Skip to content

Commit

Permalink
mpcs to plonky3 field
Browse files Browse the repository at this point in the history
  • Loading branch information
@hero78119
hero78119 committed Jan 9, 2025
1 parent 1126d58 commit 3831cb1
Show file tree
Hide file tree
Showing 21 changed files with 586 additions and 446 deletions.
4 changes: 4 additions & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions mpcs/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ num-bigint = "0.4"
num-integer = "0.1"
plonky2.workspace = true
poseidon.workspace = true
p3-field.workspace = true
p3-goldilocks.workspace = true
p3-mds.workspace = true
p3-symmetric.workspace = true
rand.workspace = true
rand_chacha.workspace = true
rayon = { workspace = true, optional = true }
Expand Down
151 changes: 85 additions & 66 deletions mpcs/src/basefold.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,15 @@ pub use encoding::{
};
use ff_ext::ExtensionField;
use multilinear_extensions::mle::MultilinearExtension;
use p3_mds::MdsPermutation;
use poseidon::SPONGE_WIDTH;
use query_phase::{
BatchedQueriesResultWithMerklePath, QueriesResultWithMerklePath,
SimpleBatchQueriesResultWithMerklePath, batch_prover_query_phase, batch_verifier_query_phase,
prover_query_phase, simple_batch_prover_query_phase, simple_batch_verifier_query_phase,
verifier_query_phase,
};
use std::{borrow::BorrowMut, ops::Deref};
use std::{borrow::BorrowMut, fmt::Debug, ops::Deref};
pub use structure::BasefoldSpec;
use structure::{BasefoldProof, ProofQueriesResultWithMerklePath};
use transcript::Transcript;
Expand Down Expand Up @@ -79,7 +81,7 @@ enum PolyEvalsCodeword<E: ExtensionField> {
TooBig(usize),
}

impl<E: ExtensionField, Spec: BasefoldSpec<E>> Basefold<E, Spec>
impl<E: ExtensionField, Spec: BasefoldSpec<E>, Mds> Basefold<E, Spec, Mds>
where
E: Serialize + DeserializeOwned,
E::BaseField: Serialize + DeserializeOwned,
Expand Down Expand Up @@ -265,18 +267,20 @@ where
/// positions are (i >> k) and (i >> k) XOR 1.
/// (c) The verifier checks that the folding has been correctly computed
/// at these positions.
impl<E: ExtensionField, Spec: BasefoldSpec<E>> PolynomialCommitmentScheme<E> for Basefold<E, Spec>
impl<E: ExtensionField, Spec: BasefoldSpec<E>, Mds> PolynomialCommitmentScheme<E>
for Basefold<E, Spec, Mds>
where
E: Serialize + DeserializeOwned,
E::BaseField: Serialize + DeserializeOwned,
Mds: MdsPermutation<E::BaseField, SPONGE_WIDTH> + Default + Debug,
{
type Param = BasefoldParams<E, Spec>;
type ProverParam = BasefoldProverParams<E, Spec>;
type VerifierParam = BasefoldVerifierParams<E, Spec>;
type CommitmentWithWitness = BasefoldCommitmentWithWitness<E>;
type CommitmentWithWitness = BasefoldCommitmentWithWitness<E, Mds>;
type Commitment = BasefoldCommitment<E>;
type CommitmentChunk = Digest<E::BaseField>;
type Proof = BasefoldProof<E>;
type Proof = BasefoldProof<E, Mds>;

fn setup(poly_size: usize) -> Result<Self::Param, Error> {
let pp = <Spec::EncodingScheme as EncodingScheme<E>>::setup(log2_strict(poly_size));
Expand Down Expand Up @@ -323,7 +327,7 @@ where
// (2) The encoding of the coefficient vector (need an interpolation)
let ret = match Self::get_poly_bh_evals_and_codeword(pp, poly) {
PolyEvalsCodeword::Normal((bh_evals, codeword)) => {
let codeword_tree = MerkleTree::<E>::from_leaves(codeword);
let codeword_tree = MerkleTree::<E, Mds>::from_leaves(codeword);

