From 9c952675fb5a90e98d1ba2713346e9d73e215de3 Mon Sep 17 00:00:00 2001 From: rasmus-kirk Date: Mon, 30 Dec 2024 14:30:02 +0100 Subject: [PATCH] Fixed d nonsense --- code/benches/acc.rs | 138 +++++++++++++++++++++++++++++++----------- code/benches/bench.rs | 12 +++- code/src/acc.rs | 14 +++-- code/src/pcdl.rs | 51 +++++++++------- 4 files changed, 149 insertions(+), 66 deletions(-) diff --git a/code/benches/acc.rs b/code/benches/acc.rs index 7113b08..2fcf2a6 100644 --- a/code/benches/acc.rs +++ b/code/benches/acc.rs @@ -8,22 +8,24 @@ use halo_accumulation::{ group::{PallasPoly, PallasScalar}, pcdl::{self}, }; -use rand::Rng; +use rand::{distributions::Uniform, Rng}; //const N: usize = 8192; const N: usize = 512; -const K: usize = 1; +const K: usize = 10; fn random_instance(rng: &mut R, d: usize) -> acc::Instance { + let d_prime = rng.sample(&Uniform::new(1, d)); + // Commit to a random polynomial let w = PallasScalar::rand(rng); - let p = PallasPoly::rand(d, rng); - let c = pcdl::commit(&p, Some(&w)); + let p = PallasPoly::rand(d_prime, rng); + let c = pcdl::commit(&p, d, Some(&w)); // Generate an evaluation proof let z = PallasScalar::rand(rng); let v = p.evaluate(&z); - let pi = pcdl::open(rng, p, c, &z, Some(&w)); + let pi = pcdl::open(rng, p, c, d, &z, Some(&w)); acc::Instance::new(c, d, z, v, pi) } @@ -59,15 +61,29 @@ pub fn acc_decider(c: &mut Criterion) { c.bench_function("acc_decider", |b| b.iter(|| acc::decider(acc.clone()))); } -pub fn acc_hamid_fast(c: &mut Criterion) { +// ----- Comparison Benchmarks ----- // + +fn acc_compare_fast_helper(d: usize, qss: &[Vec], accs: Vec) -> Result<()> { + let last_acc = accs.last().unwrap().clone(); + + for (acc, qs) in accs.into_iter().zip(qss) { + acc::verifier(d, qs, acc)?; + } + + acc::decider(last_acc)?; + + Ok(()) +} + +fn acc_compare_fast(n: usize, k: usize) -> (usize, Vec>, Vec) { let mut rng = test_rng(); - let d = N - 1; - let mut accs = Vec::with_capacity(K); - let mut qss = Vec::with_capacity(K); + let d = n - 1; + let mut accs = Vec::with_capacity(k); + let mut qss = Vec::with_capacity(k); let mut acc: Option = None; - for _ in 0..K { + for _ in 0..k { let q = random_instance(&mut rng, d); let qs = if let Some(acc) = acc { vec![acc.into(), q] @@ -80,32 +96,25 @@ pub fn acc_hamid_fast(c: &mut Criterion) { accs.push(acc.as_ref().unwrap().clone()); qss.push(qs); } + (d, qss, accs) +} - fn helper(d: usize, qss: &[Vec], accs: Vec) -> Result<()> { - let last_acc = accs.last().unwrap().clone(); - - for (acc, qs) in accs.into_iter().zip(qss) { - acc::verifier(d, qs, acc)?; - } - - acc::decider(last_acc)?; - - Ok(()) +fn acc_compare_slow_helper(accs: Vec) -> Result<()> { + for acc in accs.into_iter() { + acc::decider(acc)?; } - c.bench_function("acc_hamid_fast", |b| { - b.iter(|| helper(d, &qss, accs.clone()).unwrap()) - }); + Ok(()) } -pub fn acc_hamid_slow(c: &mut Criterion) { +fn acc_compare_slow(n: usize, k: usize) -> Vec { let mut rng = test_rng(); - let d = N - 1; - let mut accs = Vec::with_capacity(K); + let d = n - 1; + let mut accs = Vec::with_capacity(k); let mut acc: Option = None; - for _ in 0..K { + for _ in 0..k { let q = random_instance(&mut rng, d); let qs = if let Some(acc) = acc { vec![acc.into(), q] @@ -117,16 +126,75 @@ pub fn acc_hamid_slow(c: &mut Criterion) { accs.push(acc.as_ref().unwrap().clone()); } + accs +} - fn helper(accs: Vec) -> Result<()> { - for acc in accs.into_iter() { - acc::decider(acc)?; - } +pub fn acc_cmp_s_512(c: &mut Criterion) { + let accs = acc_compare_slow(512, K); + c.bench_function("acc_cmp_s_512", |b| { + b.iter(|| acc_compare_slow_helper(accs.clone()).unwrap()) + }); +} - Ok(()) - } +pub fn