Delete IOPTranscript, update with master (#50) (aka Hyrax++)

* Add the trait bounds * Add `CommitmentState` * Update benches for the new type * Fix the name of local variable * Merge `PCCommitmentState` with `PCRandomness` * Update `README.md` * Fix a bug * Change `Randomness` to `CommitmentState` * Maybe `empty` not return `Self` * Make `empty` return `Self` * Rename `rand` to `state` * Partially integrate the new design into Hyrax * Update Hyrax with the shared state * Rename nonnative to emulated, as in `r1cs-std` (arkworks-rs#137) * Rename nonnative to emulated, as in `r1cs-std` * Run `fmt` * Temporarily change `Cargo.toml` * Revert `Cargo.toml` * Refactor `FoldedPolynomialStream` partially * Substitute `ChallengeGenerator` by the generic sponge (arkworks-rs#139) * Rename nonnative to emulated, as in `r1cs-std` * Run `fmt` * Temporarily change `Cargo.toml` * Substitute `ChallengeGenerator` with the generic sponge * Run `fmt` * Remove the extra file * Update modules * Delete the unnecessary loop * Revert `Cargo.toml` * Refactor `FoldedPolynomialStream` partially * Update README * Make the diff more readable * Bring the whitespace back * Make diff more readable, 2 * Fix according to breaking changes in `ark-ec` (arkworks-rs#141) * Fix for KZG10 * Fix the breaking changes in `ark-ec` * Remove the extra loop * Fix the loop range * re-use the preprocessing table * also re-use the preprocessing table for multilinear_pc --------- Co-authored-by: mmagician <marcin.gorny.94@protonmail.com> * Auxiliary opening data (arkworks-rs#134) * Add the trait bounds * Add `CommitmentState` * Update benches for the new type * Fix the name of local variable * Merge `PCCommitmentState` with `PCRandomness` * Update `README.md` * Fix a bug * Put `Randomness` in `CommitmentState` * Add a comment * Remove the extra loop * Update the comment for `CommitmentState` Co-authored-by: Marcin <marcin.gorny.94@protonmail.com> * cargo fmt --------- Co-authored-by: Marcin <marcin.gorny.94@protonmail.com> * `batch_mul_with_preprocessing` no longer takes `self` as argument (arkworks-rs#142) * batch_mul_with_preprocessing no longer takes `self` as argument * Apply suggestions from code review Co-authored-by: Pratyush Mishra <pratyush795@gmail.com> * fix variable name --------- Co-authored-by: Pratyush Mishra <pratyush795@gmail.com> * Remove ChallengeGenerator for Ligero (#56) * Squash and merge `delete-chalgen` onto here * Fix for `ChallengeGenerator` * Delete `IOPTranscript` for Hyrax (#55) * Use the sponge generic and rearrange `use`s * Use sponge instead of `IOPTransript` * Fix benches * Remove the extra loop --------- Co-authored-by: mmagician <marcin.gorny.94@protonmail.com> Co-authored-by: Pratyush Mishra <pratyush795@gmail.com>
NP-Eng · Jan 18, 2024 · 55d7b58 · 55d7b58
1 parent 7c7328d
commit 55d7b58
Show file tree

Hide file tree

Showing 24 changed files with 715 additions and 924 deletions.
diff --git a/README.md b/README.md
@@ -57,7 +57,7 @@ This trait defines the interface for a polynomial commitment scheme. It is recom
 // In this example, we will commit to a single polynomial, open it first at one point, and then batched at two points, and finally verify the proofs.
 // We will use the KZG10 polynomial commitment scheme, following the approach from Marlin.
 
-use ark_poly_commit::{Polynomial, marlin_pc::MarlinKZG10, LabeledPolynomial, PolynomialCommitment, QuerySet, Evaluations, challenge::ChallengeGenerator};
+use ark_poly_commit::{Polynomial, marlin_pc::MarlinKZG10, LabeledPolynomial, PolynomialCommitment, QuerySet, Evaluations};
 use ark_bls12_377::Bls12_377;
 use ark_crypto_primitives::sponge::poseidon::{PoseidonSponge, PoseidonConfig};
 use ark_crypto_primitives::sponge::CryptographicSponge;
@@ -128,17 +128,15 @@ let (ck, vk) = PCS::trim(&pp, degree, 2, Some(&[degree])).unwrap();
 
 // 3. PolynomialCommitment::commit
 // The prover commits to the polynomial using their committer key `ck`.
-let (comms, rands) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap(); 
-
-let challenge_generator: ChallengeGenerator<<Bls12_377 as Pairing>::ScalarField, Sponge_Bls12_377> = ChallengeGenerator::new_univariate(&mut test_sponge);
+let (comms, states) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap(); 
 
