From 16b612d2c975b8b03c9d286f270f5a7a9c5a766f Mon Sep 17 00:00:00 2001 From: Vasiliy Olekhov <145333445+vo-nil@users.noreply.github.com> Date: Thu, 7 Dec 2023 08:52:16 +0200 Subject: [PATCH] 46 check values in etha point cherry pick for 39 (#57) * remove utils.sol if no helper functions generated #45 NilFoundation/evm-placeholder-verification#81 * Added check values for eta points #46 * Correct keccak computation #46 * Code cleanup #46 * Removed recursive tests * Tests are now working #46 --- .../blueprint/transpiler/evm_verifier_gen.hpp | 56 +++++++++++++------ test/detail/circuits.hpp | 18 +++--- test/transpiler.cpp | 35 ++++++++---- 3 files changed, 72 insertions(+), 37 deletions(-) diff --git a/include/nil/blueprint/transpiler/evm_verifier_gen.hpp b/include/nil/blueprint/transpiler/evm_verifier_gen.hpp index a7a3996..5b77db5 100644 --- a/include/nil/blueprint/transpiler/evm_verifier_gen.hpp +++ b/include/nil/blueprint/transpiler/evm_verifier_gen.hpp @@ -567,11 +567,9 @@ namespace nil { i = 0; for (const auto& gate: _constraint_system.gates()) { - std::cout << "Gate " << i << std::endl; variable_type sel_var(gate.selector_index, 0, true, variable_type::column_type::selector); std::size_t j = 0; for (const auto& constraint: gate.constraints) { - std::cout << "Constraint " << j << std::endl; std::string code = constraint_computation_code_optimized(_var_indices, constraint); std::size_t cost = estimate_constraint_cost(code); std::size_t selector_index = _var_indices.at(sel_var)*0x20; @@ -784,63 +782,87 @@ namespace nil { } std::string eta_point_verification_code() { - std::cout << "Generating eta point verification code" << std::endl; std::stringstream result; auto fixed_poly_values = _common_data.commitment_scheme_data; - + std::size_t poly_points = 2; - + if (fixed_poly_values.size() == 0) return ""; + + result << "\t\t{" << std::endl; + result << "\t\t\tuint256 poly_at_eta;" << std::endl; + + result << "\t\t\t/* 1 - 2*permutation_size */" << std::endl; + std::vector eta_buf; - result << "\t\t/*{ " << std::endl; - result << "\t\t\tbool b = true;" << std::endl; + std::size_t poly_points = 2*_permutation_size; + /* special_selectors */ + poly_points += 2; + poly_points += PlaceholderParams::arithmetization_params::constant_columns; + poly_points += PlaceholderParams::arithmetization_params::selector_columns; + eta_buf.resize( 32*poly_points ); + + std::array empty; + auto writer = eta_buf.begin(); + + result << "\t\t/* eta points check */" << std::endl; + result << "\t\t{" << std::endl; + result << "\t\t\tuint256[" << poly_points << "] memory points;" << std::endl; - result << "\t\t\t// 1 - 2*permutation_size " << std::endl; std::size_t i = 0, j = 0; std::size_t point_offset = 8; while (j < 2*_permutation_size) { - result << "\t\t\tb = b && (basic_marshalling.get_uint256_be(blob, " << point_offset+(poly_points-1)*32 << ") != " << std::showbase<< std::hex << fixed_poly_values[0][i] << ");" << std::endl; + result << "\t\t\tpoly_at_eta = basic_marshalling.get_uint256_be(blob, " << point_offset+(poly_points-1)*32 << ");" << "// " << i << std::endl; + result << "\t\t\tif(poly_at_eta != " << std::showbase<< std::hex << fixed_poly_values[0][i] << ") return false;" << std::endl; point_offset += 32*poly_points; ++i; ++j; } - result << "\t\t\t// 2 - special selectors " << std::endl; + result << "\t\t\t/* 2 - special selectors */" << std::endl; poly_points = 3; j = 0; while (j < 2) { - result << "\t\t\tb = b && (basic_marshalling.get_uint256_be(blob, " << point_offset+(poly_points-1)*32 << ") != " << std::showbase<< std::hex << fixed_poly_values[0][i] << ");" << std::endl; + result << "\t\t\tpoly_at_eta = basic_marshalling.get_uint256_be(blob, " << point_offset+(poly_points-1)*32 << ");" << "// " << i << std::endl; + result << "\t\t\tif(poly_at_eta != " << std::showbase<< std::hex << fixed_poly_values[0][i] << ") return