Integrate with sponge & Add multivariate challenge strategy (#82)

Co-authored-by: Pratyush Mishra <[email protected]>
arkworks-rs · Jul 22, 2021 · 982e1a1 · 982e1a1
1 parent 93afc99
commit 982e1a1
Show file tree

Hide file tree

Showing 11 changed files with 999 additions and 841 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,8 +4,13 @@
 
 ### Breaking changes
 
+- [\#82](https://github.com/arkworks-rs/poly-commit/pull/82) Function parameter `opening_challenge: F` for `open`,
+  `check`,  has been changed from `F` to `opening_challenges: &mut ChallengeGenerator`.
+
 ### Features
 
+- [\#82](https://github.com/arkworks-rs/poly-commit/pull/82) Add multivariate opening challenge strategy. Integrate with sponge API. 
+
 ### Improvements
 
 ### Bug fixes

diff --git a/Cargo.toml b/Cargo.toml
@@ -25,6 +25,7 @@ ark-serialize = { version = "^0.3.0", default-features = false, features = [ "de
 ark-ff = { version = "^0.3.0", default-features = false }
 ark-ec = { version = "^0.3.0", default-features = false }
 ark-poly = {version = "^0.3.0", default-features = false }
+ark-sponge = {version = "^0.3.0", default-features = false}
 
 ark-std = { version = "^0.3.0", default-features = false }
 ark-relations = { version = "^0.3.0", default-features = false, optional = true }
@@ -36,8 +37,6 @@ digest = "0.9"
 rayon = { version = "1", optional = true }
 derivative = { version = "2", features = [ "use_core" ] }
 
-tracing = { version = "0.1", default-features = false, features = [ "attributes" ] }
-
 [dev-dependencies]
 ark-ed-on-bls12-381 = { version = "^0.3.0", default-features = false }
 ark-bls12-381 = { version = "^0.3.0", default-features = false, features = [ "curve" ] }
@@ -58,7 +57,7 @@ debug = true
 
 [features]
 default = [ "std", "parallel" ]
-std = [ "ark-ff/std", "ark-ec/std", "ark-nonnative-field/std", "ark-poly/std", "ark-std/std", "ark-relations/std", "ark-serialize/std" ]
-r1cs = [ "ark-relations", "ark-r1cs-std", "ark-nonnative-field", "hashbrown" ]
+std = [ "ark-ff/std", "ark-ec/std", "ark-nonnative-field/std", "ark-poly/std", "ark-std/std", "ark-relations/std", "ark-serialize/std", "ark-sponge/std"]
+r1cs = [ "ark-relations", "ark-r1cs-std", "ark-nonnative-field", "hashbrown", "ark-sponge/r1cs"]
 print-trace = [ "ark-std/print-trace" ]
 parallel = [ "std", "ark-ff/parallel", "ark-ec/parallel", "ark-poly/parallel", "ark-std/parallel", "rayon" ]
diff --git a/src/challenge.rs b/src/challenge.rs
@@ -0,0 +1,61 @@
+use ark_ff::PrimeField;
+use ark_sponge::{CryptographicSponge, FieldElementSize};
+
+/// `ChallengeGenerator` generates opening challenges using multivariate or univariate strategy.
+/// For multivariate strategy, each challenge is freshly squeezed from a sponge.
+/// For univariate strategy, each challenge is a power of one squeezed element from sponge.
+///
+/// Note that mutable reference cannot be cloned.
+#[derive(Clone)]
+pub enum ChallengeGenerator<F: PrimeField, S: CryptographicSponge> {
+    /// Each challenge is freshly squeezed from a sponge.
+    Multivariate(S),
+    /// Each challenge is a power of one squeezed element from sponge.
+    ///
+    /// `Univariate(generator, next_element)`
+    Univariate(F, F),
+}
+
+impl<F: PrimeField, S: CryptographicSponge> ChallengeGenerator<F, S> {
+    /// Returns a challenge generator with multivariate strategy. Each challenge is freshly squeezed
+    /// from a sponge.
+    pub fn new_multivariate(sponge: S) -> Self {
+        Self::Multivariate(sponge)
+    }
+
+    /// Returns a challenge generator with univariate strategy. Each challenge is a power of one
+    /// squeezed element from sponge.
+    pub fn new_univariate(sponge: &mut S) -> Self {
+        let gen = sponge.squeeze_field_elements(1)[0];
+        Self::Univariate(gen, gen)
+    }
+
+    /// Returns a challenge of size `size`.
+    /// * If `self == Self::Multivariate(...)`, then this squeezes out a challenge of size `size`.
+    /// * If `self == Self::Univariate(...)`, then this ignores the `size` argument and simply squeezes out
+    /// the next field element.
+    pub fn try_next_challenge_of_size(&mut self, size: FieldElementSize) -> F {
+        match self {
+            // multivariate (full)
+            Self::Multivariate(sponge) => sponge.squeeze_field_elements_with_sizes(&[size])[0],
+            // univariate
+            Self::Univariate(gen, next) => {
+                let result = next.clone();
+                *next *= *gen;
+                result
+            }
+        }
+    }
+    /// Returns the next challenge generated.
+    pub fn next_challenge(&mut self) -> F {
+        self.try_next_challenge_of_size(FieldElementSize::Full)
+    }
+
+    /// Returns the sponge state if `self` is multivariate. Returns `None` otherwise.
+    pub fn into_sponge(self) -> Option<S> {
+        match self {
+            Self::Multivariate(s) => Some(s),
+            _ => None,
+        }
+    }
+}
diff --git a/src/constraints.rs b/src/constraints.rs
@@ -7,6 +7,7 @@ use ark_nonnative_field::NonNativeFieldVar;
 use ark_poly::Polynomial;
 use ark_r1cs_std::{fields::fp::FpVar, prelude::*};
 use ark_relations::r1cs::{ConstraintSystemRef, Namespace, Result as R1CSResult, SynthesisError};
+use ark_sponge::CryptographicSponge;
 use ark_std::{borrow::Borrow, cmp::Eq, cmp::PartialEq, hash::Hash, marker::Sized};
 use hashbrown::{HashMap, HashSet};
 
