diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d7258a44..f1d55e8b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -96,7 +96,7 @@ jobs: with: use-cross: true command: build - args: --no-default-features --target aarch64-unknown-none --lib + args: --no-default-features --target aarch64-unknown-none - name: Check uses: actions-rs/cargo@v1 diff --git a/README.md b/README.md index d9ff5f97..7a4d582c 100644 --- a/README.md +++ b/README.md @@ -39,11 +39,6 @@ This library comes with some unit and integration tests. Run these tests with: cargo test ``` -There are also a number of benchmarks. Run these benchmarks with: -```bash -cargo bench --features "benches" -``` - Lastly, this library is instrumented with profiling infrastructure that prints detailed traces of execution time. To enable this, compile with `cargo build --features print-trace`. ## Usage @@ -186,7 +181,6 @@ Unless you explicitly state otherwise, any contribution that you submit to this [aurora-light]: https://ia.cr/2019/601 [pcd-acc]: https://ia.cr/2020/499 [pst]: https://ia.cr/2011/587 -[ligero]: https://ia.cr/2022/1608 ## Reference papers @@ -214,10 +208,6 @@ TCC 2020 Charalampos Papamanthou, Elaine Shi, Roberto Tamassia TCC 2013 -[Ligero: Lightweight Sublinear Arguments Without a Trusted Setup][ligero] -Scott Ames, Carmit Hazay, Yuval Ishai, Muthuramakrishnan Venkitasubramaniam -CCS 2017 - ## Acknowledgements This work was supported by: an Engineering and Physical Sciences Research Council grant; a Google Faculty Award; the RISELab at UC Berkeley; and donations from the Ethereum Foundation and the Interchain Foundation. diff --git a/benches/benches.rs b/benches/benches.rs deleted file mode 100644 index 9d8164f2..00000000 --- a/benches/benches.rs +++ /dev/null @@ -1,203 +0,0 @@ -#![cfg(feature = "benches")] -use ark_ec::AffineRepr; -use ark_poly::DenseMultilinearExtension; -use blake2::Blake2s256; -use criterion::{criterion_group, criterion_main, Criterion}; - -use ark_crypto_primitives::{ - crh::{sha256::Sha256, CRHScheme, TwoToOneCRHScheme}, - merkle_tree::{ByteDigestConverter, Config}, - sponge::poseidon::PoseidonSponge, -}; - -use ark_poly_commit::{ - bench_templates::{bench_pcs_method, commit, open, verify, MLE}, - hyrax::HyraxPC, - linear_codes::{ - FieldToBytesColHasher, LeafIdentityHasher, LinearCodePCS, MultilinearBrakedown, - MultilinearLigero, - }, -}; - -use ark_bls12_381::{Fr as Fr381, G1Affine as G1Affine381}; -use ark_bn254::{Fr as Fr254, G1Affine as G1Affine254}; - -// Hyrax type alias -type Hyrax = HyraxPC::ScalarField>>; - -struct MerkleTreeParams; -type LeafH = LeafIdentityHasher; -type CompressH = Sha256; -impl Config for MerkleTreeParams { - type Leaf = Vec; - - type LeafDigest = ::Output; - type LeafInnerDigestConverter = ByteDigestConverter; - type InnerDigest = ::Output; - - type LeafHash = LeafH; - type TwoToOneHash = CompressH; -} - -type MTConfig = MerkleTreeParams; -type Sponge = PoseidonSponge; -type ColHasher = FieldToBytesColHasher; - -// Ligero type alias -type Ligero = LinearCodePCS< - MultilinearLigero, MLE, ColHasher>, - F, - MLE, - Sponge, - MTConfig, - ColHasher, ->; - -// Brakedown type alias -type Brakedown = LinearCodePCS< - MultilinearBrakedown, MLE, ColHasher>, - F, - MLE, - Sponge, - MTConfig, - ColHasher, ->; - -const MIN_NUM_VARS: usize = 10; -const MAX_NUM_VARS: usize = 20; - -/*************** Instantiating target functions ***************/ -fn