Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Goblin translator non-native field relation (Goblin Translator part 6) #2871

Merged
merged 5 commits into from
Oct 19, 2023

Conversation

Rumata888
Copy link
Contributor

@Rumata888 Rumata888 commented Oct 16, 2023

This PR adds the last of the Goblin translator relations (the non-native field relation) to the codebase. It also adds consistency tests.

Checklist:

Remove the checklist to signal you've completed it. Enable auto-merge if the PR is ready to merge.

  • If the pull request requires a cryptography review (e.g. cryptographic algorithm implementations) I have added the 'crypto' tag.
  • I have reviewed my diff in github, line by line and removed unexpected formatting changes, testing logs, or commented-out code.
  • Every change is related to the PR description.
  • I have linked this pull request to relevant issues (if any exist).

@Rumata888 Rumata888 self-assigned this Oct 16, 2023
@Rumata888 Rumata888 added the crypto cryptography label Oct 16, 2023
@AztecBot
Copy link
Collaborator

AztecBot commented Oct 16, 2023

Benchmark results

Metrics with a significant change:

  • note_history_trial_decrypting_time_in_ms (10): 215 (+41%)
Detailed results

All benchmarks are run on txs on the Benchmarking contract on the repository. Each tx consists of a batch call to create_note and increment_balance, which guarantees that each tx has a private call, a nested private call, a public call, and a nested public call, as well as an emitted private note, an unencrypted log, and public storage read and write.

This benchmark source data is available in JSON format on S3 here.

Values are compared against data from master at commit db3fa62e and shown if the difference exceeds 1%.

L2 block published to L1

Each column represents the number of txs on an L2 block published to L1.

Metric 8 txs 32 txs 128 txs
l1_rollup_calldata_size_in_bytes 45,444 179,588 716,132
l1_rollup_calldata_gas 222,912 867,776 3,447,908
l1_rollup_execution_gas 841,999 3,594,884 22,203,277
l2_block_processing_time_in_ms 1,039 (+2%) 4,081 (+4%) 15,583 (+1%)
note_successful_decrypting_time_in_ms 340 (+1%) 1,043 4,018 (+2%)
note_trial_decrypting_time_in_ms 41.0 (+5%) 108 138 (+1%)
l2_block_building_time_in_ms 9,013 (+1%) 35,879 (+1%) 158,408 (+1%)
l2_block_rollup_simulation_time_in_ms 6,659 (+2%) 26,450 (+1%) 105,834 (+1%)
l2_block_public_tx_process_time_in_ms 2,314 (+1%) 9,304 51,859

L2 chain processing

Each column represents the number of blocks on the L2 chain where each block has 16 txs.

Metric 5 blocks 10 blocks
node_history_sync_time_in_ms 11,776 (-3%) 22,490 (+2%)
note_history_successful_decrypting_time_in_ms 2,443 (-5%) 4,763 (-1%)
note_history_trial_decrypting_time_in_ms 122 (-1%) ⚠️ 215 (+41%)
node_database_size_in_bytes 1,662,182 1,200,902
pxe_database_size_in_bytes 27,188 54,187

Circuits stats

Stats on running time and I/O sizes collected for every circuit run across all benchmarks.

Circuit circuit_simulation_time_in_ms circuit_input_size_in_bytes circuit_output_size_in_bytes
private-kernel-init 47.8 61,697 18,841
private-kernel-ordering 23.4 (-2%) 24,233 8,089
base-rollup 854 639,797 811
root-rollup 40.7 (+7%) 4,072 1,097
private-kernel-inner 43.3 (-1%) 81,504 18,841
public-kernel-private-input 47.9 41,455 18,841
public-kernel-non-first-iteration 31.2 (-2%) 41,497 18,841
merge-rollup 0.870 (+7%) 2,592 873

Miscellaneous

Transaction sizes based on how many contracts are deployed in the tx.

Metric 0 deployed contracts 1 deployed contracts
tx_size_in_bytes 8,723 27,508

@codygunton codygunton self-requested a review October 16, 2023 14:14
Copy link
Contributor

@codygunton codygunton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, I had a look through and think that the relations are computed as advertised. Nice work. I left a few comments. The most important is about how you initialize some things in the relation parameters.

