Skip to content

Commit

Permalink
feat: Improve ivc bench (AztecProtocol#4242)
Browse files Browse the repository at this point in the history
Makes the goblin bench more representative of the real aztec
architecture.

- General structure of the bench suite has been updated for clarity
- Each "accumulation round" consists of a function and kernel
- The first function is size 2^19 and subsequent function circuits are
2^17
- Every kernel is size 2^17
- All circuits are "full" relative to their dyadic size
- Mock circuit logic now consists of "big" primitive operations, e.g.
sha256, merkle membership checks etc. rather than simple arithmetic
gates. (Methods for constructing these individual circuits have been
moved to appropriate locations in the stdlib as discussed).
- The "nominal" bench has 6 iterations resulting in 12 UGH
circuits/proofs

---------

Co-authored-by: codygunton <[email protected]>
Co-authored-by: ludamad <[email protected]>
  • Loading branch information
3 people authored Jan 30, 2024
1 parent 37c8f8a commit c1a144a
Show file tree
Hide file tree
Showing 24 changed files with 428 additions and 247 deletions.
5 changes: 4 additions & 1 deletion barretenberg/cpp/scripts/benchmark.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
set -eu

BENCHMARK=${1:-goblin_bench}
COMMAND=${2:-./bin/$BENCHMARK}

# Move above script dir.
cd $(dirname $0)/..
Expand All @@ -11,4 +12,6 @@ cmake --preset clang16
cmake --build --preset clang16 --target $BENCHMARK

cd build
./bin/$BENCHMARK
# Consistency with _wasm.sh targets / shorter $COMMAND.
cp ./bin/$BENCHMARK .
$COMMAND
5 changes: 4 additions & 1 deletion barretenberg/cpp/scripts/benchmark_wasm.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
set -eu

BENCHMARK=${1:-goblin_bench}
COMMAND=${2:-./bin/$BENCHMARK}

# Move above script dir.
cd $(dirname $0)/..
Expand All @@ -11,4 +12,6 @@ cmake --preset wasm-bench
cmake --build --preset wasm-bench --target $BENCHMARK

cd build-wasm-bench
wasmtime run -Wthreads=y -Sthreads=y ./bin/$BENCHMARK
# Consistency with _wasm.sh targets / shorter $COMMAND.
cp ./bin/$BENCHMARK .
wasmtime run -Wthreads=y -Sthreads=y $COMMAND
Original file line number Diff line number Diff line change
@@ -1 +1 @@
barretenberg_module(goblin_bench ultra_honk eccvm stdlib_recursion)
barretenberg_module(goblin_bench ultra_honk eccvm stdlib_recursion stdlib_sha256 stdlib_merkle_tree stdlib_primitives)
Original file line number Diff line number Diff line change
Expand Up @@ -11,128 +11,143 @@ using namespace benchmark;
using namespace bb;

namespace {
void goblin_full(State& state) noexcept
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;
class GoblinBench : public benchmark::Fixture {
public:
Goblin::AccumulationOutput kernel_accum;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);
// Number of function circuits to accumulate(based on Zacs target numbers)
static constexpr size_t NUM_ITERATIONS_MEDIUM_COMPLEXITY = 6;

Goblin::Proof proof;
for (auto _ : state) {
// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
void SetUp([[maybe_unused]] const ::benchmark::State& state) override
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");
}

/**
* @brief Perform a specified number of function circuit accumulation rounds
* @details Each round "accumulates" a mock function circuit and a mock kernel circuit. Each round thus consists of
* the generation of two circuits, two UGH proofs and two Merge proofs. To match the sizes called out in the spec
* (https://github.com/AztecProtocol/aztec-packages/blob/master/yellow-paper/docs/cryptography/performance-targets.md)
* we set the size of the function circuit to be 2^17 except for the first one which is 2^19.
*
* @param state
*/
void perform_goblin_accumulation_rounds(State& state, Goblin& goblin)
{
auto NUM_CIRCUITS = static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
}
// Construct and accumulate a mock function circuit
GoblinUltraCircuitBuilder function_circuit{ goblin.op_queue };
// On the first iteration construct a "large" function circuit (2^19), otherwise medium (2^17)
GoblinMockCircuits::construct_mock_function_circuit(function_circuit, /*large=*/circuit_idx == 0);
auto function_accum = goblin.accumulate(function_circuit);

