Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PR #330 - enable test verkle ipa #389

Merged
merged 6 commits into from
Jun 7, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions constantine.nimble
Original file line number Diff line number Diff line change
@@ -550,6 +550,7 @@ const testDesc: seq[tuple[path: string, useGMP: bool]] = @[
("tests/t_ethereum_eip4844_deneb_kzg.nim", false),
("tests/t_ethereum_eip4844_deneb_kzg_parallel.nim", false),
("tests/t_ethereum_verkle_primitives.nim", false),
("tests/t_ethereum_verkle_ipa_primitives.nim", false),
]

const testDescNvidia: seq[string] = @[
4 changes: 4 additions & 0 deletions constantine/eth_verkle_ipa/ipa_prover.nim
Original file line number Diff line number Diff line change
@@ -151,6 +151,10 @@ func coverIPARounds*(res: var IPAProof, transcript: var CryptoHash, ic: IPASetti
func createIPAProof*[IPAProof] (res: var IPAProof, transcript: var CryptoHash, ic: IPASettings, commitment: EC_P, a: var openArray[Fr[Banderwagon]], evalPoint: Fr[Banderwagon]) : bool =
## createIPAProof creates an IPA proof for a committed polynomial in evaluation form.
## `a` vectors are the evaluation points in the domain, and `evalPoint` represents the evaluation point.

# TODO: for some result IPAProof must be zero-init beforehand
# hence we need to investigate why initialization may be incomplete.

transcript.domain_separator(asBytes"ipa")
var b: array[VerkleDomain, Fr[Banderwagon]]
b.populateCoefficientVector(ic, evalPoint)
3 changes: 2 additions & 1 deletion constantine/eth_verkle_ipa/ipa_verifier.nim
Original file line number Diff line number Diff line change
@@ -121,7 +121,8 @@ func checkIPAProof* (ic: IPASettings, transcript: var CryptoHash, got: var EC_P,
for i in 0 ..< VerkleDomain:
g_aff[i].affine(g[i])

g0.multiScalarMul_vartime(foldingScalars_big, g_aff)
# TODO, use optimized MSM - pending fix for https://github.com/mratsim/constantine/issues/390
g0.multiScalarMul_reference_vartime(foldingScalars_big, g_aff)

var b0 {.noInit.} : Fr[Banderwagon]
b0.computeInnerProducts(b, foldingScalars)
15 changes: 7 additions & 8 deletions constantine/eth_verkle_ipa/multiproof.nim
Original file line number Diff line number Diff line change
@@ -8,7 +8,6 @@

import
tables,
sequtils,
./[transcript_gen, common_utils, ipa_prover, barycentric_form, eth_verkle_constants, ipa_verifier],
../platforms/primitives,
../hashes,
@@ -75,10 +74,7 @@ func createMultiProof* [MultiProof] (res: var MultiProof, transcript: var Crypto
transcript.scalarAppend(asBytes"z",z.toBig())

# deducing the `y` value

var f = Fs[i]
var y = f[Zs[i]]
transcript.scalarAppend(asBytes"y", y.toBig())
transcript.scalarAppend(asBytes"y", Fs[i][Zs[i]].toBig())

var r {.noInit.} : matchingOrderBigInt(Banderwagon)
r.generateChallengeScalar(transcript,asBytes"r")
@@ -92,7 +88,8 @@ func createMultiProof* [MultiProof] (res: var MultiProof, transcript: var Crypto
# In order to compute g(x), we first compute the polynomials in lagrange form grouped by evaluation points
# then we compute g(x), this is eventually limit the numbers of divisionOnDomain calls up to the domain size

var groupedFs: array[VerkleDomain, array[VerkleDomain, Fr[Banderwagon]]]
# Large array, need heap allocation. TODO: don't use Nim allocs.
var groupedFs = new array[VerkleDomain, array[VerkleDomain, Fr[Banderwagon]]]
for i in 0 ..< VerkleDomain:
for j in 0 ..< VerkleDomain:
groupedFs[i][j].setZero()
@@ -184,7 +181,9 @@ func createMultiProof* [MultiProof] (res: var MultiProof, transcript: var Crypto
var EMinusD {.noInit.}: EC_P
EMinusD.diff(E,D)

