Skip to content

Commit

Permalink
Added a few more structures.
Browse files Browse the repository at this point in the history
  • Loading branch information
martun committed Sep 12, 2024
1 parent 4d7140a commit 1de666d
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 65 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -283,12 +283,12 @@ namespace nil {
math::polynomial<typename field_type::value_type> final_polynomial;
};

struct round_proofs_batch {
bool operator==(const round_proofs_batch &rhs) const {
struct round_proofs_batch_type {
bool operator==(const round_proofs_batch_type &rhs) const {
return round_proofs == rhs.round_proofs;
}

bool operator!=(const round_proofs_batch &rhs) const {
bool operator!=(const round_proofs_batch_type &rhs) const {
return !(rhs == *this);
}

Expand All @@ -313,7 +313,7 @@ namespace nil {
proof_type() = default;
proof_type(const proof_type&) = default;

proof_type(const round_proofs_batch& round_proofs,
proof_type(const round_proofs_batch_type& round_proofs,
const initial_proofs_batch_type& intial_proofs)
: fri_roots(round_proofs.fri_roots)
, final_polynomial(round_proofs.final_polynomial) {
Expand Down Expand Up @@ -342,43 +342,6 @@ namespace nil {
std::vector<query_proof_type> query_proofs; // 0...lambda - 1
typename GrindingType::output_type proof_of_work;
};

// This represents and aggregated proofs of N provers with shared rounds proof.
struct aggregated_proof_type {
aggregated_proof() = default;
aggregated_proof(const aggregated_proof&) = default;

// Size of vector 'intial_proofs_per_prover' is the number of provers.
aggregated_proof(
const round_proofs_batch& round_proofs,
const std::vector<initial_proofs_batch_type>& intial_proofs_per_prover)
: round_proofs(round_proofs)
, intial_proofs_per_prover(intial_proofs_per_prover) {
}

bool operator==(const aggregated_proof &rhs) const {
//if (FRI::use_grinding && proof_of_work != rhs.proof_of_work) {
// return false;
//}
return round_proofs == rhs.round_proofs &&
intial_proofs_per_prover == rhs.intial_proofs_per_prover;
}

bool operator!=(const aggregated_proof &rhs) const {
return !(rhs == *this);
}

// We have a single round proof for checking that F(X) is a low degree polynomial.
round_proofs_batch round_proofs;

// Contains fri_roots and final_polynomial that correspond to the polynomial F(x).
commitments_part_of_proof commitments_proof_part;

// For each prover we have an initial proof for consistency checks.
std::vector<initial_proofs_batch_type> intial_proofs_per_prover;

typename GrindingType::output_type proof_of_work;
};
};
} // namespace detail
} // namespace commitments
Expand Down Expand Up @@ -1016,14 +979,14 @@ namespace nil {
}

template<typename FRI, typename PolynomialType>
static typename FRI::round_proofs_batch query_phase_round_proofs(
static typename FRI::round_proofs_batch_type query_phase_round_proofs(
const typename FRI::params_type &fri_params,
const std::vector<typename FRI::precommitment_type> &fri_trees,
const std::vector<PolynomialType> &fs,
const math::polynomial<typename FRI::field_type::value_type> &final_polynomial,
const std::vector<typename FRI::field_type::value_type>& challenges)
{
typename FRI::round_proofs_batch proof;
typename FRI::round_proofs_batch_type proof;

for (std::size_t query_id = 0; query_id < fri_params.lambda; query_id++) {
std::size_t domain_size = fri_params.D[0]->size();
Expand Down Expand Up @@ -1098,7 +1061,7 @@ namespace nil {
query_phase_initial_proofs<FRI, PolynomialType>(
precommitments, fri_params, g, challenges);

typename FRI::round_proofs_batch round_proofs =
typename FRI::round_proofs_batch_type round_proofs =
query_phase_round_proofs<FRI, PolynomialType>(
fri_params, fri_trees, fs, final_polynomial, challenges);

Expand Down Expand Up @@ -1157,7 +1120,6 @@ namespace nil {
// Commit phase

std::vector<typename FRI::precommitment_type> fri_trees;
std::vector<typename FRI::commitment_type> fri_roots;
std::vector<PolynomialType> fs;
math::polynomial<typename FRI::field_type::value_type> final_polynomial;

Expand Down
89 changes: 69 additions & 20 deletions libs/zk/include/nil/crypto3/zk/commitments/polynomial/lpc.hpp
Original file line number Diff line number Diff line change
Expand Up @@ -187,33 +187,59 @@ namespace nil {
}

std::vector<typename FRI::field_type::value_type> challenges =
transcript.template challenge<typename FRI::field_type>(this->_fri_params.lambda);
transcript.template challenges<typename FRI::field_type>(this->_fri_params.lambda);

typename fri_type::initial_proofs_batch_type initial_proofs =
nil::crypto3::zk::algorithms::query_phase_initial_proofs<fri_type, polynomial_type>(
this->_trees, this->_fri_params, this->_polys, challenges);
return {this->_z, initial_proofs};
}