proof = goblin.prove();
// Verify the final ultra proof
// Construct and accumulate the mock kernel circuit
// Note: in first round, kernel_accum is empty since there is no previous kernel to recursively verify
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, function_accum, kernel_accum);
kernel_accum = goblin.accumulate(circuit_builder);
}
}
honk::GoblinUltraVerifier ultra_verifier{ kernel_input.verification_key };
ultra_verifier.verify_proof(kernel_input.proof);
// Verify the goblin proof (eccvm, translator, merge)
goblin.verify(proof);
}
};

void goblin_accumulate(State& state) noexcept
/**
* @brief Benchmark the full Goblin IVC protocol
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinFull)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);
// TODO(https://github.com/AztecProtocol/barretenberg/issues/723): Simply populate the OpQueue with some data
// and corresponding commitments so the merge protocol has "prev" data into which it can accumulate
GoblinMockCircuits::perform_op_queue_interactions_for_mock_first_circuit(goblin.op_queue);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (auto _ : state) {
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);
// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state, goblin);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
}
// Construct proofs for ECCVM and Translator
goblin.prove();
}
}

void goblin_eccvm_prove(State& state) noexcept
/**
* @brief Benchmark only the accumulation rounds
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinAccumulate)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);
// TODO(https://github.com/AztecProtocol/barretenberg/issues/723)
GoblinMockCircuits::perform_op_queue_interactions_for_mock_first_circuit(goblin.op_queue);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
// Perform a specified number of iterations of function/kernel accumulation
for (auto _ : state) {
perform_goblin_accumulation_rounds(state, goblin);
}
}

/**
* @brief Benchmark only the ECCVM component
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinECCVMProve)(benchmark::State& state)
{
Goblin goblin;

// TODO(https://github.com/AztecProtocol/barretenberg/issues/723)
GoblinMockCircuits::perform_op_queue_interactions_for_mock_first_circuit(goblin.op_queue);

// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state, goblin);

// Prove ECCVM only
for (auto _ : state) {
goblin.prove_eccvm();
}
}

void goblin_translator_prove(State& state) noexcept
/**
* @brief Benchmark only the Translator component
*
*/
BENCHMARK_DEFINE_F(GoblinBench, GoblinTranslatorProve)(benchmark::State& state)
{
bb::srs::init_crs_factory("../srs_db/ignition");
bb::srs::init_grumpkin_crs_factory("../srs_db/grumpkin");

Goblin goblin;

// Construct an initial circuit; its proof will be recursively verified by the first kernel
GoblinUltraCircuitBuilder initial_circuit{ goblin.op_queue };
GoblinMockCircuits::construct_simple_initial_circuit(initial_circuit);
Goblin::AccumulationOutput kernel_input = goblin.accumulate(initial_circuit);
// TODO(https://github.com/AztecProtocol/barretenberg/issues/723)
GoblinMockCircuits::perform_op_queue_interactions_for_mock_first_circuit(goblin.op_queue);

// Construct a series of simple Goblin circuits; generate and verify their proofs
size_t NUM_CIRCUITS = 1 << static_cast<size_t>(state.range(0));
for (size_t circuit_idx = 0; circuit_idx < NUM_CIRCUITS; ++circuit_idx) {
// Construct a circuit with logic resembling that of the "kernel circuit"
GoblinUltraCircuitBuilder circuit_builder{ goblin.op_queue };
GoblinMockCircuits::construct_mock_kernel_circuit(circuit_builder, kernel_input);

// Construct proof of the current kernel circuit to be recursively verified by the next one
kernel_input = goblin.accumulate(circuit_builder);
}
// Perform a specified number of iterations of function/kernel accumulation
perform_goblin_accumulation_rounds(state, goblin);

// Prove ECCVM (unmeasured) and Translator (measured)
goblin.prove_eccvm();
for (auto _ : state) {
goblin.prove_translator();
}
}

} // namespace
#define ARGS \
Arg(GoblinBench::NUM_ITERATIONS_MEDIUM_COMPLEXITY) \
->Arg(1 << 0) \
->Arg(1 << 1) \
->Arg(1 << 2) \
->Arg(1 << 3) \
->Arg(1 << 4) \
->Arg(1 << 5) \
->Arg(1 << 6)

BENCHMARK_REGISTER_F(GoblinBench, GoblinFull)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinAccumulate)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinECCVMProve)->Unit(benchmark::kMillisecond)->ARGS;
BENCHMARK_REGISTER_F(GoblinBench, GoblinTranslatorProve)->Unit(benchmark::kMillisecond)->ARGS;

BENCHMARK(goblin_full)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_accumulate)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_eccvm_prove)->Unit(kMillisecond)->DenseRange(0, 7);
BENCHMARK(goblin_translator_prove)->Unit(kMillisecond)->DenseRange(0, 7);
} // namespace

