From 920861c80351f864379b28781fff726743ce7266 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Thu, 17 Jun 2021 20:49:42 -0700 Subject: [PATCH 01/25] add challenge strategy --- Cargo.toml | 5 +++-- src/challenge.rs | 56 ++++++++++++++++++++++++++++++++++++++++++++++++ src/lib.rs | 2 ++ 3 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 src/challenge.rs diff --git a/Cargo.toml b/Cargo.toml index e606cd1b..2dbbe2cc 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,6 +25,7 @@ ark-serialize = { version = "^0.3.0", default-features = false, features = [ "de ark-ff = { version = "^0.3.0", default-features = false } ark-ec = { version = "^0.3.0", default-features = false } ark-poly = {version = "^0.3.0", default-features = false } +ark-sponge = {version = "^0.3.0", default-feautres = false} ark-std = { version = "^0.3.0", default-features = false } ark-relations = { version = "^0.3.0", default-features = false, optional = true } @@ -58,7 +59,7 @@ debug = true [features] default = [ "std", "parallel" ] -std = [ "ark-ff/std", "ark-ec/std", "ark-nonnative-field/std", "ark-poly/std", "ark-std/std", "ark-relations/std", "ark-serialize/std" ] -r1cs = [ "ark-relations", "ark-r1cs-std", "ark-nonnative-field", "hashbrown" ] +std = [ "ark-ff/std", "ark-ec/std", "ark-nonnative-field/std", "ark-poly/std", "ark-std/std", "ark-relations/std", "ark-serialize/std", "ark-sponge/std"] +r1cs = [ "ark-relations", "ark-r1cs-std", "ark-nonnative-field", "hashbrown", "ark-sponge/r1cs"] print-trace = [ "ark-std/print-trace" ] parallel = [ "std", "ark-ff/parallel", "ark-ec/parallel", "ark-poly/parallel", "ark-std/parallel", "rayon" ] diff --git a/src/challenge.rs b/src/challenge.rs new file mode 100644 index 00000000..5fba61ec --- /dev/null +++ b/src/challenge.rs @@ -0,0 +1,56 @@ +use ark_ff::Field; +use ark_sponge::FieldBasedCryptographicSponge; + +pub enum ChallengeStrategy { + Multivariate, + Univariate, +} + +/// State stored for univariate generator +pub struct UnivariateGeneratorState { + gen: F, + next: F, +} + +impl UnivariateGeneratorState { + fn new(gen: F) -> Self { + Self { gen, next: gen } + } + + fn get_next(&mut self) -> F { + let result = self.next; + self.next *= self.gen; + result + } +} + +#[derive(Copy, Clone)] +pub enum ChallengeGenerator<'a, F: Field, S: 'a + FieldBasedCryptographicSponge> { + Multivariate(&'a mut S), + Univariate(UnivariateGeneratorState), +} + +impl<'a, F: Field, S: 'a + FieldBasedCryptographicSponge> ChallengeGenerator<'a, F, S> { + /// Returns a challenge generator with multivariate strategy. Each challenge is freshly squeezed + /// from a sponge. + pub fn new_multivariate(sponge: &'a mut S) -> Self { + Self::Multivariate(sponge) + } + + /// Returns a challenge generator with univariate strategy. Each challenge is a power of one + /// squeezed element from sponge. + pub fn new_univariate(sponge: &mut S) -> Self { + let gen = sponge.squeeze_native_field_elements(1)[0]; + let univariate_state = UnivariateGeneratorState { gen, next: gen }; + Self::Univariate(univariate_state) + } + + /// Returns the next challenge generated. + pub fn next_challenge(&mut self) -> F { + if let Self::Multivariate(s) = &mut self { + s.squeeze_native_field_elements(1)[0] + } else if let Self::Univariate(s) = &mut self { + s.get_next() + } + } +} diff --git a/src/lib.rs b/src/lib.rs index 2f8fcf92..2edeef97 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -97,6 +97,8 @@ pub mod sonic_pc; /// [pcdas]: https://eprint.iacr.org/2020/499 pub mod ipa_pc; +/// Defines the challenge strategies and challenge generator. +pub mod challenge; /// A multilinear polynomial commitment scheme that converts n-variate multilinear polynomial into /// n quotient UV polynomial. This scheme is based on hardness of the discrete logarithm /// in prime-order groups. Construction is detailed in [[XZZPD19]][xzzpd19] and [[ZGKPP18]][zgkpp18] From 744f77fd08ea4939e5a0d1bedde4f5222cf8e16e Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Thu, 17 Jun 2021 20:56:56 -0700 Subject: [PATCH 02/25] add challenge strategy (more) --- src/challenge.rs | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index 5fba61ec..eabaf06d 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -1,18 +1,13 @@ -use ark_ff::Field; +use ark_ff::PrimeField; use ark_sponge::FieldBasedCryptographicSponge; -pub enum ChallengeStrategy { - Multivariate, - Univariate, -} - /// State stored for univariate generator -pub struct UnivariateGeneratorState { +pub struct UnivariateGeneratorState { gen: F, next: F, } -impl UnivariateGeneratorState { +impl UnivariateGeneratorState { fn new(gen: F) -> Self { Self { gen, next: gen } } @@ -24,13 +19,16 @@ impl UnivariateGeneratorState { } } -#[derive(Copy, Clone)] -pub enum ChallengeGenerator<'a, F: Field, S: 'a + FieldBasedCryptographicSponge> { +// TODO: Copy and Clone trait cannot be derived +/// Challenge Generator (todo doc) +pub enum ChallengeGenerator<'a, F: PrimeField, S: 'a + FieldBasedCryptographicSponge> { + /// todo: doc Multivariate(&'a mut S), + /// todo: doc Univariate(UnivariateGeneratorState), } -impl<'a, F: Field, S: 'a + FieldBasedCryptographicSponge> ChallengeGenerator<'a, F, S> { +impl<'a, F: PrimeField, S: 'a + FieldBasedCryptographicSponge> ChallengeGenerator<'a, F, S> { /// Returns a challenge generator with multivariate strategy. Each challenge is freshly squeezed /// from a sponge. pub fn new_multivariate(sponge: &'a mut S) -> Self { @@ -41,16 +39,19 @@ impl<'a, F: Field, S: 'a + FieldBasedCryptographicSponge> ChallengeGenerator< /// squeezed element from sponge. pub fn new_univariate(sponge: &mut S) -> Self { let gen = sponge.squeeze_native_field_elements(1)[0]; - let univariate_state = UnivariateGeneratorState { gen, next: gen }; + let univariate_state = UnivariateGeneratorState::new(gen); Self::Univariate(univariate_state) } /// Returns the next challenge generated. pub fn next_challenge(&mut self) -> F { - if let Self::Multivariate(s) = &mut self { + if let Self::Multivariate(s) = self { s.squeeze_native_field_elements(1)[0] - } else if let Self::Univariate(s) = &mut self { + } else if let Self::Univariate(s) = self { s.get_next() + } else { + // should not happen + panic!() } } } From c29308a41049ee62944ac3be4b1c4f1668798576 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Thu, 17 Jun 2021 21:21:07 -0700 Subject: [PATCH 03/25] update challenge doc --- src/challenge.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index eabaf06d..6a89f736 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -22,9 +22,9 @@ impl UnivariateGeneratorState { // TODO: Copy and Clone trait cannot be derived /// Challenge Generator (todo doc) pub enum ChallengeGenerator<'a, F: PrimeField, S: 'a + FieldBasedCryptographicSponge> { - /// todo: doc + /// Each challenge is freshly squeezed from a sponge. Multivariate(&'a mut S), - /// todo: doc + /// ach challenge is a power of one squeezed element from sponge. Univariate(UnivariateGeneratorState), } From 0c39c1435cf9b6b5a2522ab103ce4662b21b8eb4 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Thu, 1 Jul 2021 22:27:51 -0700 Subject: [PATCH 04/25] native code api update --- src/challenge.rs | 3 +- src/data_structures.rs | 4 +- src/lib.rs | 1071 ++++++++++++++++++++++------- src/marlin/marlin_pc/mod.rs | 25 +- src/marlin/marlin_pst13_pc/mod.rs | 10 +- src/marlin/mod.rs | 12 +- 6 files changed, 851 insertions(+), 274 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index 6a89f736..1e09deb8 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -2,6 +2,7 @@ use ark_ff::PrimeField; use ark_sponge::FieldBasedCryptographicSponge; /// State stored for univariate generator +#[derive(Copy, Clone)] pub struct UnivariateGeneratorState { gen: F, next: F, @@ -19,8 +20,8 @@ impl UnivariateGeneratorState { } } -// TODO: Copy and Clone trait cannot be derived /// Challenge Generator (todo doc) +#[derive(Copy, Clone)] pub enum ChallengeGenerator<'a, F: PrimeField, S: 'a + FieldBasedCryptographicSponge> { /// Each challenge is freshly squeezed from a sponge. Multivariate(&'a mut S), diff --git a/src/data_structures.rs b/src/data_structures.rs index e07c2e6a..41e74e0f 100644 --- a/src/data_structures.rs +++ b/src/data_structures.rs @@ -8,6 +8,7 @@ use ark_std::{ marker::PhantomData, ops::{AddAssign, MulAssign, SubAssign}, }; +use ark_sponge::FieldBasedCryptographicSponge; /// Labels a `LabeledPolynomial` or a `LabeledCommitment`. pub type PolynomialLabel = String; @@ -104,11 +105,12 @@ pub trait PCProof: Clone + ark_ff::ToBytes + CanonicalSerialize + CanonicalDeser /// A proof of satisfaction of linear combinations. #[derive(Clone, CanonicalSerialize, CanonicalDeserialize)] -pub struct BatchLCProof, PC: PolynomialCommitment> { +pub struct BatchLCProof, PC: PolynomialCommitment, S: FieldBasedCryptographicSponge> { /// Evaluation proof. pub proof: PC::BatchProof, /// Evaluations required to verify the proof. pub evals: Option>, + _sponge: PhantomData } /// A polynomial along with information about its degree bound (if any), and the diff --git a/src/lib.rs b/src/lib.rs index 2edeef97..e4ea65c1 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -15,7 +15,7 @@ extern crate derivative; #[macro_use] extern crate ark_std; -use ark_ff::Field; +use ark_ff::{Field, PrimeField}; pub use ark_poly::{Polynomial, UVPolynomial}; use ark_std::rand::RngCore; @@ -68,7 +68,7 @@ macro_rules! println { /// The core [[KZG10]][kzg] construction. /// /// [kzg]: http://cacr.uwaterloo.ca/techreports/2010/cacr2010-10.pdf -pub mod kzg10; +// pub mod kzg10; // TODO: refactor me! /// Polynomial commitment scheme from [[KZG10]][kzg] that enforces /// strict degree bounds and (optionally) enables hiding commitments by @@ -76,7 +76,7 @@ pub mod kzg10; /// /// [kzg]: http://cacr.uwaterloo.ca/techreports/2010/cacr2010-10.pdf /// [marlin]: https://eprint.iacr.org/2019/1047 -pub use marlin::marlin_pc; +// pub use marlin::marlin_pc; // TODO: refactor me! /// Polynomial commitment scheme based on the construction in [[KZG10]][kzg], /// modified to obtain batching and to enforce strict @@ -88,14 +88,14 @@ pub use marlin::marlin_pc; /// [sonic]: https://eprint.iacr.org/2019/099 /// [al]: https://eprint.iacr.org/2019/601 /// [marlin]: https://eprint.iacr.org/2019/1047 -pub mod sonic_pc; +// pub mod sonic_pc; // TODO: refactor me! /// A polynomial commitment scheme based on the hardness of the /// discrete logarithm problem in prime-order groups. /// The construction is detailed in [[BCMS20]][pcdas]. /// /// [pcdas]: https://eprint.iacr.org/2020/499 -pub mod ipa_pc; +// pub mod ipa_pc; // TODO: refactor me! /// Defines the challenge strategies and challenge generator. pub mod challenge; @@ -105,7 +105,7 @@ pub mod challenge; /// /// [xzzpd19]: https://eprint.iacr.org/2019/317 /// [zgkpp]: https://ieeexplore.ieee.org/document/8418645 -pub mod multilinear_pc; +pub mod multilinear_pc; // TODO: no need to refactor, but still give a double check. /// Multivariate polynomial commitment based on the construction in /// [[PST13]][pst] with batching and (optional) hiding property inspired @@ -114,6 +114,8 @@ pub mod multilinear_pc; /// [pst]: https://eprint.iacr.org/2011/587.pdf /// [marlin]: https://eprint.iacr.org/2019/104 pub use marlin::marlin_pst13_pc; +use crate::challenge::ChallengeGenerator; +use ark_sponge::FieldBasedCryptographicSponge; /// `QuerySet` is the set of queries that are to be made to a set of labeled polynomials/equations /// `p` that have previously been committed to. Each element of a `QuerySet` is a pair of @@ -132,7 +134,7 @@ pub type Evaluations = BTreeMap<(String, T), F>; /// a sender to commit to multiple polynomials and later provide a succinct proof /// of evaluation for the corresponding commitments at a query set `Q`, while /// enforcing per-polynomial degree bounds. -pub trait PolynomialCommitment>: Sized { +pub trait PolynomialCommitment, S: FieldBasedCryptographicSponge>: Sized { /// The universal parameters for the commitment scheme. These are "trimmed" /// down to `Self::CommitterKey` and `Self::VerifierKey` by `Self::trim`. type UniversalParams: PCUniversalParams; @@ -201,180 +203,13 @@ pub trait PolynomialCommitment>: Sized { where P: 'a; - /// On input a list of labeled polynomials and a query point, `open` outputs a proof of evaluation - /// of the polynomials at the query point. - fn open<'a>( - ck: &Self::CommitterKey, - labeled_polynomials: impl IntoIterator>, - commitments: impl IntoIterator>, - point: &'a P::Point, - opening_challenge: F, - rands: impl IntoIterator, - rng: Option<&mut dyn RngCore>, - ) -> Result - where - P: 'a, - Self::Randomness: 'a, - Self::Commitment: 'a, - { - let opening_challenges = |pow| opening_challenge.pow(&[pow]); - Self::open_individual_opening_challenges( - ck, - labeled_polynomials, - commitments, - point, - &opening_challenges, - rands, - rng, - ) - } - - /// On input a list of labeled polynomials and a query set, `open` outputs a proof of evaluation - /// of the polynomials at the points in the query set. - fn batch_open<'a>( - ck: &Self::CommitterKey, - labeled_polynomials: impl IntoIterator>, - commitments: impl IntoIterator>, - query_set: &QuerySet, - opening_challenge: F, - rands: impl IntoIterator, - rng: Option<&mut dyn RngCore>, - ) -> Result - where - Self::Randomness: 'a, - Self::Commitment: 'a, - P: 'a, - { - let opening_challenges = |pow| opening_challenge.pow(&[pow]); - Self::batch_open_individual_opening_challenges( - ck, - labeled_polynomials, - commitments, - query_set, - &opening_challenges, - rands, - rng, - ) - } - - /// Verifies that `values` are the evaluations at `point` of the polynomials - /// committed inside `commitments`. - fn check<'a>( - vk: &Self::VerifierKey, - commitments: impl IntoIterator>, - point: &'a P::Point, - values: impl IntoIterator, - proof: &Self::Proof, - opening_challenge: F, - rng: Option<&mut dyn RngCore>, - ) -> Result - where - Self::Commitment: 'a, - { - let opening_challenges = |pow| opening_challenge.pow(&[pow]); - Self::check_individual_opening_challenges( - vk, - commitments, - &point, - values, - proof, - &opening_challenges, - rng, - ) - } - - /// Checks that `values` are the true evaluations at `query_set` of the polynomials - /// committed in `labeled_commitments`. - fn batch_check<'a, R: RngCore>( - vk: &Self::VerifierKey, - commitments: impl IntoIterator>, - query_set: &QuerySet, - evaluations: &Evaluations, - proof: &Self::BatchProof, - opening_challenge: F, - rng: &mut R, - ) -> Result - where - Self::Commitment: 'a, - { - let opening_challenges = |pow| opening_challenge.pow(&[pow]); - Self::batch_check_individual_opening_challenges( - vk, - commitments, - query_set, - evaluations, - proof, - &opening_challenges, - rng, - ) - } - - /// On input a list of polynomials, linear combinations of those polynomials, - /// and a query set, `open_combination` outputs a proof of evaluation of - /// the combinations at the points in the query set. - fn open_combinations<'a>( - ck: &Self::CommitterKey, - linear_combinations: impl IntoIterator>, - polynomials: impl IntoIterator>, - commitments: impl IntoIterator>, - query_set: &QuerySet, - opening_challenge: F, - rands: impl IntoIterator, - rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> - where - P: 'a, - Self::Randomness: 'a, - Self::Commitment: 'a, - { - let opening_challenges = |pow| opening_challenge.pow(&[pow]); - Self::open_combinations_individual_opening_challenges( - ck, - linear_combinations, - polynomials, - commitments, - query_set, - &opening_challenges, - rands, - rng, - ) - } - - /// Checks that `evaluations` are the true evaluations at `query_set` of the - /// linear combinations of polynomials committed in `commitments`. - fn check_combinations<'a, R: RngCore>( - vk: &Self::VerifierKey, - linear_combinations: impl IntoIterator>, - commitments: impl IntoIterator>, - eqn_query_set: &QuerySet, - eqn_evaluations: &Evaluations, - proof: &BatchLCProof, - opening_challenge: F, - rng: &mut R, - ) -> Result - where - Self::Commitment: 'a, - { - let opening_challenges = |pow| opening_challenge.pow(&[pow]); - Self::check_combinations_individual_opening_challenges( - vk, - linear_combinations, - commitments, - eqn_query_set, - eqn_evaluations, - proof, - &opening_challenges, - rng, - ) - } - /// open but with individual challenges - fn open_individual_opening_challenges<'a>( + fn open<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator>, commitments: impl IntoIterator>, point: &'a P::Point, - opening_challenges: &dyn Fn(u64) -> F, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result @@ -384,26 +219,26 @@ pub trait PolynomialCommitment>: Sized { Self::Commitment: 'a; /// check but with individual challenges - fn check_individual_opening_challenges<'a>( + fn check<'a>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, point: &'a P::Point, values: impl IntoIterator, proof: &Self::Proof, - opening_challenges: &dyn Fn(u64) -> F, + opening_challenges: &mut ChallengeGenerator, rng: Option<&mut dyn RngCore>, ) -> Result where Self::Commitment: 'a; /// batch_check but with individual challenges - fn batch_check_individual_opening_challenges<'a, R: RngCore>( + fn batch_check<'a, R: RngCore>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, query_set: &QuerySet, evaluations: &Evaluations, proof: &Self::BatchProof, - opening_challenges: &dyn Fn(u64) -> F, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -444,7 +279,7 @@ pub trait PolynomialCommitment>: Sized { } let proof_time = start_timer!(|| "Checking per-query proof"); - result &= Self::check_individual_opening_challenges( + result &= Self::check( vk, comms, &point, @@ -459,13 +294,13 @@ pub trait PolynomialCommitment>: Sized { } /// open_combinations but with individual challenges - fn open_combinations_individual_opening_challenges<'a>( + fn open_combinations<'a>( ck: &Self::CommitterKey, linear_combinations: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenges: &dyn Fn(u64) -> F, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result, Self::Error> @@ -479,7 +314,7 @@ pub trait PolynomialCommitment>: Sized { let poly_query_set = lc_query_set_to_poly_query_set(linear_combinations.iter().copied(), query_set); let poly_evals = evaluate_query_set(polynomials.iter().copied(), &poly_query_set); - let proof = Self::batch_open_individual_opening_challenges( + let proof = Self::batch_open( ck, polynomials, commitments, @@ -495,14 +330,14 @@ pub trait PolynomialCommitment>: Sized { } /// check_combinations with individual challenges - fn check_combinations_individual_opening_challenges<'a, R: RngCore>( + fn check_combinations<'a, R: RngCore>( vk: &Self::VerifierKey, linear_combinations: impl IntoIterator>, commitments: impl IntoIterator>, eqn_query_set: &QuerySet, eqn_evaluations: &Evaluations, proof: &BatchLCProof, - opening_challenges: &dyn Fn(u64) -> F, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -548,7 +383,7 @@ pub trait PolynomialCommitment>: Sized { } } - let pc_result = Self::batch_check_individual_opening_challenges( + let pc_result = Self::batch_check( vk, commitments, &poly_query_set, @@ -566,12 +401,12 @@ pub trait PolynomialCommitment>: Sized { } /// batch_open with individual challenges - fn batch_open_individual_opening_challenges<'a>( + fn batch_open<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenges: &dyn Fn(u64) -> F, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result @@ -621,7 +456,7 @@ pub trait PolynomialCommitment>: Sized { } let proof_time = start_timer!(|| "Creating proof"); - let proof = Self::open_individual_opening_challenges( + let proof = Self::open( ck, query_polys, query_comms, @@ -693,6 +528,7 @@ pub mod tests { Rng, }; use ark_std::test_rng; + use ark_sponge::poseidon::PoseidonParameters; struct TestInfo> { num_iters: usize, @@ -705,16 +541,19 @@ pub mod tests { num_equations: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator } - pub fn bad_degree_bound_test( + pub fn bad_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, + S: FieldBasedCryptographicSponge { let rng = &mut test_rng(); let max_degree = 100; @@ -772,13 +611,12 @@ pub mod tests { } println!("Generated query set"); - let opening_challenge = F::rand(rng); let proof = PC::batch_open( &ck, &polynomials, &comms, &query_set, - opening_challenge, + &mut opening_challenge(), &rands, Some(rng), )?; @@ -788,7 +626,7 @@ pub mod tests { &query_set, &values, &proof, - opening_challenge, + &mut opening_challenge(), rng, )?; assert!(result, "proof was incorrect, Query set: {:#?}", query_set); @@ -796,11 +634,12 @@ pub mod tests { Ok(()) } - fn test_template(info: TestInfo) -> Result<(), PC::Error> + fn test_template(info: TestInfo) -> Result<(), PC::Error> where F: Field, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, + S: FieldBasedCryptographicSponge { let TestInfo { num_iters, @@ -813,6 +652,7 @@ pub mod tests { num_equations: _, rand_poly, rand_point, + opening_challenge } = info; let rng = &mut test_rng(); @@ -899,13 +739,12 @@ pub mod tests { } println!("Generated query set"); - let opening_challenge = F::rand(rng); let proof = PC::batch_open( &ck, &polynomials, &comms, &query_set, - opening_challenge, + &mut opening_challenge(), &rands, Some(rng), )?; @@ -915,7 +754,7 @@ pub mod tests { &query_set, &values, &proof, - opening_challenge, + &mut opening_challenge(), rng, )?; if !result { @@ -933,11 +772,12 @@ pub mod tests { Ok(()) } - fn equation_test_template(info: TestInfo) -> Result<(), PC::Error> + fn equation_test_template(info: TestInfo) -> Result<(), PC::Error> where F: Field, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, + S: FieldBasedCryptographicSponge { let TestInfo { num_iters, @@ -950,6 +790,7 @@ pub mod tests { num_equations, rand_poly, rand_point, + opening_challenge } = info; let rng = &mut test_rng(); @@ -1069,14 +910,13 @@ pub mod tests { println!("Generated query set"); println!("Linear combinations: {:?}", linear_combinations); - let opening_challenge = F::rand(rng); let proof = PC::open_combinations( &ck, &linear_combinations, &polynomials, &comms, &query_set, - opening_challenge, + &mut opening_challenge(), &rands, Some(rng), )?; @@ -1088,7 +928,7 @@ pub mod tests { &query_set, &values, &proof, - opening_challenge, + &mut opening_challenge(), rng, )?; if !result { @@ -1110,15 +950,17 @@ pub mod tests { Ok(()) } - pub fn single_poly_test( + pub fn single_poly_test( num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, + S: FieldBasedCryptographicSponge { let info = TestInfo { num_iters: 100, @@ -1131,18 +973,21 @@ pub mod tests { num_equations: None, rand_poly, rand_point, + opening_challenge }; - test_template::(info) + test_template::(info) } - pub fn linear_poly_degree_bound_test( + pub fn linear_poly_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> where F: Field, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, + S: FieldBasedCryptographicSponge { let info = TestInfo { num_iters: 100, @@ -1155,18 +1000,21 @@ pub mod tests { num_equations: None, rand_poly, rand_point, + opening_challenge }; - test_template::(info) + test_template::(info) } - pub fn single_poly_degree_bound_test( + pub fn single_poly_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> - where - F: Field, - P: Polynomial, - PC: PolynomialCommitment, + where + F: Field, + P: Polynomial, + PC: PolynomialCommitment, + S: FieldBasedCryptographicSponge { let info = TestInfo { num_iters: 100, @@ -1179,18 +1027,21 @@ pub mod tests { num_equations: None, rand_poly, rand_point, + opening_challenge }; - test_template::(info) + test_template::(info) } - pub fn quadratic_poly_degree_bound_multiple_queries_test( + pub fn quadratic_poly_degree_bound_multiple_queries_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> - where - F: Field, - P: Polynomial, - PC: PolynomialCommitment, + where + F: Field, + P: Polynomial, + PC: PolynomialCommitment, + S: FieldBasedCryptographicSponge { let info = TestInfo { num_iters: 100, @@ -1203,18 +1054,21 @@ pub mod tests { num_equations: None, rand_poly, rand_point, + opening_challenge }; - test_template::(info) + test_template::(info) } - pub fn single_poly_degree_bound_multiple_queries_test( + pub fn single_poly_degree_bound_multiple_queries_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> - where - F: Field, - P: Polynomial, - PC: PolynomialCommitment, + where + F: Field, + P: Polynomial, + PC: PolynomialCommitment, + S: FieldBasedCryptographicSponge { let info = TestInfo { num_iters: 100, @@ -1227,18 +1081,21 @@ pub mod tests { num_equations: None, rand_poly, rand_point, + opening_challenge }; - test_template::(info) + test_template::(info) } - pub fn two_polys_degree_bound_single_query_test( + pub fn two_polys_degree_bound_single_query_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> - where - F: Field, - P: Polynomial, - PC: PolynomialCommitment, + where + F: Field, + P: Polynomial, + PC: PolynomialCommitment, + S: FieldBasedCryptographicSponge { let info = TestInfo { num_iters: 100, @@ -1251,19 +1108,21 @@ pub mod tests { num_equations: None, rand_poly, rand_point, + opening_challenge }; - test_template::(info) + test_template::(info) } - pub fn full_end_to_end_test( + pub fn full_end_to_end_test( num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> where F: Field, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, { let info = TestInfo { num_iters: 100, @@ -1276,19 +1135,21 @@ pub mod tests { num_equations: None, rand_poly, rand_point, + opening_challenge, }; - test_template::(info) + test_template::(info) } - pub fn full_end_to_end_equation_test( + pub fn full_end_to_end_equation_test( num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> where F: Field, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, { let info = TestInfo { num_iters: 100, @@ -1301,19 +1162,21 @@ pub mod tests { num_equations: Some(10), rand_poly, rand_point, + opening_challenge }; - equation_test_template::(info) + equation_test_template::(info) } - pub fn single_equation_test( + pub fn single_equation_test( num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> where F: Field, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, { let info = TestInfo { num_iters: 100, @@ -1326,19 +1189,21 @@ pub mod tests { num_equations: Some(1), rand_poly, rand_point, + opening_challenge }; - equation_test_template::(info) + equation_test_template::(info) } - pub fn two_equation_test( + pub fn two_equation_test( num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> where F: Field, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, { let info = TestInfo { num_iters: 100, @@ -1351,18 +1216,20 @@ pub mod tests { num_equations: Some(2), rand_poly, rand_point, + opening_challenge }; - equation_test_template::(info) + equation_test_template::(info) } - pub fn two_equation_degree_bound_test( + pub fn two_equation_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, + opening_challenge: fn() -> ChallengeGenerator ) -> Result<(), PC::Error> where F: Field, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, { let info = TestInfo { num_iters: 100, @@ -1375,7 +1242,707 @@ pub mod tests { num_equations: Some(2), rand_poly, rand_point, + opening_challenge }; - equation_test_template::(info) + equation_test_template::(info) + } + + /// Generate default parameters (bls381-fr-only) for alpha = 17, state-size = 8 + pub(crate) fn poseidon_parameters_for_test() -> PoseidonParameters { + let alpha = 17; + let mds = vec![ + vec![ + F::from_str( + "43228725308391137369947362226390319299014033584574058394339561338097152657858", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "20729134655727743386784826341366384914431326428651109729494295849276339718592", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "14275792724825301816674509766636153429127896752891673527373812580216824074377", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "3039440043015681380498693766234886011876841428799441709991632635031851609481", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "6678863357926068615342013496680930722082156498064457711885464611323928471101", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "37355038393562575053091209735467454314247378274125943833499651442997254948957", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "26481612700543967643159862864328231943993263806649000633819754663276818191580", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "30103264397473155564098369644643015994024192377175707604277831692111219371047", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "5712721806190262694719203887224391960978962995663881615739647362444059585747", + ) + .map_err(|_| ()) + .unwrap(), + ], + ]; + let