zm debug

a16z · Feb 1, 2024 · d3f71dd · d3f71dd
1 parent 356a387
commit d3f71dd
Show file tree

Hide file tree

Showing 9 changed files with 593 additions and 127 deletions.
diff --git a/src/e2e_test.rs b/src/e2e_test.rs
@@ -5,17 +5,14 @@ use crate::{
   lasso::{
     densified::DensifiedRepresentation,
     surge::{SparsePolyCommitmentGens, SparsePolynomialEvaluationProof},
-  },
-  subtables::{
+  }, subprotocols::{traits::PolynomialCommitmentScheme, hyrax::Hyrax}, subtables::{
     and::AndSubtableStrategy, lt::LTSubtableStrategy, range_check::RangeCheckSubtableStrategy,
     SubtableStrategy,
-  },
-  utils::math::Math,
-  utils::random::RandomTape,
+  }, utils::math::Math, utils::random::RandomTape
 };
 
 macro_rules! e2e_test {
-  ($test_name:ident, $Strategy:ty, $G:ty, $F:ty, $PCS:ty, $CK:expr, $C:expr, $M:expr, $sparsity:expr) => {
+  ($test_name:ident, $Strategy:ty, $G:ty, $F:ty, $C:expr, $M:expr, $sparsity:expr) => {
     #[test]
     fn $test_name() {
       use crate::utils::test::{gen_indices, gen_random_point};
@@ -36,8 +33,7 @@ macro_rules! e2e_test {
         DensifiedRepresentation::from_lookup_indices(&nz, log_M);
       let gens =
         SparsePolyCommitmentGens::<$G>::new(b"gens_sparse_poly", C, $sparsity, NUM_MEMORIES, log_M);
-      let ck = 
-      let commitment = dense.commit::<$G, $PCS>(&ck);
+      let commitment = dense.commit(&gens);
 
       let r: Vec<$F> = gen_random_point(log_s);
 
@@ -62,6 +58,7 @@ macro_rules! e2e_test {
   };
 }
 
+/// Hyrax
 e2e_test!(
   prove_4d_lt,
   LTSubtableStrategy,

diff --git a/src/lasso/densified.rs b/src/lasso/densified.rs
@@ -82,14 +82,14 @@ impl<F: PrimeField, const C: usize> DensifiedRepresentation<F, C> {
     &self,
     gens: &SparsePolyCommitmentGens<G>,
   ) -> SparsePolynomialCommitment<G> {
-    let (l_variate_polys_commitment, _) = Hyrax::commit(
-      self.combined_l_variate_polys.clone(),
+    let (l_variate_polys_commitment, _) = Hyrax::<G>::commit(
+      &self.combined_l_variate_polys,
       (gens.gens_combined_l_variate.clone(), None),
     )
     .unwrap();
-    let (log_m_variate_polys_commitment, _) = Hyrax::commit(
-      self.combined_log_m_variate_polys.clone(),
-      (gens.gens_combined_log_m_variate, None),
+    let (log_m_variate_polys_commitment, _) = Hyrax::<G>::commit(
+      &self.combined_log_m_variate_polys,
+      (gens.gens_combined_log_m_variate.clone(), None),
     )
     .unwrap();
 

diff --git a/src/lasso/memory_checking.rs b/src/lasso/memory_checking.rs
@@ -412,10 +412,10 @@ where
     );
 
     let (proof_ops, _) = Hyrax::prove(
-      dense.combined_l_variate_polys,
-      Some(joint_claim_eval_ops),
-      r_joint_ops,
-      (None, None, gens.gens_combined_l_variate, *random_tape),
+      &dense.combined_l_variate_polys,
+      &Some(joint_claim_eval_ops),
+      &r_joint_ops,
+      (None, None, &gens.gens_combined_l_variate, random_tape),
       transcript,
     )
     .unwrap();
@@ -448,10 +448,10 @@ where
     );
 