BENCHMARK_MAIN();
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
#include <benchmark/benchmark.h>
#include <cstddef>

#include "barretenberg/goblin/mock_circuits.hpp"
#include "barretenberg/plonk/composer/standard_composer.hpp"
#include "barretenberg/plonk/composer/ultra_composer.hpp"
#include "barretenberg/proof_system/types/circuit_type.hpp"
Expand Down Expand Up @@ -46,121 +47,6 @@ template <typename Builder> void generate_basic_arithmetic_circuit(Builder& buil
}
}

/**
* @brief Generate test circuit with specified number of sha256 hashes
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_sha256_test_circuit(Builder& builder, size_t num_iterations)
{
std::string in;
in.resize(32);
stdlib::packed_byte_array<Builder> input(&builder, in);
for (size_t i = 0; i < num_iterations; i++) {
input = stdlib::sha256<Builder>(input);
}
}

/**
* @brief Generate test circuit with specified number of keccak hashes
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_keccak_test_circuit(Builder& builder, size_t num_iterations)
{
std::string in = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz01";

stdlib::byte_array<Builder> input(&builder, in);
for (size_t i = 0; i < num_iterations; i++) {
input = stdlib::keccak<Builder>::hash(input);
}
}

/**
* @brief Generate test circuit with specified number of ecdsa verifications
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_ecdsa_verification_test_circuit(Builder& builder, size_t num_iterations)
{
using curve = stdlib::secp256k1<Builder>;
using fr = typename curve::fr;
using fq = typename curve::fq;
using g1 = typename curve::g1;

std::string message_string = "Instructions unclear, ask again later.";

crypto::ecdsa_key_pair<fr, g1> account;
for (size_t i = 0; i < num_iterations; i++) {
// Generate unique signature for each iteration
account.private_key = curve::fr::random_element();
account.public_key = curve::g1::one * account.private_key;

crypto::ecdsa_signature signature =
crypto::ecdsa_construct_signature<Sha256Hasher, fq, fr, g1>(message_string, account);

bool first_result =
crypto::ecdsa_verify_signature<Sha256Hasher, fq, fr, g1>(message_string, account.public_key, signature);
static_cast<void>(first_result); // TODO(Cody): This is not used anywhere.

std::vector<uint8_t> rr(signature.r.begin(), signature.r.end());
std::vector<uint8_t> ss(signature.s.begin(), signature.s.end());
uint8_t vv = signature.v;

typename curve::g1_bigfr_ct public_key = curve::g1_bigfr_ct::from_witness(&builder, account.public_key);

stdlib::ecdsa_signature<Builder> sig{ typename curve::byte_array_ct(&builder, rr),
typename curve::byte_array_ct(&builder, ss),
stdlib::uint8<Builder>(&builder, vv) };

typename curve::byte_array_ct message(&builder, message_string);

// Verify ecdsa signature
stdlib::ecdsa_verify_signature<Builder,
curve,
typename curve::fq_ct,
typename curve::bigfr_ct,
typename curve::g1_bigfr_ct>(message, public_key, sig);
}
}

/**
* @brief Generate test circuit with specified number of merkle membership checks
*
* @param builder
* @param num_iterations
*/
template <typename Builder> void generate_merkle_membership_test_circuit(Builder& builder, size_t num_iterations)
{
using namespace stdlib;
using field_ct = field_t<Builder>;
using witness_ct = witness_t<Builder>;
using witness_ct = witness_t<Builder>;
using MemStore = merkle_tree::MemoryStore;
using MerkleTree_ct = merkle_tree::MerkleTree<MemStore>;

MemStore store;
const size_t tree_depth = 7;
auto merkle_tree = MerkleTree_ct(store, tree_depth);

for (size_t i = 0; i < num_iterations; i++) {
// For each iteration update and check the membership of a different value
size_t idx = i;
size_t value = i * 2;
merkle_tree.update_element(idx, value);

field_ct root_ct = witness_ct(&builder, merkle_tree.root());
auto idx_ct = field_ct(witness_ct(&builder, fr(idx))).decompose_into_bits();
auto value_ct = field_ct(value);

merkle_tree::check_membership(
root_ct, merkle_tree::create_witness_hash_path(builder, merkle_tree.get_hash_path(idx)), value_ct, idx_ct);
}
}

// ultrahonk
inline honk::UltraProver get_prover(honk::UltraComposer& composer,
void (*test_circuit_function)(honk::UltraComposer::CircuitBuilder&, size_t),
Expand Down
Loading

0 comments on commit c1a144a

Please sign in to comment.