Some other things:

  • As I read this I reformatted some comments to help me process. I pushed those changes. Do you mind having a look at that? We can revert if you don't like it.
  • The relation could use some logic tests, not just a consistency test, to convince someone that it is doing what it is intended to do, rather than to show it matches some other inscrutible huge formulas. If you don't have time to write this could you leave a TODO issue in Bb repo?
  • For expediency I can see why you added stuff to the relation parameters, but it looks pretty hacky to me--is there not more appropriate place? The VMs should probably get some additional state structure that is uniform across them. Maybe now is not the time... could you please look for for a different and more robust solution as you work on the Public VM?
  • The term "shift" is pretty overloaded here: it refers to a shift of execution trace but also of the degrees of the binary basis limbs. Prob it's too late to fix, just noting it was confusing.
  • Ditto for the z's--why not just z_lo = z_lo_lo + shift * z_lo_hi? I had trouble checking part of the logic due to the naming there being the opposite of what I'd expect.

@@ -20,6 +22,12 @@ template <typename FF> struct RelationParameters {
// We can remove this by modifying the relation, but increases complexity
FF eccvm_set_permutation_delta = 0;
std::array<FF, NUM_BINARY_LIMBS_IN_GOBLIN_TRANSLATOR> accumulated_result = { FF(0) }; // Goblin Translator
std::array<FF, NUM_BINARY_LIMBS_IN_GOBLIN_TRANSLATOR + NUM_NATIVE_LIMBS_IN_GOBLIN_TRANSLATOR> evaluation_input_x = {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think these are not guaranteed to initialize to zero, rather, I think you might be only initializing the first element to zero. Cf "aggregate initialization" in C++ docs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, probably (I'm used to this working in C, but it is better to be safe, since we don't have an MSAN workflow yet)

const auto& quotient_high_binary_limbs_shift = View(in.quotient_high_binary_limbs_shift);
const auto& relation_wide_limbs = View(in.relation_wide_limbs);
const auto& relation_wide_limbs_shift = View(in.relation_wide_limbs_shift);
const auto& lagrange_odd = View(in.lagrange_odd);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you explain in the block comment how this Lagrange polynomial is to be used?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added


// 1 + polynomial degree of this relation
static constexpr std::array<size_t, 3> SUBRELATION_LENGTHS{
3, // Lower wide limb subrelation (checks result is 0 mod 2¹³⁶)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this "wide limb" terminology, could you briefly explain somewhere in there?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In a nutshell, its' because we are computing products of limbs and storing that product in there, so it's no longer 68 bits. I added the explanation in the block.

@Rumata888 Rumata888 force-pushed the is/goblin_translator_main_relation branch from fed9089 to bca7ef4 Compare October 19, 2023 12:20
@Rumata888
Copy link
Contributor Author

Ok, I had a look through and think that the relations are computed as advertised. Nice work. I left a few comments. The most important is about how you initialize some things in the relation parameters.

Some other things:

  • As I read this I reformatted some comments to help me process. I pushed those changes. Do you mind having a look at that? We can revert if you don't like it.
  • The relation could use some logic tests, not just a consistency test, to convince someone that it is doing what it is intended to do, rather than to show it matches some other inscrutible huge formulas. If you don't have time to write this could you leave a TODO issue in Bb repo?
  • For expediency I can see why you added stuff to the relation parameters, but it looks pretty hacky to me--is there not more appropriate place? The VMs should probably get some additional state structure that is uniform across them. Maybe now is not the time... could you please look for for a different and more robust solution as you work on the Public VM?
  • The term "shift" is pretty overloaded here: it refers to a shift of execution trace but also of the degrees of the binary basis limbs. Prob it's too late to fix, just noting it was confusing.
  • Ditto for the z's--why not just z_lo = z_lo_lo + shift * z_lo_hi? I had trouble checking part of the logic due to the naming there being the opposite of what I'd expect.
  1. I like this formatting more, will try to use with clang format for other stuff
  2. The logic tests are in correctness and require flavor to merge in. For all other relations the values are filled out by hand, for the non-native relation I used the circuit builder output. Once I merge the flavor, I can add correctness
  3. Since we can't compress all the inputs like we do with our general circuits, I had to use the relation parameters. We do need a special structure that will be easier to customise and wouldn't have to be the same for all the different flavors. Or maybe we need to simply define relation parameters in the flavor. It doesn't really make sense for them to be shared.
  4. I would prefer to use "_next" with polynomials. While we shift the polynomial, what we actually care about are the values in sumcheck and this is just the next value. And in non-native operations the shift is exactly the binary shift, so it is hard to change that name.
  5. We call them k1 and k1 in split_into_endomorphism_scalars, they are called k1 and k2 in the Guide to elliptic cryptography by Hankerson, but for some reason they were called z1, z2 in the Pepe paper. But the point is that they are not slices of some scalar z, so we are using z1, z2