// All these values are stored in the `CommitmentWithWitness` because
// they are useful in opening, and we don't want to recompute them.
Expand All @@ -336,7 +340,7 @@ where
})
}
PolyEvalsCodeword::TooSmall(evals) => {
let codeword_tree = MerkleTree::<E>::from_leaves(evals.clone());
let codeword_tree = MerkleTree::<E, Mds>::from_leaves(evals.clone());

// All these values are stored in the `CommitmentWithWitness` because
// they are useful in opening, and we don't want to recompute them.
Expand Down Expand Up @@ -412,7 +416,7 @@ where
}
})
.collect::<(Vec<_>, Vec<_>)>();
let codeword_tree = MerkleTree::<E>::from_batch_leaves(codewords);
let codeword_tree = MerkleTree::<E, Mds>::from_batch_leaves(codewords);
Self::CommitmentWithWitness {
codeword_tree,
polynomials_bh_evals: bh_evals,
Expand All @@ -432,7 +436,7 @@ where
}
})
.collect::<Vec<_>>();
let codeword_tree = MerkleTree::<E>::from_batch_leaves(bh_evals.clone());
let codeword_tree = MerkleTree::<E, Mds>::from_batch_leaves(bh_evals.clone());
Self::CommitmentWithWitness {
codeword_tree,
polynomials_bh_evals: bh_evals,
Expand Down Expand Up @@ -494,7 +498,7 @@ where
// part, the prover needs to prepare the answers to the
// queries, so the prover needs the oracles and the Merkle
// trees built over them.
let (trees, commit_phase_proof) = commit_phase::<E, Spec>(
let (trees, commit_phase_proof) = commit_phase::<E, Spec, Mds>(
&pp.encoding_params,
point,
comm,
Expand Down Expand Up @@ -594,7 +598,7 @@ where
evals.iter().map(Evaluation::value),
&evals
.iter()
.map(|eval| E::from(1 << (num_vars - points[eval.point()].len())))
.map(|eval| E::from_canonical_u64(1 << (num_vars - points[eval.point()].len())))
.collect_vec(),
&poly_iter_ext(&eq_xt).take(evals.len()).collect_vec(),
);
Expand Down Expand Up @@ -645,8 +649,8 @@ where
inner_product(
&poly_iter_ext(poly).collect_vec(),
build_eq_x_r_vec(point).iter(),
) * scalar
* E::from(1 << (num_vars - poly.num_vars))
) * *scalar
* E::from_canonical_u64(1 << (num_vars - poly.num_vars))
// When this polynomial is smaller, it will be repeatedly summed over the cosets of the hypercube
})
.sum::<E>();
Expand Down Expand Up @@ -719,7 +723,7 @@ where

let point = challenges;

let (trees, commit_phase_proof) = batch_commit_phase::<E, Spec>(
let (trees, commit_phase_proof) = batch_commit_phase::<E, Spec, Mds>(
&pp.encoding_params,
&point,
comms,
Expand Down Expand Up @@ -815,7 +819,7 @@ where
// The remaining tasks for the prover is to prove that
// sum_i coeffs[i] poly_evals[i] is equal to
// the new target sum, where coeffs is computed as follows
let (trees, commit_phase_proof) = simple_batch_commit_phase::<E, Spec>(
let (trees, commit_phase_proof) = simple_batch_commit_phase::<E, Spec, Mds>(
&pp.encoding_params,
point,
&eq_xt,
Expand Down Expand Up @@ -864,7 +868,7 @@ where

if proof.is_trivial() {
let trivial_proof = &proof.trivial_proof;
let merkle_tree = MerkleTree::from_batch_leaves(trivial_proof.clone());
let merkle_tree = MerkleTree::<E, Mds>::from_batch_leaves(trivial_proof.clone());
if comm.root() == merkle_tree.root() {
return Ok(());
} else {
Expand Down Expand Up @@ -919,7 +923,7 @@ where
let mut eq = build_eq_x_r_vec(&point[..point.len() - fold_challenges.len()]);
eq.par_iter_mut().for_each(|e| *e *= coeff);

