Merge pull request #1851 from o1-labs/dw/rng-outside-of-prove-function

Pass a rng instance in prover
o1-labs · Feb 27, 2024 · 315a692 · 315a692
2 parents c6b7a4f + 63b4501
commit 315a692
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 12 deletions.
diff --git a/msm/src/lib.rs b/msm/src/lib.rs
@@ -45,7 +45,6 @@ mod tests {
     use ark_ff::UniformRand;
     use kimchi::circuits::domains::EvaluationDomains;
     use poly_commitment::pairing_proof::PairingSRS;
-    use rand::{rngs::StdRng, thread_rng, Rng, SeedableRng};
 
     use crate::{
         columns::Column, mvlookup::Lookup, proof::Witness, prover::prove, verifier::verify,
@@ -54,13 +53,15 @@ mod tests {
 
     #[test]
     fn test_completeness() {
+        let mut rng = o1_utils::tests::make_test_rng();
+
         // Include tests for completeness for MVLookup as the random witness
         // includes all arguments
         let domain_size = 1 << 8;
         let domain = EvaluationDomains::<Fp>::create(domain_size).unwrap();
 
         // Trusted setup toxic waste
-        let x = Fp::rand(&mut rand::rngs::OsRng);
+        let x = Fp::rand(&mut rng);
 
         let mut srs: PairingSRS<BN254> = PairingSRS::create(x, domain.d1.size as usize);
         srs.full_srs.add_lagrange_basis(domain.d1);
@@ -69,11 +70,12 @@ mod tests {
         let constraints: Vec<_> = vec![];
 
         // generate the proof
-        let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column>(
+        let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _>(
             domain,
             &srs,
             witness,
             constraints,
+            &mut rng,
         );
 
         // verify the proof
@@ -83,32 +85,36 @@ mod tests {
 
     #[test]
     fn test_soundness() {
+        let mut rng = o1_utils::tests::make_test_rng();
+
         // We generate two different witness and two different proofs.
         let domain_size = 1 << 8;
         let domain = EvaluationDomains::<Fp>::create(domain_size).unwrap();
 
         // Trusted setup toxic waste
-        let x = Fp::rand(&mut rand::rngs::OsRng);
+        let x = Fp::rand(&mut rng);
 
         let mut srs: PairingSRS<BN254> = PairingSRS::create(x, domain.d1.size as usize);
         srs.full_srs.add_lagrange_basis(domain.d1);
 
         let witness = Witness::random(domain);
         let constraints = vec![];
         // generate the proof
-        let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column>(
+        let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _>(
             domain,
             &srs,
             witness,
             constraints.clone(),
+            &mut rng,
         );
 
         let witness_prime = Witness::random(domain);
-        let proof_prime = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column>(
+        let proof_prime = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _>(
             domain,
             &srs,
             witness_prime,
             constraints,
+            &mut rng,
         );
 
         // Swap the opening proof. The verification should fail.
@@ -147,9 +153,7 @@ mod tests {
     #[test]
     #[ignore]
     fn test_soundness_mvlookup() {
-        let seed: [u8; 32] = thread_rng().gen();
-        eprintln!("Seed: {:?}", seed);
-        let mut rng = StdRng::from_seed(seed);
+        let mut rng = o1_utils::tests::make_test_rng();
 
         // We generate two different witness and two different proofs.
         let domain_size = 1 << 8;
@@ -174,11 +178,12 @@ mod tests {
         // Overwriting the first looked up value
         witness.mvlookups[0].f[0][0] = wrong_looked_up_value;
         // generate the proof
-        let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column>(
+        let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _>(
             domain,
             &srs,
             witness,
             constraints,
+            &mut rng,
         );
         let verifies = verify::<_, OpeningProof, BaseSponge, ScalarSponge>(domain, &srs, &proof);
         // FIXME: At the moment, it does verify. It should not. We are missing constraints.

diff --git a/msm/src/main.rs b/msm/src/main.rs
@@ -30,6 +30,9 @@ pub fn generate_random_msm_witness() -> BuilderEnv<BN254G1Affine> {
 }
 
 pub fn main() {
+    // FIXME: use a proper RNG
+    let mut rng = o1_utils::tests::make_test_rng();
+
     println!("Creating the domain and SRS");
     let domain = EvaluationDomains::<Fp>::create(DOMAIN_SIZE).unwrap();
 
@@ -40,11 +43,12 @@ pub fn main() {
 
     println!("Generating the proof");
     let constraints = vec![];
-    let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column>(
+    let proof = prove::<_, OpeningProof, BaseSponge, ScalarSponge, Column, _>(
         domain,
         &srs,
         witness,
         constraints,
+        &mut rng,
     );
 
     println!("Verifying the proof");

diff --git a/msm/src/prover.rs b/msm/src/prover.rs
@@ -12,6 +12,7 @@ use poly_commitment::{
     evaluation_proof::DensePolynomialOrEvaluations,
     OpenProof, SRS,
 };
+use rand::{CryptoRng, RngCore};
 use rayon::iter::IntoParallelIterator;
 use rayon::iter::ParallelIterator;
 
@@ -24,14 +25,17 @@ pub fn prove<
     EFqSponge: Clone + FqSponge<G::BaseField, G, G::ScalarField>,
     EFrSponge: FrSponge<G::ScalarField>,
     Column,
+    RNG,
 >(
     domain: EvaluationDomains<G::ScalarField>,
     srs: &OpeningProof::SRS,
     inputs: Witness<G>,
     _constraints: Vec<Expr<ConstantExpr<G::ScalarField>, Column>>,
+    rng: &mut RNG,
 ) -> Proof<G, OpeningProof>
 where
     OpeningProof::SRS: Sync,
+    RNG: RngCore + CryptoRng,
 {
     // Interpolate all columns on d1, using trait Into.
     let evaluations: WitnessColumns<Evaluations<G::ScalarField, D<G::ScalarField>>> = inputs
@@ -216,7 +220,7 @@ where
         v,
         u,
         fq_sponge_before_evaluations,
-        &mut rand::rngs::OsRng,
+        rng,
     );
     // -- End opening proof - Preparing the structures