 // 4a. PolynomialCommitment::open
 // Opening proof at a single point.
-let proof_single = PCS::open(&ck, [&labeled_poly], &comms, &point_1, &mut (challenge_generator.clone()), &rands, None).unwrap(); 
+let proof_single = PCS::open(&ck, [&labeled_poly], &comms, &point_1, &mut (test_sponge.clone()), &states, None).unwrap(); 
 
 // 5a. PolynomialCommitment::check
 // Verifying the proof at a single point, given the commitment, the point, the claimed evaluation, and the proof.
-assert!(PCS::check(&vk, &comms, &point_1, [secret_poly.evaluate(&point_1)], &proof_single, &mut (challenge_generator.clone()), Some(rng)).unwrap()); 
+assert!(PCS::check(&vk, &comms, &point_1, [secret_poly.evaluate(&point_1)], &proof_single, &mut (test_sponge.clone()), Some(rng)).unwrap()); 
 
 let mut query_set = QuerySet::new();
 let mut values = Evaluations::new();
@@ -155,8 +153,8 @@ let proof_batched = PCS::batch_open(
    [&labeled_poly],
    &comms,
    &query_set,
-   &mut (challenge_generator.clone()),
-   &rands,
+   &mut (test_sponge.clone()),
+   &states,
    Some(rng),
 ).unwrap();
 
