Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Improve ivc bench #4242

Merged
merged 21 commits into from
Jan 30, 2024
Merged
Show file tree
Hide file tree
Changes from 8 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion barretenberg/cpp/scripts/collect_profile_information.sh
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ function shorten_cpp_names() {
llvm-xray-16 stack xray-log.$EXECUTABLE.* \
--instr_map=./bin/$EXECUTABLE --stack-format=flame --aggregate-threads --aggregation-type=time --all-stacks \
| node ../scripts/llvm_xray_stack_flame_corrector.js \
| shorten_cpp_names \
| ../scripts/flamegraph.pl --width 1200 --fontsize 10 \
> xray.svg
echo "Profiling complete, now you can do e.g. 'scp mainframe:`readlink -f xray.svg` .' on a local terminal and open the SVG in a browser."
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,10 @@ set(BENCHMARK_SOURCES

# Required libraries for benchmark suites
set(LINKED_LIBRARIES
ultra_honk
eccvm
stdlib_recursion
goblin
stdlib_sha256
stdlib_merkle_tree
stdlib_primitives
benchmark::benchmark
)

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,126 +11,132 @@ using namespace benchmark;
using namespace bb;

namespace {
void goblin_full(State& state) noexcept
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

class GoblinBench : public benchmark::Fixture {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The restructuring of this suite is substantial enough that it may be easier to review in isolation rather than via the diff.

public:
Goblin goblin;
Goblin::AccumulationOutput kernel_accum;
Goblin::Proof proof;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);
// Number of function circuits to accumulate (based on Zacs target numbers)
static constexpr size_t NUM_ITERATIONS_MEDIUM_COMPLEXITY = 6;

Goblin::Proof proof;
for (auto _ : state) {
// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
void SetUp([[maybe_unused]] const ::benchmark::State& state) override
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");
// TODO(https://github.com/AztecProtocol/barretenberg/issues/723): Simply populate the OpQueue with some data
// and corresponding commitments so the merge protocol has "prev" data into which it can accumulate
GoblinMockCircuits::perform_op_queue_interactions_for_mock_first_circuit(goblin.op_queue);
}

/**
* @brief Perform a specified number of function circuit accumulation rounds
* @details Each round "accumulates" a mock function circuit and a mock kernel circuit. Each round thus consists of
* the generation of two circuits, two UGH proofs and two Merge proofs. To match the sizes called out in the spec
* (https://github.com/AztecProtocol/aztec-packages/blob/master/yellow-paper/docs/cryptography/performance-targets.md)
* we set the size of the function circuit to be 2^17 except for the first one which is 2^19.
*
* @param state
*/
void perform_goblin_accumulation_rounds(State& state)
{
auto NUM_CIRCUITS = static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
// Construct and accumulate a mock function circuit
GoblinUltraCircuitBuilder function_circuit{ goblin.op_queue };
// On the first iteration construct a "large" function circuit (2^19), otherwise medium (2^17)
GoblinMockCircuits::construct_mock_function_circuit(function_circuit, /*large_flag=*/circuit_idx == 0);
auto function_accum = goblin.accumulate(function_circuit);

// Construct and accumulate the mock kernel circuit
// Note: in first round, kernel_accum is empty since there is no previous kernel to recursively verify
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, function_accum, kernel_accum);
kernel_accum = goblin.accumulate(circuit_builder);
}
}
};

#define ARGS \
Arg(GoblinBench::NUM_ITERATIONS_MEDIUM_COMPLEXITY) \
->Arg(1 << 0) \
->Arg(1 << 1) \
->Arg(1 << 2) \
->Arg(1 << 3) \
->Arg(1 << 4) \
->Arg(1 << 5) \
->Arg(1 << 6)

/**
* @brief Benchmark the full Goblin IVC protocol
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinFull)(benchmark::State& state)
{
for (auto _ : state) {
// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state);

// Construct proofs for ECCVM and Translator
proof = goblin.prove();
// Verify the final ultra proof
}
honk::GoblinUltraVerifier ultra_verifier{ kernel_input.verification_key };
ultra_verifier.verify_proof(kernel_input.proof);

// Verify the final UGH proof
honk::GoblinUltraVerifier ultra_verifier{ kernel_accum.verification_key };
ultra_verifier.verify_proof(kernel_accum.proof);
// Verify the goblin proof (eccvm, translator, merge)
goblin.verify(proof);
}

void goblin_accumulate(State& state) noexcept
/**
* @brief Benchmark only the accumulation rounds
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinAccumulate)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
// Perform a specified number of iterations of function/kernel accumulation
for (auto _ : state) {
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
}
perform_goblin_accumulation_rounds(state);
}
}

void goblin_eccvm_prove(State& state) noexcept
/**
* @brief Benchmark only the ECCVM component
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinECCVMProve)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
}
// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state);

// Prove ECCVM only
for (auto _ : state) {
goblin.prove_eccvm();
}
}

void goblin_translator_prove(State& state) noexcept
/**
* @brief Benchmark only the Translator component
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinTranslatorProve)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
}
// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state);

// Prove ECCVM (unmeasured) and Translator (measured)
goblin.prove_eccvm();
for (auto _ : state) {
goblin.prove_translator();
}
}

} // namespace
// Register the benchmark
BENCHMARK_REGISTER_F(GoblinBench, GoblinFull)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinAccumulate)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinECCVMProve)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinTranslatorProve)->Unit(benchmark::kMillisecond)->ARGS;

BENCHMARK(goblin_full)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_accumulate)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_eccvm_prove)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_translator_prove)->Unit(kMillisecond)->DenseRange(0, 7);
} // namespace
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
#include <benchmark/benchmark.h>
#include <cstddef>

