Skip to content

Commit

Permalink
randomness
Browse files Browse the repository at this point in the history
  • Loading branch information
@rw0x0
rw0x0 committed Feb 24, 2025
1 parent 7708953 commit 6b3c505
Show file tree
Hide file tree
Showing 8 changed files with 56 additions and 37 deletions.
1 change: 1 addition & 0 deletions Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 4 additions & 3 deletions co-noir/co-builder/src/polynomials/polynomial.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ use ark_poly::{univariate::DensePolynomial, DenseUVPolynomial, Polynomial as _};
use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
use num_traits::Zero;

use rand::{CryptoRng, Rng};
use serde::{Deserialize, Deserializer, Serialize, Serializer};
use std::ops::{AddAssign, Index, IndexMut, MulAssign, SubAssign};

Expand Down Expand Up @@ -204,9 +205,9 @@ impl<F: PrimeField> Polynomial<F> {
let poly = DensePolynomial::from_coefficients_slice(&self.coefficients);
poly.evaluate(&point)
}
pub fn random(size: usize) -> Self {
let mut rng = rand::thread_rng();
let coefficients = (0..size).map(|_| F::rand(&mut rng)).collect();

pub fn random<R: Rng + CryptoRng>(size: usize, rng: &mut R) -> Self {
let coefficients = (0..size).map(|_| F::rand(rng)).collect();
Self { coefficients }
}

Expand Down
1 change: 1 addition & 0 deletions co-noir/ultrahonk/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ serde_json.workspace = true
sha3 = { workspace = true }
tracing.workspace = true
rand.workspace = true
rand_chacha.workspace = true

[dev-dependencies]
rand.workspace = true
12 changes: 9 additions & 3 deletions co-noir/ultrahonk/src/decider/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ use co_builder::{
prelude::{HonkCurve, ProverCrs},
HonkProofResult,
};
use rand::SeedableRng;
use rand_chacha::ChaCha12Rng;
use std::marker::PhantomData;

pub(crate) struct Decider<
Expand All @@ -23,6 +25,7 @@ pub(crate) struct Decider<
const SIZE: usize,
> {
pub(super) memory: ProverMemory<P>,
pub(super) rng: ChaCha12Rng,
phantom_data: PhantomData<P>,
phantom_hasher: PhantomData<H>,
}
Expand All @@ -36,6 +39,7 @@ impl<
pub(crate) fn new(memory: ProverMemory<P>) -> Self {
Self {
memory,
rng: ChaCha12Rng::from_entropy(),
phantom_data: PhantomData,
phantom_hasher: PhantomData,
}
Expand Down Expand Up @@ -66,7 +70,7 @@ impl<
*/
#[expect(clippy::type_complexity)]
fn execute_relation_check_rounds(
&self,
&mut self,
transcript: &mut Transcript<TranscriptFieldType, H>,
crs: &ProverCrs<P>,
circuit_size: u32,
Expand All @@ -75,10 +79,11 @@ impl<
if has_zk == ZeroKnowledge::Yes {
let log_subgroup_size = Utils::get_msb64(P::SUBGROUP_SIZE as u64);
let commitment_key = crs.monomials[..1 << (log_subgroup_size + 1)].to_vec();
let mut zk_sumcheck_data: ZKSumcheckData<P> = ZKSumcheckData::<P>::new::<H>(
let mut zk_sumcheck_data: ZKSumcheckData<P> = ZKSumcheckData::<P>::new::<H, _>(
Utils::get_msb64(circuit_size as u64) as usize,
transcript,
&commitment_key,
&mut self.rng,
)?;
Ok((
self.sumcheck_prove_zk(transcript, circuit_size, &mut zk_sumcheck_data),
Expand Down Expand Up @@ -110,14 +115,15 @@ impl<
self.shplemini_prove(transcript, circuit_size, crs, sumcheck_output, None)?;
Self::compute_opening_proof(prover_opening_claim, transcript, crs)
} else {
let small_subgroup_ipa_prover = SmallSubgroupIPAProver::<_>::new::<H>(
let small_subgroup_ipa_prover = SmallSubgroupIPAProver::<_>::new::<H, _>(
zk_sumcheck_data.expect("We have ZK"),
&sumcheck_output.challenges,
sumcheck_output
.claimed_libra_evaluation
.expect("We have ZK"),
transcript,
crs,
&mut self.rng,
)?;
let witness_polynomials = small_subgroup_ipa_prover.get_witness_polynomials();
let prover_opening_claim = self.shplemini_prove(
Expand Down
8 changes: 4 additions & 4 deletions co-noir/ultrahonk/src/decider/shplemini/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ impl<

#[expect(clippy::type_complexity)]
fn compute_batched_polys(
&self,
&mut self,
transcript: &mut Transcript<TranscriptFieldType, H>,
multilinear_challenge: &[P::ScalarField],
log_n: usize,
Expand All @@ -51,7 +51,7 @@ impl<