ark = vec![ + vec![ + F::from_str( + "44595993092652566245296379427906271087754779418564084732265552598173323099784", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "23298463296221002559050231199021122673158929708101049474262017406235785365706", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "34212491019164671611180318500074499609633402631511849759183986060951187784466", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "19098051134080182375553680073525644187968170656591203562523489333616681350367", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "7027675418691353855077049716619550622043312043660992344940177187528247727783", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "47642753235356257928619065424282314733361764347085604019867862722762702755609", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "24281836129477728386327945482863886685457469794572168729834072693507088619997", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "12624893078331920791384400430193929292743809612452779381349824703573823883410", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "22654862987689323504199204643771547606936339944127455903448909090318619188561", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "27229172992560143399715985732065737093562061782414043625359531774550940662372", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "13224952063922250960936823741448973692264041750100990569445192064567307041002", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "40380869235216625717296601204704413215735530626882135230693823362552484855508", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "4245751157938905689397184705633683893932492370323323780371834663438472308145", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "8252156875535418429533049587170755750275631534314711502253775796882240991261", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "32910829712934971129644416249914075073083903821282503505466324428991624789936", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "49412601297460128335642438246716127241669915737656789613664349252868389975962", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "841661305510340459373323516098909074520942972558284146843779636353111592117", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "37926489020263024391336570420006226544461516787280929232555625742588667303947", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "18433043696013996573551852847056868761017170818820490351056924728720017242180", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "45376910275288438312773930242803223482318753992595269901397542214841496212310", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "47854349410014339708332226068958253098964727682486278458389508597930796651514", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "32638426693771251366613055506166587312642876874690861030672730491779486904360", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "19105439281696418043426755774110765432959446684037017837894045255490581318047", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "13484299981373196201166722380389594773562113262309564134825386266765751213853", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "63360321133852659797114062808297090090814531427710842859827725871241144161", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "42427543035537409467993338717379268954936885184662765745740070438835506287271", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "149101987103211771991327927827692640556911620408176100290586418839323044234", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "8341764062226826803887898710015561861526081583071950015446833446251359696930", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "45635980415044299013530304465786867101223925975971912073759959440335364441441", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "49833261156201520743834327917353893365097424877680239796845398698940689734850", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "26764715016591436228000634284249890185894507497739511725029482580508707525029", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "25054530812095491217523557726611612265064441619646263299990388543372685322499", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "47654590955096246997622155031169641628093104787883934397920286718814889326452", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "16463825890556752307085325855351334996898686633642574805918056141310194135796", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "17473961341633494489168064889016732306117097771640351649096482400214968053040", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "49914603434867854893558366922996753035832008639512305549839666311012232077468", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "17122578514152308432111470949473865420090463026624297565504381163777697818362", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "34870689836420861427379101859113225049736283485335674111421609473028315711541", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "4622082908476410083286670201138165773322781640914243047922441301693321472984", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "6079244375752010013798561155333454682564824861645642293573415833483620500976", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "2635090520059500019661864086615522409798872905401305311748231832709078452746", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "19070766579582338321241892986615538320421651429118757507174186491084617237586", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "12622420533971517050761060317049369208980632120901481436392835424625664738526", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "8965101225657199137904506150282256568170501907667138404080397024857524386266", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "27085091008069524593196374148553176565775450537072498305327481366756159319838", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "45929056591150668409624595495643698205830429971690813312608217341940499221218", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "50361689160518167880500080025023064746137161030119436080957023803101861300846", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "6722586346537620732668048024627882970582133613352245923413730968378696371065", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "7340485916200743279276570085958556798507770452421357119145466906520506506342", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "25946733168219652706630789514519162148860502996914241011500280690204368174083", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "9962367658743163006517635070396368828381757404628822422306438427554934645464", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "7221669722700687417346373353960536661883467014204005276831020252277657076044", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "21487980358388383563030903293359140836304488103090321183948009095669344637431", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "44389482047246878765773958430749333249729101516826571588063797358040130313157", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "32887270862917330820874162842519225370447850172085449103568878409533683733185", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "15453393396765207016379045014101989306173462885430532298601655955681532648226", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "5478929644476681096437469958231489102974161353940993351588559414552523375472", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "41981370411247590312677561209178363054744730805951096631186178388981705304138", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "3474136981645476955784428843999869229067282976757744542648188369810577298585", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "26251477770740399889956219915654371915771248171098220204692699710414817081869", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "51916561889718854106125837319509539220778634838409949714061033196765117231752", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "25355145802812435959748831835587713214179184608408449220418373832038339021974", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "31950684570730625275416731570246297947385359051792335826965013637877068017530", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "40966378914980473680181850710703295982197782082391794594149984057481543436879", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "1141315130963422417761731263662398620858625339733452795772225916965481730059", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "9812100862165422922235757591915383485338044715409891361026651619010947646011", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "25276091996614379065765602410190790163396484122487585763380676888280427744737", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "18512694312063606403196469408971540495273694846641903978723927656359350642619", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "5791584766415439694303685437881192048262049244830616851865505314899699012588", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "34501536331706470927069149344450300773777486993504673779438188495686129846168", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "10797737565565774079718466476236831116206064650762676383469703413649447678207", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "42599392747310354323136214835734307933597896695637215127297036595538235868368", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "1336670998775417133322626564820911986969949054454812685145275612519924150700", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "2630141283339761901081411552890260088516693208402906795133548756078952896770", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "5206688943117414740600380377278238268309952400341418217132724749372435975215", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "10739264253827005683370721104077252560524362323422172665530191908848354339715", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "48010640624945719826344492755710886355389194986527731603685956726907395779674", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "47880724693177306044229143357252697148359033158394459365791331000715957339701", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "51658938856669444737833983076793759752280196674149218924101718974926964118996", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "27558055650076329657496888512074319504342606463881203707330358472954748913263", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "38886981777859313701520424626728402175860609948757992393598285291689196608037", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "17152756165118461969542990684402410297675979513690903033350206658079448802479", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "43766946932033687220387514221943418338304186408056458476301583041390483707207", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "24324495647041812436929170644873622904287038078113808264580396461953421400343", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "6935839211798937659784055008131602708847374430164859822530563797964932598700", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "42126767398190942911395299419182514513368023621144776598842282267908712110039", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "5702364486091252903915715761606014714345316580946072019346660327857498603375", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "28184981699552917714085740963279595942132561155181044254318202220270242523053", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "27078204494010940048327822707224393686245007379331357330801926151074766130790", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "5004172841233947987988267535285080365124079140142987718231874743202918551203", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "7974360962120296064882769128577382489451060235999590492215336103105134345602", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "48062035869818179910046292951628308709251170031813126950740044942870578526376", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "26361151154829600651603985995297072258262605598910254660032612019129606811983", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "46973867849986280770641828877435510444176572688208439836496241838832695841519", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "1219439673853113792340300173186247996249367102884530407862469123523013083971", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "8063356002935671186275773257019749639571745240775941450161086349727882957042", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "8815571992701260640209942886673939234666734294275300852283020522390608544536", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "36384568984671043678320545346945893232044626942887414733675890845013312931948", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "7493936589040764830842760521372106574503511314427857201860148571929278344956", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "26516538878265871822073279450474977673130300973488209984756372331392531193948", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "3872858659373466814413243601289105962248870842202907364656526273784217311104", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "8291822807524000248589997648893671538524566700364221355689839490238724479848", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "32842548776827046388198955038089826231531188946525483251252938248379132381248", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "10749428410907700061565796335489079278748501945557710351216806276547834974736", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "43342287917341177925402357903832370099402579088513884654598017447701677948416", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "29658571352070370791360499299098360881857072189358092237807807261478461425147", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "7805182565862454238315452208989152534554369855020544477885853141626690738363", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "30699555847500141715826240743138908521140760599479365867708690318477369178275", + ) + .map_err(|_| ()) + .unwrap(), + ], + vec![ + F::from_str( + "1231951350103545216624376889222508148537733140742167414518514908719103925687", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "24784260089125933876714702247471508077514206350883487938806451152907502751770", + ) + .map_err(|_| ()) + .unwrap(), + F::from_str( + "36563542611079418454711392295126742705798573252480028863133394504154697924536", + ) + .map_err(|_| ()) + .unwrap(), + ], + ]; + let full_rounds = 8; + let total_rounds = 37; + let partial_rounds = total_rounds - full_rounds; + PoseidonParameters { + full_rounds, + partial_rounds, + alpha, + ark, + mds, + } } } diff --git a/src/marlin/marlin_pc/mod.rs b/src/marlin/marlin_pc/mod.rs index d101e3ae..290eaf01 100644 --- a/src/marlin/marlin_pc/mod.rs +++ b/src/marlin/marlin_pc/mod.rs @@ -11,6 +11,8 @@ use ark_std::{marker::PhantomData, ops::Div, vec}; mod data_structures; pub use data_structures::*; +use crate::challenge::ChallengeGenerator; +use ark_sponge::{CryptographicSponge, FieldBasedCryptographicSponge}; /// Polynomial commitment based on [[KZG10]][kzg], with degree enforcement, batching, /// and (optional) hiding property taken from [[CHMMVW20, “Marlin”]][marlin]. @@ -24,7 +26,7 @@ pub use data_structures::*; /// /// [kzg]: http://cacr.uwaterloo.ca/techreports/2010/cacr2010-10.pdf /// [marlin]: https://eprint.iacr.org/2019/104 -pub struct MarlinKZG10> { +pub struct MarlinKZG10, S: FieldBasedCryptographicSponge> { _engine: PhantomData, _poly: PhantomData

, } @@ -50,10 +52,11 @@ pub(crate) fn shift_polynomial>( } } -impl PolynomialCommitment for MarlinKZG10 +impl PolynomialCommitment for MarlinKZG10 where E: PairingEngine, P: UVPolynomial, + S: FieldBasedCryptographicSponge, for<'a, 'b> &'a P: Div<&'b P, Output = P>, { type UniversalParams = UniversalParams; @@ -242,12 +245,12 @@ where } /// On input a polynomial `p` and a point `point`, outputs a proof for the same. - fn open_individual_opening_challenges<'a>( + fn open<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator>, _commitments: impl IntoIterator>, point: &'a P::Point, - opening_challenges: &dyn Fn(u64) -> E::Fr, + mut opening_challenges: ChallengeGenerator, rands: impl IntoIterator, _rng: Option<&mut dyn RngCore>, ) -> Result @@ -280,7 +283,7 @@ where )?; // compute challenge^j and challenge^{j+1}. - let challenge_j = opening_challenges(opening_challenge_counter); + let challenge_j = opening_challenges.next_challenge(); opening_challenge_counter += 1; assert_eq!(degree_bound.is_some(), rand.shifted_rand.is_some()); @@ -340,7 +343,7 @@ where /// Verifies that `value` is the evaluation at `x` of the polynomial /// committed inside `comm`. - fn check_individual_opening_challenges<'a>( + fn check<'a>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, point: &'a P::Point, @@ -366,7 +369,7 @@ where Ok(result) } - fn batch_check_individual_opening_challenges<'a, R: RngCore>( + fn batch_check<'a, R: RngCore>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, query_set: &QuerySet, @@ -399,7 +402,7 @@ where Ok(result) } - fn open_combinations_individual_opening_challenges<'a>( + fn open_combinations<'a>( ck: &Self::CommitterKey, lc_s: impl IntoIterator>, polynomials: impl IntoIterator>, @@ -428,7 +431,7 @@ where /// Checks that `values` are the true evaluations at `query_set` of the polynomials /// committed in `labeled_commitments`. - fn check_combinations_individual_opening_challenges<'a, R: RngCore>( + fn check_combinations<'a, R: RngCore>( vk: &Self::VerifierKey, lc_s: impl IntoIterator>, commitments: impl IntoIterator>, @@ -455,7 +458,7 @@ where /// On input a list of labeled polynomials and a query set, `open` outputs a proof of evaluation /// of the polynomials at the points in the query set. - fn batch_open_individual_opening_challenges<'a>( + fn batch_open<'a>( ck: &CommitterKey, labeled_polynomials: impl IntoIterator>, commitments: impl IntoIterator>>, @@ -510,7 +513,7 @@ where } let proof_time = start_timer!(|| "Creating proof"); - let proof = Self::open_individual_opening_challenges( + let proof = Self::open( ck, query_polys, query_comms, diff --git a/src/marlin/marlin_pst13_pc/mod.rs b/src/marlin/marlin_pst13_pc/mod.rs index 9a268b23..54d30838 100644 --- a/src/marlin/marlin_pst13_pc/mod.rs +++ b/src/marlin/marlin_pst13_pc/mod.rs @@ -438,7 +438,7 @@ where } /// On input a polynomial `p` and a point `point`, outputs a proof for the same. - fn open_individual_opening_challenges<'a>( + fn open<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator>, _commitments: impl IntoIterator>, @@ -537,7 +537,7 @@ where /// Verifies that `value` is the evaluation at `x` of the polynomial /// committed inside `comm`. - fn check_individual_opening_challenges<'a>( + fn check<'a>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, point: &'a P::Point, @@ -580,7 +580,7 @@ where Ok(lhs == rhs) } - fn batch_check_individual_opening_challenges<'a, R: RngCore>( + fn batch_check<'a, R: RngCore>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, query_set: &QuerySet, @@ -655,7 +655,7 @@ where Ok(result) } - fn open_combinations_individual_opening_challenges<'a>( + fn open_combinations<'a>( ck: &Self::CommitterKey, lc_s: impl IntoIterator>, polynomials: impl IntoIterator>, @@ -684,7 +684,7 @@ where /// Checks that `values` are the true evaluations at `query_set` of the polynomials /// committed in `labeled_commitments`. - fn check_combinations_individual_opening_challenges<'a, R: RngCore>( + fn check_combinations<'a, R: RngCore>( vk: &Self::VerifierKey, lc_s: impl IntoIterator>, commitments: impl IntoIterator>, diff --git a/src/marlin/mod.rs b/src/marlin/mod.rs index 12c91976..b42bc236 100644 --- a/src/marlin/mod.rs +++ b/src/marlin/mod.rs @@ -6,6 +6,8 @@ use crate::{PCRandomness, Polynomial, PolynomialCommitment}; use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve}; use ark_ff::{One, Zero}; use ark_std::{convert::TryInto, hash::Hash, ops::AddAssign}; +use ark_sponge::FieldBasedCryptographicSponge; +use crate::challenge::ChallengeGenerator; /// Polynomial commitment scheme from [[KZG10]][kzg] that enforces /// strict degree bounds and (optionally) enables hiding commitments by @@ -210,13 +212,13 @@ impl Marlin { /// On input a list of polynomials, linear combinations of those polynomials, /// and a query set, `open_combination` outputs a proof of evaluation of /// the combinations at the points in the query set. - fn open_combinations_individual_opening_challenges<'a, P, D, PC>( + fn open_combinations_individual_opening_challenges<'a, P, D, PC, S>( ck: &PC::CommitterKey, lc_s: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenges: &dyn Fn(u64) -> E::Fr, + mut opening_challenges: ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result, Error> @@ -226,10 +228,12 @@ impl Marlin { PC: PolynomialCommitment< E::Fr, P, + S, Commitment = marlin_pc::Commitment, PreparedCommitment = marlin_pc::PreparedCommitment, Error = Error, >, + S: FieldBasedCryptographicSponge, PC::Randomness: 'a + AddAssign<(E::Fr, &'a PC::Randomness)>, PC::Commitment: 'a, { @@ -292,7 +296,7 @@ impl Marlin { .map(|((label, d), c)| LabeledCommitment::new(label, c, d)) .collect::>(); - let proof = PC::batch_open_individual_opening_challenges( + let proof = PC::batch_open( ck, lc_polynomials.iter(), lc_commitments.iter(), @@ -387,7 +391,7 @@ impl Marlin { .collect::>(); end_timer!(combined_comms_norm_time); - PC::batch_check_individual_opening_challenges( + PC::batch_check( vk, &lc_commitments, &query_set, From df48b6625c1d7d098f3de3640fc5671a6a17eb06 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Tue, 6 Jul 2021 23:00:15 -0700 Subject: [PATCH 05/25] api update 1 --- src/challenge.rs | 55 ++-- src/data_structures.rs | 13 +- src/lib.rs | 618 +++++++++++++++++++++-------------------- 3 files changed, 343 insertions(+), 343 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index 1e09deb8..435e71ce 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -1,35 +1,19 @@ use ark_ff::PrimeField; -use ark_sponge::FieldBasedCryptographicSponge; - -/// State stored for univariate generator -#[derive(Copy, Clone)] -pub struct UnivariateGeneratorState { - gen: F, - next: F, -} - -impl UnivariateGeneratorState { - fn new(gen: F) -> Self { - Self { gen, next: gen } - } - - fn get_next(&mut self) -> F { - let result = self.next; - self.next *= self.gen; - result - } -} +use ark_sponge::CryptographicSponge; /// Challenge Generator (todo doc) -#[derive(Copy, Clone)] -pub enum ChallengeGenerator<'a, F: PrimeField, S: 'a + FieldBasedCryptographicSponge> { +/// TODO: probably move it to sponge +/// Note that mutable reference cannot be cloned. +pub enum ChallengeGenerator<'a, F: PrimeField, S: 'a + CryptographicSponge> { /// Each challenge is freshly squeezed from a sponge. Multivariate(&'a mut S), - /// ach challenge is a power of one squeezed element from sponge. - Univariate(UnivariateGeneratorState), + /// Each challenge is a power of one squeezed element from sponge. + /// + /// `Univariate(generator, next_element)` + Univariate(F, F), } -impl<'a, F: PrimeField, S: 'a + FieldBasedCryptographicSponge> ChallengeGenerator<'a, F, S> { +impl<'a, F: PrimeField, S: 'a + CryptographicSponge> ChallengeGenerator<'a, F, S> { /// Returns a challenge generator with multivariate strategy. Each challenge is freshly squeezed /// from a sponge. pub fn new_multivariate(sponge: &'a mut S) -> Self { @@ -39,20 +23,21 @@ impl<'a, F: PrimeField, S: 'a + FieldBasedCryptographicSponge> ChallengeGener /// Returns a challenge generator with univariate strategy. Each challenge is a power of one /// squeezed element from sponge. pub fn new_univariate(sponge: &mut S) -> Self { - let gen = sponge.squeeze_native_field_elements(1)[0]; - let univariate_state = UnivariateGeneratorState::new(gen); - Self::Univariate(univariate_state) + let gen = sponge.squeeze_field_elements(1)[0]; + Self::Univariate(gen, gen) } /// Returns the next challenge generated. pub fn next_challenge(&mut self) -> F { - if let Self::Multivariate(s) = self { - s.squeeze_native_field_elements(1)[0] - } else if let Self::Univariate(s) = self { - s.get_next() - } else { - // should not happen - panic!