/** This function must be called once for the aggregated FRI, to proof that polynomial
'sum_poly' has low degree.
* \param[in] sum_poly - polynomial F(x) = Sum(combined_Q).
* \param[in] transcript - This transcript is initialized on the main prover, which has digested
challenges from all the other provers.
*/
round_proof_type proof_eval_round_proof(const polynomial_type& sum_poly, transcript_type &transcript) {
// TODO(martun): this function belongs to FRI, not here, will move later.
// Precommit to sum_poly.
precommitment_type sum_poly_precommitment = nil::crypto3::zk::algorithms::precommit<fri_type>(
sum_poly,
_fri_params.D[0],
_fri_params.step_list.front()
);

this->eval_polys();
std::vector<typename fri_type::precommitment_type> fri_trees;
std::vector<polynomial_type> fs;
math::polynomial<typename fri_type::field_type::value_type> final_polynomial;

BOOST_ASSERT(this->_points.size() == this->_polys.size());
BOOST_ASSERT(this->_points.size() == this->_z.get_batches_num());
// Commit to sum_poly.
std::tie(fs, fri_trees, commitments_proof) =
nil::crypto3::zk::algorithms::commit_phase<fri_type, polynomial_type>(
sum_poly,
sum_poly_precommitment,
_fri_params, transcript);

// For each batch we have a merkle tree.
for (auto const& it: this->_trees) {
transcript(it.second.root());
}
std::vector<typename FRI::field_type::value_type> challenges =
transcript.template challenges<typename FRI::field_type>(this->_fri_params.lambda);

// Prepare z-s and combined_Q;
auto theta = transcript.template challenge<field_type>();
polynomial_type combined_Q = prepare_combined_Q(theta);
round_proof_type result;

auto fri_proof = commit_and_fri_proof(combined_Q, transcript);
return proof_type({this->_z, fri_proof});
result.fri_round_proof = nil::crypto3::zk::algorithms::query_phase_round_proofs<
fri_type, polynomial_type>(
_fri_params,
fri_trees,
fs,
sum_poly,
challenges);

result.fri_commitments_proof_part.fri_roots = std::move(commitments_proof.fri_roots);
result.fri_commitments_proof_part.final_polynomial = std::move(final_polynomial);

return result;
}

typename fri_type::proof_type commit_and_fri_proof(
const polynomial_type& combined_Q, transcript_type &transcript) {

Expand All @@ -224,8 +250,7 @@ namespace nil {
);

typename fri_type::proof_type fri_proof = nil::crypto3::zk::algorithms::proof_eval<
fri_type, polynomial_type
>(
fri_type, polynomial_type>(
this->_polys,
combined_Q,
this->_trees,
Expand Down Expand Up @@ -496,9 +521,10 @@ namespace nil {
typename basic_fri::proof_type fri_proof;
};

// Represents an initial proof, which must be created for each of the N provers.
struct initial_proof_type {
bool operator==(const initial_proof_type &rhs) const {
return fri_proof == rhs.fri_proof && z == rhs.z;
return initial_fri_proof == rhs.initial_fri_proof && z == rhs.z;
}

bool operator!=(const initial_proof_type &rhs) const {
Expand All @@ -509,6 +535,24 @@ namespace nil {
typename basic_fri::initial_proofs_batch_type initial_fri_proof;
};

// Represents a round proof, which must be created just once on the main prover.
struct round_proof_type {
bool operator==(const round_proof_type &rhs) const {
return fri_round_proof == rhs.fri_round_proof &&
fri_commitments_proof_part == rhs.fri_commitments_proof_part;
}

bool operator!=(const round_proof_type &rhs) const {
return !(rhs == *this);
}

// We have a single round proof for checking that F(X) is a low degree polynomial.
typename basic_fri::round_proofs_batch_type fri_round_proof;

// Contains fri_roots and final_polynomial that correspond to the polynomial F(x).
typename basic_fri::commitments_part_of_proof fri_commitments_proof_part;
};

// A single instance of this class will store all the LPC proofs for a group of provers
// when aggregated FRI is used.
struct aggregated_proof_type {
Expand All @@ -520,11 +564,16 @@ namespace nil {
return !(rhs == *this);
}

// Each prover will have its own evaluation storage.
std::vector<eval_storage_type> z;
typename basic_fri::aggregated_proof_type aggregated_fri_proof;
};
// We have a single round proof for checking that F(X) is a low degree polynomial.
round_proof_type round_proofs;

// For each prover we have an initial proof.
std::vector<initial_proof_type> intial_proofs_per_prover;

// TODO: add here some proof for consistency of F(x).

typename GrindingType::output_type proof_of_work;
};
};

template<typename FieldType, typename LPCParams>
Expand Down

0 comments on commit 1de666d

Please sign in to comment.