Merge branch 'snarkpack-integration' of https://github.com/cryptonetlab/testudo into snarkpack-integration

Author: maramihali

Cargo.toml

@@ -52,7 +52,7 @@ csv = "1.1.5"
 criterion = "0.3.6"
 
 [lib]
-name = "libspartan"
+name = "libtestudo"
 path = "src/lib.rs"
 
 [[bin]]
@@ -63,6 +63,10 @@ path = "profiler/testudo.rs"
 name = "testudo"
 harness = false
 
+[[bench]]
+name = "pst"
+harness = false
+
 [features]
 multicore = ["rayon"]
 profile = []

benches/pst.rs

@@ -0,0 +1,98 @@
+use std::time::Instant;
+
+use ark_poly_commit::multilinear_pc::MultilinearPC;
+use ark_serialize::CanonicalSerialize;
+use libtestudo::{
+  parameters::PoseidonConfiguration, poseidon_transcript::PoseidonTranscript, sqrt_pst::Polynomial,
+};
+use serde::Serialize;
+type F = ark_bls12_377::Fr;
+type E = ark_bls12_377::Bls12_377;
+use ark_std::UniformRand;
+
+#[derive(Default, Clone, Serialize)]
+struct BenchmarkResults {
+  power: usize,
+  commit_time: u128,
+  opening_time: u128,
+  verification_time: u128,
+  proof_size: usize,
+  commiter_key_size: usize,
+}
+fn main() {
+  let params = ark_bls12_377::Fr::poseidon_params();
+
+  let mut writer = csv::Writer::from_path("sqrt_pst.csv").expect("unable to open csv writer");
+  for &s in [4, 5, 20, 27].iter() {
+    println!("Running for {} inputs", s);
+    let mut rng = ark_std::test_rng();
+    let mut br = BenchmarkResults::default();
+    br.power = s;
+    let num_vars = s;
+    let len = 2_usize.pow(num_vars as u32);
+    let z: Vec<F> = (0..len).into_iter().map(|_| F::rand(&mut rng)).collect();
+    let r: Vec<F> = (0..num_vars)
+      .into_iter()
+      .map(|_| F::rand(&mut rng))
+      .collect();
+
+    let setup_vars = (num_vars as f32 / 2.0).ceil() as usize;
+    let gens = MultilinearPC::<E>::setup((num_vars as f32 / 2.0).ceil() as usize, &mut rng);
+    let (ck, vk) = MultilinearPC::<E>::trim(&gens, setup_vars);
+
+    let mut cks = Vec::<u8>::new();
+    ck.serialize_with_mode(&mut cks, ark_serialize::Compress::Yes)
+      .unwrap();
+    br.commiter_key_size = cks.len();
+
+    let mut pl = Polynomial::from_evaluations(&z.clone());
+
+    let v = pl.eval(&r);
+
+    let start = Instant::now();
+    let (comm_list, t) = pl.commit(&ck);
+    let duration = start.elapsed().as_millis();
+    br.commit_time = duration;
+
+    let mut prover_transcript = PoseidonTranscript::new(&params);
+
+    let start = Instant::now();
+    let (u, pst_proof, mipp_proof) = pl.open(&mut prover_transcript, comm_list, &ck, &r, &t);
+    let duration = start.elapsed().as_millis();
+    br.opening_time = duration;
+
+    let mut p1 = Vec::<u8>::new();
+    let mut p2 = Vec::<u8>::new();
+    pst_proof
+      .serialize_with_mode(&mut p1, ark_serialize::Compress::Yes)
+      .unwrap();
+
+    mipp_proof
+      .serialize_with_mode(&mut p2, ark_serialize::Compress::Yes)
+      .unwrap();
+
+    br.proof_size = p1.len() + p2.len();
+
+    let mut verifier_transcript = PoseidonTranscript::new(&params);
+
+    let start = Instant::now();
+    let res = Polynomial::verify(
+      &mut verifier_transcript,
+      &vk,
+      &u,
+      &r,
+      v,
+      &pst_proof,
+      &mipp_proof,
+      &t,
+    );
+    let duration = start.elapsed().as_millis();
+    br.verification_time = duration;
+    assert!(res == true);
+
+    writer
+      .serialize(br)
+      .expect("unable to write results to csv");
+    writer.flush().expect("wasn't able to flush");
+  }
+}

benches/testudo.rs

@@ -5,8 +5,8 @@ use ark_crypto_primitives::sponge::Absorb;
 use ark_ec::pairing::Pairing;
 use ark_ff::PrimeField;
 use ark_serialize::*;
-use libspartan::parameters::PoseidonConfiguration;
-use libspartan::{
+use libtestudo::parameters::PoseidonConfiguration;
+use libtestudo::{
   poseidon_transcript::PoseidonTranscript,
   testudo_snark::{TestudoSnark, TestudoSnarkGens},
   Instance,

examples/cubic.rs

@@ -11,8 +11,8 @@
 use ark_ec::pairing::Pairing;
 use ark_ff::{BigInteger, PrimeField};
 use ark_std::{One, UniformRand, Zero};
-use libspartan::testudo_snark::{TestudoSnark, TestudoSnarkGens};
-use libspartan::{
+use libtestudo::testudo_snark::{TestudoSnark, TestudoSnarkGens};
+use libtestudo::{
   parameters::poseidon_params, poseidon_transcript::PoseidonTranscript, InputsAssignment, Instance,
   VarsAssignment,
 };

profiler/testudo.rs

@@ -1,16 +1,16 @@
 #![allow(non_snake_case)]
 #![allow(clippy::assertions_on_result_states)]
 
