Skip to content

Commit

Permalink
implement K(X) & G(X) computation. Folding works!
Browse files Browse the repository at this point in the history
- implement G(X) & K(X) computation
- update e* and phi* usage of L_i(X)
- extend readme.md

with this commit, prover & verifier folding works, and outputed
instances satisfy the relation check.
  • Loading branch information
arnaucube committed Jul 30, 2023
1 parent 2664dea commit e41654e
Show file tree
Hide file tree
Showing 7 changed files with 205 additions and 77 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
name: Test
on: [push, pull_request]
env:
CARGO_TERM_COLOR: always
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Build
run: cargo build --verbose
- name: Run tests
run: |
cargo test --verbose
73 changes: 73 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,76 @@ Proof of concept implementation of ProtoGalaxy (https://eprint.iacr.org/2023/110
> Do not use in production.
Thanks to [Liam Eagen](https://twitter.com/LiamEagen) and [Ariel Gabizon](https://twitter.com/rel_zeta_tech) for their kind explanations.

This code has been done in the context of the research on folding schemes in [0xPARC](https://0xparc.org).

![protogalaxy img from Wikipedia](https://upload.wikimedia.org/wikipedia/commons/thumb/4/49/Stellar_Fireworks_Finale.jpg/303px-Stellar_Fireworks_Finale.jpg)

(img: protogalaxies colliding, [from Wikipedia](https://en.wikipedia.org/wiki/File:Stellar_Fireworks_Finale.jpg))

## Details
Implementation of ProtoGalaxy's scheme described in section 4 of the paper.

Current version implements the folding on prover & verifier and it works, but it is not optimized.
Next steps in terms of implementation include: F(X) O(n) construction following Claim 4.4, compute K(X) in O(kd log(kd)M + ndkC) as described in Claim 4.5, add tests folding in multiple iterations and also in a tree approach, add the decider and integrate with some existing R1CS tooling for the R1CS & witness generation.

### Usage

Example of folding k+1 instances:
```rust
// assume we have:
// an R1CS instance 'r1cs'
// a valid witness 'w' from our running instance
// k valid 'witnesses' to be fold

// compute the committed instance for our running witness
let phi = Pedersen::<G1Projective>::commit(&pedersen_params, &witness.w, &witness.r_w);
let instance = CommittedInstance::<G1Projective> {
phi,
betas: betas.clone(),
e: Fr::zero(),
};

// compute the k committed instances to be fold
let mut instances: Vec<CommittedInstance<G1Projective>> = Vec::new();
for i in 0..k {
let phi_i =
Pedersen::<G1Projective>::commit(&pedersen_params, &witnesses[i].w, &witnesses[i].r_w);
let instance_i = CommittedInstance::<G1Projective> {
phi: phi_i,
betas: betas.clone(),
e: Fr::zero(),
};
witnesses.push(witness_i);
instances.push(instance_i);
}

// set the initial random betas
let beta = Fr::rand(&mut rng);
let betas = powers_of_beta(beta, t);

// Prover folds the instances and witnesses
let (F_coeffs, K_coeffs, folded_instance, folded_witness) = Folding::<G1Projective>::prover(
&mut transcript_p,
&r1cs,
instance.clone(),
witness,
instances.clone(),
witnesses,
);

// verifier folds the instances
let folded_instance_v = Folding::<G1Projective>::verifier(
&mut transcript_v,
&r1cs,
instance,
instances,
F_coeffs,
K_coeffs,
);

// check that the folded instance satisfies the relation
assert!(check_instance(&r2cs, folded_instance, folded_witness));

```
(see the actual code for more details)
4 changes: 2 additions & 2 deletions src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#![allow(non_snake_case)]
#![allow(non_upper_case_globals)]
#![allow(unused)] // TMP
#![allow(dead_code)] // TMP
// #![allow(unused)] // TMP
// #![allow(dead_code)] // TMP

pub mod pedersen;
pub mod protogalaxy;
Expand Down
2 changes: 1 addition & 1 deletion src/pedersen.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/// pedersen.rs file and adapted from https://github.com/arnaucube/nova-study
/// pedersen.rs file adapted from https://github.com/arnaucube/nova-study
use ark_ec::{CurveGroup, Group};
use ark_std::{
rand::{Rng, RngCore},
Expand Down
Loading

0 comments on commit e41654e

Please sign in to comment.