     let (proof_mem, _) = Hyrax::prove(
-      dense.combined_log_m_variate_polys,
-      Some(joint_claim_eval_mem),
-      r_joint_mem,
-      (None, None, gens.gens_combined_log_m_variate, *random_tape),
+      &dense.combined_log_m_variate_polys,
+      &Some(joint_claim_eval_mem),
+      &r_joint_mem,
+      (None, None, &gens.gens_combined_log_m_variate, random_tape),
       transcript,
     )
     .unwrap();

diff --git a/src/poly/dense_mlpoly.rs b/src/poly/dense_mlpoly.rs
@@ -654,24 +654,24 @@ mod tests {
     assert_eq!(eval, G::ScalarField::from(28u64));
 
     let gens = PolyCommitmentGens::<G>::new(poly.get_num_vars(), b"test-two");
-    let (poly_commitment, blinds) = Hyrax::commit(poly, &(gens, None)).unwrap();
+    let (poly_commitment, blinds) = Hyrax::commit(&poly, (gens.clone(), None)).unwrap();
 
     let mut random_tape = RandomTape::new(b"proof");
     let mut prover_transcript = Transcript::new(b"example");
     let (proof, C_Zr) = Hyrax::prove(
-      poly,
-      Some(eval),
-      r,
-      (Some(blinds), None, gens, random_tape),
+      &poly,
+      &Some(eval),
+      &r,
+      (Some(&blinds), None, &gens, &mut random_tape),
       &mut prover_transcript,
     )
     .unwrap();
 
     let mut verifier_transcript = Transcript::new(b"example");
 
     assert!(Hyrax::verify(
-      (poly_commitment, blinds),
-      None,
+      &(poly_commitment, blinds),
+      &None,
       r,
       &gens,
       &mut verifier_transcript,

diff --git a/src/subprotocols/hyrax.rs b/src/subprotocols/hyrax.rs
@@ -66,22 +66,22 @@ impl<G: CurveGroup> PolyEvalProof<G> {
     &self,
     gens: &PolyCommitmentGens<G>,
     transcript: &mut Transcript,
-    r: &[G::ScalarField], // point at which the polynomial is evaluated
-    Zr: &G::ScalarField,  // evaluation \widetilde{Z}(r)
+    r: &[G::ScalarField],
+    Zr: &G::ScalarField,
     comm: &PolyCommitment<G>,
   ) -> Result<(), ProofVerifyError> {
     // compute a commitment to Zr with a blind of zero
     let C_Zr = Zr.commit(&G::ScalarField::zero(), &gens.gens.gens_1);
 
     // TODO: Make blinds an Option
     Hyrax::verify(
-      (
+      &(
         comm.clone(),
         PolyCommitmentBlinds {
           blinds: vec![G::ScalarField::zero()],
         },
       ),
-      None,
+      &None,
       r.to_vec(),
       gens,
       transcript,
@@ -146,23 +146,24 @@ impl<G: CurveGroup> PolynomialCommitmentScheme for Hyrax<G> {
   type Proof = (PolyEvalProof<G>, G);
   type Error = ProofVerifyError;
 
-  type ProverKey = (
-    Option<PolyCommitmentBlinds<G::ScalarField>>,
-    Option<G::ScalarField>,
-    PolyCommitmentGens<G>,
-    RandomTape<G>,
+  type ProverKey<'p> = (
+    Option<&'p PolyCommitmentBlinds<G::ScalarField>>,
+    Option<&'p G::ScalarField>,
+    &'p PolyCommitmentGens<G>,
+    &'p mut RandomTape<G>,
   );
-  type CommitmentKey = (PolyCommitmentGens<G>, Option<RandomTape<G>>);
+  type CommitmentKey<'c> = (PolyCommitmentGens<G>, Option<&'c mut RandomTape<G>>);
   type VerifierKey = PolyCommitmentGens<G>;
 