@@ -167,7 +165,7 @@ assert!(PCS::batch_check(
    &query_set,
    &values,
    &proof_batched,
-   &mut (challenge_generator.clone()),
+   &mut (test_sponge.clone()),
    rng,
 ).unwrap());
 ```

diff --git a/bench-templates/src/lib.rs b/bench-templates/src/lib.rs
@@ -11,7 +11,7 @@ use rand_chacha::{rand_core::SeedableRng, ChaCha20Rng};
 use core::time::Duration;
 use std::time::Instant;
 
-use ark_poly_commit::{challenge::ChallengeGenerator, LabeledPolynomial, PolynomialCommitment};
+use ark_poly_commit::{LabeledPolynomial, PolynomialCommitment};
 
 pub use criterion::*;
 pub use paste::paste;
@@ -123,7 +123,7 @@ where
     let labeled_poly =
         LabeledPolynomial::new("test".to_string(), rand_poly(num_vars, rng), None, None);
 
-    let (coms, randomness) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
+    let (coms, states) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
     let point = rand_point(num_vars, rng);
 
     let start = Instant::now();
@@ -132,8 +132,8 @@ where
         [&labeled_poly],
         &coms,
         &point,
-        &mut ChallengeGenerator::new_univariate(&mut test_sponge()),
-        &randomness,
+        &mut test_sponge(),
+        &states,
         Some(rng),
     )
     .unwrap();
@@ -157,16 +157,16 @@ where
     let labeled_poly =
         LabeledPolynomial::new("test".to_string(), rand_poly(num_vars, rng), None, None);
 
-    let (coms, randomness) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
+    let (coms, states) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
     let point = P::Point::rand(rng);
 
     let proofs = PCS::open(
         &ck,
         [&labeled_poly],
         &coms,
         &point,
-        &mut ChallengeGenerator::new_univariate(&mut test_sponge()),
-        &randomness,
+        &mut test_sponge(),
+        &states,
         Some(rng),
     )
     .unwrap();
@@ -194,16 +194,16 @@ where
     let labeled_poly =
         LabeledPolynomial::new("test".to_string(), rand_poly(num_vars, rng), None, None);
 
-    let (coms, randomness) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
+    let (coms, states) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap();
     let point = rand_point(num_vars, rng);
     let claimed_eval = labeled_poly.evaluate(&point);
     let proof = PCS::open(
         &ck,
         [&labeled_poly],
         &coms,
         &point,
-        &mut ChallengeGenerator::new_univariate(&mut test_sponge()),
-        &randomness,
+        &mut test_sponge(),
+        &states,
         Some(rng),
     )
     .unwrap();
@@ -215,7 +215,7 @@ where
         &point,
         [claimed_eval],
         &proof,
-        &mut ChallengeGenerator::new_univariate(&mut test_sponge()),
+        &mut test_sponge(),
         None,
     )
     .unwrap();

diff --git a/poly-commit/benches/hyrax_times.rs b/poly-commit/benches/hyrax_times.rs
@@ -1,3 +1,4 @@
+use ark_crypto_primitives::sponge::poseidon::PoseidonSponge;
 use ark_pcs_bench_templates::*;
 use ark_poly::{DenseMultilinearExtension, MultilinearExtension};
 
@@ -8,7 +9,7 @@ use ark_poly_commit::hyrax::HyraxPC;
 use rand_chacha::ChaCha20Rng;
 
 // Hyrax PCS over BN254
-type Hyrax254 = HyraxPC<G1Affine, DenseMultilinearExtension<Fr>>;
+type Hyrax254 = HyraxPC<G1Affine, DenseMultilinearExtension<Fr>, PoseidonSponge<Fr>>;
 
 fn rand_poly_hyrax<F: PrimeField>(
     num_vars: usize,

diff --git a/poly-commit/src/challenge.rs b/poly-commit/src/challenge.rs
diff --git a/poly-commit/src/constraints.rs b/poly-commit/src/constraints.rs
@@ -5,7 +5,7 @@ use crate::{
 use ark_crypto_primitives::sponge::CryptographicSponge;
 use ark_ff::PrimeField;
 use ark_poly::Polynomial;
-use ark_r1cs_std::fields::nonnative::NonNativeFieldVar;
+use ark_r1cs_std::fields::emulated_fp::EmulatedFpVar;
 use ark_r1cs_std::{fields::fp::FpVar, prelude::*};
 use ark_relations::r1cs::{ConstraintSystemRef, Namespace, Result as R1CSResult, SynthesisError};
 use ark_std::{borrow::Borrow, cmp::Eq, cmp::PartialEq, hash::Hash, marker::Sized};
@@ -24,8 +24,8 @@ pub enum LinearCombinationCoeffVar<TargetField: PrimeField, BaseField: PrimeFiel
     One,
     /// Coefficient -1.
     MinusOne,
-    /// Other coefficient, represented as a nonnative field element.
-    Var(NonNativeFieldVar<TargetField, BaseField>),
+    /// Other coefficient, represented as a "emulated" field element.
+    Var(EmulatedFpVar<TargetField, BaseField>),
 }
 
 /// An allocated version of `LinearCombination`.
@@ -60,7 +60,7 @@ impl<TargetField: PrimeField, BaseField: PrimeField>
                 let (f, lc_term) = term;
 
                 let fg =
-                    NonNativeFieldVar::new_variable(ark_relations::ns!(cs, "term"), || Ok(f), mode)
+                    EmulatedFpVar::new_variable(ark_relations::ns!(cs, "term"), || Ok(f), mode)
                         .unwrap();
 
                 (LinearCombinationCoeffVar::Var(fg), lc_term.clone())
@@ -79,12 +79,12 @@ impl<TargetField: PrimeField, BaseField: PrimeField>
 pub struct PCCheckRandomDataVar<TargetField: PrimeField, BaseField: PrimeField> {
     /// Opening challenges.
     /// The prover and the verifier MUST use the same opening challenges.