@codygunton codygunton merged commit c4d8d96 into master Oct 19, 2023
6 checks passed
@codygunton codygunton deleted the is/goblin_translator_main_relation branch October 19, 2023 14:06
rahul-kothari pushed a commit that referenced this pull request Oct 24, 2023
🤖 I have created a release *beep* *boop*
---


<details><summary>aztec-packages: 0.10.0</summary>

##
[0.10.0](aztec-packages-v0.9.0...aztec-packages-v0.10.0)
(2023-10-24)


### ⚠ BREAKING CHANGES

* Emitting encrypted log by default
([#2926](#2926))

### Features

* Added register-account command to cli
([#2980](#2980))
([0977a90](0977a90))
* **docs:** Fix portals tutorial formatting
([#2929](#2929))
([ab19b67](ab19b67))
* Emitting encrypted log by default
([#2926](#2926))
([1ea2d4f](1ea2d4f)),
closes
[#2912](#2912)
* Goblin translator non-native field relation (Goblin Translator part 6)
([#2871](#2871))
([c4d8d96](c4d8d96))
* Honk profiling by pass, tsan preset
([#2982](#2982))
([a1592fd](a1592fd))
* Incorporate docs feedback and add "intermediate" level intros to some
pages
([#2598](#2598))
([78f9f52](78f9f52))
* Nuking `Pokeable` contract
([#2939](#2939))
([583d6fb](583d6fb))
* Protogalaxy Combiner
([#2436](#2436))
([a60c70d](a60c70d))
* Protogalaxy perturbator!
([#2624](#2624))
([509dee6](509dee6))
* Refactor pedersen hash standard
([#2592](#2592))
([3085676](3085676))
* Widget benchmarking
([#2897](#2897))
([0e927e9](0e927e9))


### Bug Fixes

* Add @jest/types to box deps
([#2903](#2903))
([db3fa62](db3fa62))
* Add lint rule for focused tests
([#2901](#2901))
([fd1a1a8](fd1a1a8))
* Avoid tsc OOM by unignoring an old contract artifact
([#2932](#2932))
([7310600](7310600))
* Bad it.only in tests
([#2900](#2900))
([a1f3af1](a1f3af1))
* Boxes boostrap dont use ts-node directly and add .prettierignore
([#2890](#2890))
([a3b1804](a3b1804))
* Confusing "Unknown complete address" error
([#2967](#2967))
([3a8f54a](3a8f54a))
* Force jest to quit, otherwise CI can rack up to 3hrs of credits per
job.
([#2899](#2899))
([ba2f671](ba2f671))
* Honk sumcheck performance
([#2925](#2925))
([5fbfe6e](5fbfe6e))
* Pending commitments contract using the wrong number of arguments
([#2959](#2959))
([655c322](655c322))
* Prettierignore in boxes
([#2902](#2902))
([8f7a200](8f7a200))
* Randomness in `AddressNote`
([#2965](#2965))
([4dc49a9](4dc49a9))
* Yarn lock
([#2923](#2923))
([7042bc6](7042bc6))


### Miscellaneous

* `Private Data Tree` --&gt; `Note Hash Tree`
([#2945](#2945))
([abaec9c](abaec9c)),
closes
[#2906](#2906)
* Apply hash abstraction over aztec-nr
([#2958](#2958))
([52f01ae](52f01ae))
* **docs:** Add Singleton and ImmutableSingleton `view_note` methods
([#2934](#2934))
([c1497f8](c1497f8))
* Fix box frontend styling
([#2919](#2919))
([7e9e8cc](7e9e8cc))
* Less noisy benchmark reports
([#2916](#2916))
([0df166c](0df166c))
* Remove unused nix files
([#2933](#2933))
([3174f84](3174f84))
* Run all e2e tests against sandbox
([#2891](#2891))
([6c4e26c](6c4e26c))
* Token box copies noir source files from noir-contracts on bootstrap
([#2940](#2940))
([a467b96](a467b96))


### Documentation

* Fix: update cheat codes to connect to ethRpcUrl
([#2922](#2922))
([4ffe9be](4ffe9be))
</details>

<details><summary>barretenberg.js: 0.10.0</summary>

##
[0.10.0](barretenberg.js-v0.9.0...barretenberg.js-v0.10.0)
(2023-10-24)


### Features

* Refactor pedersen hash standard
([#2592](#2592))
([3085676](3085676))
</details>