verifier_query_phase::<E, Spec>(
verifier_query_phase::<E, Spec, Mds>(
queries.as_slice(),
&vp.encoding_params,
query_result_with_merkle_path,
Expand Down Expand Up @@ -977,7 +981,7 @@ where
evals.iter().map(Evaluation::value),
&evals
.iter()
.map(|eval| E::from(1 << (num_vars - points[eval.point()].len())))
.map(|eval| E::from_canonical_u64(1 << (num_vars - points[eval.point()].len())))
.collect_vec(),
&poly_iter_ext(&eq_xt).take(evals.len()).collect_vec(),
);
Expand Down Expand Up @@ -1044,7 +1048,7 @@ where
);
eq.par_iter_mut().for_each(|e| *e *= coeff);

batch_verifier_query_phase::<E, Spec>(
batch_verifier_query_phase::<E, Spec, Mds>(
queries.as_slice(),
&vp.encoding_params,
query_result_with_merkle_path,
Expand Down Expand Up @@ -1079,7 +1083,7 @@ where

if proof.is_trivial() {
let trivial_proof = &proof.trivial_proof;
let merkle_tree = MerkleTree::from_batch_leaves(trivial_proof.clone());
let merkle_tree = MerkleTree::<E, Mds>::from_batch_leaves(trivial_proof.clone());
if comm.root() == merkle_tree.root() {
return Ok(());
} else {
Expand Down Expand Up @@ -1144,7 +1148,7 @@ where
let mut eq = build_eq_x_r_vec(&point[..point.len() - fold_challenges.len()]);
eq.par_iter_mut().for_each(|e| *e *= coeff);

simple_batch_verifier_query_phase::<E, Spec>(
simple_batch_verifier_query_phase::<E, Spec, Mds>(
queries.as_slice(),
&vp.encoding_params,
query_result_with_merkle_path,
Expand All @@ -1165,99 +1169,114 @@ where
}
}

impl<E: ExtensionField, Spec: BasefoldSpec<E>> NoninteractivePCS<E> for Basefold<E, Spec>
impl<E: ExtensionField, Spec: BasefoldSpec<E>, Mds> NoninteractivePCS<E, Mds>
for Basefold<E, Spec, Mds>
where
E: Serialize + DeserializeOwned,
E::BaseField: Serialize + DeserializeOwned,
Mds: MdsPermutation<E::BaseField, SPONGE_WIDTH> + Default + Debug,
{
}

#[cfg(test)]
mod test {
use ff_ext::GoldilocksExt2;
use p3_goldilocks::MdsMatrixGoldilocks;

use crate::{
basefold::Basefold,
test_util::{
gen_rand_poly_base, gen_rand_poly_ext, run_batch_commit_open_verify,
run_commit_open_verify, run_simple_batch_commit_open_verify,
},
};
use goldilocks::GoldilocksExt2;

use super::{BasefoldRSParams, structure::BasefoldBasecodeParams};

type PcsGoldilocksRSCode = Basefold<GoldilocksExt2, BasefoldRSParams>;
type PcsGoldilocksBaseCode = Basefold<GoldilocksExt2, BasefoldBasecodeParams>;
type PcsGoldilocksRSCode = Basefold<GoldilocksExt2, BasefoldRSParams, MdsMatrixGoldilocks>;
type PcsGoldilocksBaseCode =
Basefold<GoldilocksExt2, BasefoldBasecodeParams, MdsMatrixGoldilocks>;

#[test]
fn commit_open_verify_goldilocks() {
for gen_rand_poly in [gen_rand_poly_base, gen_rand_poly_ext] {
// Challenge is over extension field, poly over the base field
run_commit_open_verify::<GoldilocksExt2, PcsGoldilocksBaseCode>(gen_rand_poly, 10, 11);
// Test trivial proof with small num vars
run_commit_open_verify::<GoldilocksExt2, PcsGoldilocksBaseCode>(gen_rand_poly, 4, 6);
// Challenge is over extension field, poly over the base field
run_commit_open_verify::<GoldilocksExt2, PcsGoldilocksRSCode>(gen_rand_poly, 10, 11);
// Test trivial proof with small num vars
run_commit_open_verify::<GoldilocksExt2, PcsGoldilocksRSCode>(gen_rand_poly, 4, 6);
}
}

