specified number of iterations of function/kernel accumulation
for (auto _ : state) {
perform_goblin_accumulation_rounds(state, goblin);
}
}

/**
* @brief Benchmark only the ECCVM component
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinECCVMProve)(benchmark::State& state)
{
Goblin goblin;

// TODO(https://github.com/AztecProtocol/barretenberg/issues/723)
GoblinMockCircuits::perform_op_queue_interactions_for_mock_first_circuit(goblin.op_queue);

// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state, goblin);

// Prove ECCVM only
for (auto _ : state) {
goblin.prove_eccvm();
}
}

void goblin_translator_prove(State& state) noexcept
/**
* @brief Benchmark only the Translator component
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinTranslatorProve)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);
// TODO(https://github.com/AztecProtocol/barretenberg/issues/723)
GoblinMockCircuits::perform_op_queue_interactions_for_mock_first_circuit(goblin.op_queue);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
}
// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state, goblin);

// Prove ECCVM (unmeasured) and Translator (measured)
goblin.prove_eccvm();
for (auto _ : state) {
goblin.prove_translator();
}
}

} // namespace
#define ARGS \
Arg(GoblinBench::NUM_ITERATIONS_MEDIUM_COMPLEXITY) \
->Arg(1 << 0) \
->Arg(1 << 1) \
->Arg(1 << 2) \
->Arg(1 << 3) \
->Arg(1 << 4) \
->Arg(1 << 5) \
->Arg(1 << 6)

BENCHMARK_REGISTER_F(GoblinBench, GoblinFull)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinAccumulate)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinECCVMProve)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinTranslatorProve)->Unit(benchmark::kMillisecond)->ARGS;

BENCHMARK(goblin_full)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_accumulate)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_eccvm_prove)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_translator_prove)->Unit(kMillisecond)->DenseRange(0, 7);
} // namespace

BENCHMARK_MAIN();
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
#include <benchmark/benchmark.h>
#include <cstddef>

#include "barretenberg/goblin/mock_circuits.hpp"
#include "barretenberg/plonk/composer/standard_composer.hpp"
#include "barretenberg/plonk/composer/ultra_composer.hpp"
#include "barretenberg/proof_system/types/circuit_type.hpp"
Expand Down Expand Up @@ -46,121 +47,6 @@ template <typename Builder> void generate_basic_arithmetic_circuit(Builder& buil
}
}

/**
* @brief Generate test circuit with specified number of sha256 hashes
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_sha256_test_circuit(Builder& builder, size_t num_iterations)
{
std::string in;
in.resize(32);
stdlib::packed_byte_array<Builder> input(&builder, in);
for (size_t i = 0; i < num_iterations; i++) {
input = stdlib::sha256<Builder>(input);
}
}

/**
* @brief Generate test circuit with specified number of keccak hashes
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_keccak_test_circuit(Builder& builder, size_t num_iterations)
{
std::string in = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01";

stdlib::byte_array<Builder> input(&builder, in);
for (size_t i = 0; i < num_iterations; i++) {
input = stdlib::keccak<Builder>::hash(input);
}
}

/**
* @brief Generate test circuit with specified number of ecdsa verifications
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_ecdsa_verification_test_circuit(Builder& builder, size_t num_iterations)
{
using curve = stdlib::secp256k1<Builder>;
using fr = typename curve::fr;
using fq = typename curve::fq;
using g1 = typename curve::g1;

std::string message_string = "Instructions unclear, ask again later.";

crypto::ecdsa_key_pair<fr, g1> account;
for (size_t i = 0; i < num_iterations; i++) {
// Generate unique signature for each iteration
account.private_key = curve::fr::random_element();
account.public_key = curve::g1::one * account.private_key;

crypto::ecdsa_signature signature =
crypto::ecdsa_construct_signature<Sha256Hasher, fq, fr, g1>(message_string, account);

bool first_result =
crypto::ecdsa_verify_signature<Sha256Hasher, fq, fr, g1>(message_string, account.public_key, signature);
static_cast<void>(first_result); // TODO(Cody): This is not used anywhere.

std::vector<uint8_t> rr(signature.r.begin(), signature.r.end());
std::vector<uint8_t> ss(signature.s.begin(), signature.s.end());
uint8_t vv = signature.v;

typename curve::g1_bigfr_ct public_key = curve::g1_bigfr_ct::from_witness(&builder, account.public_key);

stdlib::ecdsa_signature<Builder> sig{ typename curve::byte_array_ct(&builder, rr),
typename curve::byte_array_ct(&builder, ss),
stdlib::uint8<Builder>(&builder, vv) };

typename curve::byte_array_ct message(&builder, message_string);

// Verify ecdsa signature
stdlib::ecdsa_verify_signature<Builder,
curve,
typename curve::fq_ct,
typename curve::bigfr_ct,
typename curve::g1_bigfr_ct>(message, public_key, sig);
}
}

/**
* @brief Generate test circuit with specified number of merkle membership checks
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_merkle_membership_test_circuit(Builder& builder, size_t num_iterations)
{
using namespace stdlib;
using field_ct = field_t<Builder>;
using witness_ct = witness_t<Builder>;
using witness_ct = witness_t<Builder>;
using MemStore = merkle_tree::MemoryStore;
using MerkleTree_ct = merkle_tree::MerkleTree<MemStore>;

MemStore store;
const size_t tree_depth = 7;
auto merkle_tree = MerkleTree_ct(store, tree_depth);

for (size_t i = 0; i < num_iterations; i++) {
// For each iteration update and check the membership of a different value
size_t idx = i;
size_t value = i * 2;
merkle_tree.update_element(idx, value);

field_ct root_ct = witness_ct(&builder, merkle_tree.root());
auto idx_ct = field_ct(witness_ct(&builder, fr(idx))).decompose_into_bits();
auto value_ct = field_ct(value);

merkle_tree::check_membership(
root_ct, merkle_tree::create_witness_hash_path(builder, merkle_tree.get_hash_path(idx)), value_ct, idx_ct);
}
}

// ultrahonk
inline honk::UltraProver get_prover(honk::UltraComposer& composer,
void (*test_circuit_function)(honk::UltraComposer::CircuitBuilder&, size_t),
Expand Down
Loading
Loading