<details><summary>barretenberg: 0.10.0</summary>

##
[0.10.0](barretenberg-v0.9.0...barretenberg-v0.10.0)
(2023-10-24)


### Features

* Goblin translator non-native field relation (Goblin Translator part 6)
([#2871](#2871))
([c4d8d96](c4d8d96))
* Honk profiling by pass, tsan preset
([#2982](#2982))
([a1592fd](a1592fd))
* Protogalaxy Combiner
([#2436](#2436))
([a60c70d](a60c70d))
* Protogalaxy perturbator!
([#2624](#2624))
([509dee6](509dee6))
* Refactor pedersen hash standard
([#2592](#2592))
([3085676](3085676))
* Widget benchmarking
([#2897](#2897))
([0e927e9](0e927e9))


### Bug Fixes

* Honk sumcheck performance
([#2925](#2925))
([5fbfe6e](5fbfe6e))


### Miscellaneous

* Remove unused nix files
([#2933](#2933))
([3174f84](3174f84))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
AztecBot added a commit to AztecProtocol/barretenberg that referenced this pull request Oct 27, 2023
🤖 I have created a release *beep* *boop*
---


<details><summary>aztec-packages: 0.10.0</summary>

##
[0.10.0](AztecProtocol/aztec-packages@aztec-packages-v0.9.0...aztec-packages-v0.10.0)
(2023-10-24)


### ⚠ BREAKING CHANGES

* Emitting encrypted log by default
([#2926](AztecProtocol/aztec-packages#2926))

### Features

* Added register-account command to cli
([#2980](AztecProtocol/aztec-packages#2980))
([0977a90](AztecProtocol/aztec-packages@0977a90))
* **docs:** Fix portals tutorial formatting
([#2929](AztecProtocol/aztec-packages#2929))
([ab19b67](AztecProtocol/aztec-packages@ab19b67))
* Emitting encrypted log by default
([#2926](AztecProtocol/aztec-packages#2926))
([1ea2d4f](AztecProtocol/aztec-packages@1ea2d4f)),
closes
[#2912](AztecProtocol/aztec-packages#2912)
* Goblin translator non-native field relation (Goblin Translator part 6)
([#2871](AztecProtocol/aztec-packages#2871))
([c4d8d96](AztecProtocol/aztec-packages@c4d8d96))
* Honk profiling by pass, tsan preset
([#2982](AztecProtocol/aztec-packages#2982))
([a1592fd](AztecProtocol/aztec-packages@a1592fd))
* Incorporate docs feedback and add "intermediate" level intros to some
pages
([#2598](AztecProtocol/aztec-packages#2598))
([78f9f52](AztecProtocol/aztec-packages@78f9f52))
* Nuking `Pokeable` contract
([#2939](AztecProtocol/aztec-packages#2939))
([583d6fb](AztecProtocol/aztec-packages@583d6fb))
* Protogalaxy Combiner
([#2436](AztecProtocol/aztec-packages#2436))
([a60c70d](AztecProtocol/aztec-packages@a60c70d))
* Protogalaxy perturbator!
([#2624](AztecProtocol/aztec-packages#2624))
([509dee6](AztecProtocol/aztec-packages@509dee6))
* Refactor pedersen hash standard
([#2592](AztecProtocol/aztec-packages#2592))
([3085676](AztecProtocol/aztec-packages@3085676))
* Widget benchmarking
([#2897](AztecProtocol/aztec-packages#2897))
([0e927e9](AztecProtocol/aztec-packages@0e927e9))


### Bug Fixes

* Add @jest/types to box deps
([#2903](AztecProtocol/aztec-packages#2903))
([db3fa62](AztecProtocol/aztec-packages@db3fa62))
* Add lint rule for focused tests
([#2901](AztecProtocol/aztec-packages#2901))
([fd1a1a8](AztecProtocol/aztec-packages@fd1a1a8))
* Avoid tsc OOM by unignoring an old contract artifact
([#2932](AztecProtocol/aztec-packages#2932))
([7310600](AztecProtocol/aztec-packages@7310600))
* Bad it.only in tests
([#2900](AztecProtocol/aztec-packages#2900))
([a1f3af1](AztecProtocol/aztec-packages@a1f3af1))
* Boxes boostrap dont use ts-node directly and add .prettierignore
([#2890](AztecProtocol/aztec-packages#2890))
([a3b1804](AztecProtocol/aztec-packages@a3b1804))
* Confusing "Unknown complete address" error
([#2967](AztecProtocol/aztec-packages#2967))
([3a8f54a](AztecProtocol/aztec-packages@3a8f54a))
* Force jest to quit, otherwise CI can rack up to 3hrs of credits per
job.
([#2899](AztecProtocol/aztec-packages#2899))
([ba2f671](AztecProtocol/aztec-packages@ba2f671))
* Honk sumcheck performance
([#2925](AztecProtocol/aztec-packages#2925))
([5fbfe6e](AztecProtocol/aztec-packages@5fbfe6e))
* Pending commitments contract using the wrong number of arguments
([#2959](AztecProtocol/aztec-packages#2959))
([655c322](AztecProtocol/aztec-packages@655c322))
* Prettierignore in boxes
([#2902](AztecProtocol/aztec-packages#2902))
([8f7a200](AztecProtocol/aztec-packages@8f7a200))
* Randomness in `AddressNote`
([#2965](AztecProtocol/aztec-packages#2965))
([4dc49a9](AztecProtocol/aztec-packages@4dc49a9))
* Yarn lock
([#2923](AztecProtocol/aztec-packages#2923))
([7042bc6](AztecProtocol/aztec-packages@7042bc6))