acc_cmp_f_512(c: &mut Criterion) { + let (d, qss, accs) = acc_compare_fast(512, K); + c.bench_function("acc_cmp_f_512", |b| { + b.iter(|| acc_compare_fast_helper(d, &qss, accs.clone()).unwrap()) + }); +} + +pub fn acc_cmp_s_1024(c: &mut Criterion) { + let accs = acc_compare_slow(1024, K); + c.bench_function("acc_cmp_s_1024", |b| { + b.iter(|| acc_compare_slow_helper(accs.clone()).unwrap()) + }); +} + +pub fn acc_cmp_f_1024(c: &mut Criterion) { + let (d, qss, accs) = acc_compare_fast(1024, K); + c.bench_function("acc_cmp_f_1024", |b| { + b.iter(|| acc_compare_fast_helper(d, &qss, accs.clone()).unwrap()) + }); +} + +pub fn acc_cmp_s_2048(c: &mut Criterion) { + let accs = acc_compare_slow(2048, K); + c.bench_function("acc_cmp_s_2048", |b| { + b.iter(|| acc_compare_slow_helper(accs.clone()).unwrap()) + }); +} + +pub fn acc_cmp_f_2048(c: &mut Criterion) { + let (d, qss, accs) = acc_compare_fast(2048, K); + c.bench_function("acc_cmp_f_2048", |b| { + b.iter(|| acc_compare_fast_helper(d, &qss, accs.clone()).unwrap()) + }); +} + +pub fn acc_cmp_s_4096(c: &mut Criterion) { + let accs = acc_compare_slow(4096, K); + c.bench_function("acc_cmp_s_4096", |b| { + b.iter(|| acc_compare_slow_helper(accs.clone()).unwrap()) + }); +} + +pub fn acc_cmp_f_4096(c: &mut Criterion) { + let (d, qss, accs) = acc_compare_fast(4096, K); + c.bench_function("acc_cmp_f_4096", |b| { + b.iter(|| acc_compare_fast_helper(d, &qss, accs.clone()).unwrap()) + }); +} + +pub fn acc_cmp_s_8196(c: &mut Criterion) { + let accs = acc_compare_slow(8196, K); + c.bench_function("acc_cmp_s_8196", |b| { + b.iter(|| acc_compare_slow_helper(accs.clone()).unwrap()) + }); +} - c.bench_function("acc_hamid_slow", |b| { - b.iter(|| helper(accs.clone()).unwrap()) +pub fn acc_cmp_f_8196(c: &mut Criterion) { + let (d, qss, accs) = acc_compare_fast(8196, K); + c.bench_function("acc_cmp_f_8196", |b| { + b.iter(|| acc_compare_fast_helper(d, &qss, accs.clone()).unwrap()) }); } diff --git a/code/benches/bench.rs b/code/benches/bench.rs index 6dbeef4..08f8c5e 100644 --- a/code/benches/bench.rs +++ b/code/benches/bench.rs @@ -27,8 +27,16 @@ criterion_group! { acc_prover, acc_verifier, acc_decider, - acc_hamid_slow, - acc_hamid_fast, + acc_cmp_s_512, + acc_cmp_s_1024, + acc_cmp_s_2048, + acc_cmp_s_4096, + acc_cmp_s_8196, + acc_cmp_f_512, + acc_cmp_f_1024, + acc_cmp_f_2048, + acc_cmp_f_4096, + acc_cmp_f_8196, } criterion_main!(acc, h); diff --git a/code/src/acc.rs b/code/src/acc.rs index b8111bb..4420693 100644 --- a/code/src/acc.rs +++ b/code/src/acc.rs @@ -150,7 +150,7 @@ fn common_subroutine( // (3). Check that U_0 is a deterministic commitment to h_0: U_0 = PCDL.Commit_ρ0(ck^(1)_PC, h; ω = ⊥). ensure!( - *U_0 == pcdl::commit(h_0, None), + *U_0 == pcdl::commit(h_0, d, None), "U_0 ≠ PCDL.Commit_ρ0(ck^(1)_PC, h_0; ω = ⊥)" ); @@ -192,7 +192,7 @@ pub fn prover(rng: &mut R, d: usize, qs: &[Instance]) -> Result(rng: &mut R, d: usize, qs: &[Instance]) -> Result(rng: &mut R, d: usize) -> Instance { + let d_prime = rng.sample(&Uniform::new(1, d)); + // Commit to a random polynomial let w = PallasScalar::rand(rng); - let p = PallasPoly::rand(d, rng); - let C = pcdl::commit(&p, Some(&w)); + let p = PallasPoly::rand(d_prime, rng); + let C = pcdl::commit(&p, d, Some(&w)); // Generate an evaluation proof let z = PallasScalar::rand(rng); let v = p.evaluate(&z); - let pi = pcdl::open(rng, p, C, &z, Some(&w)); + let pi = pcdl::open(rng, p, C, d, &z, Some(&w)); Instance { C, d, z, v, pi } } diff --git a/code/src/pcdl.rs b/code/src/pcdl.rs index 0db2f06..36a28f9 100644 --- a/code/src/pcdl.rs +++ b/code/src/pcdl.rs @@ -41,16 +41,6 @@ impl VecPushOwn for Vec { } } -pub fn commit(p: &PallasPoly, w: Option<&PallasScalar>) -> PallasPoint { - let d = p.degree(); - let n = d + 1; - - assert!