Skip to content

Groth16 Multicommits #702

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Tabaie merged 65 commits into from
Jun 9, 2023
Merged

Groth16 Multicommits #702

Tabaie merged 65 commits into from
Jun 9, 2023

Conversation

@Tabaie
Copy link
Contributor

@Tabaie Tabaie commented May 24, 2023

Equivalent of #668 for Groth16.

Tabaie added 30 commits May 23, 2023 15:05
@Tabaie
refactor: end-to-end commitment tests
10672c8
@Tabaie
style: subscript group index
0e3eb3a
@Tabaie
feat: reflect pedersen changes in bn254
edc63bd
@Tabaie
fix: gorth16 commit compile bug
bbc2a4b
@Tabaie
fix: groth16 commit verification error handling
5457111
@Tabaie
fix: no private committed bug
f6ba8f4
@Tabaie
feat: prover with no commitment act like vanilla groth16
7f67e1e
@Tabaie
feat: no commitments -> vanilla groth16
4f5f580
@Tabaie
fix: empty commitments vector
2e10a8b
@Tabaie
feat: batch pedersen poks
e9685e8
@Tabaie
build: generify batch verification
bba21d1
@Tabaie
fix: no commitments case for bn254
11b2a6d
@Tabaie
build generify bn254 no commitments fix
85dfd17
@Tabaie
feat bn254 hash commitment values for folding
51c8c8b
@Tabaie
build: generify commitment hashing
d86365b
@Tabaie
refactor: test utils to another file
12aaf0c
@Tabaie
refactor: groth16 and plonk tests to hollow circuits themselves
7b98f4a
@Tabaie
feat: groth16 multicommit setup bn254, hopefully
34cb89b
@Tabaie
refactor test bn254 groth16 only
015d402
@Tabaie
build generify bn254 changes
aef2c64
@Tabaie
refactor: eliminate GetNbCommitments
f0dfa30
@Tabaie
fix: single commits work for bn254
a5ea0bf
@Tabaie
fix: using loop counter in lambda
15e784d
@Tabaie
feat: filterHeap for unsorted lists
10ff389
@Tabaie
fix: two indep commitments work for bn254
1049da4
@Tabaie
fix: attempt at commitment hint input filtering
319daca
@Tabaie
refactor: use c.CommitmentWireIndexes in Plonk backend
d5912b2
@Tabaie
build: generify plonk refactor
c438c44
@Tabaie
fix: single commitments work again
cb241c3
@Tabaie
fix: commitment to commitment works
6aece8f
gbotrel
gbotrel requested changes Jun 2, 2023
View reviewed changes
constraint/commitment.go Outdated
res := make([]uint64, len(commitments))
for i := range res {
res[i] = uint64(commitments[i].CommitmentIndex)
func (c Commitments) CommitmentWireIndexes() []int {
Copy link
Collaborator

@gbotrel gbotrel Jun 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe evaluate if instead of computing all the index (wires, commited etc) during proving time, it would not be worth it to store these slices in the CommitmentInfo data struct? Particularly to avoid allocations in the prover.

backend/groth16/bls12-377/verify.go

if vk.HasCommitment {
kSum.AddMixed(&proof.Commitment)
for i := range proof.Commitments {
Copy link
Collaborator

@gbotrel gbotrel Jun 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same, my understanding is we probably won't go over comuple of commitments, but if we do, this place might be a good candidate for a batchAddition

backend/groth16/internal/utils.go Outdated
import "math/big"

// DivideByThresholdOrList divides x into two sub-lists. list must be sorted, non-repeating and contain no value less than indexThreshold
func DivideByThresholdOrList(indexThreshold int, list []int, x []*big.Int) (ltOrInList, gtAndNotInList []*big.Int) {
Copy link
Collaborator

@gbotrel gbotrel Jun 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do that in place?

Copy link
Contributor Author

@Tabaie Tabaie Jun 6, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replaced, but it still allocates a slice of size len(list), which in this application is small.

frontend/cs/r1cs/api.go Outdated
if t.VID < builder.cs.GetNbPublicVariables() {
nbPublicCommitted++
} else {
// Cannot commit to a secret variable that has already been committed to
Copy link
Collaborator

@gbotrel gbotrel Jun 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

out of curiosity; why can't we just continue here and ignore that? Will comitting to a commitment help in anyway?

Copy link
Contributor Author

@Tabaie Tabaie Jun 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because of how the result of an api.Commit must be usable as a fiat-shamir challenge, it must have a "one-way" dependence on every variable input to this function. However, the way the commitment scheme is verified is Groth16 necessitates that every private variable can be used in one commitment at most. So if it were needed in multiple commitments, the next best thing is to commit to its commitment (commitments to commitments are easy, they're just conventional hashes.)

internal/utils/search.go Outdated
@@ -0,0 +1,18 @@
package utils

// BinarySearch attempts to find the target in x. If not found, returns false and the index where the target would be inserted.
Copy link
Collaborator

@gbotrel gbotrel Jun 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why not use go standard std Find method?

test/end_to_end.go
})
}

func hollow(c frontend.Circuit) frontend.Circuit {
Copy link
Collaborator

@gbotrel gbotrel Jun 2, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you document a bit more this file / the functions?

Tabaie added 19 commits June 2, 2023 16:59
@Tabaie
chore: document hollow, remove in-house search
88eae36
@Tabaie
refactor: FindInSlice use
d077df7
@Tabaie
feat: in-place-ish DivideByThresholdOrList
4efbecf
@Tabaie
chore: rm deadcd, improve verifier mem, some docs
f48a7a2
@Tabaie
build generify
d80bc98
@Tabaie
refactor: remove duplicate test utils
2246e3e
@Tabaie
refactor: separate groth16 commitmentInfo experiments
6358aab
@Tabaie
feat: groth16 commitmetInfo experiments
700bdcd
@Tabaie
refactor: bn254 groth16 commitmentinfo
13b08da
@Tabaie
build: generify bn254 changes
c45876d
@Tabaie
refactor: reflect changes in plonk prover
0948be5
@Tabaie
refactor: reflect commitmentInfo changes in plonk
9945618
@Tabaie
fix: groth16 tests pass
a0727e8
@Tabaie
fix: committed commitment folding bug
7bee2c1
@Tabaie
build: generify the changes
7c958f1
@Tabaie
remove: some unused code
2db7cf0
@Tabaie
remove: unused func
28a2923
@Tabaie
dep: gnark-crypto
a737040
@Tabaie
revert: forced conversion
62e1747
@gbotrel gbotrel mentioned this pull request Jun 8, 2023
Merged
@Tabaie Tabaie requested a review from gbotrel June 9, 2023 14:50
gbotrel
gbotrel approved these changes Jun 9, 2023
View reviewed changes
backend/groth16/bls12-377/setup.go Outdated
commitmentWires := commitmentInfo.CommitmentIndexes()
privateCommitted := commitmentInfo.GetPrivateCommitted()
nbPrivateCommittedWires := internal.NbElements(privateCommitted)
//nbPrivateCommittedWires, privateCommitted, publicAndCommitmentCommitted :=
Copy link
Collaborator

@gbotrel gbotrel Jun 9, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

deadcode

@Tabaie Tabaie merged commit aa46799 into develop Jun 9, 2023
@Tabaie Tabaie deleted the feat/g16-multicommits branch June 9, 2023 15:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gbotrel gbotrel gbotrel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Tabaie @gbotrel