### Miscellaneous

* `Private Data Tree` --&gt; `Note Hash Tree`
([#2945](AztecProtocol/aztec-packages#2945))
([abaec9c](AztecProtocol/aztec-packages@abaec9c)),
closes
[#2906](AztecProtocol/aztec-packages#2906)
* Apply hash abstraction over aztec-nr
([#2958](AztecProtocol/aztec-packages#2958))
([52f01ae](AztecProtocol/aztec-packages@52f01ae))
* **docs:** Add Singleton and ImmutableSingleton `view_note` methods
([#2934](AztecProtocol/aztec-packages#2934))
([c1497f8](AztecProtocol/aztec-packages@c1497f8))
* Fix box frontend styling
([#2919](AztecProtocol/aztec-packages#2919))
([7e9e8cc](AztecProtocol/aztec-packages@7e9e8cc))
* Less noisy benchmark reports
([#2916](AztecProtocol/aztec-packages#2916))
([0df166c](AztecProtocol/aztec-packages@0df166c))
* Remove unused nix files
([#2933](AztecProtocol/aztec-packages#2933))
([3174f84](AztecProtocol/aztec-packages@3174f84))
* Run all e2e tests against sandbox
([#2891](AztecProtocol/aztec-packages#2891))
([6c4e26c](AztecProtocol/aztec-packages@6c4e26c))
* Token box copies noir source files from noir-contracts on bootstrap
([#2940](AztecProtocol/aztec-packages#2940))
([a467b96](AztecProtocol/aztec-packages@a467b96))


### Documentation

* Fix: update cheat codes to connect to ethRpcUrl
([#2922](AztecProtocol/aztec-packages#2922))
([4ffe9be](AztecProtocol/aztec-packages@4ffe9be))
</details>

<details><summary>barretenberg.js: 0.10.0</summary>

##
[0.10.0](AztecProtocol/aztec-packages@barretenberg.js-v0.9.0...barretenberg.js-v0.10.0)
(2023-10-24)


### Features

* Refactor pedersen hash standard
([#2592](AztecProtocol/aztec-packages#2592))
([3085676](AztecProtocol/aztec-packages@3085676))
</details>

<details><summary>barretenberg: 0.10.0</summary>

##
[0.10.0](AztecProtocol/aztec-packages@barretenberg-v0.9.0...barretenberg-v0.10.0)
(2023-10-24)


### Features

* Goblin translator non-native field relation (Goblin Translator part 6)
([#2871](AztecProtocol/aztec-packages#2871))
([c4d8d96](AztecProtocol/aztec-packages@c4d8d96))
* Honk profiling by pass, tsan preset
([#2982](AztecProtocol/aztec-packages#2982))
([a1592fd](AztecProtocol/aztec-packages@a1592fd))
* Protogalaxy Combiner
([#2436](AztecProtocol/aztec-packages#2436))
([a60c70d](AztecProtocol/aztec-packages@a60c70d))
* Protogalaxy perturbator!
([#2624](AztecProtocol/aztec-packages#2624))
([509dee6](AztecProtocol/aztec-packages@509dee6))
* Refactor pedersen hash standard
([#2592](AztecProtocol/aztec-packages#2592))
([3085676](AztecProtocol/aztec-packages@3085676))
* Widget benchmarking
([#2897](AztecProtocol/aztec-packages#2897))
([0e927e9](AztecProtocol/aztec-packages@0e927e9))


### Bug Fixes

* Honk sumcheck performance
([#2925](AztecProtocol/aztec-packages#2925))
([5fbfe6e](AztecProtocol/aztec-packages@5fbfe6e))


### Miscellaneous

* Remove unused nix files
([#2933](AztecProtocol/aztec-packages#2933))
([3174f84](AztecProtocol/aztec-packages@3174f84))
</details>

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crypto cryptography
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants