generated from runtime-machines/rust-template
-
Notifications
You must be signed in to change notification settings - Fork 1
Proving scheme organisation #3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
erikareale
wants to merge
29
commits into
dev
Choose a base branch
from
proving_scheme_organisation
base: dev
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 22 commits
Commits
Show all changes
29 commits
Select commit
Hold shift + click to select a range
be1fd42
feat: provide polynomial utils
erikareale 1aa86a7
feat: skeleton of Bulletproof proving scheme
erikareale c420753
fix: solved todos for lagrange formula and middle splitting
erikareale 96b3fe8
feat: extend `ProvingScheme` with utility methods and prove, verify i…
erikareale c83a650
feat & fix: make generators global and correct logic relationship bet…
erikareale 7126fe5
test: add test for evaluating the polynomial's and
erikareale c753309
refactor: move generic types of trait as internal types
erikareale 37c7c9e
fix: correct computation of Q point including the inner product
erikareale 57c0255
docs: add code and doc comments
erikareale 83631ea
feat: implement increasing of gens
erikareale af281f0
feat: provide polynomial utils
erikareale 71c6cc9
feat: skeleton of Bulletproof proving scheme
erikareale c13a8b2
fix: solved todos for lagrange formula and middle splitting
erikareale 77b0b53
feat: extend `ProvingScheme` with utility methods and prove, verify i…
erikareale 05848ee
feat & fix: make generators global and correct logic relationship bet…
erikareale 97c8c3a
test: add test for evaluating the polynomial's and
erikareale 159b70a
refactor: move generic types of trait as internal types
erikareale 01adc24
fix: correct computation of Q point including the inner product
erikareale ae3146b
docs: add code and doc comments
erikareale a4e0227
feat: implement increasing of gens
erikareale e2f812a
doc: add todo specifying to choose one of the proving scheme's traits
erikareale 6eed4d2
Merge branch 'proving_scheme_organisation' of github.com:runtime-mach…
erikareale cbc7770
fix: split parameters and use custom type for `Poiint`
erikareale 5ef0f7a
fix: return couple of references to save memory
erikareale f2802f1
fix: use polynomial_point in verifier
erikareale c78399b
refactor: change `compute_commitment` parameters intto `Scalar`
erikareale 249f354
feat: implement type conversion methods
erikareale 1cf53bb
test: add wrong verification
erikareale 3ac0f24
refactor: make directly usage of commitment and remove bytes
erikareale File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1,2 @@ | ||
| // TODO: keep this or the proving scheme one | ||
| pub trait Committer {} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,5 @@ | ||
| mod proving_schemes; | ||
|
|
||
| mod committer; | ||
| mod db; | ||
| mod errors; | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,263 @@ | ||
| mod polynomial; | ||
|
|
||
| use bulletproofs::{inner_product, BulletproofGens, InnerProductProof}; | ||
| use curve25519_dalek::{ | ||
| constants::RISTRETTO_BASEPOINT_POINT, | ||
| ristretto::{CompressedRistretto, RistrettoPoint}, | ||
| scalar::Scalar, | ||
| traits::MultiscalarMul, | ||
| }; | ||
| use merlin::Transcript; | ||
|
|
||
| use self::polynomial::Polynomial; | ||
|
|
||
| use super::{ | ||
| transcript_protocol::TranscriptProtocol, ProvingScheme, MAX_GENERATORS, | ||
| }; | ||
|
|
||
| /// Represent the `ProvingScheme` based on the Bulletproof protocol | ||
| struct BulletproofPS { | ||
| gens: Vec<RistrettoPoint>, | ||
| } | ||
|
|
||
| /// Represent the commitment | ||
| type Node = (Polynomial, CompressedRistretto); | ||
|
|
||
| /// Represent the info related to the IPA such as; | ||
| /// - the proof | ||
| /// - the vector commitment of of a and b vectors | ||
| /// - the value of the inner product | ||
| struct InnerProduct { | ||
| proof: InnerProductProof, | ||
| com: CompressedRistretto, | ||
| value: Scalar, | ||
| } | ||
|
|
||
| // TODO: handle errors | ||
| // TODO: manage generators more efficiently | ||
|
|
||
| impl ProvingScheme for BulletproofPS { | ||
| type Scalar = Scalar; | ||
| type Commit = Node; | ||
| type Proof = InnerProduct; | ||
|
|
||
| fn instantiate_generators() -> BulletproofPS { | ||
| BulletproofPS { | ||
| gens: create_gens(MAX_GENERATORS * 2), | ||
| } | ||
| } | ||
|
|
||
| fn compute_commitment(&self, bytes: &[[u8; 32]]) -> Node { | ||
| let points = compute_points(bytes); | ||
|
|
||
| let polynomial = Polynomial::lagrange(&points); | ||
|
|
||
| let commitment = RistrettoPoint::multiscalar_mul( | ||
| &polynomial.0, | ||
| &self.gens[..points.len()], | ||
| ) | ||
| .compress(); | ||
|
|
||
| (polynomial, commitment) | ||
| } | ||
|
|
||
| fn prove( | ||
| &self, | ||
| (polynomial, _): &Node, | ||
| point: &(u64, [u8; 32]), | ||
| ) -> InnerProduct { | ||
| let mut transcript = Transcript::new(b"InnerProductNode"); | ||
| let q = (transcript.challenge_scalar(b"w")) * RISTRETTO_BASEPOINT_POINT; | ||
|
|
||
| let n = polynomial.0.len(); | ||
|
|
||
| let g_h_factors = vec![Scalar::one(); n]; | ||
|
|
||
| let (g_vec, h_vec) = split_gens(&self.gens[..(n * 2)]); | ||
|
|
||
| let a_vec = &polynomial.0; | ||
| let b_vec = compute_b_vec(n, point.0); | ||
|
|
||
| let com = RistrettoPoint::multiscalar_mul( | ||
| a_vec.iter().chain(&b_vec), | ||
| g_vec[..n].iter().chain(&h_vec[..n]), | ||
| ) | ||
| .compress(); | ||
|
|
||
| let value = inner_product(a_vec, &b_vec); | ||
|
|
||
| let proof = InnerProductProof::create( | ||
| &mut transcript, | ||
| &q, | ||
| &g_h_factors, | ||
| &g_h_factors, | ||
| g_vec[..n].to_vec(), | ||
| h_vec[..n].to_vec(), | ||
| a_vec.to_vec(), | ||
| b_vec, | ||
| ); | ||
|
|
||
| InnerProduct { proof, com, value } | ||
| } | ||
|
|
||
| fn verify( | ||
| &self, | ||
| InnerProduct { proof, com, value }: &InnerProduct, | ||
| children_count: usize, | ||
| _point: &(u64, [u8; 32]), | ||
| ) -> bool { | ||
| let mut transcript = Transcript::new(b"InnerProductNode"); | ||
| let q = (transcript.challenge_scalar(b"w")) * RISTRETTO_BASEPOINT_POINT; | ||
|
|
||
| let n = children_count.next_power_of_two(); | ||
|
|
||
| let vec_one = vec![Scalar::one(); n]; | ||
|
|
||
| let com = com.decompress().unwrap(); | ||
|
|
||
| let p = com + (q * value); | ||
|
|
||
| let (g_vec, h_vec) = split_gens(&self.gens[..(n * 2)]); | ||
|
|
||
| proof | ||
| .verify( | ||
| n, | ||
| &mut transcript, | ||
| &vec_one, | ||
| &vec_one, | ||
| &p, | ||
| &q, | ||
| &g_vec, | ||
| &h_vec, | ||
| ) | ||
| .is_ok() | ||
| } | ||
|
|
||
| fn commitment_to_bytes(com: Node) -> [u8; 32] { | ||
| com.1.to_bytes() | ||
| } | ||
|
|
||
| fn add_new_generator(&mut self) { | ||
| self.gens = create_gens(self.gens.len() + 1); | ||
| } | ||
| } | ||
|
|
||
| fn create_gens(gens_capacity: usize) -> Vec<RistrettoPoint> { | ||
| let padded_length = gens_capacity.next_power_of_two(); | ||
| let bp_gens = BulletproofGens::new(padded_length, 1); | ||
| bp_gens.share(0).G(padded_length).cloned().collect() | ||
| } | ||
|
|
||
| fn compute_points(bytes: &[[u8; 32]]) -> Vec<(Scalar, Scalar)> { | ||
| let points: Vec<_> = bytes | ||
| .iter() | ||
| .enumerate() | ||
| .map(|(index, &byte)| point_into_scalar_point(&(index as u64, byte))) | ||
| .collect(); | ||
|
|
||
| padding_points(&points) | ||
| } | ||
|
|
||
| fn point_into_scalar_point( | ||
| &(position, evaluation): &(u64, [u8; 32]), | ||
| ) -> (Scalar, Scalar) { | ||
erikareale marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| ( | ||
| Scalar::from(position), | ||
| Scalar::from_bytes_mod_order(evaluation), | ||
| ) | ||
| } | ||
|
|
||
| fn padding_points(points: &[(Scalar, Scalar)]) -> Vec<(Scalar, Scalar)> { | ||
| points | ||
| .iter() | ||
| .copied() | ||
| .chain( | ||
| (points.len()..points.len().next_power_of_two()) | ||
| .map(|index| (Scalar::from(index as u64), Scalar::zero())), | ||
| ) | ||
| .collect() | ||
| } | ||
|
|
||
| fn split_gens( | ||
| gens: &[RistrettoPoint], | ||
| ) -> (Vec<RistrettoPoint>, Vec<RistrettoPoint>) { | ||
erikareale marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| let (g_vec, h_vec) = gens.split_at((gens.len() + 1) / 2); | ||
| (g_vec.to_vec(), h_vec.to_vec()) | ||
| } | ||
|
|
||
| fn compute_b_vec(length: usize, position: u64) -> Vec<Scalar> { | ||
| let length: u32 = length.try_into().unwrap(); | ||
| (0..length) | ||
| .map(|index| Scalar::from(position.pow(index))) | ||
| .collect() | ||
| } | ||
|
|
||
| #[cfg(test)] | ||
| mod test { | ||
| use curve25519_dalek::scalar::Scalar; | ||
|
|
||
| use crate::proving_schemes::{ | ||
| bulletproof::polynomial::Polynomial, ProvingScheme, | ||
| }; | ||
|
|
||
| use super::BulletproofPS; | ||
|
|
||
| fn generate_bytes() -> Vec<[u8; 32]> { | ||
| vec![ | ||
| [ | ||
| 0x90, 0x76, 0x33, 0xfe, 0x1c, 0x4b, 0x66, 0xa4, 0xa2, 0x8d, | ||
| 0x2d, 0xd7, 0x67, 0x83, 0x86, 0xc3, 0x53, 0xd0, 0xde, 0x54, | ||
| 0x55, 0xd4, 0xfc, 0x9d, 0xe8, 0xef, 0x7a, 0xc3, 0x1f, 0x35, | ||
| 0xbb, 0x05, | ||
| ], | ||
| [ | ||
| 0x6c, 0x33, 0x74, 0xa1, 0x89, 0x4f, 0x62, 0x21, 0x0a, 0xaa, | ||
| 0x2f, 0xe1, 0x86, 0xa6, 0xf9, 0x2c, 0xe0, 0xaa, 0x75, 0xc2, | ||
| 0x77, 0x95, 0x81, 0xc2, 0x95, 0xfc, 0x08, 0x17, 0x9a, 0x73, | ||
| 0x94, 0x0c, | ||
| ], | ||
| [ | ||
| 0xef, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, | ||
| 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, | ||
| 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | ||
| 0x00, 0x10, | ||
| ], | ||
| ] | ||
| } | ||
|
|
||
| fn generate_positions() -> Vec<(Scalar, Scalar)> { | ||
| generate_bytes() | ||
| .iter() | ||
| .enumerate() | ||
| .map(|(position, &evaluation)| { | ||
| ( | ||
| Scalar::from(position as u128), | ||
| Scalar::from_bytes_mod_order(evaluation), | ||
| ) | ||
| }) | ||
| .collect() | ||
| } | ||
|
|
||
| #[test] | ||
| fn correct_polynomial_construction() { | ||
| let bytes = generate_positions(); | ||
|
|
||
| let polynomial = Polynomial::lagrange(&bytes); | ||
|
|
||
| assert_eq!(polynomial.eval(&Scalar::from(0_u128)), bytes[0].1); | ||
| assert_eq!(polynomial.eval(&Scalar::from(1_u128)), bytes[1].1); | ||
| assert_eq!(polynomial.eval(&Scalar::from(2_u128)), bytes[2].1); | ||
| } | ||
|
|
||
| #[test] | ||
| fn correct_prove_verification() { | ||
| let scheme = BulletproofPS::instantiate_generators(); | ||
| let bytes: Vec<[u8; 32]> = generate_bytes(); | ||
|
|
||
| let node = scheme.compute_commitment(&bytes); | ||
|
|
||
| let proof = scheme.prove(&node, &(1, bytes[1])); | ||
|
|
||
| assert!(scheme.verify(&proof, bytes.len(), &(1, bytes[1]))); | ||
| } | ||
| } | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.