() + match self { + Self::Multivariate(s) => s.squeeze_field_elements(1)[0], + Self::Univariate(gen, next) => { + let result = next.clone(); + *next *= *gen; + result + } } } + + // TODO: pub fn next_challenge_with_bit_size -> Option } diff --git a/src/data_structures.rs b/src/data_structures.rs index 41e74e0f..13ad3aec 100644 --- a/src/data_structures.rs +++ b/src/data_structures.rs @@ -1,6 +1,7 @@ use crate::{Polynomial, PolynomialCommitment, Rc, String, Vec}; -use ark_ff::{Field, ToConstraintField}; +use ark_ff::{Field, PrimeField, ToConstraintField}; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SerializationError}; +use ark_sponge::CryptographicSponge; use ark_std::rand::RngCore; use ark_std::{ borrow::Borrow, @@ -8,7 +9,6 @@ use ark_std::{ marker::PhantomData, ops::{AddAssign, MulAssign, SubAssign}, }; -use ark_sponge::FieldBasedCryptographicSponge; /// Labels a `LabeledPolynomial` or a `LabeledCommitment`. pub type PolynomialLabel = String; @@ -105,12 +105,17 @@ pub trait PCProof: Clone + ark_ff::ToBytes + CanonicalSerialize + CanonicalDeser /// A proof of satisfaction of linear combinations. #[derive(Clone, CanonicalSerialize, CanonicalDeserialize)] -pub struct BatchLCProof, PC: PolynomialCommitment, S: FieldBasedCryptographicSponge> { +pub struct BatchLCProof< + F: PrimeField, + P: Polynomial, + PC: PolynomialCommitment, + S: CryptographicSponge, +> { /// Evaluation proof. pub proof: PC::BatchProof, /// Evaluations required to verify the proof. pub evals: Option>, - _sponge: PhantomData + pub(crate) _sponge: PhantomData, } /// A polynomial along with information about its degree bound (if any), and the diff --git a/src/lib.rs b/src/lib.rs index e4ea65c1..71cbfa30 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -10,6 +10,7 @@ #![deny(unused_comparisons, bare_trait_objects, unused_must_use, const_err)] #![forbid(unsafe_code)] +#[allow(unused)] #[macro_use] extern crate derivative; #[macro_use] @@ -49,7 +50,8 @@ pub use error::*; /// the approach outlined in [[CHMMVW20, "Marlin"]][marlin]. /// /// [marlin]: https://eprint.iacr.org/2019/1047 -pub mod marlin; +/// TODO: refactor me! +// pub mod marlin; /// A random number generator that bypasses some limitations of the Rust borrow /// checker. @@ -107,15 +109,16 @@ pub mod challenge; /// [zgkpp]: https://ieeexplore.ieee.org/document/8418645 pub mod multilinear_pc; // TODO: no need to refactor, but still give a double check. -/// Multivariate polynomial commitment based on the construction in -/// [[PST13]][pst] with batching and (optional) hiding property inspired -/// by the univariate scheme in [[CHMMVW20, "Marlin"]][marlin] -/// -/// [pst]: https://eprint.iacr.org/2011/587.pdf -/// [marlin]: https://eprint.iacr.org/2019/104 -pub use marlin::marlin_pst13_pc; +// /// Multivariate polynomial commitment based on the construction in +// /// [[PST13]][pst] with batching and (optional) hiding property inspired +// /// by the univariate scheme in [[CHMMVW20, "Marlin"]][marlin] +// /// +// /// [pst]: https://eprint.iacr.org/2011/587.pdf +// /// [marlin]: https://eprint.iacr.org/2019/104 +// pub use marlin::marlin_pst13_pc; use crate::challenge::ChallengeGenerator; -use ark_sponge::FieldBasedCryptographicSponge; +use ark_sponge::CryptographicSponge; +use ark_std::marker::PhantomData; /// `QuerySet` is the set of queries that are to be made to a set of labeled polynomials/equations /// `p` that have previously been committed to. Each element of a `QuerySet` is a pair of @@ -134,7 +137,9 @@ pub type Evaluations = BTreeMap<(String, T), F>; /// a sender to commit to multiple polynomials and later provide a succinct proof /// of evaluation for the corresponding commitments at a query set `Q`, while /// enforcing per-polynomial degree bounds. -pub trait PolynomialCommitment, S: FieldBasedCryptographicSponge>: Sized { +pub trait PolynomialCommitment, S: CryptographicSponge>: + Sized +{ /// The universal parameters for the commitment scheme. These are "trimmed" /// down to `Self::CommitterKey` and `Self::VerifierKey` by `Self::trim`. type UniversalParams: PCUniversalParams; @@ -303,7 +308,7 @@ pub trait PolynomialCommitment, S: FieldBasedCry opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> + ) -> Result, Self::Error> where Self::Randomness: 'a, Self::Commitment: 'a, @@ -326,6 +331,7 @@ pub trait PolynomialCommitment, S: FieldBasedCry Ok(BatchLCProof { proof, evals: Some(poly_evals.values().copied().collect()), + _sponge: PhantomData, }) } @@ -336,14 +342,18 @@ pub trait PolynomialCommitment, S: FieldBasedCry commitments: impl IntoIterator>, eqn_query_set: &QuerySet, eqn_evaluations: &Evaluations, - proof: &BatchLCProof, + proof: &BatchLCProof, opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where Self::Commitment: 'a, { - let BatchLCProof { proof, evals } = proof; + let BatchLCProof { + proof, + evals, + _sponge: _, + } = proof; let lc_s = BTreeMap::from_iter(linear_combinations.into_iter().map(|lc| (lc.label(), lc))); @@ -522,13 +532,13 @@ pub mod tests { use crate::*; use ark_ff::Field; use ark_poly::Polynomial; + use ark_sponge::poseidon::PoseidonParameters; use ark_std::rand::{ distributions::{Distribution, Uniform}, rngs::StdRng, Rng, }; use ark_std::test_rng; - use ark_sponge::poseidon::PoseidonParameters; struct TestInfo> { num_iters: usize, @@ -541,19 +551,19 @@ pub mod tests { num_equations: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, } pub fn bad_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where F: PrimeField, P: Polynomial, PC: PolynomialCommitment, - S: FieldBasedCryptographicSponge + S: CryptographicSponge, { let rng = &mut test_rng(); let max_degree = 100; @@ -639,7 +649,7 @@ pub mod tests { F: Field, P: Polynomial, PC: PolynomialCommitment, - S: FieldBasedCryptographicSponge + S: CryptographicSponge, { let TestInfo { num_iters, @@ -652,7 +662,7 @@ pub mod tests { num_equations: _, rand_poly, rand_point, - opening_challenge + opening_challenge, } = info; let rng = &mut test_rng(); @@ -777,7 +787,7 @@ pub mod tests { F: Field, P: Polynomial, PC: PolynomialCommitment, - S: FieldBasedCryptographicSponge + S: CryptographicSponge, { let TestInfo { num_iters, @@ -790,7 +800,7 @@ pub mod tests { num_equations, rand_poly, rand_point, - opening_challenge + opening_challenge, } = info; let rng = &mut test_rng(); @@ -954,13 +964,13 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where F: PrimeField, P: Polynomial, PC: PolynomialCommitment, - S: FieldBasedCryptographicSponge + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -973,7 +983,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge + opening_challenge, }; test_template::(info) } @@ -981,13 +991,13 @@ pub mod tests { pub fn linear_poly_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where F: Field, P: Polynomial, PC: PolynomialCommitment, - S: FieldBasedCryptographicSponge + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -1000,7 +1010,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge + opening_challenge, }; test_template::(info) } @@ -1008,13 +1018,13 @@ pub mod tests { pub fn single_poly_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> - where - F: Field, - P: Polynomial, - PC: PolynomialCommitment, - S: FieldBasedCryptographicSponge + where + F: Field, + P: Polynomial, + PC: PolynomialCommitment, + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -1027,7 +1037,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge + opening_challenge, }; test_template::(info) } @@ -1035,13 +1045,13 @@ pub mod tests { pub fn quadratic_poly_degree_bound_multiple_queries_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> - where - F: Field, - P: Polynomial, - PC: PolynomialCommitment, - S: FieldBasedCryptographicSponge + where + F: Field, + P: Polynomial, + PC: PolynomialCommitment, + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -1054,7 +1064,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge + opening_challenge, }; test_template::(info) } @@ -1062,13 +1072,13 @@ pub mod tests { pub fn single_poly_degree_bound_multiple_queries_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> - where - F: Field, - P: Polynomial, - PC: PolynomialCommitment, - S: FieldBasedCryptographicSponge + where + F: Field, + P: Polynomial, + PC: PolynomialCommitment, + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -1081,7 +1091,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge + opening_challenge, }; test_template::(info) } @@ -1089,13 +1099,13 @@ pub mod tests { pub fn two_polys_degree_bound_single_query_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> - where - F: Field, - P: Polynomial, - PC: PolynomialCommitment, - S: FieldBasedCryptographicSponge + where + F: Field, + P: Polynomial, + PC: PolynomialCommitment, + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -1108,7 +1118,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge + opening_challenge, }; test_template::(info) } @@ -1117,7 +1127,7 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where F: Field, @@ -1144,7 +1154,7 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where F: Field, @@ -1162,7 +1172,7 @@ pub mod tests { num_equations: Some(10), rand_poly, rand_point, - opening_challenge + opening_challenge, }; equation_test_template::(info) } @@ -1171,7 +1181,7 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where F: Field, @@ -1189,7 +1199,7 @@ pub mod tests { num_equations: Some(1), rand_poly, rand_point, - opening_challenge + opening_challenge, }; equation_test_template::(info) } @@ -1198,7 +1208,7 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where F: Field, @@ -1216,7 +1226,7 @@ pub mod tests { num_equations: Some(2), rand_poly, rand_point, - opening_challenge + opening_challenge, }; equation_test_template::(info) } @@ -1224,7 +1234,7 @@ pub mod tests { pub fn two_equation_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where F: Field, @@ -1242,7 +1252,7 @@ pub mod tests { num_equations: Some(2), rand_poly, rand_point, - opening_challenge + opening_challenge, }; equation_test_template::(info) } @@ -1255,52 +1265,52 @@ pub mod tests { F::from_str( "43228725308391137369947362226390319299014033584574058394339561338097152657858", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "20729134655727743386784826341366384914431326428651109729494295849276339718592", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "14275792724825301816674509766636153429127896752891673527373812580216824074377", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "3039440043015681380498693766234886011876841428799441709991632635031851609481", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "6678863357926068615342013496680930722082156498064457711885464611323928471101", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "37355038393562575053091209735467454314247378274125943833499651442997254948957", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "26481612700543967643159862864328231943993263806649000633819754663276818191580", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "30103264397473155564098369644643015994024192377175707604277831692111219371047", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "5712721806190262694719203887224391960978962995663881615739647362444059585747", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], ]; let ark = vec![ @@ -1308,630 +1318,630 @@ pub mod tests { F::from_str( "44595993092652566245296379427906271087754779418564084732265552598173323099784", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "23298463296221002559050231199021122673158929708101049474262017406235785365706", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "34212491019164671611180318500074499609633402631511849759183986060951187784466", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "19098051134080182375553680073525644187968170656591203562523489333616681350367", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "7027675418691353855077049716619550622043312043660992344940177187528247727783", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "47642753235356257928619065424282314733361764347085604019867862722762702755609", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "24281836129477728386327945482863886685457469794572168729834072693507088619997", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "12624893078331920791384400430193929292743809612452779381349824703573823883410", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "22654862987689323504199204643771547606936339944127455903448909090318619188561", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "27229172992560143399715985732065737093562061782414043625359531774550940662372", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "13224952063922250960936823741448973692264041750100990569445192064567307041002", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "40380869235216625717296601204704413215735530626882135230693823362552484855508", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "4245751157938905689397184705633683893932492370323323780371834663438472308145", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "8252156875535418429533049587170755750275631534314711502253775796882240991261", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "32910829712934971129644416249914075073083903821282503505466324428991624789936", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "49412601297460128335642438246716127241669915737656789613664349252868389975962", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "841661305510340459373323516098909074520942972558284146843779636353111592117", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "37926489020263024391336570420006226544461516787280929232555625742588667303947", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "18433043696013996573551852847056868761017170818820490351056924728720017242180", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "45376910275288438312773930242803223482318753992595269901397542214841496212310", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "47854349410014339708332226068958253098964727682486278458389508597930796651514", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "32638426693771251366613055506166587312642876874690861030672730491779486904360", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "19105439281696418043426755774110765432959446684037017837894045255490581318047", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "13484299981373196201166722380389594773562113262309564134825386266765751213853", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "63360321133852659797114062808297090090814531427710842859827725871241144161", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "42427543035537409467993338717379268954936885184662765745740070438835506287271", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "149101987103211771991327927827692640556911620408176100290586418839323044234", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "8341764062226826803887898710015561861526081583071950015446833446251359696930", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "45635980415044299013530304465786867101223925975971912073759959440335364441441", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "49833261156201520743834327917353893365097424877680239796845398698940689734850", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "26764715016591436228000634284249890185894507497739511725029482580508707525029", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "25054530812095491217523557726611612265064441619646263299990388543372685322499", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "47654590955096246997622155031169641628093104787883934397920286718814889326452", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "16463825890556752307085325855351334996898686633642574805918056141310194135796", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "17473961341633494489168064889016732306117097771640351649096482400214968053040", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "49914603434867854893558366922996753035832008639512305549839666311012232077468", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "17122578514152308432111470949473865420090463026624297565504381163777697818362", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "34870689836420861427379101859113225049736283485335674111421609473028315711541", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "4622082908476410083286670201138165773322781640914243047922441301693321472984", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "6079244375752010013798561155333454682564824861645642293573415833483620500976", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "2635090520059500019661864086615522409798872905401305311748231832709078452746", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "19070766579582338321241892986615538320421651429118757507174186491084617237586", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "12622420533971517050761060317049369208980632120901481436392835424625664738526", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "8965101225657199137904506150282256568170501907667138404080397024857524386266", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "27085091008069524593196374148553176565775450537072498305327481366756159319838", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "45929056591150668409624595495643698205830429971690813312608217341940499221218", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "50361689160518167880500080025023064746137161030119436080957023803101861300846", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "6722586346537620732668048024627882970582133613352245923413730968378696371065", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "7340485916200743279276570085958556798507770452421357119145466906520506506342", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "25946733168219652706630789514519162148860502996914241011500280690204368174083", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "9962367658743163006517635070396368828381757404628822422306438427554934645464", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "7221669722700687417346373353960536661883467014204005276831020252277657076044", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "21487980358388383563030903293359140836304488103090321183948009095669344637431", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "44389482047246878765773958430749333249729101516826571588063797358040130313157", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "32887270862917330820874162842519225370447850172085449103568878409533683733185", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "15453393396765207016379045014101989306173462885430532298601655955681532648226", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "5478929644476681096437469958231489102974161353940993351588559414552523375472", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "41981370411247590312677561209178363054744730805951096631186178388981705304138", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "3474136981645476955784428843999869229067282976757744542648188369810577298585", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "26251477770740399889956219915654371915771248171098220204692699710414817081869", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "51916561889718854106125837319509539220778634838409949714061033196765117231752", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "25355145802812435959748831835587713214179184608408449220418373832038339021974", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "31950684570730625275416731570246297947385359051792335826965013637877068017530", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "40966378914980473680181850710703295982197782082391794594149984057481543436879", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "1141315130963422417761731263662398620858625339733452795772225916965481730059", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "9812100862165422922235757591915383485338044715409891361026651619010947646011", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "25276091996614379065765602410190790163396484122487585763380676888280427744737", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "18512694312063606403196469408971540495273694846641903978723927656359350642619", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "5791584766415439694303685437881192048262049244830616851865505314899699012588", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "34501536331706470927069149344450300773777486993504673779438188495686129846168", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "10797737565565774079718466476236831116206064650762676383469703413649447678207", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "42599392747310354323136214835734307933597896695637215127297036595538235868368", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "1336670998775417133322626564820911986969949054454812685145275612519924150700", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "2630141283339761901081411552890260088516693208402906795133548756078952896770", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "5206688943117414740600380377278238268309952400341418217132724749372435975215", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "10739264253827005683370721104077252560524362323422172665530191908848354339715", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "48010640624945719826344492755710886355389194986527731603685956726907395779674", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "47880724693177306044229143357252697148359033158394459365791331000715957339701", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "51658938856669444737833983076793759752280196674149218924101718974926964118996", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "27558055650076329657496888512074319504342606463881203707330358472954748913263", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "38886981777859313701520424626728402175860609948757992393598285291689196608037", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "17152756165118461969542990684402410297675979513690903033350206658079448802479", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "43766946932033687220387514221943418338304186408056458476301583041390483707207", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "24324495647041812436929170644873622904287038078113808264580396461953421400343", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "6935839211798937659784055008131602708847374430164859822530563797964932598700", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "42126767398190942911395299419182514513368023621144776598842282267908712110039", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "5702364486091252903915715761606014714345316580946072019346660327857498603375", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "28184981699552917714085740963279595942132561155181044254318202220270242523053", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "27078204494010940048327822707224393686245007379331357330801926151074766130790", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "5004172841233947987988267535285080365124079140142987718231874743202918551203", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "7974360962120296064882769128577382489451060235999590492215336103105134345602", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "48062035869818179910046292951628308709251170031813126950740044942870578526376", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "26361151154829600651603985995297072258262605598910254660032612019129606811983", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "46973867849986280770641828877435510444176572688208439836496241838832695841519", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "1219439673853113792340300173186247996249367102884530407862469123523013083971", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "8063356002935671186275773257019749639571745240775941450161086349727882957042", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "8815571992701260640209942886673939234666734294275300852283020522390608544536", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "36384568984671043678320545346945893232044626942887414733675890845013312931948", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "7493936589040764830842760521372106574503511314427857201860148571929278344956", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "26516538878265871822073279450474977673130300973488209984756372331392531193948", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "3872858659373466814413243601289105962248870842202907364656526273784217311104", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "8291822807524000248589997648893671538524566700364221355689839490238724479848", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "32842548776827046388198955038089826231531188946525483251252938248379132381248", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "10749428410907700061565796335489079278748501945557710351216806276547834974736", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "43342287917341177925402357903832370099402579088513884654598017447701677948416", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "29658571352070370791360499299098360881857072189358092237807807261478461425147", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "7805182565862454238315452208989152534554369855020544477885853141626690738363", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "30699555847500141715826240743138908521140760599479365867708690318477369178275", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], vec![ F::from_str( "1231951350103545216624376889222508148537733140742167414518514908719103925687", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "24784260089125933876714702247471508077514206350883487938806451152907502751770", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), F::from_str( "36563542611079418454711392295126742705798573252480028863133394504154697924536", ) - .map_err(|_| ()) - .unwrap(), + .map_err(|_| ()) + .unwrap(), ], ]; let full_rounds = 8; From 16932a996603b4d58324934824e67c3c9119afdf Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Tue, 6 Jul 2021 23:05:09 -0700 Subject: [PATCH 06/25] api update 2 --- src/challenge.rs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/challenge.rs b/src/challenge.rs index 435e71ce..aa8e33c5 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -2,7 +2,7 @@ use ark_ff::PrimeField; use ark_sponge::CryptographicSponge; /// Challenge Generator (todo doc) -/// TODO: probably move it to sponge +/// TODO: move it to sponge /// Note that mutable reference cannot be cloned. pub enum ChallengeGenerator<'a, F: PrimeField, S: 'a + CryptographicSponge> { /// Each challenge is freshly squeezed from a sponge. @@ -39,5 +39,14 @@ impl<'a, F: PrimeField, S: 'a + CryptographicSponge> ChallengeGenerator<'a, F, S } } + pub fn next_challenge_of_size(&mut self, size: ark_sponge::FieldElementSize) -> F { + match self{ + Self::Multivariate(s) => s.squeeze_field_elements_with_sizes(&[size])[0], + Self::Univariate(gen, next) => { + panic!("`next_challenge_of_size` only supports multivariate generator.") + } + } + } + // TODO: pub fn next_challenge_with_bit_size -> Option } From 04e1e5db1f0983d9d1cb7f022703af2d976f69f2 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Tue, 6 Jul 2021 23:07:41 -0700 Subject: [PATCH 07/25] api update 2 --- src/challenge.rs | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index aa8e33c5..0f579a8b 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -39,10 +39,15 @@ impl<'a, F: PrimeField, S: 'a + CryptographicSponge> ChallengeGenerator<'a, F, S } } + /// Returns the next challenge generated where next challenge has `size` bits. Only works for + /// multivariate generator. + /// + /// ## Panics + /// This function will panic if `self` is univariate. pub fn next_challenge_of_size(&mut self, size: ark_sponge::FieldElementSize) -> F { - match self{ + match self { Self::Multivariate(s) => s.squeeze_field_elements_with_sizes(&[size])[0], - Self::Univariate(gen, next) => { + Self::Univariate(_, _) => { panic!("`next_challenge_of_size` only supports multivariate generator.") } } From b41c6fce732088c35bfdbb614c2f15a68bbe25e6 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Wed, 7 Jul 2021 22:20:38 -0700 Subject: [PATCH 08/25] ipa_pc --- src/challenge.rs | 23 +- src/ipa_pc/mod.rs | 179 +++++++---- src/lib.rs | 787 ++++------------------------------------------ 3 files changed, 201 insertions(+), 788 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index 0f579a8b..7e2dcb2b 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -2,21 +2,21 @@ use ark_ff::PrimeField; use ark_sponge::CryptographicSponge; /// Challenge Generator (todo doc) -/// TODO: move it to sponge /// Note that mutable reference cannot be cloned. -pub enum ChallengeGenerator<'a, F: PrimeField, S: 'a + CryptographicSponge> { +#[derive(Clone)] +pub enum ChallengeGenerator { /// Each challenge is freshly squeezed from a sponge. - Multivariate(&'a mut S), + Multivariate(S), /// Each challenge is a power of one squeezed element from sponge. /// /// `Univariate(generator, next_element)` Univariate(F, F), } -impl<'a, F: PrimeField, S: 'a + CryptographicSponge> ChallengeGenerator<'a, F, S> { +impl ChallengeGenerator { /// Returns a challenge generator with multivariate strategy. Each challenge is freshly squeezed /// from a sponge. - pub fn new_multivariate(sponge: &'a mut S) -> Self { + pub fn new_multivariate(sponge: S) -> Self { Self::Multivariate(sponge) } @@ -47,11 +47,20 @@ impl<'a, F: PrimeField, S: 'a + CryptographicSponge> ChallengeGenerator<'a, F, S pub fn next_challenge_of_size(&mut self, size: ark_sponge::FieldElementSize) -> F { match self { Self::Multivariate(s) => s.squeeze_field_elements_with_sizes(&[size])[0], - Self::Univariate(_, _) => { + _ => { panic!("`next_challenge_of_size` only supports multivariate generator.") } } } - // TODO: pub fn next_challenge_with_bit_size -> Option + /// Returns the sponge state if `self` is multivariate. + /// + /// ## Panics + /// This function will panic is `self` is univariate. + pub fn into_sponge(self) -> S { + match self { + Self::Multivariate(s) => s, + _ => panic!("only multivariate generator can be converted to sponge."), + } + } } diff --git a/src/ipa_pc/mod.rs b/src/ipa_pc/mod.rs index 03ca3f8c..07e88380 100644 --- a/src/ipa_pc/mod.rs +++ b/src/ipa_pc/mod.rs @@ -14,6 +14,8 @@ pub use data_structures::*; #[cfg(feature = "parallel")] use rayon::prelude::*; +use crate::challenge::ChallengeGenerator; +use ark_sponge::CryptographicSponge; use digest::Digest; /// A polynomial commitment scheme based on the hardness of the @@ -29,13 +31,25 @@ use digest::Digest; /// /// [pcdas]: https://eprint.iacr.org/2020/499 /// [marlin]: https://eprint.iacr.org/2019/1047 -pub struct InnerProductArgPC> { +pub struct InnerProductArgPC< + G: AffineCurve, + D: Digest, + P: UVPolynomial, + S: CryptographicSponge, +> { _projective: PhantomData, _digest: PhantomData, _poly: PhantomData

