LessThan circuits and padding #2
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Remove unnecessary `PhantomData` Co-authored-by: Antonio Mejías Gil <[email protected]> Progress until 08/03 Co-authored-by: Antonio Mejías Gil <[email protected]> constructing range check, wip working on padding println nightmare, issue apparently fixed Remove redundant padding. Fix import. code cleanup further cleanup found better way to fix padding the 'better way' to fix padding actually broke other tests - reverted This reverts commit d4727ba. moved example to examples folder, refactored, tested many cases
…tead of unsigned integers.
Antonio95
force-pushed
the
antonio-cesar/less-than
branch
from
2825ea0 to
eb2843e
Compare
mmagician
reviewed
Mar 18, 2024
RIght now, there are two padding-related modifications:
The verfier doesn't receive the latter vector, and their circuit is padded during |
mmagician
reviewed
Mar 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds two example circuits to verify
a < b, whereais a private witness held by the prover andbis a public constant fixed at set-up. The two circuits rely on a fixed bit length thatais supposed to fit in (when regarded as an unsigned integer, even though in reality it lies in some finite field).LessThanCircuitSafeperforms the aforementioned bit length verification.LessThanCircuitUnsafedoes not. This leads to constraint savings when the circuit is used as a component in a larger circuit which already ensures the bit length meets the required bound.In the course of writing the examples, we encountered the issue that the existing Spartan machinery did not pad the matrices to power-of-two row and column lengths, as necessitated by the proof system. This caused compilation errors in our examples. Since it seemed like a good idea for this need for padding to be abstracted away from the user, we have implemented padding in the Spartan internals - that is the other significant contribution in this PR. Note that a
R1CSShapemethod.pad()already existed here, but after some experimentation we convinced ourselves that it could not be used to pad the circuit in the cases where it was necessary.Other minor changes:
<F>generic on the existingCubicCircuitexample, which in turn allowed us to remove thePhantomDatatherein and didn't require any further code modifications.