false;" << std::endl; point_offset += 32*poly_points; ++i; ++j; } std::size_t column_rotation_offset = PlaceholderParams::witness_columns + PlaceholderParams::public_input_columns; - result << "\t\t\t// - constant columns " << std::endl; + result << "\t\t\t/* 3 - constant columns */" << std::endl; j = 0; while (j < PlaceholderParams::arithmetization_params::constant_columns) { poly_points = _common_data.columns_rotations[column_rotation_offset + j].size()+1; - result << "\t\t\tb= b & (basic_marshalling.get_uint256_be(blob, " << point_offset+(poly_points-1)*32 << ") != " << std::showbase<< std::hex << fixed_poly_values[0][i] << ");" << std::endl; + result << "\t\t\tpoly_at_eta = basic_marshalling.get_uint256_be(blob, " << point_offset+(poly_points-1)*32 << ");" << "// " << i << std::endl; + result << "\t\t\tif(poly_at_eta != " << std::showbase<< std::hex << fixed_poly_values[0][i] << ") return false;" << std::endl; point_offset += 32*poly_points; ++i; ++j; } - result << "\t\t\t// 4 - selector columns" << std::endl; + result << "\t\t\t/* 4 - selector columns */" << std::endl; column_rotation_offset = PlaceholderParams::witness_columns + PlaceholderParams::public_input_columns + PlaceholderParams::constant_columns; j = 0; while (j < PlaceholderParams::arithmetization_params::selector_columns) { poly_points = _common_data.columns_rotations[column_rotation_offset + j].size()+1; - result << "\t\t\tb = b & (basic_marshalling.get_uint256_be(blob, " << point_offset+(poly_points-1)*32 << ") != " << std::showbase<< std::hex << fixed_poly_values[0][i] << ");" << std::endl; + result << "\t\t\tpoly_at_eta = basic_marshalling.get_uint256_be(blob, " << point_offset+(poly_points-1)*32 << ");" << "// " << i << std::endl; + result << "\t\t\tif(poly_at_eta != " << std::showbase<< std::hex << fixed_poly_values[0][i] << ") return false;" << std::endl; point_offset += 32*(poly_points); ++i; ++j; } - result << "\t\t\tif(!b) return false;" << std::endl; - result << "\t\t} */" << std::endl; + eta_hash::digest_type hash_result = crypto3::hash(eta_buf); + result << "\t\t\t/* Check keccak(points) */" << std::endl; + result << "\t\t\tif ( bytes32(0x" << std::to_string(hash_result).data() << ") != keccak256(abi.encode(points))) {" << std::endl; + result << "\t\t\t\treturn false;" << std::endl; + result << "\t\t\t}" << std::endl; + result << "\t\t}" << std::endl; + return result.str(); } diff --git a/test/detail/circuits.hpp b/test/detail/circuits.hpp index 670856b..9d09ac7 100644 --- a/test/detail/circuits.hpp +++ b/test/detail/circuits.hpp @@ -240,9 +240,9 @@ namespace nil { template circuit_description, 5, 4> circuit_test_t( - typename FieldType::value_type pi0 = 0, - typename nil::crypto3::random::algebraic_engine alg_rnd = nil::crypto3::random::algebraic_engine(), - boost::random::mt11213b rnd = boost::random::mt11213b() + typename FieldType::value_type pi0,// = 0, + typename nil::crypto3::random::algebraic_engine alg_rnd, //= nil::crypto3::random::algebraic_engine(), + boost::random::mt11213b rnd// = boost::random::mt11213b() ) { using assignment_type = typename FieldType::value_type; @@ -268,16 +268,16 @@ namespace nil { // init values typename FieldType::value_type one = FieldType::value_type::one(); - table[0][0] = algebra::random_element(); - table[1][0] = algebra::random_element(); - table[2][0] = algebra::random_element(); + table[0][0] = alg_rnd(); + table[1][0] = alg_rnd(); + table[2][0] = alg_rnd(); table[3][0] = pi0; q_add[0] = FieldType::value_type::zero(); q_mul[0] = FieldType::value_type::zero(); // fill rows with ADD gate for (std::size_t i = 1; i < 3; i++) { - table[0][i] = algebra::random_element(); + table[0][i] = alg_rnd(); table[1][i] = table[2][i - 1]; table[2][i] = table[0][i] + table[1][i]; table[3][i] = FieldType::value_type::zero(); @@ -293,7 +293,7 @@ namespace nil { // fill rows with MUL gate for (std::size_t i = 