Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Improve ivc bench #4242

Merged
merged 21 commits into from
Jan 30, 2024
Merged
Show file tree
Hide file tree
Changes from 13 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,10 @@ set(BENCHMARK_SOURCES

# Required libraries for benchmark suites
set(LINKED_LIBRARIES
ultra_honk
eccvm
stdlib_recursion
goblin
stdlib_sha256
stdlib_merkle_tree
stdlib_primitives
benchmark::benchmark
)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,126 +11,125 @@ using namespace benchmark;
using namespace bb;

namespace {
void goblin_full(State& state) noexcept
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

class GoblinBench : public benchmark::Fixture {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The restructuring of this suite is substantial enough that it may be easier to review in isolation rather than via the diff.

public:
Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);

Goblin::AccumulationOutput kernel_accum;
Goblin::Proof proof;
for (auto _ : state) {
// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
}
// Number of function circuits to accumulate (based on Zacs target numbers)
static constexpr size_t NUM_ITERATIONS_MEDIUM_COMPLEXITY = 6;

proof = goblin.prove();
// Verify the final ultra proof
void SetUp([[maybe_unused]] const ::benchmark::State& state) override
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");
// TODO(https://github.com/AztecProtocol/barretenberg/issues/723): Simply populate the OpQueue with some data
// and corresponding commitments so the merge protocol has "prev" data into which it can accumulate
GoblinMockCircuits::perform_op_queue_interactions_for_mock_first_circuit(goblin.op_queue);
}
honk::GoblinUltraVerifier ultra_verifier{ kernel_input.verification_key };
ultra_verifier.verify_proof(kernel_input.proof);
// Verify the goblin proof (eccvm, translator, merge)
goblin.verify(proof);
}

void goblin_accumulate(State& state) noexcept
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;
/**
* @brief Perform a specified number of function circuit accumulation rounds
* @details Each round "accumulates" a mock function circuit and a mock kernel circuit. Each round thus consists of
* the generation of two circuits, two UGH proofs and two Merge proofs. To match the sizes called out in the spec
* (https://github.com/AztecProtocol/aztec-packages/blob/master/yellow-paper/docs/cryptography/performance-targets.md)
* we set the size of the function circuit to be 2^17 except for the first one which is 2^19.
*
* @param state
*/
void perform_goblin_accumulation_rounds(State& state)
{
auto NUM_CIRCUITS = static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);
// Construct and accumulate a mock function circuit
GoblinUltraCircuitBuilder function_circuit{ goblin.op_queue };
// On the first iteration construct a "large" function circuit (2^19), otherwise medium (2^17)
GoblinMockCircuits::construct_mock_function_circuit(function_circuit, /*large=*/circuit_idx == 0);
auto function_accum = goblin.accumulate(function_circuit);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (auto _ : state) {
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
// Construct and accumulate the mock kernel circuit
// Note: in first round, kernel_accum is empty since there is no previous kernel to recursively verify
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, function_accum, kernel_accum);
kernel_accum = goblin.accumulate(circuit_builder);
}
}
}
};

void goblin_eccvm_prove(State& state) noexcept
/**
* @brief Benchmark the full Goblin IVC protocol
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinFull)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);
for (auto _ : state) {
// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
// Construct proofs for ECCVM and Translator
goblin.prove();
}
}

/**
* @brief Benchmark only the accumulation rounds
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinAccumulate)(benchmark::State& state)
{
// Perform a specified number of iterations of function/kernel accumulation
for (auto _ : state) {
goblin.prove_eccvm();
perform_goblin_accumulation_rounds(state);
}
}

void goblin_translator_prove(State& state) noexcept
/**
* @brief Benchmark only the ECCVM component
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinECCVMProve)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;
// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state);

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
// Prove ECCVM only
for (auto _ : state) {
goblin.prove_eccvm();
}
}

/**
* @brief Benchmark only the Translator component
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinTranslatorProve)(benchmark::State& state)
{
// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state);

// Prove ECCVM (unmeasured) and Translator (measured)
goblin.prove_eccvm();
for (auto _ : state) {
goblin.prove_translator();
}
}

} // namespace

BENCHMARK(goblin_full)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_accumulate)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_eccvm_prove)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_translator_prove)->Unit(kMillisecond)->DenseRange(0, 7);
#define ARGS \
Arg(GoblinBench::NUM_ITERATIONS_MEDIUM_COMPLEXITY) \
->Arg(1 << 0) \
->Arg(1 << 1) \
->Arg(1 << 2) \
->Arg(1 << 3) \
->Arg(1 << 4) \
->Arg(1 << 5) \
->Arg(1 << 6)

BENCHMARK_REGISTER_F(GoblinBench, GoblinFull)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinAccumulate)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinECCVMProve)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinTranslatorProve)->Unit(benchmark::kMillisecond)->ARGS;

} // namespace
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
#include <benchmark/benchmark.h>
#include <cstddef>

#include "barretenberg/goblin/mock_circuits.hpp"
#include "barretenberg/plonk/composer/standard_composer.hpp"
#include "barretenberg/plonk/composer/ultra_composer.hpp"
#include "barretenberg/proof_system/types/circuit_type.hpp"
Expand Down Expand Up @@ -46,121 +47,6 @@ template <typename Builder> void generate_basic_arithmetic_circuit(Builder& buil
}
}

/**
* @brief Generate test circuit with specified number of sha256 hashes
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_sha256_test_circuit(Builder& builder, size_t num_iterations)
{
std::string in;
in.resize(32);
stdlib::packed_byte_array<Builder> input(&builder, in);
for (size_t i = 0; i < num_iterations; i++) {
input = stdlib::sha256<Builder>(input);
}
}