   #[tracing::instrument(skip_all, name = "DensePolynomial.commit")]
-  fn commit(
-    poly: Self::Polynomial,
-    ck: impl Borrow<Self::CommitmentKey>,
-  ) -> Result<Self::Commitment, Self::Error> {
+  fn commit<'a, 'c>(
+    poly: &'a Self::Polynomial,
+    ck: Self::CommitmentKey<'c>,
+  ) -> Result<Self::Commitment, Self::Error> 
+  {
     let n = poly.Z.len();
     let ell = poly.get_num_vars();
-    let ck = ck.borrow();
+    let (gens, random_tape) = ck;
     assert_eq!(n, ell.pow2());
 
     let (left_num_vars, right_num_vars) =
@@ -171,7 +172,6 @@ impl<G: CurveGroup> PolynomialCommitmentScheme for Hyrax<G> {
     let R_size = right_num_vars.pow2();
     assert_eq!(L_size * R_size, n);
 
-    let (gens, random_tape) = ck;
     let blinds = if let Some(t) = random_tape {
       PolyCommitmentBlinds {
         blinds: t.random_vector(b"poly_blinds", L_size),
@@ -188,23 +188,26 @@ impl<G: CurveGroup> PolynomialCommitmentScheme for Hyrax<G> {
   }
 
   // Note this excludes commitments which introduces a concern that the proof would generate for polys and commitments not tied to one another
-  fn prove(
-    poly: Self::Polynomial,
+  fn prove<'a, 'p>(
+    poly: &'a Self::Polynomial,
     //blinds_opt: Option<&PolyCommitmentBlinds<G::ScalarField>>,
-    evals: Self::Evaluation,     // evaluation of \widetilde{Z}(r)
-    challenges: Self::Challenge, // point at which the polynomial is evaluated
+    evals: &'a Self::Evaluation,     // evaluation of \widetilde{Z}(r)
+    challenges: &'a Self::Challenge, // point at which the polynomial is evaluated
     //blind_Zr_opt: Option<&G::ScalarField>, // specifies a blind for Zr
     //gens: &PolyCommitmentGens<G>,
     //random_tape: &mut RandomTape<G>,
-    pk: impl Borrow<Self::ProverKey>,
+    pk: Self::ProverKey<'p>,
     transcript: &mut Transcript,
-  ) -> Result<Self::Proof, Self::Error> {
+  ) -> Result<Self::Proof, Self::Error> 
+    where
+      Self::Challenge: 'a,
+  {
     <Transcript as ProofTranscript<G>>::append_protocol_name(
       transcript,
       PolyEvalProof::<G>::protocol_name(),
     );
 
-    let (blinds_opt, blind_Zr_opt, gens, random_tape) = pk.borrow();
+    let (blinds_opt, blind_Zr_opt, gens, random_tape) = pk;
 
     // assert vectors are of the right size
     assert_eq!(poly.get_num_vars(), challenges.len());
@@ -240,7 +243,7 @@ impl<G: CurveGroup> PolynomialCommitmentScheme for Hyrax<G> {
     let (proof, _C_LR, C_Zr_prime) = DotProductProofLog::prove(
       &gens.gens,
       transcript,
-      &mut random_tape,
+      random_tape,
       &LZ,
       &LZ_blind,
       &R,
@@ -252,15 +255,19 @@ impl<G: CurveGroup> PolynomialCommitmentScheme for Hyrax<G> {
     Ok((PolyEvalProof { proof }, C_Zr_prime))
   }
 
-  fn verify(
-    commitments: Self::Commitment,
+  fn verify<'a>(
+    commitments: &'a Self::Commitment,
     // Find a better way to handle this... perhaps verifier key???
-    evals: Self::Evaluation,
+    evals: &'a Self::Evaluation,
     challenges: Self::Challenge, // point at which the polynomial is evaluated
-    vk: impl Borrow<Self::VerifierKey>, // C_Zr commitment to \widetilde{Z}(r)
+    vk: &'a Self::VerifierKey, // C_Zr commitment to \widetilde{Z}(r)
     transcript: &mut Transcript,
     proof: Self::Proof,
-  ) -> Result<(), Self::Error> {
+  ) -> Result<(), Self::Error> 
+    where
+      Self::Commitment: 'a,
+      Self::VerifierKey: 'a,
+  {
     <Transcript as ProofTranscript<G>>::append_protocol_name(
       transcript,
       PolyEvalProof::<G>::protocol_name(),