Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cycle of curves #184

Merged
merged 17 commits into from
Dec 19, 2023
Merged

Cycle of curves #184

merged 17 commits into from
Dec 19, 2023

Conversation

KiriosK
Copy link
Collaborator

@KiriosK KiriosK commented Dec 8, 2023

No description provided.

@KiriosK KiriosK self-assigned this Dec 8, 2023
KiriosK added 16 commits December 8, 2023 17:41
@KiriosK
bn254 and grumpkin driver refactoring
a9b869f
@KiriosK
change assignment trait bounds from CircuitDriver to a field element
a8ad969
@KiriosK
adjust nova types, make instance allocations on provided CS
5f2f743
@KiriosK
separate r1cs shape and relaxed instances/witnesses
e338bca
@KiriosK
IVC on cycle curves draft implementation
1a0816d
@KiriosK
circuit, nifs gadget, proof verification logic adjusted
40f55fc
@KiriosK
fix scalar multiplication for PointAssignment
d147f8e
@KiriosK
fix unit tests for nova
23f7edb
@KiriosK
fix proof generation, so the hash check matches
43fab25
@KiriosK
fix ivc base case proof/verification
e679352
@KiriosK
move commitment keys to PublicParams, create types for non-relaxed in…
f4297c5 
…stance/witness
@KiriosK
fix the folding logic, make second argument non relaxed
567d4ba
@KiriosK
do IO folding arithmetics with BigNat, hashes fixed
d4b4699
@KiriosK
fix IVC for MIMC_ROUNDS=0
59f8c20
@KiriosK
fix IVC test for larger amount of steps
f39f623
@KiriosK
remove unnecessary comments and imports
ff1e428
@KiriosK KiriosK marked this pull request as ready for review December 18, 2023 06:41
@KiriosK KiriosK requested a review from ashWhiteHat December 18, 2023 06:41
KiriosK
KiriosK commented Dec 18, 2023
View reviewed changes
nova/src/relaxed_r1cs.rs
pub struct RelaxedR1cs<C: CircuitDriver> {
// 1. Structure S
// a, b and c matrices and matrix size
pub struct R1csShape<C: CircuitDriver> {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Extracted from the zkstd R1cs structure.
The 1 instance is not counted, because we use u value for verification.

KiriosK
KiriosK commented Dec 18, 2023
View reviewed changes
nova/src/relaxed_r1cs.rs

let instance = RelaxedR1csInstance::new(x);
let witness = RelaxedR1csWitness::new(w, m);
pub(crate) fn r1cs_instance_and_witness<C: CircuitDriver>(
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Get instance/witness values from R1cs that should match the provided shape.
R1csWitness and R1csInstance can be relaxed after if necessary.

@codecov Codecov
Copy link

codecov bot commented Dec 18, 2023

Codecov Report

Attention: 53 lines in your changes are missing coverage. Please review.

Comparison is base (3af89fe) 76.32% compared to head (ff1e428) 77.69%.
Report is 6 commits behind head on master.

Files Patch % Lines
nova/src/driver.rs 65.95% 16 Missing ⚠️
nova/src/gadget/big_nat.rs 0.00% 14 Missing ⚠️
zkstd/src/circuit/gadget/binary.rs 30.76% 9 Missing ⚠️
nova/src/circuit/augmented.rs 90.69% 4 Missing ⚠️
nova/src/gadget/instance.rs 66.66% 4 Missing ⚠️
groth16/src/circuit.rs 0.00% 2 Missing ⚠️
nova/src/proof.rs 92.00% 2 Missing ⚠️
zkstd/src/circuit/gadget/field.rs 95.23% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #184      +/-   ##
==========================================
+ Coverage   76.32%   77.69%   +1.36%     
==========================================
  Files          66       68       +2     
  Lines        4381     4488     +107     
==========================================
+ Hits         3344     3487     +143     
+ Misses       1037     1001      -36

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

KiriosK
KiriosK commented Dec 18, 2023
View reviewed changes
nova/src/ivc.rs
}
}

pub struct PublicParams<E1, E2, FC1, FC2>
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shapes for primary and secondary augmented circuits. Doesn't change the form and can be used on any iteration.
Commitment keys (passed to provers, used for r1cs verification)

KiriosK
KiriosK commented Dec 18, 2023
View reviewed changes
nova/src/relaxed_r1cs.rs
@@ -137,28 +110,62 @@ impl<C: CircuitDriver> RelaxedR1cs<C> {
.all(|(left, right)| left == right)
}

pub(crate) fn absorb_by_transcript<const ROUNDS: usize>(
/// check (A · Z) ◦ (B · Z) = (C · Z)
pub fn is_sat(
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Basic R1cs verification and additional commit_w verification

KiriosK
KiriosK commented Dec 18, 2023
View reviewed changes
zkstd/src/circuit.rs
@@ -5,6 +5,7 @@ use crate::common::{BNAffine, Deserialize, PrimeField, Serialize};
use core::fmt::Debug;

pub trait CircuitDriver: Clone + Debug + Default {
const ORDER_STR: &'static str;
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Used for module arithmetic in NifsCircuit depending on the driver

KiriosK
KiriosK commented Dec 18, 2023
View reviewed changes
zkstd/src/circuit/gadget/curve.rs
x: FieldAssignment<C>,
y: FieldAssignment<C>,
z: FieldAssignment<C>,
pub struct PointAssignment<F: PrimeField> {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Defined this way, so we can use R1cs on the opposite driver.

KiriosK
KiriosK commented Dec 18, 2023
View reviewed changes
zkstd/src/circuit/gadget/curve.rs
},
);

Self { x, y, z }
}

pub fn witness(cs: &mut R1cs<C>, x: C::Scalar, y: C::Scalar, is_infinity: bool) -> Self {
pub fn descale<C: CircuitDriver<Scalar = F>>(&self, cs: &mut R1cs<C>) -> Self {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Called before using the hash function to get same values with native hash computation.
Return (x/z, y/z, 1) or the point if it is an identity.

KiriosK
KiriosK commented Dec 18, 2023
View reviewed changes
zkstd/src/circuit/gadget/field.rs
let wire = cs.private_wire();
cs.w.push(witness);

Self(SparseRow::from(wire))
}

pub fn constant(constant: &C::Scalar) -> Self {
pub fn inputize<C: CircuitDriver<Scalar = F>>(cs: &mut R1cs<C>, witness: Self) -> Self {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make the computations accessible from outside of the circuit.

@ashWhiteHat ashWhiteHat changed the title [WIP] Cycle of curves Cycle of curves Dec 19, 2023
@ashWhiteHat ashWhiteHat merged commit 35b2e2e into master Dec 19, 2023
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashWhiteHat ashWhiteHat Awaiting requested review from ashWhiteHat

Assignees

@KiriosK KiriosK

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@KiriosK @ashWhiteHat