hyrax_bls12_381(c: &mut Criterion) { - bench_pcs_method::<_, Hyrax>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "commit_hyrax_range_BLS12_381", - commit::<_, Hyrax>, - ); - bench_pcs_method::<_, Hyrax>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "open_hyrax_range_BLS12_381", - open::<_, Hyrax>, - ); - - bench_pcs_method::<_, Hyrax>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "verify_hyrax_range_BLS12_381", - verify::<_, Hyrax>, - ); -} - -fn hyrax_bn254(c: &mut Criterion) { - bench_pcs_method::<_, Hyrax>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "commit_hyrax_range_BN_254", - commit::<_, Hyrax>, - ); - bench_pcs_method::<_, Hyrax>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "open_hyrax_range_BN_254", - open::<_, Hyrax>, - ); - - bench_pcs_method::<_, Hyrax>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "verify_hyrax_range_BN_254", - verify::<_, Hyrax>, - ); -} - -fn ligero_bls12_381(c: &mut Criterion) { - bench_pcs_method::<_, Ligero>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "commit_ligero_range_BLS12_381", - commit::<_, Ligero>, - ); - bench_pcs_method::<_, Ligero>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "open_ligero_range_BLS12_381", - open::<_, Ligero>, - ); - - bench_pcs_method::<_, Ligero>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "verify_ligero_range_BLS12_381", - verify::<_, Ligero>, - ); -} - -fn ligero_bn254(c: &mut Criterion) { - bench_pcs_method::<_, Ligero>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "commit_ligero_range_BN_254", - commit::<_, Ligero>, - ); - bench_pcs_method::<_, Ligero>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "open_ligero_range_BN_254", - open::<_, Ligero>, - ); - - bench_pcs_method::<_, Ligero>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "verify_ligero_range_BN_254", - verify::<_, Ligero>, - ); -} - -fn brakedown_bn254(c: &mut Criterion) { - bench_pcs_method::<_, Brakedown>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "commit_brakedown_range_BN_254", - commit::<_, Brakedown>, - ); - bench_pcs_method::<_, Brakedown>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "open_brakedown_range_BN_254", - open::<_, Brakedown>, - ); - - bench_pcs_method::<_, Brakedown>( - c, - (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2).collect(), - "verify_brakedown_range_BN_254", - verify::<_, Brakedown>, - ); -} - -criterion_group! { - name = hyrax_benches; - config = Criterion::default(); - targets = - hyrax_bls12_381, - hyrax_bn254 -} - -criterion_group! { - name = ligero_benches; - config = Criterion::default(); - targets = - ligero_bls12_381, - ligero_bn254 -} - -criterion_group! { - name = brakedown_benches; - config = Criterion::default(); - targets = - brakedown_bn254, -} - -criterion_main!(hyrax_benches, ligero_benches, brakedown_benches); diff --git a/benches/benches_size.rs b/benches/benches_size.rs deleted file mode 100644 index b19810cf..00000000 --- a/benches/benches_size.rs +++ /dev/null @@ -1,172 +0,0 @@ -#![cfg(feature = "benches")] - -use ark_crypto_primitives::crh::{CRHScheme, TwoToOneCRHScheme}; -use ark_crypto_primitives::merkle_tree::{ByteDigestConverter, Config}; -use ark_crypto_primitives::{crh::sha256::Sha256, sponge::poseidon::PoseidonSponge}; -use ark_ec::AffineRepr; -use ark_poly::DenseMultilinearExtension; -use ark_poly_commit::bench_templates::{commitment_size, proof_size}; -use ark_poly_commit::linear_codes::{ - FieldToBytesColHasher, LinearCodePCS, MultilinearBrakedown, MultilinearLigero, -}; -use ark_poly_commit::{hyrax::HyraxPC, linear_codes::LeafIdentityHasher}; - -use ark_bls12_381::{Fr as Fr381, G1Affine as G1Affine381}; -use ark_bn254::{Fr as Fr254, G1Affine as G1Affine254}; -use blake2::Blake2s256; - -const MIN_NUM_VARS: usize = 10; -const MAX_NUM_VARS: usize = 24; - -type Hyrax = HyraxPC::ScalarField>>; - -struct MerkleTreeParams; -type LeafH = LeafIdentityHasher; -type CompressH = Sha256; -impl Config for MerkleTreeParams { - type Leaf = Vec; - - type LeafDigest = ::Output; - type LeafInnerDigestConverter = ByteDigestConverter; - type InnerDigest = ::Output; - - type LeafHash = LeafH; - type TwoToOneHash = CompressH; -} - -type MTConfig = MerkleTreeParams; -type Sponge = PoseidonSponge; -type ColHasher = FieldToBytesColHasher; -type Ligero = LinearCodePCS< - MultilinearLigero, DenseMultilinearExtension, ColHasher>, - F, - DenseMultilinearExtension, - Sponge, - MTConfig, - ColHasher, ->; - -type Brakedown = LinearCodePCS< - MultilinearBrakedown, DenseMultilinearExtension, ColHasher>, - F, - DenseMultilinearExtension, - Sponge, - MTConfig, - ColHasher, ->; - -/********************** Main *********************/ - -fn main() { - println!("\n---------------- Commitment size ----------------"); - - println!("\nHyrax on BLS12-381: Commitment size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - commitment_size::<_, Hyrax>(num_vars) - ); - } - - println!("\nLigero on BLS12-381::Fr: Commitment size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - commitment_size::<_, Ligero>(num_vars) - ); - } - - println!("\nBrakedown on BLS12-381::Fr: Commitment size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - commitment_size::<_, Brakedown>(num_vars) - ); - } - - println!("\nHyrax on BN-254: Commitment size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - commitment_size::<_, Hyrax>(num_vars) - ); - } - - println!("\nLigero on BN-254::Fr: Commitment size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - commitment_size::<_, Ligero>(num_vars) - ); - } - - println!("\nBrakedown on BN-254::Fr: Commitment size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - commitment_size::<_, Brakedown>(num_vars) - ); - } - - println!("\n---------------- Proof size ----------------"); - - println!("\nHyrax on BLS12-381: Proof size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - proof_size::<_, Hyrax>(num_vars) - ); - } - - println!("\nLigero on BLS12-381::Fr: Proof size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - proof_size::<_, Ligero>(num_vars) - ); - } - - println!("\nBrakedown on BLS12-381::Fr: Proof size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - proof_size::<_, Brakedown>(num_vars) - ); - } - - println!("\nHyrax on BN-254: Proof size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - proof_size::<_, Hyrax>(num_vars) - ); - } - - println!("\nLigero on BN-254::Fr: Proof size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - proof_size::<_, Ligero>(num_vars) - ); - } - - println!("\nBrakedown on BN-254::Fr: Proof size"); - for num_vars in (MIN_NUM_VARS..MAX_NUM_VARS).step_by(2) { - println!