cleanup succinct arguments for batched verification

Author: shamatar

src/sonic/tests/sonics.rs

@@ -31,7 +31,7 @@ use crate::{
     SynthesisError
 };
 
-const MIMC_ROUNDS: usize = 2;
+const MIMC_ROUNDS: usize = 322;
 
 fn mimc<E: Engine>(
     mut xl: E::Fr,
@@ -544,8 +544,8 @@ fn test_succinct_sonic_mimc() {
         let s1_srs = perm_structure.create_permutation_special_reference(&srs);
         let s2_srs = perm_structure.calculate_s2_commitment_value(&srs);
 
-        // let info = get_circuit_parameters_for_succinct_sonic::<Bls12, _>(circuit.clone()).expect("Must get circuit info");
-        // println!("{:?}", info);
+        let info = get_circuit_parameters_for_succinct_sonic::<Bls12, _>(circuit.clone()).expect("Must get circuit info");
+        println!("{:?}", info);
 
         println!("creating proof");
         let start = Instant::now();
@@ -609,36 +609,38 @@ fn test_succinct_sonic_mimc() {
         {
             use rand::{XorShiftRng, SeedableRng, Rand, Rng};
             let mut rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);
-            
+            let start = Instant::now();
             let (perm_commitments, s_prime_challenges, perm_proof, perm_arg_proof, z_prime, num_poly, s1_naive) = perm_structure.create_permutation_arguments(aggregate.w, aggregate.z, &mut rng, &srs);
             let s2_proof = perm_structure.calculate_s2_proof(aggregate.z, aggregate.w, &srs);
 
-            let n = perm_structure.n;
-            let z = aggregate.z;
-            let y = aggregate.w;
-            let z_inv = z.inverse().unwrap();
-            let z_inv_n_plus_1 = z_inv.pow([(n+1) as u64]);
-            let z_n = z.pow([n as u64]);
-            let y_n = y.pow([n as u64]);
+            println!("Permutation argument done in {:?}", start.elapsed());
 
-            println!("S_1 naive = {}", s1_naive);
+            // let n = perm_structure.n;
+            // let z = aggregate.z;
+            // let y = aggregate.w;
+            // let z_inv = z.inverse().unwrap();
+            // let z_inv_n_plus_1 = z_inv.pow([(n+1) as u64]);
+            // let z_n = z.pow([n as u64]);
+            // let y_n = y.pow([n as u64]);
 
-            let mut s_1 = s1_naive;
-            s_1.mul_assign(&z_inv_n_plus_1);
-            s_1.mul_assign(&y_n);
+            // println!("S_1 naive = {}", s1_naive);
 
-            println!("S_1 multiplied = {}", s_1);
+            // let mut s_1 = s1_naive;
+            // s_1.mul_assign(&z_inv_n_plus_1);
+            // s_1.mul_assign(&y_n);
 
-            let mut s_2 = s2_proof.c_value;
-            s_2.add_assign(&s2_proof.d_value);
-            s_2.mul_assign(&z_n);
+            // println!("S_1 multiplied = {}", s_1);
 
-            s_1.sub_assign(&s_2);
-            println!("S naive = {}", s_1);
+            // let mut s_2 = s2_proof.c_value;
+            // s_2.add_assign(&s2_proof.d_value);
+            // s_2.mul_assign(&z_n);
+
+            // s_1.sub_assign(&s_2);
+            // println!("S naive = {}", s_1);
 
 
             let mut verifier = SuccinctMultiVerifier::<Bls12, _, Permutation3, _>::new(AdaptorCircuit(circuit.clone()), &srs, rng).unwrap();
-            println!("verifying 100 proofs with advice");
+            println!("verifying 100 proofs with succinct advice");
             let start = Instant::now();
             {
                 for (ref proof, ref advice) in &proofs {

src/sonic/unhelped/grand_product_argument.rs

@@ -8,6 +8,8 @@ use std::marker::PhantomData;
 
 use crate::sonic::srs::SRS;
 use crate::sonic::util::*;
+use crate::sonic::transcript::{Transcript, TranscriptProtocol};
+use super::wellformed_argument::{WellformednessSignature, WellformednessArgument};
 
 #[derive(Clone)]
 pub struct GrandProductArgument<E: Engine> {
@@ -27,7 +29,82 @@ pub struct GrandProductProof<E: Engine> {
     f_opening: E::G1Affine,
 }
 
+#[derive(Clone)]
+pub struct GrandProductSignature<E: Engine> {
+    pub a_commitments: Vec<E::G1Affine>,
+    pub b_commitments: Vec<E::G1Affine>,
+    pub c_commitments: Vec<(E::G1Affine, E::Fr)>,
+    pub t_commitment: E::G1Affine,
+    pub grand_product_openings: Vec<(E::Fr, E::G1Affine)>,
+    // pub a_zy: Vec<E::Fr>,
+    pub proof: GrandProductProof<E>,
+    pub wellformedness_signature: WellformednessSignature<E>,
+}
+
 impl<E: Engine> GrandProductArgument<E> {
+    pub fn create_signature(
+        grand_products: Vec<(Vec<E::Fr>, Vec<E::Fr>)>, 
+        y: E::Fr,
+        z: E::Fr,
+        srs: &SRS<E>,
+    ) -> GrandProductSignature<E> {
+        let mut a_commitments = vec![]; 
+        let mut b_commitments = vec![]; 
+
+        let mut transcript = Transcript::new(&[]);
+        let mut grand_product_challenges = vec![];
+
+        for (a, b) in grand_products.iter() {
+            let (c_a, c_b) = GrandProductArgument::commit_for_individual_products(& a[..], & b[..], &srs);
+            {
+                let mut transcript = Transcript::new(&[]);
+                transcript.commit_point(&c_a);
+                let challenge = transcript.get_challenge_scalar();
+                grand_product_challenges.push(challenge);
+                transcript.commit_point(&c_b);
+                let challenge = transcript.get_challenge_scalar();
+                grand_product_challenges.push(challenge);
+            }
+            a_commitments.push(c_a);
+            b_commitments.push(c_b);
+            transcript.commit_point(&c_a);
+            transcript.commit_point(&c_b);
+        }
+
+        let mut all_polys = vec![];
+        for p in grand_products.iter() {
+            let (a, b) = p;
+            all_polys.push(a.clone());
+            all_polys.push(b.clone());
+        }
+
+        let wellformedness_signature = WellformednessArgument::create_signature(
+            all_polys, 
+            &srs
+        );
+
+
+        let mut grand_product_argument = GrandProductArgument::new(grand_products);
+        let c_commitments = grand_product_argument.commit_to_individual_c_polynomials(&srs);
+        let t_commitment = grand_product_argument.commit_to_t_polynomial(&grand_product_challenges, y, &srs);
+        let grand_product_openings = grand_product_argument.open_commitments_for_grand_product(y, z, &srs);
+        let a_zy: Vec<E::Fr> = grand_product_openings.iter().map(|el| el.0.clone()).collect();
+        let proof = grand_product_argument.make_argument(&a_zy, &grand_product_challenges, y, z, &srs);
+
+        GrandProductSignature {
+            a_commitments,
+            b_commitments,
+            c_commitments,
+            t_commitment,
+            grand_product_openings,
+            // a_zy,
+            proof,
+            wellformedness_signature
+        }
+
+    }
+
+
     pub fn new(polynomials: Vec<(Vec<E::Fr>, Vec<E::Fr>)>) -> Self {
         assert!(polynomials.len() > 0);