-    pub opening_challenges: Vec<NonNativeFieldVar<TargetField, BaseField>>,
+    pub opening_challenges: Vec<EmulatedFpVar<TargetField, BaseField>>,
     /// Bit representations of the opening challenges.
     pub opening_challenges_bits: Vec<Vec<Boolean<BaseField>>>,
     /// Batching random numbers.
     /// The verifier can choose these numbers freely, as long as they are random.
-    pub batching_rands: Vec<NonNativeFieldVar<TargetField, BaseField>>,
+    pub batching_rands: Vec<EmulatedFpVar<TargetField, BaseField>>,
     /// Bit representations of the batching random numbers.
     pub batching_rands_bits: Vec<Vec<Boolean<BaseField>>>,
 }
@@ -172,7 +172,7 @@ pub struct LabeledPointVar<TargetField: PrimeField, BaseField: PrimeField> {
     /// MUST be a unique identifier in a query set.
     pub name: String,
     /// The point value.
-    pub value: NonNativeFieldVar<TargetField, BaseField>,
+    pub value: EmulatedFpVar<TargetField, BaseField>,
 }
 
 /// An allocated version of `QuerySet`.
@@ -184,16 +184,16 @@ pub struct QuerySetVar<TargetField: PrimeField, BaseField: PrimeField>(
 /// An allocated version of `Evaluations`.
 #[derive(Clone)]
 pub struct EvaluationsVar<TargetField: PrimeField, BaseField: PrimeField>(
-    pub HashMap<LabeledPointVar<TargetField, BaseField>, NonNativeFieldVar<TargetField, BaseField>>,
+    pub HashMap<LabeledPointVar<TargetField, BaseField>, EmulatedFpVar<TargetField, BaseField>>,
 );
 
 impl<TargetField: PrimeField, BaseField: PrimeField> EvaluationsVar<TargetField, BaseField> {
     /// find the evaluation result
     pub fn get_lc_eval(
         &self,
         lc_string: &str,
-        point: &NonNativeFieldVar<TargetField, BaseField>,
-    ) -> Result<NonNativeFieldVar<TargetField, BaseField>, SynthesisError> {
+        point: &EmulatedFpVar<TargetField, BaseField>,
+    ) -> Result<EmulatedFpVar<TargetField, BaseField>, SynthesisError> {
         let key = LabeledPointVar::<TargetField, BaseField> {
             name: String::from(lc_string),
             value: point.clone(),

diff --git a/poly-commit/src/data_structures.rs b/poly-commit/src/data_structures.rs
@@ -70,9 +70,12 @@ pub trait PCPreparedCommitment<UNPREPARED: PCCommitment>: Clone {
     fn prepare(comm: &UNPREPARED) -> Self;
 }
 
-/// Defines the minimal interface of commitment randomness for any polynomial
-/// commitment scheme.
-pub trait PCRandomness: Clone + CanonicalSerialize + CanonicalDeserialize {
+/// Defines the minimal interface of commitment state for any polynomial
+/// commitment scheme. It might be randomness etc.
+pub trait PCCommitmentState: Clone + CanonicalSerialize + CanonicalDeserialize {
+    /// This is the type of `Randomness` that the `rand` method returns
+    type Randomness: Clone + CanonicalSerialize + CanonicalDeserialize;
+
     /// Outputs empty randomness that does not hide the commitment.
     fn empty() -> Self;
 
@@ -86,9 +89,8 @@ pub trait PCRandomness: Clone + CanonicalSerialize + CanonicalDeserialize {
         has_degree_bound: bool,
         num_vars: Option<usize>,
         rng: &mut R,
-    ) -> Self;
+    ) -> Self::Randomness;
 }
-
 /// A proof of satisfaction of linear combinations.
 #[derive(Clone, CanonicalSerialize, CanonicalDeserialize)]
 pub struct BatchLCProof<F: PrimeField, T: Clone + CanonicalSerialize + CanonicalDeserialize> {

diff --git a/poly-commit/src/hyrax/data_structures.rs b/poly-commit/src/hyrax/data_structures.rs
@@ -3,7 +3,10 @@ use ark_ff::PrimeField;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
 use ark_std::{rand::RngCore, vec::Vec};
 
-use crate::{PCCommitment, PCCommitterKey, PCRandomness, PCUniversalParams, PCVerifierKey};
+use crate::{
+    utils::Matrix, PCCommitment, PCCommitmentState, PCCommitterKey, PCUniversalParams,
+    PCVerifierKey,
+};
 
 /// `UniversalParams` amounts to a Pederson commitment key of sufficient length
 #[derive(Derivative, CanonicalSerialize, CanonicalDeserialize)]
@@ -77,9 +80,24 @@ impl<G: AffineRepr> PCCommitment for HyraxCommitment<G> {
 
 pub(crate) type HyraxRandomness<F> = Vec<F>;
 
+/// Hyrax Commitment State blah blah blah blah
+/// blah blah blah blah
+/// blah blah blah blah
+/// blah blah blah blah
+#[derive(Derivative, CanonicalSerialize, CanonicalDeserialize)]
+#[derivative(Default(bound = ""), Clone(bound = ""), Debug(bound = ""))]
+pub struct HyraxCommitmentState<F>
+where
+    F: PrimeField,
+{
+    pub(crate) randomness: HyraxRandomness<F>,
+    pub(crate) mat: Matrix<F>,
+}
+
 /// A vector of scalars, each of which multiplies the distinguished group
 /// element in the Pederson commitment key for a different commitment
-impl<F: PrimeField> PCRandomness for HyraxRandomness<F> {
+impl<F: PrimeField> PCCommitmentState for HyraxCommitmentState<F> {
+    type Randomness = HyraxRandomness<F>;
     fn empty() -> Self {
         unimplemented!()
     }
@@ -89,7 +107,7 @@ impl<F: PrimeField> PCRandomness for HyraxRandomness<F> {
         _has_degree_bound: bool,
         _num_vars: Option<usize>,
         rng: &mut R,
-    ) -> Self {
+    ) -> Self::Randomness {
         (0..num_queries).map(|_| F::rand(rng)).collect()
     }
 }