3; i < 5; i++) { - table[0][i] = algebra::random_element(); + table[0][i] = alg_rnd(); table[1][i] = table[3][0]; table[2][i] = table[0][i] * table[1][i] + table[0][i - 1]; table[3][i] = FieldType::value_type::zero(); @@ -357,7 +357,7 @@ namespace nil { std::vector> mul_gate_costraints {mul_constraint}; plonk_gate> mul_gate(1, mul_gate_costraints); - //test_circuit.gates.push_back(mul_gate); + test_circuit.gates.push_back(mul_gate); return test_circuit; } diff --git a/test/transpiler.cpp b/test/transpiler.cpp index 4eedf8b..5d7d177 100644 --- a/test/transpiler.cpp +++ b/test/transpiler.cpp @@ -71,7 +71,7 @@ #include #include -#include +// #include #include "./detail/circuits.hpp" @@ -120,6 +120,7 @@ typename fri_type::params_type create_fri_params(std::size_t degree_log, const i return params; } + // ******************************************************************************* // * Randomness setup // *******************************************************************************/ @@ -132,7 +133,7 @@ nil::crypto3::random::algebraic_engine test_global_alg_rnd_engine; struct test_initializer { // Enumerate all fields used in tests; using field1_type = algebra::curves::pallas::base_field_type; - + using field2_type = algebra::curves::bls12<381>::scalar_field_type; test_initializer() { test_global_seed = 0; @@ -155,6 +156,7 @@ struct test_initializer { BOOST_TEST_MESSAGE("test_global_seed = " << test_global_seed); test_global_rnd_engine = boost::random::mt11213b(test_global_seed); test_global_alg_rnd_engine = nil::crypto3::random::algebraic_engine(test_global_seed); + test_global_alg_rnd_engine = nil::crypto3::random::algebraic_engine(test_global_seed); } void setup() { @@ -176,7 +178,6 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit1) using merkle_hash_type = hashes::keccak_1600<256>; using transcript_hash_type = hashes::keccak_1600<256>; constexpr static const std::size_t table_rows_log = 4; - constexpr static const std::size_t table_rows = 1 << table_rows_log; struct placeholder_test_params { constexpr static const std::size_t table_rows = 1 << table_rows_log; @@ -192,7 +193,7 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit1) using arithmetization_params = plonk_arithmetization_params; - constexpr static const std::size_t lambda = 1; + constexpr static const std::size_t lambda = 40; constexpr static const std::size_t m = 2; }; typedef placeholder_circuit_params circuit_params; @@ -207,16 +208,17 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit1) crypto3::zk::commitments::proof_of_work >; - using lpc_type = commitments::list_polynomial_commitment; using lpc_scheme_type = typename commitments::lpc_commitment_scheme; using lpc_placeholder_params_type = nil::crypto3::zk::snark::placeholder_params; using policy_type = zk::snark::detail::placeholder_policy; + BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { auto circuit = circuit_test_1(test_global_alg_rnd_engine); + plonk_table_description desc; - desc.rows_amount = table_rows; + desc.rows_amount = placeholder_test_params::table_rows; desc.usable_rows_amount = placeholder_test_params::usable_rows; typename policy_type::constraint_system_type constraint_system( @@ -227,7 +229,6 @@ BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { ); typename policy_type::variable_assignment_type assignments = circuit.table; - std::vector columns_with_copy_constraints = {0, 1, 2, 3}; @@ -261,7 +262,7 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit2) using curve_type = algebra::curves::bls12<381>; using field_type = typename curve_type::scalar_field_type; - constexpr static const std::size_t table_rows_log = 4; + constexpr static const std::size_t table_rows_log = 3; constexpr static const std::size_t table_rows = 1 << table_rows_log; constexpr static const std::size_t permutation_size = 4; constexpr static const std::size_t usable_rows = (1 << table_rows_log) - 3; @@ -300,6 +301,7 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit2) using lpc_placeholder_params_type = nil::crypto3::zk::snark::placeholder_params; using policy_type = zk::snark::detail::placeholder_policy; + BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { auto pi0 = test_global_alg_rnd_engine(); auto circuit = circuit_test_t(pi0, test_global_alg_rnd_engine, test_global_rnd_engine); @@ -316,7 +318,7 @@ BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { ); typename policy_type::variable_assignment_type assignments = circuit.table; - std::vector columns_with_copy_constraints = {0, 1, 2, 3}; + std::vector columns_with_copy_constraints = {0, 1, 2, 3}; bool verifier_res; @@ -384,8 +386,10 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit3) using lpc_scheme_type = typename commitments::lpc_commitment_scheme; using lpc_placeholder_params_type = nil::crypto3::zk::snark::placeholder_params; using policy_type = zk::snark::detail::placeholder_policy; + BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { - auto circuit = circuit_test_3(); + auto circuit = circuit_test_3(test_global_alg_rnd_engine, test_global_rnd_engine); + plonk_table_description desc; desc.rows_amount = table_rows; @@ -461,10 +465,12 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit4) using lpc_scheme_type = typename commitments::lpc_commitment_scheme; using lpc_placeholder_params_type = nil::crypto3::zk::snark::placeholder_params; using policy_type = zk::snark::detail::placeholder_policy; + BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { - auto circuit = circuit_test_4(test_global_alg_rnd_engine, test_global_rnd_engine); + auto circuit = circuit_test_4(test_global_alg_rnd_engine); plonk_table_description desc; + desc.rows_amount = table_rows; desc.usable_rows_amount = usable_rows; @@ -540,10 +546,12 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit6) using lpc_scheme_type = typename commitments::lpc_commitment_scheme; using lpc_placeholder_params_type = nil::crypto3::zk::snark::placeholder_params; using policy_type = zk::snark::detail::placeholder_policy; + BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { auto circuit = circuit_test_6(test_global_alg_rnd_engine, test_global_rnd_engine); plonk_table_description desc; + desc.rows_amount = table_rows; desc.usable_rows_amount = usable_rows; @@ -563,6 +571,7 @@ BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { typename placeholder_public_preprocessor::preprocessed_data_type preprocessed_public_data = placeholder_public_preprocessor::process( constraint_system, assignments.public_table(), desc, lpc_scheme, columns_with_copy_constraints.size()); + auto printer = nil::blueprint::evm_verifier_printer( constraint_system, preprocessed_public_data.common_data, @@ -619,6 +628,7 @@ BOOST_AUTO_TEST_SUITE(placeholder_circuit7) using lpc_scheme_type = typename commitments::lpc_commitment_scheme; using lpc_placeholder_params_type = nil::crypto3::zk::snark::placeholder_params; using policy_type = zk::snark::detail::placeholder_policy; + BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { auto circuit = circuit_test_7(test_global_alg_rnd_engine, test_global_rnd_engine); plonk_table_description desc; @@ -639,6 +649,7 @@ BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { lpc_scheme_type lpc_scheme(fri_params); std::vector columns_with_copy_constraints = {0, 1, 2, 3}; + transcript_type transcript; typename placeholder_public_preprocessor::preprocessed_data_type @@ -661,6 +672,7 @@ BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { } BOOST_AUTO_TEST_SUITE_END() +#if 0 BOOST_AUTO_TEST_SUITE(recursive_circuit1) using Endianness = nil::marshalling::option::big_endian; using TTypeBase = nil::marshalling::field_type; @@ -1278,3 +1290,4 @@ BOOST_FIXTURE_TEST_CASE(transpiler_test, test_initializer) { } } BOOST_AUTO_TEST_SUITE_END() +#endif