// To achieve ZK, we mask the batched polynomial by a random polynomial of the same size
if has_zk {
batched_unshifted = Polynomial::<P::ScalarField>::random(n);
batched_unshifted = Polynomial::<P::ScalarField>::random(n, &mut self.rng);
let masking_poly_comm = Utils::commit(&batched_unshifted.coefficients, commitment_key)?;
transcript.send_point_to_verifier::<P>(
"Gemini:masking_poly_comm".to_string(),
Expand Down Expand Up @@ -136,7 +136,7 @@ impl<
// * since they are linear-combinations of the commitments [fⱼ] and [gⱼ].
// */
pub(crate) fn gemini_prove(
&self,
&mut self,
multilinear_challenge: Vec<P::ScalarField>,
log_n: usize,
commitment_key: &ProverCrs<P>,
Expand Down Expand Up @@ -389,7 +389,7 @@ impl<
}

pub(crate) fn shplemini_prove(
&self,
&mut self,
transcript: &mut Transcript<TranscriptFieldType, H>,
circuit_size: u32,
crs: &ProverCrs<P>,
Expand Down
24 changes: 14 additions & 10 deletions co-noir/ultrahonk/src/decider/small_subgroup_ipa.rs
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
use crate::prelude::TranscriptHasher;
use crate::prelude::Univariate;
use crate::Utils;
use crate::CONST_PROOF_SIZE_LOG_N;
use crate::{prelude::Transcript, transcript::TranscriptFieldType};
use ark_ec::pairing::Pairing;
use ark_ff::One;
use ark_ff::Zero;
use ark_poly::{EvaluationDomain, GeneralEvaluationDomain};
use co_builder::prelude::{HonkCurve, Polynomial, ProverCrs};
use co_builder::HonkProofError;
use co_builder::HonkProofResult;

use crate::prelude::TranscriptHasher;
use crate::prelude::Univariate;
use crate::Utils;
use crate::CONST_PROOF_SIZE_LOG_N;
use crate::{prelude::Transcript, transcript::TranscriptFieldType};
use rand::{CryptoRng, Rng};

use super::sumcheck::zk_data::ZKSumcheckData;

Expand All @@ -31,12 +31,13 @@ impl<P: HonkCurve<TranscriptFieldType>> SmallSubgroupIPAProver<P> {
const SUBGROUP_SIZE: usize = P::SUBGROUP_SIZE;
const BATCHED_POLYNOMIAL_LENGTH: usize = 2 * P::SUBGROUP_SIZE + 2;
const QUOTIENT_LENGTH: usize = Self::SUBGROUP_SIZE + 2;
pub(crate) fn new<H: TranscriptHasher<TranscriptFieldType>>(
pub(crate) fn new<H: TranscriptHasher<TranscriptFieldType>, R: Rng + CryptoRng>(
zk_sumcheck_data: &ZKSumcheckData<P>,
multivariate_challenge: &[P::ScalarField],
claimed_ipa_eval: P::ScalarField,
transcript: &mut Transcript<TranscriptFieldType, H>,
commitment_key: &ProverCrs<P>,
rng: &mut R,
) -> HonkProofResult<Self> {
let mut prover = SmallSubgroupIPAProver {
interpolation_domain: zk_sumcheck_data.interpolation_domain.to_vec(),
Expand Down Expand Up @@ -65,7 +66,7 @@ impl<P: HonkCurve<TranscriptFieldType>> SmallSubgroupIPAProver<P> {
// }

prover.compute_challenge_polynomial(multivariate_challenge)?;
prover.compute_big_sum_polynomial()?;
prover.compute_big_sum_polynomial(rng)?;
let libra_big_sum_commitment =
Utils::commit(&prover.big_sum_polynomial.coefficients, commitment_key)?;
transcript.send_point_to_verifier::<P>(
Expand Down Expand Up @@ -164,7 +165,10 @@ impl<P: HonkCurve<TranscriptFieldType>> SmallSubgroupIPAProver<P> {
* vanishing polynomial.
*
*/
fn compute_big_sum_polynomial(&mut self) -> HonkProofResult<()> {
fn compute_big_sum_polynomial<R: Rng + CryptoRng>(
&mut self,
rng: &mut R,
) -> HonkProofResult<()> {
self.big_sum_lagrange_coeffs[0] = P::ScalarField::zero();

// Compute the big sum coefficients recursively
Expand All @@ -184,7 +188,7 @@ impl<P: HonkCurve<TranscriptFieldType>> SmallSubgroupIPAProver<P> {
};