#[test]
fn simple_batch_commit_open_verify_goldilocks() {
for gen_rand_poly in [gen_rand_poly_base, gen_rand_poly_ext] {
// Both challenge and poly are over base field
run_simple_batch_commit_open_verify::<GoldilocksExt2, PcsGoldilocksBaseCode>(
gen_rand_poly,
10,
11,
1,
);
run_simple_batch_commit_open_verify::<GoldilocksExt2, PcsGoldilocksBaseCode>(
run_commit_open_verify::<GoldilocksExt2, PcsGoldilocksBaseCode, MdsMatrixGoldilocks>(
gen_rand_poly,
10,
11,
4,
);
// Test trivial proof with small num vars
run_simple_batch_commit_open_verify::<GoldilocksExt2, PcsGoldilocksBaseCode>(
run_commit_open_verify::<GoldilocksExt2, PcsGoldilocksBaseCode, MdsMatrixGoldilocks>(
gen_rand_poly,
4,
6,
4,
);
// Both challenge and poly are over base field
run_simple_batch_commit_open_verify::<GoldilocksExt2, PcsGoldilocksRSCode>(
gen_rand_poly,
10,
11,
1,
);
run_simple_batch_commit_open_verify::<GoldilocksExt2, PcsGoldilocksRSCode>(
// Challenge is over extension field, poly over the base field
run_commit_open_verify::<GoldilocksExt2, PcsGoldilocksRSCode, MdsMatrixGoldilocks>(
gen_rand_poly,
10,
11,
4,
);
// Test trivial proof with small num vars
run_simple_batch_commit_open_verify::<GoldilocksExt2, PcsGoldilocksRSCode>(
run_commit_open_verify::<GoldilocksExt2, PcsGoldilocksRSCode, MdsMatrixGoldilocks>(
gen_rand_poly,
4,
6,
4,
);
}
}

#[test]
fn simple_batch_commit_open_verify_goldilocks() {
for gen_rand_poly in [gen_rand_poly_base, gen_rand_poly_ext] {
// Both challenge and poly are over base field
run_simple_batch_commit_open_verify::<
GoldilocksExt2,
PcsGoldilocksBaseCode,
MdsMatrixGoldilocks,
>(gen_rand_poly, 10, 11, 1);
run_simple_batch_commit_open_verify::<
GoldilocksExt2,
PcsGoldilocksBaseCode,
MdsMatrixGoldilocks,
>(gen_rand_poly, 10, 11, 4);
// Test trivial proof with small num vars
run_simple_batch_commit_open_verify::<
GoldilocksExt2,
PcsGoldilocksBaseCode,
MdsMatrixGoldilocks,
>(gen_rand_poly, 4, 6, 4);
// Both challenge and poly are over base field
run_simple_batch_commit_open_verify::<
GoldilocksExt2,
PcsGoldilocksRSCode,
MdsMatrixGoldilocks,
>(gen_rand_poly, 10, 11, 1);
run_simple_batch_commit_open_verify::<
GoldilocksExt2,
PcsGoldilocksRSCode,
MdsMatrixGoldilocks,
>(gen_rand_poly, 10, 11, 4);
// Test trivial proof with small num vars
run_simple_batch_commit_open_verify::<
GoldilocksExt2,
PcsGoldilocksRSCode,
MdsMatrixGoldilocks,
>(gen_rand_poly, 4, 6, 4);
}
}

#[test]
fn batch_commit_open_verify() {
for gen_rand_poly in [gen_rand_poly_base, gen_rand_poly_ext] {
// Both challenge and poly are over base field
run_batch_commit_open_verify::<GoldilocksExt2, PcsGoldilocksBaseCode>(
gen_rand_poly,
10,
11,
);
run_batch_commit_open_verify::<GoldilocksExt2, PcsGoldilocksRSCode>(
run_batch_commit_open_verify::<
GoldilocksExt2,
PcsGoldilocksBaseCode,
MdsMatrixGoldilocks,
>(gen_rand_poly, 10, 11);
run_batch_commit_open_verify::<GoldilocksExt2, PcsGoldilocksRSCode, MdsMatrixGoldilocks>(
gen_rand_poly,
10,
11,
Expand Down
Loading

0 comments on commit 3831cb1

Please sign in to comment.