( - "\tnum_vars: {}, size: {} B", - num_vars, - proof_size::<_, Brakedown>(num_vars) - ); - } -} diff --git a/src/bench_templates/mod.rs b/src/bench_templates/mod.rs deleted file mode 100644 index 07ffe358..00000000 --- a/src/bench_templates/mod.rs +++ /dev/null @@ -1,232 +0,0 @@ -use ark_crypto_primitives::sponge::{ - poseidon::{PoseidonConfig, PoseidonSponge}, - CryptographicSponge, -}; -use ark_ff::PrimeField; -use ark_poly::{DenseMultilinearExtension, MultilinearExtension}; -use ark_serialize::{CanonicalSerialize, Compress}; -use ark_std::{rand::Rng, test_rng}; - -/// type alias for DenseMultilinearExtension -pub type MLE = DenseMultilinearExtension; - -use core::time::Duration; -use std::time::Instant; - -use crate::{challenge::ChallengeGenerator, LabeledPolynomial, PolynomialCommitment}; - -use criterion::{BenchmarkId, Criterion}; - -/// Measure the time cost of {commit/open/verify} across a range of num_vars -pub fn bench_pcs_method< - F: PrimeField, - PCS: PolynomialCommitment, PoseidonSponge>, ->( - c: &mut Criterion, - range: Vec, - msg: &str, - method: impl Fn(&PCS::UniversalParams, usize) -> Duration, -) { - let mut group = c.benchmark_group(msg); - let rng = &mut test_rng(); - - // Add for logarithmic scale (should yield linear plots) - // let plot_config = PlotConfiguration::default().summary_scale(AxisScale::Logarithmic); - // group.plot_config(plot_config); - - for num_vars in range { - // TODO if this takes too long and key trimming works, we might want to pull this out from the loop - let pp = PCS::setup(1, Some(num_vars), rng).unwrap(); - - group.bench_with_input( - BenchmarkId::from_parameter(num_vars), - &num_vars, - |b, num_vars| { - b.iter(|| method(&pp, *num_vars)); - }, - ); - } - - group.finish(); -} - -/// Report the time cost of a commitment -pub fn commit< - F: PrimeField, - PCS: PolynomialCommitment, PoseidonSponge>, ->( - pp: &PCS::UniversalParams, - num_vars: usize, -) -> Duration { - // TODO create or pass? depends on the cost - let rng = &mut test_rng(); - - let (ck, _) = PCS::trim(&pp, 1, 1, None).unwrap(); - - let labeled_poly = - LabeledPolynomial::new("test".to_string(), rand_ml_poly(num_vars, rng), None, None); - - let start = Instant::now(); - let (_, _) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap(); - start.elapsed() -} - -/// Report the size of a commitment -pub fn commitment_size< - F: PrimeField, - PCS: PolynomialCommitment, PoseidonSponge>, ->( - num_vars: usize, -) -> usize { - let rng = &mut test_rng(); - let pp = PCS::setup(1, Some(num_vars), rng).unwrap(); - - let (ck, _) = PCS::trim(&pp, 1, 1, None).unwrap(); - - let labeled_poly = - LabeledPolynomial::new("test".to_string(), rand_ml_poly(num_vars, rng), None, None); - - let (coms, _) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap(); - - coms[0].commitment().serialized_size(Compress::No) -} - -/// Report the time cost of an opening -pub fn open< - F: PrimeField, - PCS: PolynomialCommitment, PoseidonSponge>, ->( - pp: &PCS::UniversalParams, - num_vars: usize, -) -> Duration { - let rng = &mut test_rng(); - let (ck, _) = PCS::trim(&pp, 1, 1, None).unwrap(); - let labeled_poly = - LabeledPolynomial::new("test".to_string(), rand_ml_poly(num_vars, rng), None, None); - - let (coms, randomness) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap(); - let point = rand_mv_point(num_vars, rng); - - let start = Instant::now(); - let _ = PCS::open( - &ck, - [&labeled_poly], - &coms, - &point, - &mut ChallengeGenerator::new_univariate(&mut test_sponge()), - &randomness, - Some(rng), - ) - .unwrap(); - start.elapsed() -} - -/// Report the size of a proof -pub fn proof_size< - F: PrimeField, - PCS: PolynomialCommitment, PoseidonSponge>, ->( - num_vars: usize, -) -> usize { - let rng = &mut test_rng(); - let pp = PCS::setup(1, Some(num_vars), rng).unwrap(); - - let (ck, _) = PCS::trim(&pp, 1, 1, None).unwrap(); - let labeled_poly = - LabeledPolynomial::new("test".to_string(), rand_ml_poly(num_vars, rng), None, None); - - let (coms, randomness) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap(); - let point = rand_mv_point(num_vars, rng); - - let proofs = PCS::open( - &ck, - [&labeled_poly], - &coms, - &point, - &mut ChallengeGenerator::new_univariate(&mut test_sponge()), - &randomness, - Some(rng), - ) - .unwrap(); - - let bproof: PCS::BatchProof = vec![proofs].into(); - - bproof.serialized_size(Compress::No) -} - -/// Report the time cost of a verification -pub fn verify< - F: PrimeField, - PCS: PolynomialCommitment, PoseidonSponge>, ->( - pp: &PCS::UniversalParams, - num_vars: usize, -) -> Duration { - let rng = &mut test_rng(); - let (ck, vk) = PCS::trim(&pp, 1, 1, None).unwrap(); - let labeled_poly = - LabeledPolynomial::new("test".to_string(), rand_ml_poly(num_vars, rng), None, None); - - let (coms, randomness) = PCS::commit(&ck, [&labeled_poly], Some(rng)).unwrap(); - let point = rand_mv_point(num_vars, rng); - let claimed_eval = labeled_poly.evaluate(&point); - let proof = PCS::open( - &ck, - [&labeled_poly], - &coms, - &point, - &mut ChallengeGenerator::new_univariate(&mut test_sponge()), - &randomness, - Some(rng), - ) - .unwrap(); - - let start = Instant::now(); - PCS::check( - &vk, - &coms, - &point, - [claimed_eval], - &proof, - &mut ChallengeGenerator::new_univariate(&mut test_sponge()), - None, - ) - .unwrap(); - start.elapsed() -} - -/*************** Auxiliary functions ***************/ - -fn rand_ml_poly(num_vars: usize, rng: &mut impl Rng) -> MLE { - MLE::rand(num_vars, rng) -} - -fn rand_mv_point(num_vars: usize, rng: &mut impl Rng) -> Vec { - (0..num_vars).map(|_| F::rand(rng)).collect() -} - -fn test_sponge() -> PoseidonSponge { - let full_rounds = 8; - let partial_rounds = 31; - let alpha = 17; - - let mds = vec![ - vec![F::one(), F::zero(), F::one()], - vec![F::one(), F::one(), F::zero()], - vec![F::zero(), F::one(), F::one()], - ]; - - let mut v = Vec::new(); - let mut ark_rng = test_rng(); - - for _ in 0..(full_rounds + partial_rounds) { - let mut res = Vec::new(); - - for _ in 0..3 { - res.push(F::rand(&mut ark_rng)); - } - v.push(res); - } - let config = PoseidonConfig::new(full_rounds, partial_rounds, alpha, mds, v, 2, 1); - PoseidonSponge::new(&config) -} diff --git a/src/lib.rs b/src/lib.rs index ec7fc403..05e53e4a 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -37,10 +37,6 @@ pub use data_structures::*; /// Useful functions pub(crate) mod utils; -/// Auxiliary functions `benches.rs` -#[cfg(feature = "benches")] -pub mod bench_templates; - /// R1CS constraints for polynomial constraints. #[cfg(feature = "r1cs")] mod constraints; diff --git a/src/multilinear_pc/mod.rs b/src/multilinear_pc/mod.rs index 88dff918..bd5d3e53 100644 --- a/src/multilinear_pc/mod.rs +++ b/src/multilinear_pc/mod.rs @@ -284,7 +284,7 @@ mod tests { let com = MultilinearPC::commit(&ck, poly); let proof = MultilinearPC::open(&ck, poly, &point); - let value = MultilinearExtension::evaluate(poly, &point).unwrap(); + let value = poly.evaluate(&point).unwrap(); let result = MultilinearPC::check(&vk, &com, &point, value, &proof); assert!(result); }