/**
* @brief Generate test circuit with specified number of keccak hashes
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_keccak_test_circuit(Builder& builder, size_t num_iterations)
{
std::string in = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01";

stdlib::byte_array<Builder> input(&builder, in);
for (size_t i = 0; i < num_iterations; i++) {
input = stdlib::keccak<Builder>::hash(input);
}
}

/**
* @brief Generate test circuit with specified number of ecdsa verifications
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_ecdsa_verification_test_circuit(Builder& builder, size_t num_iterations)
{
using curve = stdlib::secp256k1<Builder>;
using fr = typename curve::fr;
using fq = typename curve::fq;
using g1 = typename curve::g1;

std::string message_string = "Instructions unclear, ask again later.";

crypto::ecdsa_key_pair<fr, g1> account;
for (size_t i = 0; i < num_iterations; i++) {
// Generate unique signature for each iteration
account.private_key = curve::fr::random_element();
account.public_key = curve::g1::one * account.private_key;

crypto::ecdsa_signature signature =
crypto::ecdsa_construct_signature<Sha256Hasher, fq, fr, g1>(message_string, account);

bool first_result =
crypto::ecdsa_verify_signature<Sha256Hasher, fq, fr, g1>(message_string, account.public_key, signature);
static_cast<void>(first_result); // TODO(Cody): This is not used anywhere.

std::vector<uint8_t> rr(signature.r.begin(), signature.r.end());
std::vector<uint8_t> ss(signature.s.begin(), signature.s.end());
uint8_t vv = signature.v;

typename curve::g1_bigfr_ct public_key = curve::g1_bigfr_ct::from_witness(&builder, account.public_key);

stdlib::ecdsa_signature<Builder> sig{ typename curve::byte_array_ct(&builder, rr),
typename curve::byte_array_ct(&builder, ss),
stdlib::uint8<Builder>(&builder, vv) };

typename curve::byte_array_ct message(&builder, message_string);

// Verify ecdsa signature
stdlib::ecdsa_verify_signature<Builder,
curve,
typename curve::fq_ct,
typename curve::bigfr_ct,
typename curve::g1_bigfr_ct>(message, public_key, sig);
}
}

/**
* @brief Generate test circuit with specified number of merkle membership checks
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_merkle_membership_test_circuit(Builder& builder, size_t num_iterations)
{
using namespace stdlib;
using field_ct = field_t<Builder>;
using witness_ct = witness_t<Builder>;
using witness_ct = witness_t<Builder>;
using MemStore = merkle_tree::MemoryStore;
using MerkleTree_ct = merkle_tree::MerkleTree<MemStore>;

MemStore store;
const size_t tree_depth = 7;
auto merkle_tree = MerkleTree_ct(store, tree_depth);

for (size_t i = 0; i < num_iterations; i++) {
// For each iteration update and check the membership of a different value
size_t idx = i;
size_t value = i * 2;
merkle_tree.update_element(idx, value);

field_ct root_ct = witness_ct(&builder, merkle_tree.root());
auto idx_ct = field_ct(witness_ct(&builder, fr(idx))).decompose_into_bits();
auto value_ct = field_ct(value);

merkle_tree::check_membership(
root_ct, merkle_tree::create_witness_hash_path(builder, merkle_tree.get_hash_path(idx)), value_ct, idx_ct);
}
}

// ultrahonk
inline honk::UltraProver get_prover(honk::UltraComposer& composer,
void (*test_circuit_function)(honk::UltraComposer::CircuitBuilder&, size_t),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,21 +29,17 @@ static void construct_proof_ultrahonk_power_of_2(State& state) noexcept
}

// Define benchmarks
BENCHMARK_CAPTURE(construct_proof_ultrahonk,
sha256,
&bb::mock_proofs::generate_sha256_test_circuit<UltraCircuitBuilder>)
BENCHMARK_CAPTURE(construct_proof_ultrahonk, sha256, &stdlib::generate_sha256_test_circuit<UltraCircuitBuilder>)
->Unit(kMillisecond);
BENCHMARK_CAPTURE(construct_proof_ultrahonk,
keccak,
&bb::mock_proofs::generate_keccak_test_circuit<UltraCircuitBuilder>)
BENCHMARK_CAPTURE(construct_proof_ultrahonk, keccak, &stdlib::generate_keccak_test_circuit<UltraCircuitBuilder>)
->Unit(kMillisecond);
BENCHMARK_CAPTURE(construct_proof_ultrahonk,
ecdsa_verification,
&bb::mock_proofs::generate_ecdsa_verification_test_circuit<UltraCircuitBuilder>)
&stdlib::generate_ecdsa_verification_test_circuit<UltraCircuitBuilder>)
->Unit(kMillisecond);
BENCHMARK_CAPTURE(construct_proof_ultrahonk,
merkle_membership,
&bb::mock_proofs::generate_merkle_membership_test_circuit<UltraCircuitBuilder>)
&stdlib::generate_merkle_membership_test_circuit<UltraCircuitBuilder>)
->Unit(kMillisecond);

BENCHMARK(construct_proof_ultrahonk_power_of_2)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ BBERG_PROFILE static void test_round(State& state, size_t index) noexcept
honk::UltraComposer composer;
// TODO(https://github.com/AztecProtocol/barretenberg/issues/761) benchmark both sparse and dense circuits
honk::UltraProver prover = bb::mock_proofs::get_prover(
composer, &bb::mock_proofs::generate_ecdsa_verification_test_circuit<UltraCircuitBuilder>, 10);
composer, &bb::stdlib::generate_ecdsa_verification_test_circuit<UltraCircuitBuilder>, 10);
test_round_inner(state, prover, index);
state.ResumeTiming();
// NOTE: google bench is very finnicky, must end in ResumeTiming() for correctness
Expand Down
Loading
Loading