WIP

input-output-hk · Dec 9, 2024 · e620943 · e620943
1 parent 78aaf0d
commit e620943
Show file tree

Hide file tree

Showing 8 changed files with 44 additions and 19 deletions.
diff --git a/examples/serialization.rs b/examples/serialization.rs
@@ -19,7 +19,8 @@ use halo2_proofs::{
     SerdeFormat,
 };
 use halo2curves::bn256::{Bn256, Fr};
-use rand_core::OsRng;
+use rand_chacha::ChaCha8Rng;
+use rand_core::{OsRng, SeedableRng};
 
 #[derive(Clone, Copy)]
 struct StandardPlonkConfig {
@@ -125,8 +126,10 @@ impl Circuit<Fr> for StandardPlonk {
 
 fn main() {
     let k = 4;
-    let circuit = StandardPlonk(Fr::random(OsRng));
-    let params = ParamsKZG::<Bn256>::setup(k, OsRng);
+
+    let mut rng = ChaCha8Rng::from_seed([0u8; 32]);
+    let circuit = StandardPlonk(Fr::random(&mut rng));
+    let params = ParamsKZG::<Bn256>::setup(k, &mut rng);
     let vk = keygen_vk::<_, KZGCommitmentScheme<Bn256>, _>(&params, &circuit)
         .expect("vk should not fail");
     let pk = keygen_pk(&params, vk, &circuit).expect("pk should not fail");
@@ -140,7 +143,7 @@ fn main() {
         &pk,
         &[circuit],
         &[instances],
-        OsRng,
+        &mut rng,
         &mut transcript,
     )
         .expect("proof generation should not fail");
@@ -149,13 +152,15 @@ fn main() {
 
     let mut transcript = CircuitTranscript::<State>::parse(&proof[..]);
 
-    assert!(verify_proof::<Fr, KZGCommitmentScheme<Bn256>, _>(
+    let verifier = verify_proof::<Fr, KZGCommitmentScheme<Bn256>, _>(
         &params,
         pk.get_vk(),
         &[instances],
         &mut transcript,
-    )
-        .is_ok());
+    );
+    verifier
+        .unwrap();
+    // assert!(verifier.is_ok());
 
     // let f = File::create("serialization-test.pk").unwrap();
     // let mut writer = BufWriter::new(f);

diff --git a/src/plonk/evaluation.rs b/src/plonk/evaluation.rs
@@ -8,6 +8,7 @@ use crate::{
 };
 use ff::PrimeField;
 use group::ff::Field;
+use crate::arithmetic::eval_polynomial;
 
 use super::{ConstraintSystem, Expression};
 

diff --git a/src/plonk/prover.rs b/src/plonk/prover.rs
@@ -1,5 +1,5 @@
 use ff::{Field, PrimeField};
-use rand_core::{CryptoRng, RngCore};
+use rand_core::{CryptoRng, RngCore, SeedableRng};
 use std::collections::{BTreeSet, HashSet};
 use std::ops::RangeTo;
 use std::{collections::HashMap, iter};
@@ -26,6 +26,7 @@ use crate::poly::commitment::{Params, PolynomialCommitmentScheme};
 use crate::rational::Rational;
 use crate::transcript::{Hashable, Sampleable, Transcript};
 use halo2curves::serde::SerdeObject;
+use rand_chacha::ChaCha8Rng;
 
 /// This creates a proof for the provided `circuit` when given the public
 /// parameters `params` and the proving key [`ProvingKey`] that was
@@ -475,7 +476,8 @@ where
     // Construct the vanishing argument's h(X) commitments
     let vanishing = vanishing.construct::<CS, T>(params, domain, h_poly, transcript)?;
 
-    let x: F = transcript.squeeze_challenge();
+    // let x: F = transcript.squeeze_challenge();
+    let x: F = F::from(42);
     let xn = x.pow([params.n()]);
 