-extern crate libspartan;
+extern crate libtestudo;
 extern crate merlin;
 use ark_crypto_primitives::sponge::poseidon::PoseidonConfig;
 use ark_crypto_primitives::sponge::Absorb;
 use ark_ec::pairing::Pairing;
 use ark_ff::PrimeField;
 use ark_serialize::*;
-use libspartan::parameters::PoseidonConfiguration;
-use libspartan::poseidon_transcript::PoseidonTranscript;
-use libspartan::{
+use libtestudo::parameters::PoseidonConfiguration;
+use libtestudo::poseidon_transcript::PoseidonTranscript;
+use libtestudo::{
   testudo_snark::{TestudoSnark, TestudoSnarkGens},
   Instance,
 };

src/lib.rs

@@ -28,7 +28,7 @@ mod product_tree;
 mod r1csinstance;
 mod r1csproof;
 mod sparse_mlpoly;
-mod sqrt_pst;
+pub mod sqrt_pst;
 mod sumcheck;
 pub mod testudo_nizk;
 pub mod testudo_snark;

src/r1csinstance.rs

@@ -314,6 +314,9 @@ impl<F: PrimeField> R1CSInstance<F> {
     &self,
     gens: &R1CSCommitmentGens<E>,
   ) -> (R1CSCommitment<E::G1>, R1CSDecommitment<F>) {
+    // Noting that matrices A, B and C are sparse, produces a combined dense
+    // dense polynomial from the non-zero entry that we commit to. This
+    // represents the computational commitment.
     let (comm, dense) = SparseMatPolynomial::multi_commit(&[&self.A, &self.B, &self.C], &gens.gens);
     let r1cs_comm = R1CSCommitment {
       num_cons: self.num_cons,
@@ -322,6 +325,8 @@ impl<F: PrimeField> R1CSInstance<F> {
       comm,
     };
 
+    // The decommitment is used by the prover to convince the verifier
+    // the received openings of A, B and C are correct.
     let r1cs_decomm = R1CSDecommitment { dense };
 
     (r1cs_comm, r1cs_decomm)

src/sparse_mlpoly.rs

@@ -20,6 +20,8 @@ use ark_serialize::*;
 use core::cmp::Ordering;
 
 #[derive(Debug, CanonicalSerialize, CanonicalDeserialize, Clone)]
+// Each SparseMatEntry is a tuple (row, col, val) representing a non-zero value
+// in an R1CS  matrix.
 pub struct SparseMatEntry<F: PrimeField> {
   row: usize,
   col: usize,
@@ -33,9 +35,11 @@ impl<F: PrimeField> SparseMatEntry<F> {
 }
 
 #[derive(Debug, CanonicalSerialize, CanonicalDeserialize, Clone)]
+// The sparse multilinearrepresentation of an R1CS matrix of size x*y
 pub struct SparseMatPolynomial<F: PrimeField> {
   num_vars_x: usize,
   num_vars_y: usize,
+  // The non-zero entries in the matrix, represented by the tuple (row, col,val)
   M: Vec<SparseMatEntry<F>>,
 }
 
@@ -346,6 +350,7 @@ impl<F: PrimeField> SparseMatPolynomial<F> {
     }
   }
 
+  // get the number of non_zero entries in a sparse R1CS matrix
   pub fn get_num_nz_entries(&self) -> usize {
     self.M.len().next_power_of_two()
   }
@@ -364,6 +369,7 @@ impl<F: PrimeField> SparseMatPolynomial<F> {
     (ops_row, ops_col, val)
   }
 
+  // Produce the dense representation of sparse matrices A, B and C.
   fn multi_sparse_to_dense_rep(
     sparse_polys: &[&SparseMatPolynomial<F>],
   ) -> MultiSparseMatPolynomialAsDense<F> {
@@ -384,11 +390,17 @@ impl<F: PrimeField> SparseMatPolynomial<F> {
     let mut val_vec: Vec<DensePolynomial<F>> = Vec::new();
     for poly in sparse_polys {
       let (ops_row, ops_col, val) = poly.sparse_to_dense_vecs(N);
+      // aggregate all the row and columns that contain non-zero values in the
+      // three matrices
       ops_row_vec.push(ops_row);
       ops_col_vec.push(ops_col);
+      // create dense polynomials, in Lagrange representation, for the non-zero
+      // values of each matrix
       val_vec.push(DensePolynomial::new(val));
     }
 
+    // Note: everything else from
+
     let any_poly = &sparse_polys[0];
 
     let num_mem_cells = if any_poly.num_vars_x > any_poly.num_vars_y {
@@ -401,6 +413,7 @@ impl<F: PrimeField> SparseMatPolynomial<F> {
     let col = AddrTimestamps::new(num_mem_cells, N, ops_col_vec);
 
     // combine polynomials into a single polynomial for commitment purposes
+    // this is done because the commitment used has a public setup
     let comb_ops = DensePolynomial::merge(
       row
         .ops_addr