, + _sponge: PhantomData, } -impl> InnerProductArgPC { +impl InnerProductArgPC +where + G: AffineCurve, + D: Digest, + P: UVPolynomial, + S: CryptographicSponge, +{ /// `PROTOCOL_NAME` is used as a seed for the setup function. pub const PROTOCOL_NAME: &'static [u8] = b"PC-DL-2020"; @@ -88,7 +102,7 @@ impl> InnerProductArg point: G::ScalarField, values: impl IntoIterator, proof: &Proof, - opening_challenges: &dyn Fn(u64) -> G::ScalarField, + opening_challenges: &mut ChallengeGenerator, //&dyn Fn(u64) -> G::ScalarField, ) -> Option> { let check_time = start_timer!(|| "Succinct checking"); @@ -100,9 +114,7 @@ impl> InnerProductArg let mut combined_commitment_proj = G::Projective::zero(); let mut combined_v = G::ScalarField::zero(); - let mut opening_challenge_counter = 0; - let mut cur_challenge = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + let mut cur_challenge = opening_challenges.next_challenge(); let labeled_commitments = commitments.into_iter(); let values = values.into_iter(); @@ -111,8 +123,7 @@ impl> InnerProductArg let commitment = labeled_commitment.commitment(); combined_v += &(cur_challenge * &value); combined_commitment_proj += &labeled_commitment.commitment().comm.mul(cur_challenge); - cur_challenge = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + cur_challenge = opening_challenges.next_challenge(); let degree_bound = labeled_commitment.degree_bound(); assert_eq!(degree_bound.is_some(), commitment.shifted_comm.is_some()); @@ -123,8 +134,7 @@ impl> InnerProductArg combined_commitment_proj += &commitment.shifted_comm.unwrap().mul(cur_challenge); } - cur_challenge = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + cur_challenge = opening_challenges.next_challenge(); } let mut combined_commitment = combined_commitment_proj.into_affine(); @@ -302,11 +312,12 @@ impl> InnerProductArg } } -impl PolynomialCommitment for InnerProductArgPC +impl PolynomialCommitment for InnerProductArgPC where G: AffineCurve, D: Digest, P: UVPolynomial, + S: CryptographicSponge, { type UniversalParams = UniversalParams; type CommitterKey = CommitterKey; @@ -450,12 +461,12 @@ where Ok((comms, rands)) } - fn open_individual_opening_challenges<'a>( + fn open<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator>, commitments: impl IntoIterator>, point: &'a P::Point, - opening_challenges: &dyn Fn(u64) -> G::ScalarField, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result @@ -476,9 +487,7 @@ where let combine_time = start_timer!(|| "Combining polynomials, randomness, and commitments."); - let mut opening_challenge_counter = 0; - let mut cur_challenge = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + let mut cur_challenge = opening_challenges.next_challenge(); for (labeled_polynomial, (labeled_commitment, randomness)) in polys_iter.zip(comms_iter.zip(rands_iter)) @@ -500,8 +509,7 @@ where combined_rand += &(cur_challenge * &randomness.rand); } - cur_challenge = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + cur_challenge = opening_challenges.next_challenge(); let has_degree_bound = degree_bound.is_some(); @@ -534,8 +542,7 @@ where } } - cur_challenge = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + cur_challenge = opening_challenges.next_challenge(); } end_timer!(combine_time); @@ -694,13 +701,13 @@ where }) } - fn check_individual_opening_challenges<'a>( + fn check<'a>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, point: &'a P::Point, values: impl IntoIterator, proof: &Self::Proof, - opening_challenges: &dyn Fn(u64) -> G::ScalarField, + opening_challenges: &mut ChallengeGenerator, _rng: Option<&mut dyn RngCore>, ) -> Result where @@ -745,13 +752,13 @@ where Ok(true) } - fn batch_check_individual_opening_challenges<'a, R: RngCore>( + fn batch_check<'a, R: RngCore>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, query_set: &QuerySet, values: &Evaluations, proof: &Self::BatchProof, - opening_challenges: &dyn Fn(u64) -> G::ScalarField, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -831,16 +838,16 @@ where Ok(true) } - fn open_combinations_individual_opening_challenges<'a>( + fn open_combinations<'a>( ck: &Self::CommitterKey, lc_s: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenges: &dyn Fn(u64) -> G::ScalarField, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> + ) -> Result, Self::Error> where Self::Randomness: 'a, Self::Commitment: 'a, @@ -927,7 +934,7 @@ where let lc_commitments = Self::construct_labeled_commitments(&lc_info, &lc_commitments); - let proof = Self::batch_open_individual_opening_challenges( + let proof = Self::batch_open( ck, lc_polynomials.iter(), lc_commitments.iter(), @@ -936,19 +943,23 @@ where lc_randomness.iter(), rng, )?; - Ok(BatchLCProof { proof, evals: None }) + Ok(BatchLCProof { + proof, + evals: None, + _sponge: PhantomData, + }) } /// Checks that `values` are the true evaluations at `query_set` of the polynomials /// committed in `labeled_commitments`. - fn check_combinations_individual_opening_challenges<'a, R: RngCore>( + fn check_combinations<'a, R: RngCore>( vk: &Self::VerifierKey, lc_s: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, evaluations: &Evaluations, - proof: &BatchLCProof, - opening_challenges: &dyn Fn(u64) -> G::ScalarField, + proof: &BatchLCProof, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -1015,7 +1026,7 @@ where let lc_commitments = Self::construct_labeled_commitments(&lc_info, &lc_commitments); - Self::batch_check_individual_opening_challenges( + Self::batch_check( vk, &lc_commitments, &query_set, @@ -1032,15 +1043,18 @@ mod tests { #![allow(non_camel_case_types)] use super::InnerProductArgPC; + use ark_ec::AffineCurve; use ark_ed_on_bls12_381::{EdwardsAffine, Fr}; use ark_ff::PrimeField; use ark_poly::{univariate::DensePolynomial as DensePoly, UVPolynomial}; + use ark_sponge::poseidon::PoseidonSponge; use ark_std::rand::rngs::StdRng; use blake2::Blake2s; type UniPoly = DensePoly; - type PC = InnerProductArgPC; - type PC_JJB2S = PC; + type Sponge = PoseidonSponge<::ScalarField>; + type PC = InnerProductArgPC; + type PC_JJB2S = PC; fn rand_poly(degree: usize, _: Option, rng: &mut StdRng) -> DensePoly { DensePoly::rand(degree, rng) @@ -1057,23 +1071,34 @@ mod tests { #[test] fn single_poly_test() { use crate::tests::*; - single_poly_test::<_, _, PC_JJB2S>(None, rand_poly::, rand_point::) - .expect("test failed for ed_on_bls12_381-blake2s"); + single_poly_test::<_, _, PC_JJB2S, _>( + None, + rand_poly::, + rand_point::, + multivariate_challenge_generator_for_test, + ) + .expect("test failed for ed_on_bls12_381-blake2s"); } #[test] fn constant_poly_test() { use crate::tests::*; - single_poly_test::<_, _, PC_JJB2S>(None, constant_poly::, rand_point::) - .expect("test failed for ed_on_bls12_381-blake2s"); + single_poly_test::<_, _, PC_JJB2S, _>( + None, + constant_poly::, + rand_point::, + multivariate_challenge_generator_for_test, + ) + .expect("test failed for ed_on_bls12_381-blake2s"); } #[test] fn quadratic_poly_degree_bound_multiple_queries_test() { use crate::tests::*; - quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_JJB2S>( + quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_JJB2S, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); } @@ -1081,23 +1106,32 @@ mod tests { #[test] fn linear_poly_degree_bound_test() { use crate::tests::*; - linear_poly_degree_bound_test::<_, _, PC_JJB2S>(rand_poly::, rand_point::) - .expect("test failed for ed_on_bls12_381-blake2s"); + linear_poly_degree_bound_test::<_, _, PC_JJB2S, _>( + rand_poly::, + rand_point::, + multivariate_challenge_generator_for_test, + ) + .expect("test failed for ed_on_bls12_381-blake2s"); } #[test] fn single_poly_degree_bound_test() { use crate::tests::*; - single_poly_degree_bound_test::<_, _, PC_JJB2S>(rand_poly::, rand_point::) - .expect("test failed for ed_on_bls12_381-blake2s"); + single_poly_degree_bound_test::<_, _, PC_JJB2S, _>( + rand_poly::, + rand_point::, + multivariate_challenge_generator_for_test, + ) + .expect("test failed for ed_on_bls12_381-blake2s"); } #[test] fn single_poly_degree_bound_multiple_queries_test() { use crate::tests::*; - single_poly_degree_bound_multiple_queries_test::<_, _, PC_JJB2S>( + single_poly_degree_bound_multiple_queries_test::<_, _, PC_JJB2S, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); } @@ -1105,9 +1139,10 @@ mod tests { #[test] fn two_polys_degree_bound_single_query_test() { use crate::tests::*; - two_polys_degree_bound_single_query_test::<_, _, PC_JJB2S>( + two_polys_degree_bound_single_query_test::<_, _, PC_JJB2S, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); } @@ -1115,40 +1150,64 @@ mod tests { #[test] fn full_end_to_end_test() { use crate::tests::*; - full_end_to_end_test::<_, _, PC_JJB2S>(None, rand_poly::, rand_point::) - .expect("test failed for ed_on_bls12_381-blake2s"); + full_end_to_end_test::<_, _, PC_JJB2S, _>( + None, + rand_poly::, + rand_point::, + multivariate_challenge_generator_for_test, + ) + .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); } #[test] fn single_equation_test() { use crate::tests::*; - single_equation_test::<_, _, PC_JJB2S>(None, rand_poly::, rand_point::) - .expect("test failed for ed_on_bls12_381-blake2s"); + single_equation_test::<_, _, PC_JJB2S, _>( + None, + rand_poly::, + rand_point::, + multivariate_challenge_generator_for_test, + ) + .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); } #[test] fn two_equation_test() { use crate::tests::*; - two_equation_test::<_, _, PC_JJB2S>(None, rand_poly::, rand_point::) - .expect("test failed for ed_on_bls12_381-blake2s"); + two_equation_test::<_, _, PC_JJB2S, _>( + None, + rand_poly::, + rand_point::, + multivariate_challenge_generator_for_test, + ) + .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); } #[test] fn two_equation_degree_bound_test() { use crate::tests::*; - two_equation_degree_bound_test::<_, _, PC_JJB2S>(rand_poly::, rand_point::) - .expect("test failed for ed_on_bls12_381-blake2s"); + two_equation_degree_bound_test::<_, _, PC_JJB2S, _>( + rand_poly::, + rand_point::, + multivariate_challenge_generator_for_test, + ) + .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); } #[test] fn full_end_to_end_equation_test() { use crate::tests::*; - full_end_to_end_equation_test::<_, _, PC_JJB2S>(None, rand_poly::, rand_point::) - .expect("test failed for ed_on_bls12_381-blake2s"); + full_end_to_end_equation_test::<_, _, PC_JJB2S, _>( + None, + rand_poly::, + rand_point::, + multivariate_challenge_generator_for_test, + ) + .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); } @@ -1156,8 +1215,12 @@ mod tests { #[should_panic] fn bad_degree_bound_test() { use crate::tests::*; - bad_degree_bound_test::<_, _, PC_JJB2S>(rand_poly::, rand_point::) - .expect("test failed for ed_on_bls12_381-blake2s"); + bad_degree_bound_test::<_, _, PC_JJB2S, _>( + rand_poly::, + rand_point::, + multivariate_challenge_generator_for_test, + ) + .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); } } diff --git a/src/lib.rs b/src/lib.rs index 71cbfa30..d91f77d1 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -70,7 +70,7 @@ macro_rules! println { /// The core [[KZG10]][kzg] construction. /// /// [kzg]: http://cacr.uwaterloo.ca/techreports/2010/cacr2010-10.pdf -// pub mod kzg10; // TODO: refactor me! +pub mod kzg10; /// Polynomial commitment scheme from [[KZG10]][kzg] that enforces /// strict degree bounds and (optionally) enables hiding commitments by @@ -97,7 +97,7 @@ macro_rules! println { /// The construction is detailed in [[BCMS20]][pcdas]. /// /// [pcdas]: https://eprint.iacr.org/2020/499 -// pub mod ipa_pc; // TODO: refactor me! +pub mod ipa_pc; /// Defines the challenge strategies and challenge generator. pub mod challenge; @@ -530,9 +530,8 @@ fn lc_query_set_to_poly_query_set<'a, F: Field, T: Clone + Ord>( #[cfg(test)] pub mod tests { use crate::*; - use ark_ff::Field; use ark_poly::Polynomial; - use ark_sponge::poseidon::PoseidonParameters; + use ark_sponge::poseidon::{PoseidonParameters, PoseidonSponge}; use ark_std::rand::{ distributions::{Distribution, Uniform}, rngs::StdRng, @@ -540,7 +539,7 @@ pub mod tests { }; use ark_std::test_rng; - struct TestInfo> { + struct TestInfo, S: CryptographicSponge> { num_iters: usize, max_degree: Option, supported_degree: Option, @@ -551,7 +550,7 @@ pub mod tests { num_equations: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, } pub fn bad_degree_bound_test( @@ -644,9 +643,9 @@ pub mod tests { Ok(()) } - fn test_template(info: TestInfo) -> Result<(), PC::Error> + fn test_template(info: TestInfo) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, S: CryptographicSponge, @@ -782,9 +781,9 @@ pub mod tests { Ok(()) } - fn equation_test_template(info: TestInfo) -> Result<(), PC::Error> + fn equation_test_template(info: TestInfo) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, S: CryptographicSponge, @@ -964,7 +963,7 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where F: PrimeField, @@ -991,10 +990,10 @@ pub mod tests { pub fn linear_poly_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, S: CryptographicSponge, @@ -1018,10 +1017,10 @@ pub mod tests { pub fn single_poly_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, S: CryptographicSponge, @@ -1045,10 +1044,10 @@ pub mod tests { pub fn quadratic_poly_degree_bound_multiple_queries_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, S: CryptographicSponge, @@ -1072,10 +1071,10 @@ pub mod tests { pub fn single_poly_degree_bound_multiple_queries_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, S: CryptographicSponge, @@ -1099,10 +1098,10 @@ pub mod tests { pub fn two_polys_degree_bound_single_query_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, S: CryptographicSponge, @@ -1127,12 +1126,13 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -1154,12 +1154,13 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -1181,12 +1182,13 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -1208,12 +1210,13 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -1234,12 +1237,13 @@ pub mod tests { pub fn two_equation_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + opening_challenge: fn() -> ChallengeGenerator, ) -> Result<(), PC::Error> where - F: Field, + F: PrimeField, P: Polynomial, PC: PolynomialCommitment, + S: CryptographicSponge, { let info = TestInfo { num_iters: 100, @@ -1257,702 +1261,39 @@ pub mod tests { equation_test_template::(info) } - /// Generate default parameters (bls381-fr-only) for alpha = 17, state-size = 8 + pub(crate) fn multivariate_challenge_generator_for_test( + ) -> ChallengeGenerator> { + let param = poseidon_parameters_for_test(); + let sponge = PoseidonSponge::new(¶m); + ChallengeGenerator::new_multivariate(sponge) + } + + /// Generate default parameters for alpha = 17, state-size = 8 + /// + /// WARNING: This poseidon parameter is not secure. Please generate + /// your own parameters according the field you use. pub(crate) fn poseidon_parameters_for_test() -> PoseidonParameters { + let full_rounds = 8; + let partial_rounds = 31; let alpha = 17; + let mds = vec![ - vec![ - F::from_str( - "43228725308391137369947362226390319299014033584574058394339561338097152657858", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "20729134655727743386784826341366384914431326428651109729494295849276339718592", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "14275792724825301816674509766636153429127896752891673527373812580216824074377", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "3039440043015681380498693766234886011876841428799441709991632635031851609481", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "6678863357926068615342013496680930722082156498064457711885464611323928471101", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "37355038393562575053091209735467454314247378274125943833499651442997254948957", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "26481612700543967643159862864328231943993263806649000633819754663276818191580", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "30103264397473155564098369644643015994024192377175707604277831692111219371047", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "5712721806190262694719203887224391960978962995663881615739647362444059585747", - ) - .map_err(|_| ()) - .unwrap(), - ], - ]; - let ark = vec![ - vec![ - F::from_str( - "44595993092652566245296379427906271087754779418564084732265552598173323099784", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "23298463296221002559050231199021122673158929708101049474262017406235785365706", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "34212491019164671611180318500074499609633402631511849759183986060951187784466", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "19098051134080182375553680073525644187968170656591203562523489333616681350367", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "7027675418691353855077049716619550622043312043660992344940177187528247727783", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "47642753235356257928619065424282314733361764347085604019867862722762702755609", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "24281836129477728386327945482863886685457469794572168729834072693507088619997", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "12624893078331920791384400430193929292743809612452779381349824703573823883410", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "22654862987689323504199204643771547606936339944127455903448909090318619188561", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "27229172992560143399715985732065737093562061782414043625359531774550940662372", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "13224952063922250960936823741448973692264041750100990569445192064567307041002", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "40380869235216625717296601204704413215735530626882135230693823362552484855508", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "4245751157938905689397184705633683893932492370323323780371834663438472308145", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "8252156875535418429533049587170755750275631534314711502253775796882240991261", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "32910829712934971129644416249914075073083903821282503505466324428991624789936", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "49412601297460128335642438246716127241669915737656789613664349252868389975962", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "841661305510340459373323516098909074520942972558284146843779636353111592117", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "37926489020263024391336570420006226544461516787280929232555625742588667303947", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "18433043696013996573551852847056868761017170818820490351056924728720017242180", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "45376910275288438312773930242803223482318753992595269901397542214841496212310", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "47854349410014339708332226068958253098964727682486278458389508597930796651514", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "32638426693771251366613055506166587312642876874690861030672730491779486904360", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "19105439281696418043426755774110765432959446684037017837894045255490581318047", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "13484299981373196201166722380389594773562113262309564134825386266765751213853", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "63360321133852659797114062808297090090814531427710842859827725871241144161", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "42427543035537409467993338717379268954936885184662765745740070438835506287271", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "149101987103211771991327927827692640556911620408176100290586418839323044234", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "8341764062226826803887898710015561861526081583071950015446833446251359696930", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "45635980415044299013530304465786867101223925975971912073759959440335364441441", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "49833261156201520743834327917353893365097424877680239796845398698940689734850", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "26764715016591436228000634284249890185894507497739511725029482580508707525029", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "25054530812095491217523557726611612265064441619646263299990388543372685322499", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "47654590955096246997622155031169641628093104787883934397920286718814889326452", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "16463825890556752307085325855351334996898686633642574805918056141310194135796", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "17473961341633494489168064889016732306117097771640351649096482400214968053040", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "49914603434867854893558366922996753035832008639512305549839666311012232077468", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "17122578514152308432111470949473865420090463026624297565504381163777697818362", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "34870689836420861427379101859113225049736283485335674111421609473028315711541", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "4622082908476410083286670201138165773322781640914243047922441301693321472984", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "6079244375752010013798561155333454682564824861645642293573415833483620500976", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "2635090520059500019661864086615522409798872905401305311748231832709078452746", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "19070766579582338321241892986615538320421651429118757507174186491084617237586", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "12622420533971517050761060317049369208980632120901481436392835424625664738526", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "8965101225657199137904506150282256568170501907667138404080397024857524386266", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "27085091008069524593196374148553176565775450537072498305327481366756159319838", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "45929056591150668409624595495643698205830429971690813312608217341940499221218", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "50361689160518167880500080025023064746137161030119436080957023803101861300846", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "6722586346537620732668048024627882970582133613352245923413730968378696371065", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "7340485916200743279276570085958556798507770452421357119145466906520506506342", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "25946733168219652706630789514519162148860502996914241011500280690204368174083", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "9962367658743163006517635070396368828381757404628822422306438427554934645464", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "7221669722700687417346373353960536661883467014204005276831020252277657076044", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "21487980358388383563030903293359140836304488103090321183948009095669344637431", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "44389482047246878765773958430749333249729101516826571588063797358040130313157", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "32887270862917330820874162842519225370447850172085449103568878409533683733185", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "15453393396765207016379045014101989306173462885430532298601655955681532648226", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "5478929644476681096437469958231489102974161353940993351588559414552523375472", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "41981370411247590312677561209178363054744730805951096631186178388981705304138", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "3474136981645476955784428843999869229067282976757744542648188369810577298585", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "26251477770740399889956219915654371915771248171098220204692699710414817081869", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "51916561889718854106125837319509539220778634838409949714061033196765117231752", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "25355145802812435959748831835587713214179184608408449220418373832038339021974", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "31950684570730625275416731570246297947385359051792335826965013637877068017530", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "40966378914980473680181850710703295982197782082391794594149984057481543436879", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "1141315130963422417761731263662398620858625339733452795772225916965481730059", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "9812100862165422922235757591915383485338044715409891361026651619010947646011", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "25276091996614379065765602410190790163396484122487585763380676888280427744737", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "18512694312063606403196469408971540495273694846641903978723927656359350642619", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "5791584766415439694303685437881192048262049244830616851865505314899699012588", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "34501536331706470927069149344450300773777486993504673779438188495686129846168", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "10797737565565774079718466476236831116206064650762676383469703413649447678207", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "42599392747310354323136214835734307933597896695637215127297036595538235868368", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "1336670998775417133322626564820911986969949054454812685145275612519924150700", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "2630141283339761901081411552890260088516693208402906795133548756078952896770", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "5206688943117414740600380377278238268309952400341418217132724749372435975215", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "10739264253827005683370721104077252560524362323422172665530191908848354339715", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "48010640624945719826344492755710886355389194986527731603685956726907395779674", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "47880724693177306044229143357252697148359033158394459365791331000715957339701", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "51658938856669444737833983076793759752280196674149218924101718974926964118996", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "27558055650076329657496888512074319504342606463881203707330358472954748913263", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "38886981777859313701520424626728402175860609948757992393598285291689196608037", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "17152756165118461969542990684402410297675979513690903033350206658079448802479", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "43766946932033687220387514221943418338304186408056458476301583041390483707207", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "24324495647041812436929170644873622904287038078113808264580396461953421400343", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "6935839211798937659784055008131602708847374430164859822530563797964932598700", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "42126767398190942911395299419182514513368023621144776598842282267908712110039", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "5702364486091252903915715761606014714345316580946072019346660327857498603375", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "28184981699552917714085740963279595942132561155181044254318202220270242523053", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "27078204494010940048327822707224393686245007379331357330801926151074766130790", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "5004172841233947987988267535285080365124079140142987718231874743202918551203", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "7974360962120296064882769128577382489451060235999590492215336103105134345602", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "48062035869818179910046292951628308709251170031813126950740044942870578526376", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "26361151154829600651603985995297072258262605598910254660032612019129606811983", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "46973867849986280770641828877435510444176572688208439836496241838832695841519", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "1219439673853113792340300173186247996249367102884530407862469123523013083971", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "8063356002935671186275773257019749639571745240775941450161086349727882957042", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "8815571992701260640209942886673939234666734294275300852283020522390608544536", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "36384568984671043678320545346945893232044626942887414733675890845013312931948", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "7493936589040764830842760521372106574503511314427857201860148571929278344956", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "26516538878265871822073279450474977673130300973488209984756372331392531193948", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "3872858659373466814413243601289105962248870842202907364656526273784217311104", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "8291822807524000248589997648893671538524566700364221355689839490238724479848", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "32842548776827046388198955038089826231531188946525483251252938248379132381248", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "10749428410907700061565796335489079278748501945557710351216806276547834974736", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "43342287917341177925402357903832370099402579088513884654598017447701677948416", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "29658571352070370791360499299098360881857072189358092237807807261478461425147", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "7805182565862454238315452208989152534554369855020544477885853141626690738363", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "30699555847500141715826240743138908521140760599479365867708690318477369178275", - ) - .map_err(|_| ()) - .unwrap(), - ], - vec![ - F::from_str( - "1231951350103545216624376889222508148537733140742167414518514908719103925687", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "24784260089125933876714702247471508077514206350883487938806451152907502751770", - ) - .map_err(|_| ()) - .unwrap(), - F::from_str( - "36563542611079418454711392295126742705798573252480028863133394504154697924536", - ) - .map_err(|_| ()) - .unwrap(), - ], + vec![F::one(), F::zero(), F::one()], + vec![F::one(), F::one(), F::zero()], + vec![F::zero(), F::one(), F::one()], ]; - let full_rounds = 8; - let total_rounds = 37; - let partial_rounds = total_rounds - full_rounds; - PoseidonParameters { - full_rounds, - partial_rounds, - alpha, - ark, - mds, + + let mut ark = Vec::new(); + let mut ark_rng = test_rng(); + + for _ in 0..(full_rounds + partial_rounds) { + let mut res = Vec::new(); + + for _ in 0..3 { + res.push(F::rand(&mut ark_rng)); + } + ark.push(res); } + PoseidonParameters::new(full_rounds, partial_rounds, alpha, mds, ark) } } From b41ce9f7309998ee564a39d63986bad35210a9e6 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Wed, 7 Jul 2021 22:56:28 -0700 Subject: [PATCH 09/25] sonic_pc --- src/lib.rs | 2 +- src/sonic_pc/mod.rs | 153 +++++++++++++++++++++++++++----------------- 2 files changed, 94 insertions(+), 61 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index d91f77d1..f708728d 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -90,7 +90,7 @@ pub mod kzg10; /// [sonic]: https://eprint.iacr.org/2019/099 /// [al]: https://eprint.iacr.org/2019/601 /// [marlin]: https://eprint.iacr.org/2019/1047 -// pub mod sonic_pc; // TODO: refactor me! +pub mod sonic_pc; /// A polynomial commitment scheme based on the hardness of the /// discrete logarithm problem in prime-order groups. diff --git a/src/sonic_pc/mod.rs b/src/sonic_pc/mod.rs index 0782dfc1..37a99533 100644 --- a/src/sonic_pc/mod.rs +++ b/src/sonic_pc/mod.rs @@ -10,6 +10,8 @@ use ark_std::rand::RngCore; use ark_std::{convert::TryInto, marker::PhantomData, ops::Div, vec}; mod data_structures; +use crate::challenge::ChallengeGenerator; +use ark_sponge::CryptographicSponge; pub use data_structures::*; /// Polynomial commitment based on [[KZG10]][kzg], with degree enforcement and @@ -22,13 +24,19 @@ pub use data_structures::*; /// [sonic]: https://eprint.iacr.org/2019/099 /// [al]: https://eprint.iacr.org/2019/601 /// [marlin]: https://eprint.iacr.org/2019/1047 -pub struct SonicKZG10> { +pub struct SonicKZG10, S: CryptographicSponge> { _engine: PhantomData, _poly: PhantomData

, + _sponge: PhantomData, } -impl> SonicKZG10 { - fn accumulate_elems_individual_opening_challenges<'a>( +impl SonicKZG10 +where + E: PairingEngine, + P: UVPolynomial, + S: CryptographicSponge, +{ + fn accumulate_elems<'a>( combined_comms: &mut BTreeMap, E::G1Projective>, combined_witness: &mut E::G1Projective, combined_adjusted_witness: &mut E::G1Projective, @@ -37,14 +45,12 @@ impl> SonicKZG10 { point: P::Point, values: impl IntoIterator, proof: &kzg10::Proof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, randomizer: Option, ) { let acc_time = start_timer!(|| "Accumulating elements"); - let mut opening_challenge_counter = 0; - let mut curr_challenge = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + let mut curr_challenge = opening_challenges.next_challenge(); // Keeps track of running combination of values let mut combined_values = E::Fr::zero(); @@ -67,8 +73,7 @@ impl> SonicKZG10 { *combined_comms .entry(degree_bound) .or_insert(E::G1Projective::zero()) += &comm_with_challenge; - curr_challenge = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + curr_challenge = opening_challenges.next_challenge(); } // Push expected results into list of elems. Power will be the negative of the expected power @@ -129,10 +134,11 @@ impl> SonicKZG10 { } } -impl PolynomialCommitment for SonicKZG10 +impl PolynomialCommitment for SonicKZG10 where E: PairingEngine, P: UVPolynomial, + S: CryptographicSponge, for<'a, 'b> &'a P: Div<&'b P, Output = P>, { type UniversalParams = UniversalParams; @@ -335,12 +341,12 @@ where Ok((labeled_comms, randomness)) } - fn open_individual_opening_challenges<'a>( + fn open<'a>( ck: &Self::CommitterKey, labeled_polynomials: impl IntoIterator>, _commitments: impl IntoIterator>, point: &'a P::Point, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, _rng: Option<&mut dyn RngCore>, ) -> Result @@ -352,10 +358,7 @@ where let mut combined_polynomial = P::zero(); let mut combined_rand = kzg10::Randomness::empty(); - let mut opening_challenge_counter = 0; - - let mut curr_challenge = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + let mut curr_challenge = opening_challenges.next_challenge(); for (polynomial, rand) in labeled_polynomials.into_iter().zip(rands) { let enforced_degree_bounds: Option<&[usize]> = ck @@ -372,8 +375,7 @@ where combined_polynomial += (curr_challenge, polynomial.polynomial()); combined_rand += (curr_challenge, rand); - curr_challenge = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + curr_challenge = opening_challenges.next_challenge(); } let proof_time = start_timer!(|| "Creating proof for polynomials"); @@ -383,13 +385,13 @@ where Ok(proof) } - fn check_individual_opening_challenges<'a>( + fn check<'a>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, point: &'a P::Point, values: impl IntoIterator, proof: &Self::Proof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, _rng: Option<&mut dyn RngCore>, ) -> Result where @@ -400,7 +402,7 @@ where let mut combined_witness: E::G1Projective = E::G1Projective::zero(); let mut combined_adjusted_witness: E::G1Projective = E::G1Projective::zero(); - Self::accumulate_elems_individual_opening_challenges( + Self::accumulate_elems( &mut combined_comms, &mut combined_witness, &mut combined_adjusted_witness, @@ -423,13 +425,13 @@ where res } - fn batch_check_individual_opening_challenges<'a, R: RngCore>( + fn batch_check<'a, R: RngCore>( vk: &Self::VerifierKey, commitments: impl IntoIterator>, query_set: &QuerySet, values: &Evaluations, proof: &Self::BatchProof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -471,7 +473,7 @@ where values_to_combine.push(*v_i); } - Self::accumulate_elems_individual_opening_challenges( + Self::accumulate_elems( &mut combined_comms, &mut combined_witness, &mut combined_adjusted_witness, @@ -495,16 +497,16 @@ where ) } - fn open_combinations_individual_opening_challenges<'a>( + fn open_combinations<'a>( ck: &Self::CommitterKey, lc_s: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> + ) -> Result, Self::Error> where Self::Randomness: 'a, Self::Commitment: 'a, @@ -576,7 +578,7 @@ where .map(|((label, d), c)| LabeledCommitment::new(label, c, d)) .collect::>(); - let proof = Self::batch_open_individual_opening_challenges( + let proof = Self::batch_open( ck, lc_polynomials.iter(), lc_commitments.iter(), @@ -585,19 +587,23 @@ where lc_randomness.iter(), rng, )?; - Ok(BatchLCProof { proof, evals: None }) + Ok(BatchLCProof { + proof, + evals: None, + _sponge: PhantomData, + }) } /// Checks that `values` are the true evaluations at `query_set` of the polynomials /// committed in `labeled_commitments`. - fn check_combinations_individual_opening_challenges<'a, R: RngCore>( + fn check_combinations<'a, R: RngCore>( vk: &Self::VerifierKey, lc_s: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, evaluations: &Evaluations, - proof: &BatchLCProof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + proof: &BatchLCProof, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -661,7 +667,7 @@ where .map(|((label, d), c)| LabeledCommitment::new(label, c, d)) .collect::>(); - Self::batch_check_individual_opening_challenges( + Self::batch_check( vk, &lc_commitments, &query_set, @@ -682,14 +688,17 @@ mod tests { use ark_ec::PairingEngine; use ark_ff::UniformRand; use ark_poly::{univariate::DensePolynomial as DensePoly, UVPolynomial}; + use ark_sponge::poseidon::PoseidonSponge; use ark_std::rand::rngs::StdRng; type UniPoly_381 = DensePoly<::Fr>; type UniPoly_377 = DensePoly<::Fr>; - type PC = SonicKZG10; - type PC_Bls12_377 = PC; - type PC_Bls12_381 = PC; + type PC = SonicKZG10; + type Sponge_Bls12_377 = PoseidonSponge<::Fr>; + type Sponge_Bls12_381 = PoseidonSponge<::Fr>; + type PC_Bls12_377 = PC; + type PC_Bls12_381 = PC; fn rand_poly( degree: usize, @@ -706,16 +715,18 @@ mod tests { #[test] fn single_poly_test() { use crate::tests::*; - single_poly_test::<_, _, PC_Bls12_377>( + single_poly_test::<_, _, PC_Bls12_377, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - single_poly_test::<_, _, PC_Bls12_381>( + single_poly_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -723,14 +734,16 @@ mod tests { #[test] fn quadratic_poly_degree_bound_multiple_queries_test() { use crate::tests::*; - quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377>( + quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381>( + quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -738,14 +751,16 @@ mod tests { #[test] fn linear_poly_degree_bound_test() { use crate::tests::*; - linear_poly_degree_bound_test::<_, _, PC_Bls12_377>( + linear_poly_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - linear_poly_degree_bound_test::<_, _, PC_Bls12_381>( + linear_poly_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -753,14 +768,16 @@ mod tests { #[test] fn single_poly_degree_bound_test() { use crate::tests::*; - single_poly_degree_bound_test::<_, _, PC_Bls12_377>( + single_poly_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - single_poly_degree_bound_test::<_, _, PC_Bls12_381>( + single_poly_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -768,14 +785,16 @@ mod tests { #[test] fn single_poly_degree_bound_multiple_queries_test() { use crate::tests::*; - single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377>( + single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381>( + single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -783,14 +802,16 @@ mod tests { #[test] fn two_polys_degree_bound_single_query_test() { use crate::tests::*; - two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_377>( + two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_381>( + two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -798,17 +819,19 @@ mod tests { #[test] fn full_end_to_end_test() { use crate::tests::*; - full_end_to_end_test::<_, _, PC_Bls12_377>( + full_end_to_end_test::<_, _, PC_Bls12_377, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - full_end_to_end_test::<_, _, PC_Bls12_381>( + full_end_to_end_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -817,17 +840,19 @@ mod tests { #[test] fn single_equation_test() { use crate::tests::*; - single_equation_test::<_, _, PC_Bls12_377>( + single_equation_test::<_, _, PC_Bls12_377, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - single_equation_test::<_, _, PC_Bls12_381>( + single_equation_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -836,17 +861,19 @@ mod tests { #[test] fn two_equation_test() { use crate::tests::*; - two_equation_test::<_, _, PC_Bls12_377>( + two_equation_test::<_, _, PC_Bls12_377, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - two_equation_test::<_, _, PC_Bls12_381>( + two_equation_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -855,15 +882,17 @@ mod tests { #[test] fn two_equation_degree_bound_test() { use crate::tests::*; - two_equation_degree_bound_test::<_, _, PC_Bls12_377>( + two_equation_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - two_equation_degree_bound_test::<_, _, PC_Bls12_381>( + two_equation_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -872,17 +901,19 @@ mod tests { #[test] fn full_end_to_end_equation_test() { use crate::tests::*; - full_end_to_end_equation_test::<_, _, PC_Bls12_377>( + full_end_to_end_equation_test::<_, _, PC_Bls12_377, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - full_end_to_end_equation_test::<_, _, PC_Bls12_381>( + full_end_to_end_equation_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -892,15 +923,17 @@ mod tests { #[should_panic] fn bad_degree_bound_test() { use crate::tests::*; - bad_degree_bound_test::<_, _, PC_Bls12_377>( + bad_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - bad_degree_bound_test::<_, _, PC_Bls12_381>( + bad_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); From 69cd08fd50121a2b5710fc8fb51355e98d1d2bca Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Thu, 8 Jul 2021 22:02:36 -0700 Subject: [PATCH 10/25] marlin_pc --- src/lib.rs | 7 +- src/marlin/marlin_pc/mod.rs | 136 ++++++++++++++++++++++-------------- src/marlin/mod.rs | 54 +++++++------- 3 files changed, 113 insertions(+), 84 deletions(-) diff --git a/src/lib.rs b/src/lib.rs index f708728d..c38ab8df 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -50,8 +50,7 @@ pub use error::*; /// the approach outlined in [[CHMMVW20, "Marlin"]][marlin]. /// /// [marlin]: https://eprint.iacr.org/2019/1047 -/// TODO: refactor me! -// pub mod marlin; +pub mod marlin; /// A random number generator that bypasses some limitations of the Rust borrow /// checker. @@ -78,7 +77,7 @@ pub mod kzg10; /// /// [kzg]: http://cacr.uwaterloo.ca/techreports/2010/cacr2010-10.pdf /// [marlin]: https://eprint.iacr.org/2019/1047 -// pub use marlin::marlin_pc; // TODO: refactor me! +pub use marlin::marlin_pc; /// Polynomial commitment scheme based on the construction in [[KZG10]][kzg], /// modified to obtain batching and to enforce strict @@ -107,7 +106,7 @@ pub mod challenge; /// /// [xzzpd19]: https://eprint.iacr.org/2019/317 /// [zgkpp]: https://ieeexplore.ieee.org/document/8418645 -pub mod multilinear_pc; // TODO: no need to refactor, but still give a double check. +pub mod multilinear_pc; // /// Multivariate polynomial commitment based on the construction in // /// [[PST13]][pst] with batching and (optional) hiding property inspired diff --git a/src/marlin/marlin_pc/mod.rs b/src/marlin/marlin_pc/mod.rs index 290eaf01..3b78157e 100644 --- a/src/marlin/marlin_pc/mod.rs +++ b/src/marlin/marlin_pc/mod.rs @@ -10,9 +10,9 @@ use ark_std::rand::RngCore; use ark_std::{marker::PhantomData, ops::Div, vec}; mod data_structures; -pub use data_structures::*; use crate::challenge::ChallengeGenerator; -use ark_sponge::{CryptographicSponge, FieldBasedCryptographicSponge}; +use ark_sponge::CryptographicSponge; +pub use data_structures::*; /// Polynomial commitment based on [[KZG10]][kzg], with degree enforcement, batching, /// and (optional) hiding property taken from [[CHMMVW20, “Marlin”]][marlin]. @@ -26,9 +26,10 @@ use ark_sponge::{CryptographicSponge, FieldBasedCryptographicSponge}; /// /// [kzg]: http://cacr.uwaterloo.ca/techreports/2010/cacr2010-10.pdf /// [marlin]: https://eprint.iacr.org/2019/104 -pub struct MarlinKZG10, S: FieldBasedCryptographicSponge> { +pub struct MarlinKZG10, S: CryptographicSponge> { _engine: PhantomData, _poly: PhantomData

, + _sponge: PhantomData, } pub(crate) fn shift_polynomial>( @@ -56,7 +57,7 @@ impl PolynomialCommitment for MarlinKZG10 where E: PairingEngine, P: UVPolynomial, - S: FieldBasedCryptographicSponge, + S: CryptographicSponge, for<'a, 'b> &'a P: Div<&'b P, Output = P>, { type UniversalParams = UniversalParams; @@ -250,7 +251,7 @@ where labeled_polynomials: impl IntoIterator>, _commitments: impl IntoIterator>, point: &'a P::Point, - mut opening_challenges: ChallengeGenerator, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, _rng: Option<&mut dyn RngCore>, ) -> Result @@ -266,7 +267,6 @@ where let mut shifted_r_witness = P::zero(); let mut enforce_degree_bound = false; - let mut opening_challenge_counter = 0; for (polynomial, rand) in labeled_polynomials.into_iter().zip(rands) { let degree_bound = polynomial.degree_bound(); assert_eq!(degree_bound.is_some(), rand.shifted_rand.is_some()); @@ -284,7 +284,6 @@ where // compute challenge^j and challenge^{j+1}. let challenge_j = opening_challenges.next_challenge(); - opening_challenge_counter += 1; assert_eq!(degree_bound.is_some(), rand.shifted_rand.is_some()); @@ -300,8 +299,7 @@ where *point, &shifted_rand, )?; - let challenge_j_1 = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + let challenge_j_1 = opening_challenges.next_challenge(); let shifted_witness = shift_polynomial(ck, &witness, degree_bound); @@ -349,20 +347,19 @@ where point: &'a P::Point, values: impl IntoIterator, proof: &Self::Proof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, _rng: Option<&mut dyn RngCore>, ) -> Result where Self::Commitment: 'a, { let check_time = start_timer!(|| "Checking evaluations"); - let (combined_comm, combined_value) = - Marlin::accumulate_commitments_and_values_individual_opening_challenges( - commitments, - values, - opening_challenges, - Some(vk), - )?; + let (combined_comm, combined_value) = Marlin::accumulate_commitments_and_values( + commitments, + values, + opening_challenges, + Some(vk), + )?; let combined_comm = kzg10::Commitment(combined_comm.into()); let result = kzg10::KZG10::check(&vk.vk, &combined_comm, *point, combined_value, proof)?; end_timer!(check_time); @@ -375,7 +372,7 @@ where query_set: &QuerySet, values: &Evaluations, proof: &Self::BatchProof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -408,16 +405,16 @@ where polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> + ) -> Result, Self::Error> where P: 'a, Self::Randomness: 'a, Self::Commitment: 'a, { - Marlin::open_combinations_individual_opening_challenges( + Marlin::open_combinations( ck, lc_s, polynomials, @@ -437,14 +434,14 @@ where commitments: impl IntoIterator>, query_set: &QuerySet, evaluations: &Evaluations, - proof: &BatchLCProof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + proof: &BatchLCProof, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where Self::Commitment: 'a, { - Marlin::check_combinations_individual_opening_challenges( + Marlin::check_combinations( vk, lc_s, commitments, @@ -463,7 +460,7 @@ where labeled_polynomials: impl IntoIterator>, commitments: impl IntoIterator>>, query_set: &QuerySet, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result>, Error> @@ -542,14 +539,19 @@ mod tests { use ark_ec::PairingEngine; use ark_ff::UniformRand; use ark_poly::{univariate::DensePolynomial as DensePoly, UVPolynomial}; + use ark_sponge::poseidon::PoseidonSponge; use ark_std::rand::rngs::StdRng; type UniPoly_381 = DensePoly<::Fr>; type UniPoly_377 = DensePoly<::Fr>; - type PC = MarlinKZG10; - type PC_Bls12_381 = PC; - type PC_Bls12_377 = PC; + type PC = MarlinKZG10; + + type Sponge_Bls12_381 = PoseidonSponge<::Fr>; + type Sponge_Bls12_377 = PoseidonSponge<::Fr>; + + type PC_Bls12_381 = PC; + type PC_Bls12_377 = PC; fn rand_poly( degree: usize, @@ -574,16 +576,18 @@ mod tests { #[test] fn single_poly_test() { use crate::tests::*; - single_poly_test::<_, _, PC_Bls12_377>( + single_poly_test::<_, _, PC_Bls12_377, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - single_poly_test::<_, _, PC_Bls12_381>( + single_poly_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -591,16 +595,18 @@ mod tests { #[test] fn constant_poly_test() { use crate::tests::*; - single_poly_test::<_, _, PC_Bls12_377>( + single_poly_test::<_, _, PC_Bls12_377, _>( None, constant_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - single_poly_test::<_, _, PC_Bls12_381>( + single_poly_test::<_, _, PC_Bls12_381, _>( None, constant_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -608,14 +614,16 @@ mod tests { #[test] fn quadratic_poly_degree_bound_multiple_queries_test() { use crate::tests::*; - quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377>( + quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381>( + quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -623,14 +631,16 @@ mod tests { #[test] fn linear_poly_degree_bound_test() { use crate::tests::*; - linear_poly_degree_bound_test::<_, _, PC_Bls12_377>( + linear_poly_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - linear_poly_degree_bound_test::<_, _, PC_Bls12_381>( + linear_poly_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -638,14 +648,16 @@ mod tests { #[test] fn single_poly_degree_bound_test() { use crate::tests::*; - single_poly_degree_bound_test::<_, _, PC_Bls12_377>( + single_poly_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - single_poly_degree_bound_test::<_, _, PC_Bls12_381>( + single_poly_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -653,14 +665,16 @@ mod tests { #[test] fn single_poly_degree_bound_multiple_queries_test() { use crate::tests::*; - single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377>( + single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381>( + single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -668,14 +682,16 @@ mod tests { #[test] fn two_polys_degree_bound_single_query_test() { use crate::tests::*; - two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_377>( + two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); - two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_381>( + two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -683,17 +699,19 @@ mod tests { #[test] fn full_end_to_end_test() { use crate::tests::*; - full_end_to_end_test::<_, _, PC_Bls12_377>( + full_end_to_end_test::<_, _, PC_Bls12_377, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - full_end_to_end_test::<_, _, PC_Bls12_381>( + full_end_to_end_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -702,17 +720,19 @@ mod tests { #[test] fn single_equation_test() { use crate::tests::*; - single_equation_test::<_, _, PC_Bls12_377>( + single_equation_test::<_, _, PC_Bls12_377, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - single_equation_test::<_, _, PC_Bls12_381>( + single_equation_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -721,17 +741,19 @@ mod tests { #[test] fn two_equation_test() { use crate::tests::*; - two_equation_test::<_, _, PC_Bls12_377>( + two_equation_test::<_, _, PC_Bls12_377, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - two_equation_test::<_, _, PC_Bls12_381>( + two_equation_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -740,15 +762,17 @@ mod tests { #[test] fn two_equation_degree_bound_test() { use crate::tests::*; - two_equation_degree_bound_test::<_, _, PC_Bls12_377>( + two_equation_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - two_equation_degree_bound_test::<_, _, PC_Bls12_381>( + two_equation_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -757,17 +781,19 @@ mod tests { #[test] fn full_end_to_end_equation_test() { use crate::tests::*; - full_end_to_end_equation_test::<_, _, PC_Bls12_377>( + full_end_to_end_equation_test::<_, _, PC_Bls12_377, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - full_end_to_end_equation_test::<_, _, PC_Bls12_381>( + full_end_to_end_equation_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -777,15 +803,17 @@ mod tests { #[should_panic] fn bad_degree_bound_test() { use crate::tests::*; - bad_degree_bound_test::<_, _, PC_Bls12_377>( + bad_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - bad_degree_bound_test::<_, _, PC_Bls12_381>( + bad_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); diff --git a/src/marlin/mod.rs b/src/marlin/mod.rs index b42bc236..54d9b12a 100644 --- a/src/marlin/mod.rs +++ b/src/marlin/mod.rs @@ -1,3 +1,4 @@ +use crate::challenge::ChallengeGenerator; use crate::{kzg10, Error}; use crate::{BTreeMap, BTreeSet, Debug, RngCore, String, ToString, Vec}; use crate::{BatchLCProof, LabeledPolynomial, LinearCombination}; @@ -5,9 +6,8 @@ use crate::{Evaluations, LabeledCommitment, QuerySet}; use crate::{PCRandomness, Polynomial, PolynomialCommitment}; use ark_ec::{AffineCurve, PairingEngine, ProjectiveCurve}; use ark_ff::{One, Zero}; +use ark_sponge::CryptographicSponge; use ark_std::{convert::TryInto, hash::Hash, ops::AddAssign}; -use ark_sponge::FieldBasedCryptographicSponge; -use crate::challenge::ChallengeGenerator; /// Polynomial commitment scheme from [[KZG10]][kzg] that enforces /// strict degree bounds and (optionally) enables hiding commitments by @@ -23,14 +23,15 @@ pub mod marlin_pc; /// /// [pst]: https://eprint.iacr.org/2011/587.pdf /// [marlin]: https://eprint.iacr.org/2019/104 -pub mod marlin_pst13_pc; +// pub mod marlin_pst13_pc; // TODO: refactor me /// Common functionalities between `marlin_pc` and `marlin_pst13_pc` -struct Marlin { +struct Marlin { _engine: core::marker::PhantomData, + _sponge: core::marker::PhantomData, } -impl Marlin { +impl Marlin { /// MSM for `commitments` and `coeffs` fn combine_commitments<'a>( coeffs_and_comms: impl IntoIterator)>, @@ -90,30 +91,27 @@ impl Marlin { } /// Accumulate `commitments` and `values` according to `opening_challenge`. - fn accumulate_commitments_and_values_individual_opening_challenges<'a>( + fn accumulate_commitments_and_values<'a>( commitments: impl IntoIterator>>, values: impl IntoIterator, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, vk: Option<&marlin_pc::VerifierKey>, ) -> Result<(E::G1Projective, E::Fr), Error> { let acc_time = start_timer!(|| "Accumulating commitments and values"); let mut combined_comm = E::G1Projective::zero(); let mut combined_value = E::Fr::zero(); - let mut opening_challenge_counter = 0; for (labeled_commitment, value) in commitments.into_iter().zip(values) { let degree_bound = labeled_commitment.degree_bound(); let commitment = labeled_commitment.commitment(); assert_eq!(degree_bound.is_some(), commitment.shifted_comm.is_some()); - let challenge_i = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + let challenge_i = opening_challenges.next_challenge(); combined_comm += &commitment.comm.0.mul(challenge_i); combined_value += &(value * &challenge_i); if let Some(degree_bound) = degree_bound { - let challenge_i_1 = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + let challenge_i_1 = opening_challenges.next_challenge(); let shifted_comm = commitment .shifted_comm @@ -143,7 +141,7 @@ impl Marlin { commitments: impl IntoIterator>>, query_set: &QuerySet, evaluations: &Evaluations, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, vk: Option<&marlin_pc::VerifierKey>, ) -> Result<(Vec>, Vec, Vec), Error> where @@ -187,7 +185,7 @@ impl Marlin { values_to_combine.push(*v_i); } - let (c, v) = Marlin::accumulate_commitments_and_values_individual_opening_challenges( + let (c, v) = Marlin::accumulate_commitments_and_values( comms_to_combine, values_to_combine, opening_challenges, @@ -212,16 +210,16 @@ impl Marlin { /// On input a list of polynomials, linear combinations of those polynomials, /// and a query set, `open_combination` outputs a proof of evaluation of /// the combinations at the points in the query set. - fn open_combinations_individual_opening_challenges<'a, P, D, PC, S>( + fn open_combinations<'a, P, D, PC>( ck: &PC::CommitterKey, lc_s: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - mut opening_challenges: ChallengeGenerator, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Error> + ) -> Result, Error> where P: 'a + Polynomial, D: Debug + Clone + Hash + Ord + Sync, @@ -233,7 +231,6 @@ impl Marlin { PreparedCommitment = marlin_pc::PreparedCommitment, Error = Error, >, - S: FieldBasedCryptographicSponge, PC::Randomness: 'a + AddAssign<(E::Fr, &'a PC::Randomness)>, PC::Commitment: 'a, { @@ -285,11 +282,11 @@ impl Marlin { LabeledPolynomial::new(lc_label.clone(), poly, degree_bound, hiding_bound); lc_polynomials.push(lc_poly); lc_randomness.push(randomness); - lc_commitments.push(Marlin::combine_commitments(coeffs_and_comms)); + lc_commitments.push(Self::combine_commitments(coeffs_and_comms)); lc_info.push((lc_label, degree_bound)); } - let comms = Marlin::normalize_commitments(lc_commitments); + let comms = Self::normalize_commitments(lc_commitments); let lc_commitments = lc_info .into_iter() .zip(comms) @@ -306,17 +303,21 @@ impl Marlin { rng, )?; - Ok(BatchLCProof { proof, evals: None }) + Ok(BatchLCProof { + proof, + evals: None, + _sponge: core::marker::PhantomData, + }) } - fn check_combinations_individual_opening_challenges<'a, R, P, D, PC>( + fn check_combinations<'a, R, P, D, PC>( vk: &PC::VerifierKey, lc_s: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, evaluations: &Evaluations, - proof: &BatchLCProof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + proof: &BatchLCProof, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -326,6 +327,7 @@ impl Marlin { PC: PolynomialCommitment< E::Fr, P, + S, Commitment = marlin_pc::Commitment, PreparedCommitment = marlin_pc::PreparedCommitment, Error = Error, @@ -377,13 +379,13 @@ impl Marlin { } let lc_time = start_timer!(|| format!("Combining {} commitments for {}", num_polys, lc_label)); - lc_commitments.push(Marlin::combine_commitments(coeffs_and_comms)); + lc_commitments.push(Self::combine_commitments(coeffs_and_comms)); end_timer!(lc_time); lc_info.push((lc_label, degree_bound)); } end_timer!(lc_processing_time); let combined_comms_norm_time = start_timer!(|| "Normalizing commitments"); - let comms = Marlin::normalize_commitments(lc_commitments); + let comms = Self::normalize_commitments(lc_commitments); let lc_commitments = lc_info .into_iter() .zip(comms) From 55d7df079c223348e13ff9684a97304a9dc112f8 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Thu, 8 Jul 2021 22:14:19 -0700 Subject: [PATCH 11/25] marlin_pst13_pc --- src/marlin/marlin_pst13_pc/mod.rs | 75 +++++++++++++++++++------------ src/marlin/mod.rs | 2 +- 2 files changed, 47 insertions(+), 30 deletions(-) diff --git a/src/marlin/marlin_pst13_pc/mod.rs b/src/marlin/marlin_pst13_pc/mod.rs index 54d30838..f5cf2b30 100644 --- a/src/marlin/marlin_pst13_pc/mod.rs +++ b/src/marlin/marlin_pst13_pc/mod.rs @@ -23,6 +23,8 @@ use combinations::*; #[cfg(feature = "parallel")] use rayon::prelude::*; +use ark_sponge::CryptographicSponge; +use crate::challenge::ChallengeGenerator; /// Multivariate polynomial commitment based on the construction in [[PST13]][pst] /// with batching and (optional) hiding property inspired by the univariate scheme @@ -30,12 +32,13 @@ use rayon::prelude::*; /// /// [pst]: https://eprint.iacr.org/2011/587 /// [marlin]: https://eprint.iacr.org/2019/104 -pub struct MarlinPST13> { +pub struct MarlinPST13, S: CryptographicSponge> { _engine: PhantomData, _poly: PhantomData

, + _sponge: PhantomData, } -impl> MarlinPST13 { +impl, S: CryptographicSponge> MarlinPST13 { /// Given some point `z`, compute the quotients `w_i(X)` s.t /// /// `p(X) - p(z) = (X_1-z_1)*w_1(X) + (X_2-z_2)*w_2(X) + ... + (X_l-z_l)*w_l(X)` @@ -136,10 +139,11 @@ impl> MarlinPST13 { } } -impl PolynomialCommitment for MarlinPST13 +impl PolynomialCommitment for MarlinPST13 where E: PairingEngine, P: MVPolynomial + Sync, + S: CryptographicSponge, P::Point: Index, { type UniversalParams = UniversalParams; @@ -443,7 +447,7 @@ where labeled_polynomials: impl IntoIterator>, _commitments: impl IntoIterator>, point: &P::Point, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, _rng: Option<&mut dyn RngCore>, ) -> Result @@ -455,13 +459,11 @@ where // Compute random linear combinations of committed polynomials and randomness let mut p = P::zero(); let mut r = Randomness::empty(); - let mut opening_challenge_counter = 0; for (polynomial, rand) in labeled_polynomials.into_iter().zip(rands) { Self::check_degrees_and_bounds(ck.supported_degree, &polynomial)?; // compute challenge^j and challenge^{j+1}. - let challenge_j = opening_challenges(opening_challenge_counter); - opening_challenge_counter += 1; + let challenge_j = opening_challenges.next_challenge(); p += (challenge_j, polynomial.polynomial()); r += (challenge_j, rand); @@ -543,7 +545,7 @@ where point: &'a P::Point, values: impl IntoIterator, proof: &Self::Proof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, _rng: Option<&mut dyn RngCore>, ) -> Result where @@ -552,7 +554,7 @@ where let check_time = start_timer!(|| "Checking evaluations"); // Accumulate commitments and values let (combined_comm, combined_value) = - Marlin::accumulate_commitments_and_values_individual_opening_challenges( + Marlin::accumulate_commitments_and_values( commitments, values, opening_challenges, @@ -586,7 +588,7 @@ where query_set: &QuerySet, values: &Evaluations, proof: &Self::BatchProof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -661,16 +663,16 @@ where polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenges: &dyn Fn(u64) -> E::Fr, + opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> + ) -> Result, Self::Error> where P: 'a, Self::Randomness: 'a, Self::Commitment: 'a, { - Marlin::open_combinations_individual_opening_challenges( + Marlin::open_combinations( ck, lc_s, polynomials, @@ -690,14 +692,14 @@ where commitments: impl IntoIterator>, query_set: &QuerySet, evaluations: &Evaluations, - proof: &BatchLCProof, - opening_challenges: &dyn Fn(u64) -> E::Fr, + proof: &BatchLCProof, + opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where Self::Commitment: 'a, { - Marlin::check_combinations_individual_opening_challenges( + Marlin::check_combinations( vk, lc_s, commitments, @@ -723,13 +725,18 @@ mod tests { MVPolynomial, }; use ark_std::rand::rngs::StdRng; + use ark_sponge::poseidon::PoseidonSponge; type MVPoly_381 = SparsePoly<::Fr, SparseTerm>; type MVPoly_377 = SparsePoly<::Fr, SparseTerm>; - type PC = MarlinPST13; - type PC_Bls12_381 = PC; - type PC_Bls12_377 = PC; + type PC = MarlinPST13; + + type Sponge_bls12_381 = PoseidonSponge<::Fr>; + type Sponge_Bls12_377 = PoseidonSponge<::Fr>; + + type PC_Bls12_381 = PC; + type PC_Bls12_377 = PC; fn rand_poly( degree: usize, @@ -752,16 +759,18 @@ mod tests { fn single_poly_test() { use crate::tests::*; let num_vars = Some(10); - single_poly_test::<_, _, PC_Bls12_377>( + single_poly_test::<_, _, PC_Bls12_377, _>( num_vars, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test ) .expect("test failed for bls12-377"); - single_poly_test::<_, _, PC_Bls12_381>( + single_poly_test::<_, _, PC_Bls12_381, _>( num_vars, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test ) .expect("test failed for bls12-381"); } @@ -770,17 +779,19 @@ mod tests { fn full_end_to_end_test() { use crate::tests::*; let num_vars = Some(10); - full_end_to_end_test::<_, _, PC_Bls12_377>( + full_end_to_end_test::<_, _, PC_Bls12_377, _>( num_vars, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - full_end_to_end_test::<_, _, PC_Bls12_381>( + full_end_to_end_test::<_, _, PC_Bls12_381, _>( num_vars, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -790,17 +801,19 @@ mod tests { fn single_equation_test() { use crate::tests::*; let num_vars = Some(10); - single_equation_test::<_, _, PC_Bls12_377>( + single_equation_test::<_, _, PC_Bls12_377, _>( num_vars, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - single_equation_test::<_, _, PC_Bls12_381>( + single_equation_test::<_, _, PC_Bls12_381, _>( num_vars, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -810,17 +823,19 @@ mod tests { fn two_equation_test() { use crate::tests::*; let num_vars = Some(10); - two_equation_test::<_, _, PC_Bls12_377>( + two_equation_test::<_, _, PC_Bls12_377, _>( num_vars, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - two_equation_test::<_, _, PC_Bls12_381>( + two_equation_test::<_, _, PC_Bls12_381, _>( num_vars, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -830,17 +845,19 @@ mod tests { fn full_end_to_end_equation_test() { use crate::tests::*; let num_vars = Some(10); - full_end_to_end_equation_test::<_, _, PC_Bls12_377>( + full_end_to_end_equation_test::<_, _, PC_Bls12_377, _>( num_vars, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); - full_end_to_end_equation_test::<_, _, PC_Bls12_381>( + full_end_to_end_equation_test::<_, _, PC_Bls12_381, _>( num_vars, rand_poly::, rand_point::, + multivariate_challenge_generator_for_test ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); diff --git a/src/marlin/mod.rs b/src/marlin/mod.rs index 54d9b12a..bb4f8eaa 100644 --- a/src/marlin/mod.rs +++ b/src/marlin/mod.rs @@ -23,7 +23,7 @@ pub mod marlin_pc; /// /// [pst]: https://eprint.iacr.org/2011/587.pdf /// [marlin]: https://eprint.iacr.org/2019/104 -// pub mod marlin_pst13_pc; // TODO: refactor me +pub mod marlin_pst13_pc; /// Common functionalities between `marlin_pc` and `marlin_pst13_pc` struct Marlin { From d635e0d03e0eb22aff5041b32908d8c8c108068d Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Thu, 8 Jul 2021 22:17:45 -0700 Subject: [PATCH 12/25] constraints --- src/constraints.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/constraints.rs b/src/constraints.rs index 41fe3582..b400df60 100644 --- a/src/constraints.rs +++ b/src/constraints.rs @@ -9,6 +9,7 @@ use ark_r1cs_std::{fields::fp::FpVar, prelude::*}; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, Result as R1CSResult, SynthesisError}; use ark_std::{borrow::Borrow, cmp::Eq, cmp::PartialEq, hash::Hash, marker::Sized}; use hashbrown::{HashMap, HashSet}; +use ark_sponge::CryptographicSponge; /// Define the minimal interface of prepared allocated structures. pub trait PrepareGadget: Sized { @@ -93,8 +94,9 @@ pub struct PCCheckRandomDataVar pub trait PCCheckVar< PCF: PrimeField, P: Polynomial, - PC: PolynomialCommitment, + PC: PolynomialCommitment, ConstraintF: PrimeField, + S: CryptographicSponge >: Clone { /// An allocated version of `PC::VerifierKey`. @@ -117,7 +119,7 @@ pub trait PCCheckVar< type ProofVar: AllocVar + Clone; /// An allocated version of `PC::BatchLCProof`. - type BatchLCProofVar: AllocVar, ConstraintF> + Clone; + type BatchLCProofVar: AllocVar, ConstraintF> + Clone; /// Add to `ConstraintSystemRef` new constraints that check that `proof_i` is a valid evaluation /// proof at `point_i` for the polynomial in `commitment_i`. From 3080de05e49094d4115b17057d0ed7f9920d5b17 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Thu, 8 Jul 2021 22:18:49 -0700 Subject: [PATCH 13/25] fmt --- src/constraints.rs | 4 ++-- src/marlin/marlin_pst13_pc/mod.rs | 39 +++++++++++++++---------------- 2 files changed, 21 insertions(+), 22 deletions(-) diff --git a/src/constraints.rs b/src/constraints.rs index b400df60..eb690929 100644 --- a/src/constraints.rs +++ b/src/constraints.rs @@ -7,9 +7,9 @@ use ark_nonnative_field::NonNativeFieldVar; use ark_poly::Polynomial; use ark_r1cs_std::{fields::fp::FpVar, prelude::*}; use ark_relations::r1cs::{ConstraintSystemRef, Namespace, Result as R1CSResult, SynthesisError}; +use ark_sponge::CryptographicSponge; use ark_std::{borrow::Borrow, cmp::Eq, cmp::PartialEq, hash::Hash, marker::Sized}; use hashbrown::{HashMap, HashSet}; -use ark_sponge::CryptographicSponge; /// Define the minimal interface of prepared allocated structures. pub trait PrepareGadget: Sized { @@ -96,7 +96,7 @@ pub trait PCCheckVar< P: Polynomial, PC: PolynomialCommitment, ConstraintF: PrimeField, - S: CryptographicSponge + S: CryptographicSponge, >: Clone { /// An allocated version of `PC::VerifierKey`. diff --git a/src/marlin/marlin_pst13_pc/mod.rs b/src/marlin/marlin_pst13_pc/mod.rs index f5cf2b30..bec95026 100644 --- a/src/marlin/marlin_pst13_pc/mod.rs +++ b/src/marlin/marlin_pst13_pc/mod.rs @@ -21,10 +21,10 @@ pub use data_structures::*; mod combinations; use combinations::*; +use crate::challenge::ChallengeGenerator; +use ark_sponge::CryptographicSponge; #[cfg(feature = "parallel")] use rayon::prelude::*; -use ark_sponge::CryptographicSponge; -use crate::challenge::ChallengeGenerator; /// Multivariate polynomial commitment based on the construction in [[PST13]][pst] /// with batching and (optional) hiding property inspired by the univariate scheme @@ -553,13 +553,12 @@ where { let check_time = start_timer!(|| "Checking evaluations"); // Accumulate commitments and values - let (combined_comm, combined_value) = - Marlin::accumulate_commitments_and_values( - commitments, - values, - opening_challenges, - None, - )?; + let (combined_comm, combined_value) = Marlin::accumulate_commitments_and_values( + commitments, + values, + opening_challenges, + None, + )?; // Compute both sides of the pairing equation let mut inner = combined_comm.into().into_projective() - &vk.g.mul(combined_value); if let Some(random_v) = proof.random_v { @@ -724,8 +723,8 @@ mod tests { multivariate::{SparsePolynomial as SparsePoly, SparseTerm}, MVPolynomial, }; - use ark_std::rand::rngs::StdRng; use ark_sponge::poseidon::PoseidonSponge; + use ark_std::rand::rngs::StdRng; type MVPoly_381 = SparsePoly<::Fr, SparseTerm>; type MVPoly_377 = SparsePoly<::Fr, SparseTerm>; @@ -763,14 +762,14 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); single_poly_test::<_, _, PC_Bls12_381, _>( num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); } @@ -783,7 +782,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -791,7 +790,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -805,7 +804,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -813,7 +812,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -827,7 +826,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -835,7 +834,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -849,7 +848,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -857,7 +856,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test + multivariate_challenge_generator_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); From 3cc3a56e40364a43d43280f7810dd975d568373f Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Mon, 12 Jul 2021 22:43:54 -0700 Subject: [PATCH 14/25] test update --- src/challenge.rs | 7 +- src/ipa_pc/mod.rs | 26 +- src/lib.rs | 719 +++++++++++++++--------------- src/marlin/marlin_pc/mod.rs | 52 +-- src/marlin/marlin_pst13_pc/mod.rs | 20 +- src/sonic_pc/mod.rs | 48 +- 6 files changed, 447 insertions(+), 425 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index 7e2dcb2b..b14f3c0c 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -1,7 +1,10 @@ use ark_ff::PrimeField; use ark_sponge::CryptographicSponge; -/// Challenge Generator (todo doc) +/// `ChallengeGenerator` generates opening challenges using multivariate or univariate strategy. +/// For multivariate strategy, each challenge is freshly squeezed from a sponge. +/// For univariate strategy, each challenge is a power of one squeezed element from sponge. +/// /// Note that mutable reference cannot be cloned. #[derive(Clone)] pub enum ChallengeGenerator { @@ -56,7 +59,7 @@ impl ChallengeGenerator { /// Returns the sponge state if `self` is multivariate. /// /// ## Panics - /// This function will panic is `self` is univariate. + /// This function will panic if `self` is univariate. pub fn into_sponge(self) -> S { match self { Self::Multivariate(s) => s, diff --git a/src/ipa_pc/mod.rs b/src/ipa_pc/mod.rs index 07e88380..a49248f3 100644 --- a/src/ipa_pc/mod.rs +++ b/src/ipa_pc/mod.rs @@ -1075,7 +1075,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); } @@ -1087,7 +1087,7 @@ mod tests { None, constant_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); } @@ -1098,7 +1098,7 @@ mod tests { quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_JJB2S, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); } @@ -1109,7 +1109,7 @@ mod tests { linear_poly_degree_bound_test::<_, _, PC_JJB2S, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); } @@ -1120,7 +1120,7 @@ mod tests { single_poly_degree_bound_test::<_, _, PC_JJB2S, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); } @@ -1131,7 +1131,7 @@ mod tests { single_poly_degree_bound_multiple_queries_test::<_, _, PC_JJB2S, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); } @@ -1142,7 +1142,7 @@ mod tests { two_polys_degree_bound_single_query_test::<_, _, PC_JJB2S, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); } @@ -1154,7 +1154,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); @@ -1167,7 +1167,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); @@ -1180,7 +1180,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); @@ -1192,7 +1192,7 @@ mod tests { two_equation_degree_bound_test::<_, _, PC_JJB2S, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); @@ -1205,7 +1205,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); @@ -1218,7 +1218,7 @@ mod tests { bad_degree_bound_test::<_, _, PC_JJB2S, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for ed_on_bls12_381-blake2s"); println!("Finished ed_on_bls12_381-blake2s"); diff --git a/src/lib.rs b/src/lib.rs index c38ab8df..b5fd6a20 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -108,16 +108,16 @@ pub mod challenge; /// [zgkpp]: https://ieeexplore.ieee.org/document/8418645 pub mod multilinear_pc; -// /// Multivariate polynomial commitment based on the construction in -// /// [[PST13]][pst] with batching and (optional) hiding property inspired -// /// by the univariate scheme in [[CHMMVW20, "Marlin"]][marlin] -// /// -// /// [pst]: https://eprint.iacr.org/2011/587.pdf -// /// [marlin]: https://eprint.iacr.org/2019/104 -// pub use marlin::marlin_pst13_pc; use crate::challenge::ChallengeGenerator; use ark_sponge::CryptographicSponge; use ark_std::marker::PhantomData; +/// Multivariate polynomial commitment based on the construction in +/// [[PST13]][pst] with batching and (optional) hiding property inspired +/// by the univariate scheme in [[CHMMVW20, "Marlin"]][marlin] +/// +/// [pst]: https://eprint.iacr.org/2011/587.pdf +/// [marlin]: https://eprint.iacr.org/2019/104 +pub use marlin::marlin_pst13_pc; /// `QuerySet` is the set of queries that are to be made to a set of labeled polynomials/equations /// `p` that have previously been committed to. Each element of a `QuerySet` is a pair of @@ -549,13 +549,13 @@ pub mod tests { num_equations: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, } pub fn bad_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -563,82 +563,90 @@ pub mod tests { PC: PolynomialCommitment, S: CryptographicSponge, { - let rng = &mut test_rng(); - let max_degree = 100; - let pp = PC::setup(max_degree, None, rng)?; - for _ in 0..10 { - let supported_degree = Uniform::from(1..=max_degree).sample(rng); - assert!( - max_degree >= supported_degree, - "max_degree < supported_degree" - ); - - let mut labels = Vec::new(); - let mut polynomials = Vec::new(); - let mut degree_bounds = Vec::new(); - - for i in 0..10 { - let label = format!("Test{}", i); - labels.push(label.clone()); - let degree_bound = 1usize; - let hiding_bound = Some(1); - degree_bounds.push(degree_bound); - - polynomials.push(LabeledPolynomial::new( - label, - rand_poly(supported_degree, None, rng), - Some(degree_bound), - hiding_bound, - )); - } + let opening_challenges = vec![ + ChallengeGenerator::new_multivariate(sponge()), + ChallengeGenerator::new_univariate(&mut sponge()), + ]; - let supported_hiding_bound = polynomials - .iter() - .map(|p| p.hiding_bound().unwrap_or(0)) - .max() - .unwrap_or(0); - println!("supported degree: {:?}", supported_degree); - println!("supported hiding bound: {:?}", supported_hiding_bound); - let (ck, vk) = PC::trim( - &pp, - supported_degree, - supported_hiding_bound, - Some(degree_bounds.as_slice()), - )?; - println!("Trimmed"); + for opening_challenge in opening_challenges { + let rng = &mut test_rng(); + let max_degree = 100; + let pp = PC::setup(max_degree, None, rng)?; + for _ in 0..10 { + let supported_degree = Uniform::from(1..=max_degree).sample(rng); + assert!( + max_degree >= supported_degree, + "max_degree < supported_degree" + ); + + let mut labels = Vec::new(); + let mut polynomials = Vec::new(); + let mut degree_bounds = Vec::new(); + + for i in 0..10 { + let label = format!("Test{}", i); + labels.push(label.clone()); + let degree_bound = 1usize; + let hiding_bound = Some(1); + degree_bounds.push(degree_bound); + + polynomials.push(LabeledPolynomial::new( + label, + rand_poly(supported_degree, None, rng), + Some(degree_bound), + hiding_bound, + )); + } + + let supported_hiding_bound = polynomials + .iter() + .map(|p| p.hiding_bound().unwrap_or(0)) + .max() + .unwrap_or(0); + println!("supported degree: {:?}", supported_degree); + println!("supported hiding bound: {:?}", supported_hiding_bound); + let (ck, vk) = PC::trim( + &pp, + supported_degree, + supported_hiding_bound, + Some(degree_bounds.as_slice()), + )?; + println!("Trimmed"); - let (comms, rands) = PC::commit(&ck, &polynomials, Some(rng))?; + let (comms, rands) = PC::commit(&ck, &polynomials, Some(rng))?; - let mut query_set = QuerySet::new(); - let mut values = Evaluations::new(); - let point = rand_point(None, rng); - for (i, label) in labels.iter().enumerate() { - query_set.insert((label.clone(), (format!("{}", i), point.clone()))); - let value = polynomials[i].evaluate(&point); - values.insert((label.clone(), point.clone()), value); + let mut query_set = QuerySet::new(); + let mut values = Evaluations::new(); + let point = rand_point(None, rng); + for (i, label) in labels.iter().enumerate() { + query_set.insert((label.clone(), (format!("{}", i), point.clone()))); + let value = polynomials[i].evaluate(&point); + values.insert((label.clone(), point.clone()), value); + } + println!("Generated query set"); + + let proof = PC::batch_open( + &ck, + &polynomials, + &comms, + &query_set, + &mut (opening_challenge.clone()), + &rands, + Some(rng), + )?; + let result = PC::batch_check( + &vk, + &comms, + &query_set, + &values, + &proof, + &mut (opening_challenge.clone()), + rng, + )?; + assert!(result, "proof was incorrect, Query set: {:#?}", query_set); } - println!("Generated query set"); - - let proof = PC::batch_open( - &ck, - &polynomials, - &comms, - &query_set, - &mut opening_challenge(), - &rands, - Some(rng), - )?; - let result = PC::batch_check( - &vk, - &comms, - &query_set, - &values, - &proof, - &mut opening_challenge(), - rng, - )?; - assert!(result, "proof was incorrect, Query set: {:#?}", query_set); } + Ok(()) } @@ -660,122 +668,129 @@ pub mod tests { num_equations: _, rand_poly, rand_point, - opening_challenge, + sponge, } = info; - let rng = &mut test_rng(); - // If testing multivariate polynomials, make the max degree lower - let max_degree = match num_vars { - Some(_) => max_degree.unwrap_or(Uniform::from(2..=10).sample(rng)), - None => max_degree.unwrap_or(Uniform::from(2..=64).sample(rng)), - }; - let pp = PC::setup(max_degree, num_vars, rng)?; - - for _ in 0..num_iters { - let supported_degree = - supported_degree.unwrap_or(Uniform::from(1..=max_degree).sample(rng)); - assert!( - max_degree >= supported_degree, - "max_degree < supported_degree" - ); - let mut polynomials: Vec> = Vec::new(); - let mut degree_bounds = if enforce_degree_bounds { - Some(Vec::new()) - } else { - None - }; + let opening_challenges = vec![ + ChallengeGenerator::new_multivariate(sponge()), + ChallengeGenerator::new_univariate(&mut sponge()), + ]; - let mut labels = Vec::new(); - println!("Sampled supported degree"); - - // Generate polynomials - let num_points_in_query_set = Uniform::from(1..=max_num_queries).sample(rng); - for i in 0..num_polynomials { - let label = format!("Test{}", i); - labels.push(label.clone()); - let degree = Uniform::from(1..=supported_degree).sample(rng); - let degree_bound = if let Some(degree_bounds) = &mut degree_bounds { - let range = Uniform::from(degree..=supported_degree); - let degree_bound = range.sample(rng); - degree_bounds.push(degree_bound); - Some(degree_bound) + for opening_challenge in opening_challenges { + let rng = &mut test_rng(); + // If testing multivariate polynomials, make the max degree lower + let max_degree = match num_vars { + Some(_) => max_degree.unwrap_or(Uniform::from(2..=10).sample(rng)), + None => max_degree.unwrap_or(Uniform::from(2..=64).sample(rng)), + }; + let pp = PC::setup(max_degree, num_vars, rng)?; + + for _ in 0..num_iters { + let supported_degree = + supported_degree.unwrap_or(Uniform::from(1..=max_degree).sample(rng)); + assert!( + max_degree >= supported_degree, + "max_degree < supported_degree" + ); + let mut polynomials: Vec> = Vec::new(); + let mut degree_bounds = if enforce_degree_bounds { + Some(Vec::new()) } else { None }; - let hiding_bound = if num_points_in_query_set >= degree { - Some(degree) - } else { - Some(num_points_in_query_set) - }; + let mut labels = Vec::new(); + println!("Sampled supported degree"); - polynomials.push(LabeledPolynomial::new( - label, - rand_poly(degree, num_vars, rng).into(), - degree_bound, - hiding_bound, - )) - } - let supported_hiding_bound = polynomials - .iter() - .map(|p| p.hiding_bound().unwrap_or(0)) - .max() - .unwrap_or(0); - println!("supported degree: {:?}", supported_degree); - println!("supported hiding bound: {:?}", supported_hiding_bound); - println!("num_points_in_query_set: {:?}", num_points_in_query_set); - let (ck, vk) = PC::trim( - &pp, - supported_degree, - supported_hiding_bound, - degree_bounds.as_ref().map(|s| s.as_slice()), - )?; - println!("Trimmed"); + // Generate polynomials + let num_points_in_query_set = Uniform::from(1..=max_num_queries).sample(rng); + for i in 0..num_polynomials { + let label = format!("Test{}", i); + labels.push(label.clone()); + let degree = Uniform::from(1..=supported_degree).sample(rng); + let degree_bound = if let Some(degree_bounds) = &mut degree_bounds { + let range = Uniform::from(degree..=supported_degree); + let degree_bound = range.sample(rng); + degree_bounds.push(degree_bound); + Some(degree_bound) + } else { + None + }; - let (comms, rands) = PC::commit(&ck, &polynomials, Some(rng))?; + let hiding_bound = if num_points_in_query_set >= degree { + Some(degree) + } else { + Some(num_points_in_query_set) + }; - // Construct query set - let mut query_set = QuerySet::new(); - let mut values = Evaluations::new(); - for _ in 0..num_points_in_query_set { - let point = rand_point(num_vars, rng); - for (i, label) in labels.iter().enumerate() { - query_set.insert((label.clone(), (format!("{}", i), point.clone()))); - let value = polynomials[i].evaluate(&point); - values.insert((label.clone(), point.clone()), value); + polynomials.push(LabeledPolynomial::new( + label, + rand_poly(degree, num_vars, rng).into(), + degree_bound, + hiding_bound, + )) } - } - println!("Generated query set"); - - let proof = PC::batch_open( - &ck, - &polynomials, - &comms, - &query_set, - &mut opening_challenge(), - &rands, - Some(rng), - )?; - let result = PC::batch_check( - &vk, - &comms, - &query_set, - &values, - &proof, - &mut opening_challenge(), - rng, - )?; - if !result { - println!( - "Failed with {} polynomials, num_points_in_query_set: {:?}", - num_polynomials, num_points_in_query_set - ); - println!("Degree of polynomials:",); - for poly in polynomials { - println!("Degree: {:?}", poly.degree()); + let supported_hiding_bound = polynomials + .iter() + .map(|p| p.hiding_bound().unwrap_or(0)) + .max() + .unwrap_or(0); + println!("supported degree: {:?}", supported_degree); + println!("supported hiding bound: {:?}", supported_hiding_bound); + println!("num_points_in_query_set: {:?}", num_points_in_query_set); + let (ck, vk) = PC::trim( + &pp, + supported_degree, + supported_hiding_bound, + degree_bounds.as_ref().map(|s| s.as_slice()), + )?; + println!("Trimmed"); + + let (comms, rands) = PC::commit(&ck, &polynomials, Some(rng))?; + + // Construct query set + let mut query_set = QuerySet::new(); + let mut values = Evaluations::new(); + for _ in 0..num_points_in_query_set { + let point = rand_point(num_vars, rng); + for (i, label) in labels.iter().enumerate() { + query_set.insert((label.clone(), (format!("{}", i), point.clone()))); + let value = polynomials[i].evaluate(&point); + values.insert((label.clone(), point.clone()), value); + } + } + println!("Generated query set"); + + let proof = PC::batch_open( + &ck, + &polynomials, + &comms, + &query_set, + &mut (opening_challenge.clone()), + &rands, + Some(rng), + )?; + let result = PC::batch_check( + &vk, + &comms, + &query_set, + &values, + &proof, + &mut (opening_challenge.clone()), + rng, + )?; + if !result { + println!( + "Failed with {} polynomials, num_points_in_query_set: {:?}", + num_polynomials, num_points_in_query_set + ); + println!("Degree of polynomials:",); + for poly in polynomials { + println!("Degree: {:?}", poly.degree()); + } } + assert!(result, "proof was incorrect, Query set: {:#?}", query_set); } - assert!(result, "proof was incorrect, Query set: {:#?}", query_set); } Ok(()) } @@ -798,162 +813,169 @@ pub mod tests { num_equations, rand_poly, rand_point, - opening_challenge, + sponge, } = info; - let rng = &mut test_rng(); - // If testing multivariate polynomials, make the max degree lower - let max_degree = match num_vars { - Some(_) => max_degree.unwrap_or(Uniform::from(2..=10).sample(rng)), - None => max_degree.unwrap_or(Uniform::from(2..=64).sample(rng)), - }; - let pp = PC::setup(max_degree, num_vars, rng)?; - - for _ in 0..num_iters { - let supported_degree = - supported_degree.unwrap_or(Uniform::from(1..=max_degree).sample(rng)); - assert!( - max_degree >= supported_degree, - "max_degree < supported_degree" - ); - let mut polynomials = Vec::new(); - let mut degree_bounds = if enforce_degree_bounds { - Some(Vec::new()) - } else { - None - }; + let opening_challenges = vec![ + ChallengeGenerator::new_multivariate(sponge()), + ChallengeGenerator::new_univariate(&mut sponge()), + ]; - let mut labels = Vec::new(); - println!("Sampled supported degree"); - - // Generate polynomials - let num_points_in_query_set = Uniform::from(1..=max_num_queries).sample(rng); - for i in 0..num_polynomials { - let label = format!("Test{}", i); - labels.push(label.clone()); - let degree = Uniform::from(1..=supported_degree).sample(rng); - let degree_bound = if let Some(degree_bounds) = &mut degree_bounds { - if rng.gen() { - let range = Uniform::from(degree..=supported_degree); - let degree_bound = range.sample(rng); - degree_bounds.push(degree_bound); - Some(degree_bound) - } else { - None - } + for opening_challenge in opening_challenges { + let rng = &mut test_rng(); + // If testing multivariate polynomials, make the max degree lower + let max_degree = match num_vars { + Some(_) => max_degree.unwrap_or(Uniform::from(2..=10).sample(rng)), + None => max_degree.unwrap_or(Uniform::from(2..=64).sample(rng)), + }; + let pp = PC::setup(max_degree, num_vars, rng)?; + + for _ in 0..num_iters { + let supported_degree = + supported_degree.unwrap_or(Uniform::from(1..=max_degree).sample(rng)); + assert!( + max_degree >= supported_degree, + "max_degree < supported_degree" + ); + let mut polynomials = Vec::new(); + let mut degree_bounds = if enforce_degree_bounds { + Some(Vec::new()) } else { None }; - let hiding_bound = if num_points_in_query_set >= degree { - Some(degree) - } else { - Some(num_points_in_query_set) - }; - println!("Hiding bound: {:?}", hiding_bound); - - polynomials.push(LabeledPolynomial::new( - label, - rand_poly(degree, num_vars, rng), - degree_bound, - hiding_bound, - )) - } - println!("supported degree: {:?}", supported_degree); - println!("num_points_in_query_set: {:?}", num_points_in_query_set); - println!("{:?}", degree_bounds); - println!("{}", num_polynomials); - println!("{}", enforce_degree_bounds); - - let (ck, vk) = PC::trim( - &pp, - supported_degree, - supported_degree, - degree_bounds.as_ref().map(|s| s.as_slice()), - )?; - println!("Trimmed"); - - let (comms, rands) = PC::commit(&ck, &polynomials, Some(rng))?; - - // Let's construct our equations - let mut linear_combinations = Vec::new(); - let mut query_set = QuerySet::new(); - let mut values = Evaluations::new(); - for i in 0..num_points_in_query_set { - let point = rand_point(num_vars, rng); - for j in 0..num_equations.unwrap() { - let label = format!("query {} eqn {}", i, j); - let mut lc = LinearCombination::empty(label.clone()); - - let mut value = F::zero(); - let should_have_degree_bounds: bool = rng.gen(); - for (k, label) in labels.iter().enumerate() { - if should_have_degree_bounds { - value += &polynomials[k].evaluate(&point); - lc.push((F::one(), label.to_string().into())); - break; + let mut labels = Vec::new(); + println!("Sampled supported degree"); + + // Generate polynomials + let num_points_in_query_set = Uniform::from(1..=max_num_queries).sample(rng); + for i in 0..num_polynomials { + let label = format!("Test{}", i); + labels.push(label.clone()); + let degree = Uniform::from(1..=supported_degree).sample(rng); + let degree_bound = if let Some(degree_bounds) = &mut degree_bounds { + if rng.gen() { + let range = Uniform::from(degree..=supported_degree); + let degree_bound = range.sample(rng); + degree_bounds.push(degree_bound); + Some(degree_bound) } else { - let poly = &polynomials[k]; - if poly.degree_bound().is_some() { - continue; + None + } + } else { + None + }; + + let hiding_bound = if num_points_in_query_set >= degree { + Some(degree) + } else { + Some(num_points_in_query_set) + }; + println!("Hiding bound: {:?}", hiding_bound); + + polynomials.push(LabeledPolynomial::new( + label, + rand_poly(degree, num_vars, rng), + degree_bound, + hiding_bound, + )) + } + println!("supported degree: {:?}", supported_degree); + println!("num_points_in_query_set: {:?}", num_points_in_query_set); + println!("{:?}", degree_bounds); + println!("{}", num_polynomials); + println!("{}", enforce_degree_bounds); + + let (ck, vk) = PC::trim( + &pp, + supported_degree, + supported_degree, + degree_bounds.as_ref().map(|s| s.as_slice()), + )?; + println!("Trimmed"); + + let (comms, rands) = PC::commit(&ck, &polynomials, Some(rng))?; + + // Let's construct our equations + let mut linear_combinations = Vec::new(); + let mut query_set = QuerySet::new(); + let mut values = Evaluations::new(); + for i in 0..num_points_in_query_set { + let point = rand_point(num_vars, rng); + for j in 0..num_equations.unwrap() { + let label = format!("query {} eqn {}", i, j); + let mut lc = LinearCombination::empty(label.clone()); + + let mut value = F::zero(); + let should_have_degree_bounds: bool = rng.gen(); + for (k, label) in labels.iter().enumerate() { + if should_have_degree_bounds { + value += &polynomials[k].evaluate(&point); + lc.push((F::one(), label.to_string().into())); + break; } else { - assert!(poly.degree_bound().is_none()); - let coeff = F::rand(rng); - value += &(coeff * poly.evaluate(&point)); - lc.push((coeff, label.to_string().into())); + let poly = &polynomials[k]; + if poly.degree_bound().is_some() { + continue; + } else { + assert!(poly.degree_bound().is_none()); + let coeff = F::rand(rng); + value += &(coeff * poly.evaluate(&point)); + lc.push((coeff, label.to_string().into())); + } } } + values.insert((label.clone(), point.clone()), value); + if !lc.is_empty() { + linear_combinations.push(lc); + // Insert query + query_set.insert((label.clone(), (format!("{}", i), point.clone()))); + } } - values.insert((label.clone(), point.clone()), value); - if !lc.is_empty() { - linear_combinations.push(lc); - // Insert query - query_set.insert((label.clone(), (format!("{}", i), point.clone()))); + } + if linear_combinations.is_empty() { + continue; + } + println!("Generated query set"); + println!("Linear combinations: {:?}", linear_combinations); + + let proof = PC::open_combinations( + &ck, + &linear_combinations, + &polynomials, + &comms, + &query_set, + &mut (opening_challenge.clone()), + &rands, + Some(rng), + )?; + println!("Generated proof"); + let result = PC::check_combinations( + &vk, + &linear_combinations, + &comms, + &query_set, + &values, + &proof, + &mut (opening_challenge.clone()), + rng, + )?; + if !result { + println!( + "Failed with {} polynomials, num_points_in_query_set: {:?}", + num_polynomials, num_points_in_query_set + ); + println!("Degree of polynomials:",); + for poly in polynomials { + println!("Degree: {:?}", poly.degree()); } } - } - if linear_combinations.is_empty() { - continue; - } - println!("Generated query set"); - println!("Linear combinations: {:?}", linear_combinations); - - let proof = PC::open_combinations( - &ck, - &linear_combinations, - &polynomials, - &comms, - &query_set, - &mut opening_challenge(), - &rands, - Some(rng), - )?; - println!("Generated proof"); - let result = PC::check_combinations( - &vk, - &linear_combinations, - &comms, - &query_set, - &values, - &proof, - &mut opening_challenge(), - rng, - )?; - if !result { - println!( - "Failed with {} polynomials, num_points_in_query_set: {:?}", - num_polynomials, num_points_in_query_set + assert!( + result, + "proof was incorrect, equations: {:#?}", + linear_combinations ); - println!("Degree of polynomials:",); - for poly in polynomials { - println!("Degree: {:?}", poly.degree()); - } } - assert!( - result, - "proof was incorrect, equations: {:#?}", - linear_combinations - ); } Ok(()) } @@ -962,7 +984,7 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -981,7 +1003,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge, + sponge, }; test_template::(info) } @@ -989,7 +1011,7 @@ pub mod tests { pub fn linear_poly_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -1008,7 +1030,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge, + sponge, }; test_template::(info) } @@ -1016,7 +1038,7 @@ pub mod tests { pub fn single_poly_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -1035,7 +1057,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge, + sponge, }; test_template::(info) } @@ -1043,7 +1065,7 @@ pub mod tests { pub fn quadratic_poly_degree_bound_multiple_queries_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -1062,7 +1084,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge, + sponge, }; test_template::(info) } @@ -1070,7 +1092,7 @@ pub mod tests { pub fn single_poly_degree_bound_multiple_queries_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -1089,7 +1111,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge, + sponge, }; test_template::(info) } @@ -1097,7 +1119,7 @@ pub mod tests { pub fn two_polys_degree_bound_single_query_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -1116,7 +1138,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge, + sponge, }; test_template::(info) } @@ -1125,7 +1147,7 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -1144,7 +1166,7 @@ pub mod tests { num_equations: None, rand_poly, rand_point, - opening_challenge, + sponge, }; test_template::(info) } @@ -1153,7 +1175,7 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -1172,7 +1194,7 @@ pub mod tests { num_equations: Some(10), rand_poly, rand_point, - opening_challenge, + sponge, }; equation_test_template::(info) } @@ -1181,7 +1203,7 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -1200,7 +1222,7 @@ pub mod tests { num_equations: Some(1), rand_poly, rand_point, - opening_challenge, + sponge, }; equation_test_template::(info) } @@ -1209,7 +1231,7 @@ pub mod tests { num_vars: Option, rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -1228,7 +1250,7 @@ pub mod tests { num_equations: Some(2), rand_poly, rand_point, - opening_challenge, + sponge, }; equation_test_template::(info) } @@ -1236,7 +1258,7 @@ pub mod tests { pub fn two_equation_degree_bound_test( rand_poly: fn(usize, Option, &mut StdRng) -> P, rand_point: fn(Option, &mut StdRng) -> P::Point, - opening_challenge: fn() -> ChallengeGenerator, + sponge: fn() -> S, ) -> Result<(), PC::Error> where F: PrimeField, @@ -1255,16 +1277,13 @@ pub mod tests { num_equations: Some(2), rand_poly, rand_point, - opening_challenge, + sponge, }; equation_test_template::(info) } - pub(crate) fn multivariate_challenge_generator_for_test( - ) -> ChallengeGenerator> { - let param = poseidon_parameters_for_test(); - let sponge = PoseidonSponge::new(¶m); - ChallengeGenerator::new_multivariate(sponge) + pub(crate) fn poseidon_sponge_for_test() -> PoseidonSponge { + PoseidonSponge::new(&poseidon_parameters_for_test()) } /// Generate default parameters for alpha = 17, state-size = 8 diff --git a/src/marlin/marlin_pc/mod.rs b/src/marlin/marlin_pc/mod.rs index 3b78157e..693d5a04 100644 --- a/src/marlin/marlin_pc/mod.rs +++ b/src/marlin/marlin_pc/mod.rs @@ -580,14 +580,14 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); single_poly_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -599,14 +599,14 @@ mod tests { None, constant_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); single_poly_test::<_, _, PC_Bls12_381, _>( None, constant_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -617,13 +617,13 @@ mod tests { quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -634,13 +634,13 @@ mod tests { linear_poly_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); linear_poly_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -651,13 +651,13 @@ mod tests { single_poly_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); single_poly_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -668,13 +668,13 @@ mod tests { single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -685,13 +685,13 @@ mod tests { two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -703,7 +703,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -711,7 +711,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -724,7 +724,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -732,7 +732,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -745,7 +745,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -753,7 +753,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -765,14 +765,14 @@ mod tests { two_equation_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); two_equation_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -785,7 +785,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -793,7 +793,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -806,14 +806,14 @@ mod tests { bad_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); bad_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); diff --git a/src/marlin/marlin_pst13_pc/mod.rs b/src/marlin/marlin_pst13_pc/mod.rs index bec95026..a3b1c23a 100644 --- a/src/marlin/marlin_pst13_pc/mod.rs +++ b/src/marlin/marlin_pst13_pc/mod.rs @@ -762,14 +762,14 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); single_poly_test::<_, _, PC_Bls12_381, _>( num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -782,7 +782,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -790,7 +790,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -804,7 +804,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -812,7 +812,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -826,7 +826,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -834,7 +834,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -848,7 +848,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -856,7 +856,7 @@ mod tests { num_vars, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); diff --git a/src/sonic_pc/mod.rs b/src/sonic_pc/mod.rs index 37a99533..d7fff943 100644 --- a/src/sonic_pc/mod.rs +++ b/src/sonic_pc/mod.rs @@ -719,14 +719,14 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); single_poly_test::<_, _, PC_Bls12_381, _>( None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -737,13 +737,13 @@ mod tests { quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); quadratic_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -754,13 +754,13 @@ mod tests { linear_poly_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); linear_poly_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -771,13 +771,13 @@ mod tests { single_poly_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); single_poly_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -788,13 +788,13 @@ mod tests { single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); single_poly_degree_bound_multiple_queries_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -805,13 +805,13 @@ mod tests { two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); two_polys_degree_bound_single_query_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); } @@ -823,7 +823,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -831,7 +831,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -844,7 +844,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -852,7 +852,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -865,7 +865,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -873,7 +873,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -885,14 +885,14 @@ mod tests { two_equation_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); two_equation_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -905,7 +905,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); @@ -913,7 +913,7 @@ mod tests { None, rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); @@ -926,14 +926,14 @@ mod tests { bad_degree_bound_test::<_, _, PC_Bls12_377, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-377"); println!("Finished bls12-377"); bad_degree_bound_test::<_, _, PC_Bls12_381, _>( rand_poly::, rand_point::, - multivariate_challenge_generator_for_test, + poseidon_sponge_for_test, ) .expect("test failed for bls12-381"); println!("Finished bls12-381"); From 7bac81e8763bd22abae05e5567c7acda50fa3840 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Mon, 12 Jul 2021 22:45:32 -0700 Subject: [PATCH 15/25] tweak --- src/ipa_pc/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ipa_pc/mod.rs b/src/ipa_pc/mod.rs index a49248f3..5bee97a7 100644 --- a/src/ipa_pc/mod.rs +++ b/src/ipa_pc/mod.rs @@ -102,7 +102,7 @@ where point: G::ScalarField, values: impl IntoIterator, proof: &Proof, - opening_challenges: &mut ChallengeGenerator, //&dyn Fn(u64) -> G::ScalarField, + opening_challenges: &mut ChallengeGenerator, ) -> Option> { let check_time = start_timer!(|| "Succinct checking"); From e87b8a34d2ea4cb13d430812364dd8fd120afe02 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Mon, 12 Jul 2021 23:10:56 -0700 Subject: [PATCH 16/25] remove generics in BatchLCProof (won't compile) --- src/constraints.rs | 2 +- src/data_structures.rs | 13 +++---------- src/ipa_pc/mod.rs | 26 +++++++++++--------------- src/lib.rs | 12 +++--------- src/marlin/marlin_pc/mod.rs | 4 ++-- src/marlin/marlin_pst13_pc/mod.rs | 20 ++++++++++---------- src/marlin/mod.rs | 10 +++------- src/sonic_pc/mod.rs | 26 +++++++++++--------------- 8 files changed, 44 insertions(+), 69 deletions(-) diff --git a/src/constraints.rs b/src/constraints.rs index eb690929..5576d3e1 100644 --- a/src/constraints.rs +++ b/src/constraints.rs @@ -119,7 +119,7 @@ pub trait PCCheckVar< type ProofVar: AllocVar + Clone; /// An allocated version of `PC::BatchLCProof`. - type BatchLCProofVar: AllocVar, ConstraintF> + Clone; + type BatchLCProofVar: AllocVar, ConstraintF> + Clone; /// Add to `ConstraintSystemRef` new constraints that check that `proof_i` is a valid evaluation /// proof at `point_i` for the polynomial in `commitment_i`. diff --git a/src/data_structures.rs b/src/data_structures.rs index 13ad3aec..ccf75874 100644 --- a/src/data_structures.rs +++ b/src/data_structures.rs @@ -1,7 +1,6 @@ -use crate::{Polynomial, PolynomialCommitment, Rc, String, Vec}; +use crate::{Polynomial, Rc, String, Vec}; use ark_ff::{Field, PrimeField, ToConstraintField}; use ark_serialize::{CanonicalDeserialize, CanonicalSerialize, SerializationError}; -use ark_sponge::CryptographicSponge; use ark_std::rand::RngCore; use ark_std::{ borrow::Borrow, @@ -105,17 +104,11 @@ pub trait PCProof: Clone + ark_ff::ToBytes + CanonicalSerialize + CanonicalDeser /// A proof of satisfaction of linear combinations. #[derive(Clone, CanonicalSerialize, CanonicalDeserialize)] -pub struct BatchLCProof< - F: PrimeField, - P: Polynomial, - PC: PolynomialCommitment, - S: CryptographicSponge, -> { +pub struct BatchLCProof { /// Evaluation proof. - pub proof: PC::BatchProof, + pub proof: T, /// Evaluations required to verify the proof. pub evals: Option>, - pub(crate) _sponge: PhantomData, } /// A polynomial along with information about its degree bound (if any), and the diff --git a/src/ipa_pc/mod.rs b/src/ipa_pc/mod.rs index 5bee97a7..667c6916 100644 --- a/src/ipa_pc/mod.rs +++ b/src/ipa_pc/mod.rs @@ -840,14 +840,14 @@ where fn open_combinations<'a>( ck: &Self::CommitterKey, - lc_s: impl IntoIterator>, + linear_combinations: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> + ) -> Result, Self::Error> where Self::Randomness: 'a, Self::Commitment: 'a, @@ -865,7 +865,7 @@ where let mut lc_commitments = Vec::new(); let mut lc_info = Vec::new(); - for lc in lc_s { + for lc in linear_combinations { let lc_label = lc.label().clone(); let mut poly = P::zero(); let mut degree_bound = None; @@ -943,22 +943,18 @@ where lc_randomness.iter(), rng, )?; - Ok(BatchLCProof { - proof, - evals: None, - _sponge: PhantomData, - }) + Ok(BatchLCProof { proof, evals: None }) } /// Checks that `values` are the true evaluations at `query_set` of the polynomials /// committed in `labeled_commitments`. fn check_combinations<'a, R: RngCore>( vk: &Self::VerifierKey, - lc_s: impl IntoIterator>, + linear_combinations: impl IntoIterator>, commitments: impl IntoIterator>, - query_set: &QuerySet, - evaluations: &Evaluations, - proof: &BatchLCProof, + eqn_query_set: &QuerySet, + eqn_evaluations: &Evaluations, + proof: &BatchLCProof, opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result @@ -973,8 +969,8 @@ where let mut lc_commitments = Vec::new(); let mut lc_info = Vec::new(); - let mut evaluations = evaluations.clone(); - for lc in lc_s { + let mut evaluations = eqn_evaluations.clone(); + for lc in linear_combinations { let lc_label = lc.label().clone(); let num_polys = lc.len(); @@ -1029,7 +1025,7 @@ where Self::batch_check( vk, &lc_commitments, - &query_set, + &eqn_query_set, &evaluations, proof, opening_challenges, diff --git a/src/lib.rs b/src/lib.rs index b5fd6a20..6f2ee5ae 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -110,7 +110,6 @@ pub mod multilinear_pc; use crate::challenge::ChallengeGenerator; use ark_sponge::CryptographicSponge; -use ark_std::marker::PhantomData; /// Multivariate polynomial commitment based on the construction in /// [[PST13]][pst] with batching and (optional) hiding property inspired /// by the univariate scheme in [[CHMMVW20, "Marlin"]][marlin] @@ -307,7 +306,7 @@ pub trait PolynomialCommitment, S: Cryptographic opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> + ) -> Result, Self::Error> where Self::Randomness: 'a, Self::Commitment: 'a, @@ -330,7 +329,6 @@ pub trait PolynomialCommitment, S: Cryptographic Ok(BatchLCProof { proof, evals: Some(poly_evals.values().copied().collect()), - _sponge: PhantomData, }) } @@ -341,18 +339,14 @@ pub trait PolynomialCommitment, S: Cryptographic commitments: impl IntoIterator>, eqn_query_set: &QuerySet, eqn_evaluations: &Evaluations, - proof: &BatchLCProof, + proof: &BatchLCProof, opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result where Self::Commitment: 'a, { - let BatchLCProof { - proof, - evals, - _sponge: _, - } = proof; + let BatchLCProof { proof, evals } = proof; let lc_s = BTreeMap::from_iter(linear_combinations.into_iter().map(|lc| (lc.label(), lc))); diff --git a/src/marlin/marlin_pc/mod.rs b/src/marlin/marlin_pc/mod.rs index 693d5a04..6b9c0f32 100644 --- a/src/marlin/marlin_pc/mod.rs +++ b/src/marlin/marlin_pc/mod.rs @@ -408,7 +408,7 @@ where opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> + ) -> Result, Self::Error> where P: 'a, Self::Randomness: 'a, @@ -434,7 +434,7 @@ where commitments: impl IntoIterator>, query_set: &QuerySet, evaluations: &Evaluations, - proof: &BatchLCProof, + proof: &BatchLCProof, opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result diff --git a/src/marlin/marlin_pst13_pc/mod.rs b/src/marlin/marlin_pst13_pc/mod.rs index a3b1c23a..62c61be2 100644 --- a/src/marlin/marlin_pst13_pc/mod.rs +++ b/src/marlin/marlin_pst13_pc/mod.rs @@ -658,14 +658,14 @@ where fn open_combinations<'a>( ck: &Self::CommitterKey, - lc_s: impl IntoIterator>, + linear_combinations: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> + ) -> Result, Self::Error> where P: 'a, Self::Randomness: 'a, @@ -673,7 +673,7 @@ where { Marlin::open_combinations( ck, - lc_s, + linear_combinations, polynomials, commitments, query_set, @@ -687,11 +687,11 @@ where /// committed in `labeled_commitments`. fn check_combinations<'a, R: RngCore>( vk: &Self::VerifierKey, - lc_s: impl IntoIterator>, + linear_combinations: impl IntoIterator>, commitments: impl IntoIterator>, - query_set: &QuerySet, - evaluations: &Evaluations, - proof: &BatchLCProof, + eqn_query_set: &QuerySet, + eqn_evaluations: &Evaluations, + proof: &BatchLCProof, opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result @@ -700,10 +700,10 @@ where { Marlin::check_combinations( vk, - lc_s, + linear_combinations, commitments, - query_set, - evaluations, + eqn_query_set, + eqn_evaluations, proof, opening_challenges, rng, diff --git a/src/marlin/mod.rs b/src/marlin/mod.rs index bb4f8eaa..6d0f57e1 100644 --- a/src/marlin/mod.rs +++ b/src/marlin/mod.rs @@ -219,7 +219,7 @@ impl Marlin { opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Error> + ) -> Result, Error> where P: 'a + Polynomial, D: Debug + Clone + Hash + Ord + Sync, @@ -303,11 +303,7 @@ impl Marlin { rng, )?; - Ok(BatchLCProof { - proof, - evals: None, - _sponge: core::marker::PhantomData, - }) + Ok(BatchLCProof { proof, evals: None }) } fn check_combinations<'a, R, P, D, PC>( @@ -316,7 +312,7 @@ impl Marlin { commitments: impl IntoIterator>, query_set: &QuerySet, evaluations: &Evaluations, - proof: &BatchLCProof, + proof: &BatchLCProof, opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result diff --git a/src/sonic_pc/mod.rs b/src/sonic_pc/mod.rs index d7fff943..cad53539 100644 --- a/src/sonic_pc/mod.rs +++ b/src/sonic_pc/mod.rs @@ -499,14 +499,14 @@ where fn open_combinations<'a>( ck: &Self::CommitterKey, - lc_s: impl IntoIterator>, + linear_combinations: impl IntoIterator>, polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, opening_challenges: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, - ) -> Result, Self::Error> + ) -> Result, Self::Error> where Self::Randomness: 'a, Self::Commitment: 'a, @@ -524,7 +524,7 @@ where let mut lc_commitments = Vec::new(); let mut lc_info = Vec::new(); - for lc in lc_s { + for lc in linear_combinations { let lc_label = lc.label().clone(); let mut poly = P::zero(); let mut degree_bound = None; @@ -587,22 +587,18 @@ where lc_randomness.iter(), rng, )?; - Ok(BatchLCProof { - proof, - evals: None, - _sponge: PhantomData, - }) + Ok(BatchLCProof { proof, evals: None }) } /// Checks that `values` are the true evaluations at `query_set` of the polynomials /// committed in `labeled_commitments`. fn check_combinations<'a, R: RngCore>( vk: &Self::VerifierKey, - lc_s: impl IntoIterator>, + linear_combinations: impl IntoIterator>, commitments: impl IntoIterator>, - query_set: &QuerySet, - evaluations: &Evaluations, - proof: &BatchLCProof, + eqn_query_set: &QuerySet, + eqn_evaluations: &Evaluations, + proof: &BatchLCProof, opening_challenges: &mut ChallengeGenerator, rng: &mut R, ) -> Result @@ -617,8 +613,8 @@ where let mut lc_commitments = Vec::new(); let mut lc_info = Vec::new(); - let mut evaluations = evaluations.clone(); - for lc in lc_s { + let mut evaluations = eqn_evaluations.clone(); + for lc in linear_combinations { let lc_label = lc.label().clone(); let num_polys = lc.len(); @@ -670,7 +666,7 @@ where Self::batch_check( vk, &lc_commitments, - &query_set, + &eqn_query_set, &evaluations, proof, opening_challenges, From 233d9926d583684c3bf134293646a0b7371e7a84 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Tue, 13 Jul 2021 18:54:01 -0700 Subject: [PATCH 17/25] remove generics in BatchLCProof (fixed) --- src/marlin/marlin_pc/mod.rs | 32 ++++++++++++++++--------------- src/marlin/marlin_pst13_pc/mod.rs | 32 ++++++++++++++++--------------- src/marlin/mod.rs | 24 ++++++++++++++++++----- 3 files changed, 53 insertions(+), 35 deletions(-) diff --git a/src/marlin/marlin_pc/mod.rs b/src/marlin/marlin_pc/mod.rs index 6b9c0f32..cac54a8d 100644 --- a/src/marlin/marlin_pc/mod.rs +++ b/src/marlin/marlin_pc/mod.rs @@ -354,12 +354,13 @@ where Self::Commitment: 'a, { let check_time = start_timer!(|| "Checking evaluations"); - let (combined_comm, combined_value) = Marlin::accumulate_commitments_and_values( - commitments, - values, - opening_challenges, - Some(vk), - )?; + let (combined_comm, combined_value) = + Marlin::::accumulate_commitments_and_values( + commitments, + values, + opening_challenges, + Some(vk), + )?; let combined_comm = kzg10::Commitment(combined_comm.into()); let result = kzg10::KZG10::check(&vk.vk, &combined_comm, *point, combined_value, proof)?; end_timer!(check_time); @@ -378,13 +379,14 @@ where where Self::Commitment: 'a, { - let (combined_comms, combined_queries, combined_evals) = Marlin::combine_and_normalize( - commitments, - query_set, - values, - opening_challenges, - Some(vk), - )?; + let (combined_comms, combined_queries, combined_evals) = + Marlin::::combine_and_normalize( + commitments, + query_set, + values, + opening_challenges, + Some(vk), + )?; assert_eq!(proof.len(), combined_queries.len()); let proof_time = start_timer!(|| "Checking KZG10::Proof"); let result = kzg10::KZG10::batch_check( @@ -414,7 +416,7 @@ where Self::Randomness: 'a, Self::Commitment: 'a, { - Marlin::open_combinations( + Marlin::::open_combinations( ck, lc_s, polynomials, @@ -441,7 +443,7 @@ where where Self::Commitment: 'a, { - Marlin::check_combinations( + Marlin::::check_combinations( vk, lc_s, commitments, diff --git a/src/marlin/marlin_pst13_pc/mod.rs b/src/marlin/marlin_pst13_pc/mod.rs index 62c61be2..ea8413af 100644 --- a/src/marlin/marlin_pst13_pc/mod.rs +++ b/src/marlin/marlin_pst13_pc/mod.rs @@ -553,12 +553,13 @@ where { let check_time = start_timer!(|| "Checking evaluations"); // Accumulate commitments and values - let (combined_comm, combined_value) = Marlin::accumulate_commitments_and_values( - commitments, - values, - opening_challenges, - None, - )?; + let (combined_comm, combined_value) = + Marlin::::accumulate_commitments_and_values( + commitments, + values, + opening_challenges, + None, + )?; // Compute both sides of the pairing equation let mut inner = combined_comm.into().into_projective() - &vk.g.mul(combined_value); if let Some(random_v) = proof.random_v { @@ -593,13 +594,14 @@ where where Self::Commitment: 'a, { - let (combined_comms, combined_queries, combined_evals) = Marlin::combine_and_normalize( - commitments, - query_set, - values, - opening_challenges, - None, - )?; + let (combined_comms, combined_queries, combined_evals) = + Marlin::::combine_and_normalize( + commitments, + query_set, + values, + opening_challenges, + None, + )?; let check_time = start_timer!(|| format!("Checking {} evaluation proofs", combined_comms.len())); let g = vk.g.into_projective(); @@ -671,7 +673,7 @@ where Self::Randomness: 'a, Self::Commitment: 'a, { - Marlin::open_combinations( + Marlin::::open_combinations( ck, linear_combinations, polynomials, @@ -698,7 +700,7 @@ where where Self::Commitment: 'a, { - Marlin::check_combinations( + Marlin::::check_combinations( vk, linear_combinations, commitments, diff --git a/src/marlin/mod.rs b/src/marlin/mod.rs index 6d0f57e1..bb5729a7 100644 --- a/src/marlin/mod.rs +++ b/src/marlin/mod.rs @@ -26,12 +26,26 @@ pub mod marlin_pc; pub mod marlin_pst13_pc; /// Common functionalities between `marlin_pc` and `marlin_pst13_pc` -struct Marlin { +struct Marlin +where + E: PairingEngine, + S: CryptographicSponge, + P: Polynomial, + PC: PolynomialCommitment, +{ _engine: core::marker::PhantomData, _sponge: core::marker::PhantomData, + _poly: core::marker::PhantomData