var ipaProof {.noInit.}: IPAProof
# TODO: for some result IPAProof must be zero-init beforehand
# hence we need to investigate why initialization may be incomplete.
var ipaProof: IPAProof

var checks: bool
checks = ipaProof.createIPAProof(transcript, ipaSetting, EMinusD, hMinusg, t_fr)
@@ -204,7 +203,7 @@ func createMultiProof* [MultiProof] (res: var MultiProof, transcript: var Crypto
# ############################################################


func verifyMultiproof*(multiProof: var MultiProof, transcript : var CryptoHash, ipaSettings: IPASettings, Cs: openArray[EC_P], Ys: openArray[Fr[Banderwagon]], Zs: openArray[int]) : bool =
func verifyMultiproof*[MultiProof](multiProof: var MultiProof, transcript : var CryptoHash, ipaSettings: IPASettings, Cs: openArray[EC_P], Ys: openArray[Fr[Banderwagon]], Zs: openArray[int]) : bool =
# Multiproof verifier verifies the multiproof for several polynomials in the evaluation form
# The list of triplets (C,Y,Z) represents each polynomial commitment, evaluation
# result, and evaluation point in the domain
20 changes: 11 additions & 9 deletions tests/t_ethereum_verkle_ipa_primitives.nim
Original file line number Diff line number Diff line change
@@ -442,7 +442,7 @@ suite "IPA proof tests":
doAssert stat1 == true, "Could not generate new IPA Config properly!"
testMain()

test "Verfify IPA Proof inside the domain by @Ignacio":
test "Verify IPA Proof inside the domain by @Ignacio":
proc testIPAProofInDomain()=

var commitmentBytes {.noInit.} : array[32, byte]
@@ -531,11 +531,11 @@ suite "IPA proof tests":
var prover_transcript {.noInit.}: sha256
prover_transcript.newTranscriptGen(asBytes"ipa")

#from a shared view
# from a shared view
var point: Fr[Banderwagon]
point.fromInt(123456789)

#from the prover's side
# from the prover's side
var testVals: array[14, int] = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14]
var poly: array[256, Fr[Banderwagon]]
poly.testPoly256(testVals)
@@ -646,6 +646,8 @@ suite "IPA proof tests":
#
# ############################################################

# Note: large arrays should be heap allocated with new/ref
# to not incur stack overflow on Windows as its stack size is 1MB per default compared to UNIXes 8MB.

suite "Multiproof Tests":
test "IPA Config test for Multiproofs":
@@ -669,15 +671,16 @@ suite "Multiproof Tests":
var prover_comm: EC_P
prover_comm.pedersen_commit_varbasis(ipaConfig.SRS, ipaConfig.SRS.len, poly, poly.len)

#Prover's view
# Prover's view
var prover_transcript {.noInit.}: sha256
prover_transcript.newTranscriptGen(asBytes"multiproof")

var one: Fr[Banderwagon]
one.setOne()

var Cs: seq[EC_P]
var Fs: array[VerkleDomain, array[VerkleDomain, Fr[Banderwagon]]]
# Large array, need heap allocation.
var Fs = new array[VerkleDomain, array[VerkleDomain, Fr[Banderwagon]]]

for i in 0 ..< VerkleDomain:
for j in 0 ..< VerkleDomain:
@@ -695,17 +698,16 @@ suite "Multiproof Tests":

var multiproof {.noInit.}: MultiProof
var stat_create_mult: bool
stat_create_mult = multiproof.createMultiProof(prover_transcript, ipaConfig, Cs, Fs, Zs)
stat_create_mult = multiproof.createMultiProof(prover_transcript, ipaConfig, Cs, Fs[], Zs)

doAssert stat_create_mult.bool() == true, "Multiproof creation error!"


#Verifier's view
# Verifier's view
var verifier_transcript: sha256
verifier_transcript.newTranscriptGen(asBytes"multiproof")

var stat_verify_mult: bool
stat_verify_mult = multiproof.verifyMultiproof(verifier_transcript,ipaConfig,Cs,Ys,Zs)
stat_verify_mult = multiproof.verifyMultiproof(verifier_transcript, ipaConfig, Cs, Ys,Zs)

doAssert stat_verify_mult.bool() == true, "Multiproof verification error!"