@@ -93,8 +94,9 @@ pub struct PCCheckRandomDataVar<TargetField: PrimeField, BaseField: PrimeField>
 pub trait PCCheckVar<
     PCF: PrimeField,
     P: Polynomial<PCF>,
-    PC: PolynomialCommitment<PCF, P>,
+    PC: PolynomialCommitment<PCF, P, S>,
     ConstraintF: PrimeField,
+    S: CryptographicSponge,
 >: Clone
 {
     /// An allocated version of `PC::VerifierKey`.
@@ -117,7 +119,7 @@ pub trait PCCheckVar<
     type ProofVar: AllocVar<PC::Proof, ConstraintF> + Clone;
 
     /// An allocated version of `PC::BatchLCProof`.
-    type BatchLCProofVar: AllocVar<BatchLCProof<PCF, P, PC>, ConstraintF> + Clone;
+    type BatchLCProofVar: AllocVar<BatchLCProof<PCF, PC::BatchProof>, ConstraintF> + Clone;
 
     /// Add to `ConstraintSystemRef<ConstraintF>` new constraints that check that `proof_i` is a valid evaluation
     /// proof at `point_i` for the polynomial in `commitment_i`.

diff --git a/src/data_structures.rs b/src/data_structures.rs
@@ -1,5 +1,5 @@
-use crate::{Polynomial, PolynomialCommitment, Rc, String, Vec};
-use ark_ff::{Field, ToConstraintField};
+use crate::{Polynomial, Rc, String, Vec};
+use ark_ff::{Field, PrimeField, ToConstraintField};
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SerializationError};
 use ark_std::rand::RngCore;
 use ark_std::{
@@ -104,9 +104,9 @@ pub trait PCProof: Clone + ark_ff::ToBytes + CanonicalSerialize + CanonicalDeser
 
 /// A proof of satisfaction of linear combinations.
 #[derive(Clone, CanonicalSerialize, CanonicalDeserialize)]
-pub struct BatchLCProof<F: Field, P: Polynomial<F>, PC: PolynomialCommitment<F, P>> {
+pub struct BatchLCProof<F: PrimeField, T: Clone + CanonicalSerialize + CanonicalDeserialize> {
     /// Evaluation proof.
-    pub proof: PC::BatchProof,
+    pub proof: T,
     /// Evaluations required to verify the proof.
     pub evals: Option<Vec<F>>,
 }