, + _pc: core::marker::PhantomData, } -impl Marlin { +impl Marlin +where + E: PairingEngine, + S: CryptographicSponge, + P: Polynomial, + PC: PolynomialCommitment, +{ /// MSM for `commitments` and `coeffs` fn combine_commitments<'a>( coeffs_and_comms: impl IntoIterator)>, @@ -185,7 +199,7 @@ impl Marlin { values_to_combine.push(*v_i); } - let (c, v) = Marlin::accumulate_commitments_and_values( + let (c, v) = Self::accumulate_commitments_and_values( comms_to_combine, values_to_combine, opening_challenges, @@ -210,7 +224,7 @@ impl Marlin { /// On input a list of polynomials, linear combinations of those polynomials, /// and a query set, `open_combination` outputs a proof of evaluation of /// the combinations at the points in the query set. - fn open_combinations<'a, P, D, PC>( + fn open_combinations<'a, D>( ck: &PC::CommitterKey, lc_s: impl IntoIterator>, polynomials: impl IntoIterator>, @@ -306,7 +320,7 @@ impl Marlin { Ok(BatchLCProof { proof, evals: None }) } - fn check_combinations<'a, R, P, D, PC>( + fn check_combinations<'a, R, D>( vk: &PC::VerifierKey, lc_s: impl IntoIterator>, commitments: impl IntoIterator>, From 8d3d26e75bbb4a16b12d4a49e7fafc5ff19bd50f Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 15 Jul 2021 16:49:03 -0700 Subject: [PATCH 18/25] Fix `no-std` issue --- Cargo.toml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 2dbbe2cc..b4805c12 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,7 +25,7 @@ ark-serialize = { version = "^0.3.0", default-features = false, features = [ "de ark-ff = { version = "^0.3.0", default-features = false } ark-ec = { version = "^0.3.0", default-features = false } ark-poly = {version = "^0.3.0", default-features = false } -ark-sponge = {version = "^0.3.0", default-feautres = false} +ark-sponge = {version = "^0.3.0", default-features = false} ark-std = { version = "^0.3.0", default-features = false } ark-relations = { version = "^0.3.0", default-features = false, optional = true } @@ -37,8 +37,6 @@ digest = "0.9" rayon = { version = "1", optional = true } derivative = { version = "2", features = [ "use_core" ] } -tracing = { version = "0.1", default-features = false, features = [ "attributes" ] } - [dev-dependencies] ark-ed-on-bls12-381 = { version = "^0.3.0", default-features = false } ark-bls12-381 = { version = "^0.3.0", default-features = false, features = [ "curve" ] } From ce36f51437ecdef330a2b1b4f54d2d053aff01db Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Thu, 15 Jul 2021 20:47:41 -0700 Subject: [PATCH 19/25] address comment --- src/challenge.rs | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index b14f3c0c..a32e0f10 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -1,5 +1,5 @@ use ark_ff::PrimeField; -use ark_sponge::CryptographicSponge; +use ark_sponge::{CryptographicSponge, FieldElementSize}; /// `ChallengeGenerator` generates opening challenges using multivariate or univariate strategy. /// For multivariate strategy, each challenge is freshly squeezed from a sponge. @@ -9,7 +9,7 @@ use ark_sponge::CryptographicSponge; #[derive(Clone)] pub enum ChallengeGenerator { /// Each challenge is freshly squeezed from a sponge. - Multivariate(S), + Multivariate(S, FieldElementSize), /// Each challenge is a power of one squeezed element from sponge. /// /// `Univariate(generator, next_element)` @@ -20,7 +20,13 @@ impl ChallengeGenerator { /// Returns a challenge generator with multivariate strategy. Each challenge is freshly squeezed /// from a sponge. pub fn new_multivariate(sponge: S) -> Self { - Self::Multivariate(sponge) + Self::new_multivariate_of_size(sponge, FieldElementSize::Full) + } + + /// Returns a challenge generator with multivariate strategy.Each challenge is freshly squeezed + /// from a sponge and has `size` bits. + pub fn new_multivariate_of_size(sponge: S, size: FieldElementSize) -> Self { + Self::Multivariate(sponge, size) } /// Returns a challenge generator with univariate strategy. Each challenge is a power of one @@ -33,7 +39,15 @@ impl ChallengeGenerator { /// Returns the next challenge generated. pub fn next_challenge(&mut self) -> F { match self { - Self::Multivariate(s) => s.squeeze_field_elements(1)[0], + // multivariate (full) + Self::Multivariate(sponge, FieldElementSize::Full) => { + sponge.squeeze_field_elements(1)[0] + } + // multivariate (truncated) + Self::Multivariate(sponge, size) => { + sponge.squeeze_field_elements_with_sizes(&[*size])[0] + } + // univariate Self::Univariate(gen, next) => { let result = next.clone(); *next *= *gen; @@ -42,27 +56,13 @@ impl ChallengeGenerator { } } - /// Returns the next challenge generated where next challenge has `size` bits. Only works for - /// multivariate generator. - /// - /// ## Panics - /// This function will panic if `self` is univariate. - pub fn next_challenge_of_size(&mut self, size: ark_sponge::FieldElementSize) -> F { - match self { - Self::Multivariate(s) => s.squeeze_field_elements_with_sizes(&[size])[0], - _ => { - panic!("`next_challenge_of_size` only supports multivariate generator.") - } - } - } - /// Returns the sponge state if `self` is multivariate. /// /// ## Panics /// This function will panic if `self` is univariate. pub fn into_sponge(self) -> S { match self { - Self::Multivariate(s) => s, + Self::Multivariate(s, _) => s, _ => panic!("only multivariate generator can be converted to sponge."), } } From 5ff82312ad36a19e5ac89d9af42175ae95ac9210 Mon Sep 17 00:00:00 2001 From: Tom Shen Date: Thu, 15 Jul 2021 20:55:03 -0700 Subject: [PATCH 20/25] changelog --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b6bfc521..9203dcd4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,8 +4,13 @@ ### Breaking changes +- [\#82](https://github.com/arkworks-rs/poly-commit/pull/82) Function parameter `opening_challenge: F` for `open`, + `check`, has been changed from `F` to `opening_challenges: &mut ChallengeGenerator`. + ### Features +- [\#82](https://github.com/arkworks-rs/poly-commit/pull/82) Add multivariate opening challenge strategy. Integrate with sponge API. + ### Improvements ### Bug fixes From 6a7cfaa2a89d64699d2c4c86f3697c8b147f5826 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 22 Jul 2021 10:51:14 -0700 Subject: [PATCH 21/25] Update src/challenge.rs --- src/challenge.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/challenge.rs b/src/challenge.rs index a32e0f10..378b052a 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -23,7 +23,7 @@ impl ChallengeGenerator { Self::new_multivariate_of_size(sponge, FieldElementSize::Full) } - /// Returns a challenge generator with multivariate strategy.Each challenge is freshly squeezed + /// Returns a challenge generator with multivariate strategy. Each challenge is freshly squeezed /// from a sponge and has `size` bits. pub fn new_multivariate_of_size(sponge: S, size: FieldElementSize) -> Self { Self::Multivariate(sponge, size) From c8f97b08ff2170a37380cb8a22a08672e558c7ce Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 22 Jul 2021 10:51:21 -0700 Subject: [PATCH 22/25] Update src/challenge.rs --- src/challenge.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index 378b052a..d824f149 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -60,10 +60,10 @@ impl ChallengeGenerator { /// /// ## Panics /// This function will panic if `self` is univariate. - pub fn into_sponge(self) -> S { + pub fn into_sponge(self) -> Option { match self { - Self::Multivariate(s, _) => s, - _ => panic!("only multivariate generator can be converted to sponge."), + Self::Multivariate(s, _) => Some(s), + _ => None, } } } From 8ea00329bc03d9bfe223b311e66c1047da720695 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 22 Jul 2021 10:51:46 -0700 Subject: [PATCH 23/25] Update src/challenge.rs --- src/challenge.rs | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index d824f149..ace8e6a2 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -56,10 +56,7 @@ impl ChallengeGenerator { } } - /// Returns the sponge state if `self` is multivariate. - /// - /// ## Panics - /// This function will panic if `self` is univariate. + /// Returns the sponge state if `self` is multivariate. Returns `None` otherwise. pub fn into_sponge(self) -> Option { match self { Self::Multivariate(s, _) => Some(s), From 5bb69d6197d0b6a4b3dd9f9e5a66b9da858ed4b1 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 22 Jul 2021 15:37:11 -0700 Subject: [PATCH 24/25] Use challenge_gen --- src/challenge.rs | 31 ++++++++----------- src/ipa_pc/mod.rs | 14 ++++----- src/lib.rs | 49 ++++++++++++++++--------------- src/marlin/marlin_pc/mod.rs | 8 ++--- src/marlin/marlin_pst13_pc/mod.rs | 3 +- src/marlin/mod.rs | 10 +++---- src/sonic_pc/mod.rs | 10 +++---- 7 files changed, 62 insertions(+), 63 deletions(-) diff --git a/src/challenge.rs b/src/challenge.rs index ace8e6a2..aa78d902 100644 --- a/src/challenge.rs +++ b/src/challenge.rs @@ -9,7 +9,7 @@ use ark_sponge::{CryptographicSponge, FieldElementSize}; #[derive(Clone)] pub enum ChallengeGenerator { /// Each challenge is freshly squeezed from a sponge. - Multivariate(S, FieldElementSize), + Multivariate(S), /// Each challenge is a power of one squeezed element from sponge. /// /// `Univariate(generator, next_element)` @@ -20,13 +20,7 @@ impl ChallengeGenerator { /// Returns a challenge generator with multivariate strategy. Each challenge is freshly squeezed /// from a sponge. pub fn new_multivariate(sponge: S) -> Self { - Self::new_multivariate_of_size(sponge, FieldElementSize::Full) - } - - /// Returns a challenge generator with multivariate strategy. Each challenge is freshly squeezed - /// from a sponge and has `size` bits. - pub fn new_multivariate_of_size(sponge: S, size: FieldElementSize) -> Self { - Self::Multivariate(sponge, size) + Self::Multivariate(sponge) } /// Returns a challenge generator with univariate strategy. Each challenge is a power of one @@ -36,17 +30,14 @@ impl ChallengeGenerator { Self::Univariate(gen, gen) } - /// Returns the next challenge generated. - pub fn next_challenge(&mut self) -> F { + /// Returns a challenge of size `size`. + /// * If `self == Self::Multivariate(...)`, then this squeezes out a challenge of size `size`. + /// * If `self == Self::Univariate(...)`, then this ignores the `size` argument and simply squeezes out + /// the next field element. + pub fn try_next_challenge_of_size(&mut self, size: FieldElementSize) -> F { match self { // multivariate (full) - Self::Multivariate(sponge, FieldElementSize::Full) => { - sponge.squeeze_field_elements(1)[0] - } - // multivariate (truncated) - Self::Multivariate(sponge, size) => { - sponge.squeeze_field_elements_with_sizes(&[*size])[0] - } + Self::Multivariate(sponge) => sponge.squeeze_field_elements_with_sizes(&[size])[0], // univariate Self::Univariate(gen, next) => { let result = next.clone(); @@ -55,11 +46,15 @@ impl ChallengeGenerator { } } } + /// Returns the next challenge generated. + pub fn next_challenge(&mut self) -> F { + self.try_next_challenge_of_size(FieldElementSize::Full) + } /// Returns the sponge state if `self` is multivariate. Returns `None` otherwise. pub fn into_sponge(self) -> Option { match self { - Self::Multivariate(s, _) => Some(s), + Self::Multivariate(s) => Some(s), _ => None, } } diff --git a/src/ipa_pc/mod.rs b/src/ipa_pc/mod.rs index 667c6916..fb9cc385 100644 --- a/src/ipa_pc/mod.rs +++ b/src/ipa_pc/mod.rs @@ -1,4 +1,4 @@ -use crate::{BTreeMap, BTreeSet, String, ToString, Vec}; +use crate::{BTreeMap, BTreeSet, String, ToString, Vec, CHALLENGE_SIZE}; use crate::{BatchLCProof, Error, Evaluations, QuerySet, UVPolynomial}; use crate::{LabeledCommitment, LabeledPolynomial, LinearCombination}; use crate::{PCCommitterKey, PCRandomness, PCUniversalParams, PolynomialCommitment}; @@ -114,7 +114,7 @@ where let mut combined_commitment_proj = G::Projective::zero(); let mut combined_v = G::ScalarField::zero(); - let mut cur_challenge = opening_challenges.next_challenge(); + let mut cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); let labeled_commitments = commitments.into_iter(); let values = values.into_iter(); @@ -123,7 +123,7 @@ where let commitment = labeled_commitment.commitment(); combined_v += &(cur_challenge * &value); combined_commitment_proj += &labeled_commitment.commitment().comm.mul(cur_challenge); - cur_challenge = opening_challenges.next_challenge(); + cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); let degree_bound = labeled_commitment.degree_bound(); assert_eq!(degree_bound.is_some(), commitment.shifted_comm.is_some()); @@ -134,7 +134,7 @@ where combined_commitment_proj += &commitment.shifted_comm.unwrap().mul(cur_challenge); } - cur_challenge = opening_challenges.next_challenge(); + cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); } let mut combined_commitment = combined_commitment_proj.into_affine(); @@ -487,7 +487,7 @@ where let combine_time = start_timer!(|| "Combining polynomials, randomness, and commitments."); - let mut cur_challenge = opening_challenges.next_challenge(); + let mut cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); for (labeled_polynomial, (labeled_commitment, randomness)) in polys_iter.zip(comms_iter.zip(rands_iter)) @@ -509,7 +509,7 @@ where combined_rand += &(cur_challenge * &randomness.rand); } - cur_challenge = opening_challenges.next_challenge(); + cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); let has_degree_bound = degree_bound.is_some(); @@ -542,7 +542,7 @@ where } } - cur_challenge = opening_challenges.next_challenge(); + cur_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); } end_timer!(combine_time); diff --git a/src/lib.rs b/src/lib.rs index 6f2ee5ae..0107c1e9 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -109,7 +109,7 @@ pub mod challenge; pub mod multilinear_pc; use crate::challenge::ChallengeGenerator; -use ark_sponge::CryptographicSponge; +use ark_sponge::{CryptographicSponge, FieldElementSize}; /// Multivariate polynomial commitment based on the construction in /// [[PST13]][pst] with batching and (optional) hiding property inspired /// by the univariate scheme in [[CHMMVW20, "Marlin"]][marlin] @@ -212,7 +212,7 @@ pub trait PolynomialCommitment, S: Cryptographic labeled_polynomials: impl IntoIterator>, commitments: impl IntoIterator>, point: &'a P::Point, - opening_challenges: &mut ChallengeGenerator, + challenge_generator: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result @@ -228,7 +228,7 @@ pub trait PolynomialCommitment, S: Cryptographic point: &'a P::Point, values: impl IntoIterator, proof: &Self::Proof, - opening_challenges: &mut ChallengeGenerator, + challenge_generator: &mut ChallengeGenerator, rng: Option<&mut dyn RngCore>, ) -> Result where @@ -241,7 +241,7 @@ pub trait PolynomialCommitment, S: Cryptographic query_set: &QuerySet, evaluations: &Evaluations, proof: &Self::BatchProof, - opening_challenges: &mut ChallengeGenerator, + challenge_generator: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -288,7 +288,7 @@ pub trait PolynomialCommitment, S: Cryptographic &point, values, &proof, - opening_challenges, + challenge_generator, Some(rng), )?; end_timer!(proof_time); @@ -303,7 +303,7 @@ pub trait PolynomialCommitment, S: Cryptographic polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenges: &mut ChallengeGenerator, + challenge_generator: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result, Self::Error> @@ -322,7 +322,7 @@ pub trait PolynomialCommitment, S: Cryptographic polynomials, commitments, &poly_query_set, - opening_challenges, + challenge_generator, rands, rng, )?; @@ -340,7 +340,7 @@ pub trait PolynomialCommitment, S: Cryptographic eqn_query_set: &QuerySet, eqn_evaluations: &Evaluations, proof: &BatchLCProof, - opening_challenges: &mut ChallengeGenerator, + challenge_generator: &mut ChallengeGenerator, rng: &mut R, ) -> Result where @@ -392,7 +392,7 @@ pub trait PolynomialCommitment, S: Cryptographic &poly_query_set, &poly_evals, proof, - opening_challenges, + challenge_generator, rng, )?; if !pc_result { @@ -409,7 +409,7 @@ pub trait PolynomialCommitment, S: Cryptographic labeled_polynomials: impl IntoIterator>, commitments: impl IntoIterator>, query_set: &QuerySet, - opening_challenges: &mut ChallengeGenerator, + challenge_generator: &mut ChallengeGenerator, rands: impl IntoIterator, rng: Option<&mut dyn RngCore>, ) -> Result @@ -464,7 +464,7 @@ pub trait PolynomialCommitment, S: Cryptographic query_polys, query_comms, &point, - opening_challenges, + challenge_generator, query_rands, Some(rng), )?; @@ -479,6 +479,9 @@ pub trait PolynomialCommitment, S: Cryptographic } } +/// The size of opening challenges in bits. +pub const CHALLENGE_SIZE: FieldElementSize = FieldElementSize::Truncated(128); + /// Evaluate the given polynomials at `query_set`. pub fn evaluate_query_set<'a, F, P, T>( polys: impl IntoIterator>, @@ -557,12 +560,12 @@ pub mod tests { PC: PolynomialCommitment, S: CryptographicSponge, { - let opening_challenges = vec![ + let challenge_generators = vec![ ChallengeGenerator::new_multivariate(sponge()), ChallengeGenerator::new_univariate(&mut sponge()), ]; - for opening_challenge in opening_challenges { + for challenge_gen in challenge_generators { let rng = &mut test_rng(); let max_degree = 100; let pp = PC::setup(max_degree, None, rng)?; @@ -624,7 +627,7 @@ pub mod tests { &polynomials, &comms, &query_set, - &mut (opening_challenge.clone()), + &mut (challenge_gen.clone()), &rands, Some(rng), )?; @@ -634,7 +637,7 @@ pub mod tests { &query_set, &values, &proof, - &mut (opening_challenge.clone()), + &mut (challenge_gen.clone()), rng, )?; assert!(result, "proof was incorrect, Query set: {:#?}", query_set); @@ -665,12 +668,12 @@ pub mod tests { sponge, } = info; - let opening_challenges = vec![ + let challenge_gens = vec![ ChallengeGenerator::new_multivariate(sponge()), ChallengeGenerator::new_univariate(&mut sponge()), ]; - for opening_challenge in opening_challenges { + for challenge_gen in challenge_gens { let rng = &mut test_rng(); // If testing multivariate polynomials, make the max degree lower let max_degree = match num_vars { @@ -760,7 +763,7 @@ pub mod tests { &polynomials, &comms, &query_set, - &mut (opening_challenge.clone()), + &mut (challenge_gen.clone()), &rands, Some(rng), )?; @@ -770,7 +773,7 @@ pub mod tests { &query_set, &values, &proof, - &mut (opening_challenge.clone()), + &mut (challenge_gen.clone()), rng, )?; if !result { @@ -810,12 +813,12 @@ pub mod tests { sponge, } = info; - let opening_challenges = vec![ + let challenge_gens = vec![ ChallengeGenerator::new_multivariate(sponge()), ChallengeGenerator::new_univariate(&mut sponge()), ]; - for opening_challenge in opening_challenges { + for challenge_gen in challenge_gens { let rng = &mut test_rng(); // If testing multivariate polynomials, make the max degree lower let max_degree = match num_vars { @@ -939,7 +942,7 @@ pub mod tests { &polynomials, &comms, &query_set, - &mut (opening_challenge.clone()), + &mut (challenge_gen.clone()), &rands, Some(rng), )?; @@ -951,7 +954,7 @@ pub mod tests { &query_set, &values, &proof, - &mut (opening_challenge.clone()), + &mut (challenge_gen.clone()), rng, )?; if !result { diff --git a/src/marlin/marlin_pc/mod.rs b/src/marlin/marlin_pc/mod.rs index cac54a8d..918d5c4c 100644 --- a/src/marlin/marlin_pc/mod.rs +++ b/src/marlin/marlin_pc/mod.rs @@ -1,4 +1,4 @@ -use crate::{kzg10, marlin::Marlin, PCCommitterKey}; +use crate::{kzg10, marlin::Marlin, PCCommitterKey, CHALLENGE_SIZE}; use crate::{BTreeMap, BTreeSet, ToString, Vec}; use crate::{BatchLCProof, Error, Evaluations, QuerySet}; use crate::{LabeledCommitment, LabeledPolynomial, LinearCombination}; @@ -282,8 +282,8 @@ where &polynomial, )?; - // compute challenge^j and challenge^{j+1}. - let challenge_j = opening_challenges.next_challenge(); + // compute next challenges challenge^j and challenge^{j+1}. + let challenge_j = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); assert_eq!(degree_bound.is_some(), rand.shifted_rand.is_some()); @@ -299,7 +299,7 @@ where *point, &shifted_rand, )?; - let challenge_j_1 = opening_challenges.next_challenge(); + let challenge_j_1 = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); let shifted_witness = shift_polynomial(ck, &witness, degree_bound); diff --git a/src/marlin/marlin_pst13_pc/mod.rs b/src/marlin/marlin_pst13_pc/mod.rs index ea8413af..d418eb86 100644 --- a/src/marlin/marlin_pst13_pc/mod.rs +++ b/src/marlin/marlin_pst13_pc/mod.rs @@ -1,6 +1,7 @@ use crate::{ kzg10, marlin::{marlin_pc, Marlin}, + CHALLENGE_SIZE, }; use crate::{BatchLCProof, Error, Evaluations, QuerySet}; use crate::{LabeledCommitment, LabeledPolynomial, LinearCombination}; @@ -463,7 +464,7 @@ where Self::check_degrees_and_bounds(ck.supported_degree, &polynomial)?; // compute challenge^j and challenge^{j+1}. - let challenge_j = opening_challenges.next_challenge(); + let challenge_j = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); p += (challenge_j, polynomial.polynomial()); r += (challenge_j, rand); diff --git a/src/marlin/mod.rs b/src/marlin/mod.rs index bb5729a7..eaea4a1d 100644 --- a/src/marlin/mod.rs +++ b/src/marlin/mod.rs @@ -1,4 +1,4 @@ -use crate::challenge::ChallengeGenerator; +use crate::{challenge::ChallengeGenerator, CHALLENGE_SIZE}; use crate::{kzg10, Error}; use crate::{BTreeMap, BTreeSet, Debug, RngCore, String, ToString, Vec}; use crate::{BatchLCProof, LabeledPolynomial, LinearCombination}; @@ -104,11 +104,11 @@ where .collect() } - /// Accumulate `commitments` and `values` according to `opening_challenge`. + /// Accumulate `commitments` and `values` according to the challenges produces by `challenge_gen`. fn accumulate_commitments_and_values<'a>( commitments: impl IntoIterator>>, values: impl IntoIterator, - opening_challenges: &mut ChallengeGenerator, + challenge_gen: &mut ChallengeGenerator, vk: Option<&marlin_pc::VerifierKey>, ) -> Result<(E::G1Projective, E::Fr), Error> { let acc_time = start_timer!(|| "Accumulating commitments and values"); @@ -119,13 +119,13 @@ where let commitment = labeled_commitment.commitment(); assert_eq!(degree_bound.is_some(), commitment.shifted_comm.is_some()); - let challenge_i = opening_challenges.next_challenge(); + let challenge_i = challenge_gen.try_next_challenge_of_size(CHALLENGE_SIZE); combined_comm += &commitment.comm.0.mul(challenge_i); combined_value += &(value * &challenge_i); if let Some(degree_bound) = degree_bound { - let challenge_i_1 = opening_challenges.next_challenge(); + let challenge_i_1 = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); let shifted_comm = commitment .shifted_comm diff --git a/src/sonic_pc/mod.rs b/src/sonic_pc/mod.rs index cad53539..e02d635f 100644 --- a/src/sonic_pc/mod.rs +++ b/src/sonic_pc/mod.rs @@ -1,4 +1,4 @@ -use crate::{kzg10, PCCommitterKey}; +use crate::{kzg10, PCCommitterKey, CHALLENGE_SIZE}; use crate::{BTreeMap, BTreeSet, String, ToString, Vec}; use crate::{BatchLCProof, Error, Evaluations, QuerySet, UVPolynomial}; use crate::{LabeledCommitment, LabeledPolynomial, LinearCombination}; @@ -50,7 +50,7 @@ where ) { let acc_time = start_timer!(|| "Accumulating elements"); - let mut curr_challenge = opening_challenges.next_challenge(); + let mut curr_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); // Keeps track of running combination of values let mut combined_values = E::Fr::zero(); @@ -73,7 +73,7 @@ where *combined_comms .entry(degree_bound) .or_insert(E::G1Projective::zero()) += &comm_with_challenge; - curr_challenge = opening_challenges.next_challenge(); + curr_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); } // Push expected results into list of elems. Power will be the negative of the expected power @@ -358,7 +358,7 @@ where let mut combined_polynomial = P::zero(); let mut combined_rand = kzg10::Randomness::empty(); - let mut curr_challenge = opening_challenges.next_challenge(); + let mut curr_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); for (polynomial, rand) in labeled_polynomials.into_iter().zip(rands) { let enforced_degree_bounds: Option<&[usize]> = ck @@ -375,7 +375,7 @@ where combined_polynomial += (curr_challenge, polynomial.polynomial()); combined_rand += (curr_challenge, rand); - curr_challenge = opening_challenges.next_challenge(); + curr_challenge = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); } let proof_time = start_timer!(|| "Creating proof for polynomials"); From 623acac3ecd99ee30b91b338b7864b391989dcb5 Mon Sep 17 00:00:00 2001 From: Pratyush Mishra Date: Thu, 22 Jul 2021 15:38:12 -0700 Subject: [PATCH 25/25] Fix --- src/marlin/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/marlin/mod.rs b/src/marlin/mod.rs index eaea4a1d..05ba0570 100644 --- a/src/marlin/mod.rs +++ b/src/marlin/mod.rs @@ -125,7 +125,7 @@ where combined_value += &(value * &challenge_i); if let Some(degree_bound) = degree_bound { - let challenge_i_1 = opening_challenges.try_next_challenge_of_size(CHALLENGE_SIZE); + let challenge_i_1 = challenge_gen.try_next_challenge_of_size(CHALLENGE_SIZE); let shifted_comm = commitment .shifted_comm