     // Compute and hash advice evals for each circuit instance

diff --git a/src/plonk/vanishing/prover.rs b/src/plonk/vanishing/prover.rs
@@ -132,9 +132,16 @@ impl<F: PrimeField> Constructed<F> {
     where
         F: Hashable<T::Hash> + SerdeObject,
     {
-        self.h_pieces
+        let h_poly = self.h_pieces
             .iter()
             .rev()
+            .fold(_domain.empty_coeff(), |acc, eval| acc * _xn + eval);
+
+        let eval_at_x = eval_polynomial(&h_poly, x);
+        dbg!(&eval_at_x);
+
+        self.h_pieces
+            .iter()
             // .fold(domain.empty_coeff(), |acc, eval| acc * xn + eval);
             .try_for_each(|p| {
                 let random_eval = eval_polynomial(p, x);

diff --git a/src/plonk/vanishing/verifier.rs b/src/plonk/vanishing/verifier.rs
@@ -93,14 +93,21 @@ impl<F: PrimeField, CS: PolynomialCommitmentScheme<F>> Evaluated<F, CS> {
         let committed_h_eval = self
             .h_evals
             .iter()
+            .rev()
             .fold(F::ZERO, |acc, eval| acc * xn + eval);
 
-        let expected_h_eval = expressions.fold(F::ZERO, |h_eval, v| h_eval * &y + &v);
+        // TODO: SEEMS THE ERROR IS WHEN CHECKING THE EXPRESSIONS -.-
+        let expected_h_eval = expressions.fold(F::ZERO, |h_eval, v| {
+            h_eval * &y + &v
+        });
         let expected_h_eval = expected_h_eval * ((xn - F::ONE).invert().unwrap());
 
-        if committed_h_eval != expected_h_eval {
-            return Err(Error::ConstraintSystemFailure);
-        }
+        dbg!(&committed_h_eval);
+        dbg!(&expected_h_eval);
+
+        // if committed_h_eval != expected_h_eval {
+        //     return Err(Error::ConstraintSystemFailure);
+        // }
 
         Ok(self)
     }

diff --git a/src/plonk/verifier.rs b/src/plonk/verifier.rs
@@ -1,8 +1,8 @@
-use ff::PrimeField;
+use ff::{Field, PrimeField};
 use halo2curves::serde::SerdeObject;
 use std::iter;
 
-use super::{vanishing, Error, VerifyingKey};
+use super::{vanishing, Error, VerifyingKey, Circuit, ConstraintSystem, create_proof};
 use crate::arithmetic::compute_inner_product;
 use crate::poly::commitment::{Params, PolynomialCommitmentScheme};
 use crate::poly::VerifierQuery;
@@ -118,7 +118,9 @@ where
 
     // Sample x challenge, which is used to ensure the circuit is
     // satisfied with high probability.
-    let x: F = transcript.squeeze_challenge();
+    // FIXME: DEBUGGING - 42 is not the answer!
+    // let x: F = transcript.squeeze_challenge();
+    let x: F = F::from(42);
     let instance_evals = {
         let xn = x.pow([params.n()]);
         let (min_rotation, max_rotation) =

diff --git a/src/poly/domain.rs b/src/poly/domain.rs
@@ -78,8 +78,9 @@ impl<F: PrimeField> EvaluationDomain<F> {
         // The coset evaluation domain is:
         // N {1, extended_omega, extended_omega^2, ..., extended_omega^{(2^extended_k) - 1}}
         // We choose N = 2
+        // TODO: Check QNR
         let g_coset = F::from(2);
-        debug_assert_ne!(g_coset.pow_vartime([2 << (F::S - 1)]), F::ZERO);
+        debug_assert_ne!(g_coset.pow_vartime([1 << (F::S - 1)]), F::ONE);
         // TODO: Could we compute the inversion later (like omega_inv?)
         let g_coset_inv = g_coset.invert().unwrap();
 

diff --git a/src/poly/kzg/mod.rs b/src/poly/kzg/mod.rs
@@ -8,7 +8,7 @@ pub mod params;
 
 use std::fmt::Debug;
 
-use crate::arithmetic::{best_multiexp, kate_division, powers, MSM};
+use crate::arithmetic::{best_multiexp, kate_division, powers, MSM, eval_polynomial};
 use crate::poly::kzg::msm::{DualMSM, MSMKZG};
 use crate::poly::kzg::params::{ParamsKZG, ParamsVerifierKZG};
 use crate::poly::query::Query;