#include "barretenberg/goblin/mock_circuits.hpp"
#include "barretenberg/plonk/composer/standard_composer.hpp"
#include "barretenberg/plonk/composer/ultra_composer.hpp"
#include "barretenberg/proof_system/types/circuit_type.hpp"
Expand Down Expand Up @@ -54,14 +55,10 @@ template <typename Builder> void generate_basic_arithmetic_circuit(Builder& buil
*/
template <typename Builder> void generate_sha256_test_circuit(Builder& builder, size_t num_iterations)
{
std::string in;
in.resize(32);
stdlib::packed_byte_array<Builder> input(&builder, in);
for (size_t i = 0; i < num_iterations; i++) {
input = stdlib::sha256<Builder>(input);
}
stdlib::generate_sha256_test_circuit(builder, num_iterations);
}

// WORKTODO: just get rid of these pass-throughs and call the mock circuit methods directly in ultra bench
/**
* @brief Generate test circuit with specified number of keccak hashes
*
Expand All @@ -70,12 +67,7 @@ template <typename Builder> void generate_sha256_test_circuit(Builder& builder,
*/
template <typename Builder> void generate_keccak_test_circuit(Builder& builder, size_t num_iterations)
{
std::string in = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01";

stdlib::byte_array<Builder> input(&builder, in);
for (size_t i = 0; i < num_iterations; i++) {
input = stdlib::keccak<Builder>::hash(input);
}
stdlib::keccak<Builder>::generate_test_circuit(builder, num_iterations);
}

/**
Expand All @@ -86,45 +78,7 @@ template <typename Builder> void generate_keccak_test_circuit(Builder& builder,
*/
template <typename Builder> void generate_ecdsa_verification_test_circuit(Builder& builder, size_t num_iterations)
{
using curve = stdlib::secp256k1<Builder>;
using fr = typename curve::fr;
using fq = typename curve::fq;
using g1 = typename curve::g1;

std::string message_string = "Instructions unclear, ask again later.";

crypto::ecdsa_key_pair<fr, g1> account;
for (size_t i = 0; i < num_iterations; i++) {
// Generate unique signature for each iteration
account.private_key = curve::fr::random_element();
account.public_key = curve::g1::one * account.private_key;

crypto::ecdsa_signature signature =
crypto::ecdsa_construct_signature<Sha256Hasher, fq, fr, g1>(message_string, account);

bool first_result =
crypto::ecdsa_verify_signature<Sha256Hasher, fq, fr, g1>(message_string, account.public_key, signature);
static_cast<void>(first_result); // TODO(Cody): This is not used anywhere.

std::vector<uint8_t> rr(signature.r.begin(), signature.r.end());
std::vector<uint8_t> ss(signature.s.begin(), signature.s.end());
uint8_t vv = signature.v;

typename curve::g1_bigfr_ct public_key = curve::g1_bigfr_ct::from_witness(&builder, account.public_key);

stdlib::ecdsa_signature<Builder> sig{ typename curve::byte_array_ct(&builder, rr),
typename curve::byte_array_ct(&builder, ss),
stdlib::uint8<Builder>(&builder, vv) };

typename curve::byte_array_ct message(&builder, message_string);

// Verify ecdsa signature
stdlib::ecdsa_verify_signature<Builder,
curve,
typename curve::fq_ct,
typename curve::bigfr_ct,
typename curve::g1_bigfr_ct>(message, public_key, sig);
}
stdlib::generate_ecdsa_verification_test_circuit(builder, num_iterations);
}

/**
Expand All @@ -135,30 +89,7 @@ template <typename Builder> void generate_ecdsa_verification_test_circuit(Builde
*/
template <typename Builder> void generate_merkle_membership_test_circuit(Builder& builder, size_t num_iterations)
{
using namespace stdlib;
using field_ct = field_t<Builder>;
using witness_ct = witness_t<Builder>;
using witness_ct = witness_t<Builder>;
using MemStore = merkle_tree::MemoryStore;
using MerkleTree_ct = merkle_tree::MerkleTree<MemStore>;

MemStore store;
const size_t tree_depth = 7;
auto merkle_tree = MerkleTree_ct(store, tree_depth);

for (size_t i = 0; i < num_iterations; i++) {
// For each iteration update and check the membership of a different value
size_t idx = i;
size_t value = i * 2;
merkle_tree.update_element(idx, value);

field_ct root_ct = witness_ct(&builder, merkle_tree.root());
auto idx_ct = field_ct(witness_ct(&builder, fr(idx))).decompose_into_bits();
auto value_ct = field_ct(value);

merkle_tree::check_membership(
root_ct, merkle_tree::create_witness_hash_path(builder, merkle_tree.get_hash_path(idx)), value_ct, idx_ct);
}
stdlib::merkle_tree::generate_merkle_membership_test_circuit(builder, num_iterations);
}

// ultrahonk
Expand Down
2 changes: 1 addition & 1 deletion barretenberg/cpp/src/barretenberg/goblin/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
barretenberg_module(goblin stdlib_recursion ultra_honk eccvm translator_vm)
barretenberg_module(goblin stdlib_recursion ultra_honk eccvm translator_vm stdlib_sha256 stdlib_merkle_tree stdlib_primitives)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The inclusion of the stdlib components is only necessary now because the full goblin recursion tests (which now use these stdlib primitives in the kernel) live in the goblin module. We don't have an established pattern for avoiding this because this is the only place that we use stdlib primitives outside the stdlib (except for certain bench suites). One option is just to have a goblin_test module that is separate from goblin. Let's discuss

Copy link
Collaborator

@ludamad ludamad Jan 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If they're only in headers, this isn't technically needed. Also, might signal that this is a module boundary break vs having them in a testing module

Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ TEST_F(GoblinRecursionTests, Pseudo)
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
Expand Down
Loading
Loading