// Generate random masking_term of degree 2, add Z_H(X) * masking_term
let masking_term = Univariate::<P::ScalarField, 3>::get_random();
let masking_term = Univariate::<P::ScalarField, 3>::get_random(rng);
self.big_sum_polynomial += &self.big_sum_polynomial_unmasked.clone().coefficients;

for idx in 0..masking_term.evaluations.len() {
Expand Down
26 changes: 16 additions & 10 deletions co-noir/ultrahonk/src/decider/sumcheck/zk_data.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ use co_builder::prelude::Polynomial;
use co_builder::prelude::ProverCrs;
use co_builder::HonkProofError;
use co_builder::HonkProofResult;
use rand::CryptoRng;
use rand::Rng;

pub(crate) struct ZKSumcheckData<P: Pairing> {
pub(crate) constant_term: P::ScalarField,
Expand All @@ -29,16 +31,16 @@ pub(crate) struct ZKSumcheckData<P: Pairing> {
}

impl<P: HonkCurve<TranscriptFieldType>> ZKSumcheckData<P> {
pub(crate) fn new<H: TranscriptHasher<TranscriptFieldType>>(
pub(crate) fn new<H: TranscriptHasher<TranscriptFieldType>, R: Rng + CryptoRng>(
multivariate_d: usize,
transcript: &mut Transcript<TranscriptFieldType, H>,
commitment_key: &[P::G1Affine],
rng: &mut R,
) -> HonkProofResult<Self> {
let mut rng = rand::thread_rng();
let constant_term = P::ScalarField::rand(&mut rng);
let libra_challenge = P::ScalarField::rand(&mut rng);
let constant_term = P::ScalarField::rand(rng);
let libra_challenge = P::ScalarField::rand(rng);
let libra_univariates =
Self::generate_libra_univariates(multivariate_d, P::LIBRA_UNIVARIATES_LENGTH);
Self::generate_libra_univariates(multivariate_d, P::LIBRA_UNIVARIATES_LENGTH, rng);
let log_circuit_size = multivariate_d;

let mut data = ZKSumcheckData {
Expand All @@ -56,7 +58,7 @@ impl<P: HonkCurve<TranscriptFieldType>> ZKSumcheckData<P> {
};

data.create_interpolation_domain();
data.compute_concatenated_libra_polynomial()?;
data.compute_concatenated_libra_polynomial(rng)?;
// If proving_key is provided, commit to the concatenated and masked libra polynomial
if !commitment_key.is_empty() {
let libra_commitment = Utils::commit(
Expand Down Expand Up @@ -92,12 +94,13 @@ impl<P: HonkCurve<TranscriptFieldType>> ZKSumcheckData<P> {
* independent uniformly random coefficients.
*
*/
fn generate_libra_univariates(
fn generate_libra_univariates<R: Rng + CryptoRng>(
number_of_polynomials: usize,
univariate_length: usize,
rng: &mut R,
) -> Vec<Polynomial<P::ScalarField>> {
(0..number_of_polynomials)
.map(|_| Polynomial::random(univariate_length))
.map(|_| Polynomial::random(univariate_length, rng))
.collect()
}

Expand Down Expand Up @@ -168,7 +171,10 @@ impl<P: HonkCurve<TranscriptFieldType>> ZKSumcheckData<P> {
* + m_1
*
*/
fn compute_concatenated_libra_polynomial(&mut self) -> HonkProofResult<()> {
fn compute_concatenated_libra_polynomial<R: Rng + CryptoRng>(
&mut self,
rng: &mut R,
) -> HonkProofResult<()> {
let mut coeffs_lagrange_subgroup = vec![P::ScalarField::zero(); P::SUBGROUP_SIZE];
coeffs_lagrange_subgroup[0] = self.constant_term;

Expand All @@ -184,7 +190,7 @@ impl<P: HonkCurve<TranscriptFieldType>> ZKSumcheckData<P> {
coefficients: coeffs_lagrange_subgroup.to_vec(),
};

let masking_scalars = Univariate::<P::ScalarField, 2>::get_random();
let masking_scalars = Univariate::<P::ScalarField, 2>::get_random(rng);

// if !P::is_bn254() {
// libra_concatenated_monomial_form_unmasked = Polynomial::<P::ScalarField> {
Expand Down
14 changes: 7 additions & 7 deletions co-noir/ultrahonk/src/decider/univariate.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
use crate::decider::barycentric::Barycentric;
use ark_ff::{PrimeField, Zero};
use std::ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign};
use rand::{CryptoRng, Rng};
use std::{
array,
ops::{Add, AddAssign, Mul, MulAssign, Neg, Sub, SubAssign},
};

#[derive(Clone, Debug)]
pub struct Univariate<F, const SIZE: usize> {
Expand Down Expand Up @@ -225,12 +229,8 @@ impl<F: PrimeField, const SIZE: usize> Univariate<F, SIZE> {
}
}

pub(crate) fn get_random() -> Self {
let mut rng = rand::thread_rng();
let mut evaluations = [F::one(); SIZE];
for eval in evaluations.iter_mut() {
*eval = F::rand(&mut rng);
}
pub(crate) fn get_random<R: Rng + CryptoRng>(rng: &mut R) -> Self {
let evaluations = array::from_fn(|_| F::rand(rng));
Self { evaluations }
}
}
Expand Down

0 comments on commit 6b3c505

Please sign in to comment.