Improved explanation of Plonk Activity (#1020)

* Changes for lectures 2,5,7,11 * Advanced ZK-Proofs * reveal lint * Fixes to Advanced ZK * yarn run lint:write on stuff already linted in master * Added Plonk Activity to Crypto module * Update README.md for Plonk activity * Fix the bug with product accumulator not being zero at the last point
Polkadot-Blockchain-Academy · May 24, 2024 · 7e0fbbb · 7e0fbbb
1 parent 8b2b7d8
commit 7e0fbbb
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 11 deletions.
diff --git a/syllabus/1-Cryptography/materials/plonk-activity/README.md b/syllabus/1-Cryptography/materials/plonk-activity/README.md
@@ -3,7 +3,9 @@
 A Python tutorial of the paper [PLONK: Permutations over Lagrange-bases for Oecumenical Noninteractive arguments of Knowledge](https://eprint.iacr.org/2019/953) it is incomplete WIP, not secure, not correct just to help people learn.
 
 # Activity
-Change the [notbook content][./plonk.ipynb] so it proves that you know the solution (3,4,5) to Pythagoras equation $x^2 + y^2 = z^2$ instead of proving the knowledge of solution to $x^3 + x + 5 = 35$ (as currently does).
+Change the [notbook content](./plonk.ipynb) so it proves that you know the solution (3,4,5) to Pythagoras equation $x^2 + y^2 = z^2$ instead of proving the knowledge of solution to $x^3 + x + 5 = 35$ (as currently does). You only need to update the tutorial up to Part x FFT, until you generate the permutations successfully.
+
+You should *not* import the `gen_copy_constraints` from `plonk.sample_problem` instead, you should create the `copy_constraints` array similar to $\psi$ array we built in the course.
 
 ## Getting Started
 

diff --git a/syllabus/1-Cryptography/materials/zk-factorization-example/interpolation.sage b/syllabus/1-Cryptography/materials/zk-factorization-example/interpolation.sage
@@ -105,15 +105,17 @@ print("The remainder of wirepoly/zerotest: ",naive_wire_poly % zero_test_poly)
 u1 = ZKField('0x'+hashlib.sha256("Hello, PBA! I'm u1".encode()).hexdigest())
 u2 = ZKField('0x'+hashlib.sha256("Hello, PBA! I'm u2".encode()).hexdigest())
 
-#u1 = ZKField(-1)
-#u2 = ZKField(1)
 #$\prod_{a\in\{1,..,39\}}\frac{u_1 - u_1 \times a - T(a)}{u_1 - u_2 \times \psi(a) - T(\psi(a))}
-f_numerator = [0]*39
-g_denominator = [0]*39
+f_numerator = [0]*40
+g_denominator = [0]*40
 for i in range(0, 39):
    f_numerator[i] = u1 - u2 * psi[i] - T[psi[i]-1]
    g_denominator[i] = u1 - u2 * (i + 1) - T[i]
 
+#because our group is not cyclic of size 39 we need to deal with t(40)
+f_numerator[39] = f_numerator[0] 
+g_denominator[39] = g_denominator[0]
+
 for i in range(0, 39):
    if (f_numerator[i] != g_denominator[psi[i]-1]):
       print("perm wiring doesn't match at index ", i)
@@ -122,28 +124,29 @@ p_acc = ZKField(1)
 for i in range(0, 39):
    p_acc *= f_numerator[i]/g_denominator[psi[i]-1]
 
-print(p_acc)
+assert(p_acc == 1)
 
-t = [0]*39
+t = [0]*40
 t[0] = f_numerator[0]/g_denominator[0]
-for i in range(1,39):
+for i in range(1,40):
    t[i] = t[i-1] * f_numerator[i]/g_denominator[i]
 
+x_values = range(1, 41)
 fx = PolysOnZKField.lagrange_polynomial(zip(x_values,f_numerator))
 gx = PolysOnZKField.lagrange_polynomial(zip(x_values,g_denominator))
 tx = PolysOnZKField.lagrange_polynomial(zip(x_values,t))
 
 perm_poly = tx(x+1) * gx(x+1) - tx(x) * fx(x+1)
 for i in range(1,40):
-   print(perm_poly(i))
+   assert(perm_poly(i) == 0)
 
 print("Perm check polynomial: ", perm_poly)
 print("Zero test polynomial:", zero_test_poly)
-print("The remainder of permpoly/zerotest: ",perm_poly % zero_test_poly)
+print("The remainder of permpoly/zerotest: ", perm_poly % zero_test_poly)
 
 qx = perm_poly / zero_test_poly
 print("q(x):",qx)
 
 # y^2 = x^3 + 8*x + 10 embeding degree 8 on 101 order 89
 # (trace_poly(r) - trace_poly(tau)) / (r - tau)
-for i in range(0, 39):
+