(n.is_power_of_two()); - assert!(d <= D); - - pedersen::commit(w, &GS[0..n], &p.coeffs) -} - #[derive(Clone, CanonicalSerialize)] pub struct HPoly { pub(crate) xis: Vec, @@ -101,6 +91,19 @@ impl HPoly { } } +pub fn commit(p: &PallasPoly, d: usize, w: Option<&PallasScalar>) -> PallasPoint { + let n = d + 1; + + assert!(n.is_power_of_two()); + assert!(p.degree() <= d); + assert!(d <= D); + + let mut coeffs = p.coeffs.clone(); + coeffs.resize(n, PallasScalar::ZERO); + + pedersen::commit(w, &GS[0..n], &coeffs) +} + /// rng: Required since the function uses randomness /// p: A univariate polynomial p(X) /// C: A commitment to p, @@ -110,13 +113,14 @@ pub fn open( rng: &mut R, p: PallasPoly, C: PallasPoint, + d: usize, z: &PallasScalar, w: Option<&PallasScalar>, ) -> EvalProof { - let d = p.degree(); let n = d + 1; let lg_n = n.ilog2() as usize; assert!(n.is_power_of_two()); + assert!(p.degree() <= d); assert!(d <= D); // 1. Compute the evaluation v := p(z) ∈ Fq. @@ -126,7 +130,7 @@ pub fn open( // (2). Sample a random polynomial p_bar ∈ F^(≤d)_q[X] such that p_bar(z) = 0. // p_bar(X) = (X - z) * q(X), where q(X) is a uniform random polynomial let z_poly = PallasPoly::from_coefficients_vec(vec![-*z, PallasScalar::ONE]); - let q = PallasPoly::rand(d - 1, rng); + let q = PallasPoly::rand(p.degree() - 1, rng); let p_bar = q * z_poly; assert_eq!(p_bar.evaluate(z), PallasScalar::ZERO); assert_eq!(p_bar.degree(), p.degree()); @@ -135,7 +139,7 @@ pub fn open( let w_bar = PallasScalar::rand(rng); // (4). Compute a hiding commitment to p_bar: C_bar ← CM.Commit^(ρ0)(ck, p_bar; ω_bar) ∈ G. - let C_bar = commit(&p_bar, Some(&w_bar)); + let C_bar = commit(&p_bar, d, Some(&w_bar)); // (5). Compute the challenge α := ρ(C, z, v, C_bar) ∈ F^∗_q. let a = rho_0![C, z, v, C_bar]; @@ -169,6 +173,7 @@ pub fn open( let H_prime = H * xi_i; let mut cs = p_prime.coeffs; + cs.resize(n, PallasScalar::ZERO); let mut gs: Vec = GS[0..n].iter().map(|x| PallasPoint::from(*x)).collect(); let mut zs = construct_powers(z, n); @@ -412,19 +417,19 @@ mod tests { #[test] fn test_check() -> Result<()> { let mut rng = rand::thread_rng(); - let n_range = Uniform::new(2, 10); - let n = (2 as usize).pow(rng.sample(&n_range)); + let n = (2 as usize).pow(rng.sample(&Uniform::new(2, 10))); let d = n - 1; + let d_prime = rng.sample(&Uniform::new(1, d)); // Commit to a random polynomial let w = PallasScalar::rand(&mut rng); - let p = PallasPoly::rand(d, &mut rng); - let C = commit(&p, Some(&w)); + let p = PallasPoly::rand(d_prime, &mut rng); + let C = commit(&p, d, Some(&w)); // Generate an evaluation proof let z = PallasScalar::rand(&mut rng); let v = p.evaluate(&z); - let pi = open(&mut rng, p, C, &z, Some(&w)); + let pi = open(&mut rng, p, C, d, &z, Some(&w)); // Verify that check works check(&C, d, &z, &v, pi)?; @@ -435,18 +440,18 @@ mod tests { #[test] fn test_check_no_hiding() -> Result<()> { let mut rng = rand::thread_rng(); - let n_range = Uniform::new(2, 10); - let n = (2 as usize).pow(rng.sample(&n_range)); + let n = (2 as usize).pow(rng.sample(&Uniform::new(2, 10))); let d = n - 1; + let d_prime = rng.sample(&Uniform::new(1, d)); // Commit to a random polynomial - let p = PallasPoly::rand(d, &mut rng); - let C = commit(&p, None); + let p = PallasPoly::rand(d_prime, &mut rng); + let C = commit(&p, d, None); // Generate an evaluation proof let z = PallasScalar::rand(&mut rng); let v = p.evaluate(&z); - let pi = open(&mut rng, p, C, &z, None); + let pi = open(&mut rng, p, C, d, &z, None); // Verify that check works check(&C, d, &z, &v, pi)?;