Skip to content

Commit

Permalink
Boost verifier
Browse files Browse the repository at this point in the history
  • Loading branch information
xevisalle committed Aug 8, 2024
1 parent dc1d229 commit ee6190b
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 12 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Modify the prover to match the paper [#831]
- Modify the verifier to match the paper [#831]
- Rename some variables to match the paper [#831]
- Modify the verifier to be faster [#834]

### Removed

Expand Down Expand Up @@ -592,6 +593,7 @@ is necessary since `rkyv/validation` was required as a bound.
- Proof system module.

<!-- ISSUES -->
[#834]: https://github.com/dusk-network/plonk/issues/834
[#831]: https://github.com/dusk-network/plonk/issues/831
[#819]: https://github.com/dusk-network/plonk/issues/819
[#818]: https://github.com/dusk-network/plonk/issues/818
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ as the documentation regarding the data structures that it exports. To check thi
Benchmarks taken on `Apple M1`, for a circuit-size of `2^16` constraints:

- Proving time: `7.871s`
- Verification time: `3.732ms` **(This time does not vary depending on the circuit-size.)**
- Verification time: `2.934ms` **(This time does not vary depending on the circuit-size.)**

For more results, please run `cargo bench` to get a full report of benchmarks in respect of constraint numbers.

Expand Down
53 changes: 42 additions & 11 deletions src/proof_system/proof.rs
Original file line number Diff line number Diff line change
Expand Up @@ -414,36 +414,67 @@ pub(crate) mod alloc {
self.evaluations.d_w_eval,
];

// Compute '[E]_1' = (-r_0 + (v)a + (v^2)b + (v^3)c + (v^4)d +
// Compute E = (-r_0 + (v)a + (v^2)b + (v^3)c + (v^4)d +
// + (v^5)s_sigma_1 + (v^6)s_sigma_2 + (v^7)s_sigma_3 +
// + (u)z_w + (u * v_w)a_w + (u * v_w^2)b_w + (u * v_w^3)d_w)
let mut E: BlsScalar = E_evals
let mut E_scalar: BlsScalar = E_evals
.iter()
.zip(v_coeffs_E.iter())
.map(|(eval, coeff)| eval * coeff)
.sum();
E += -r_0_eval + (u_challenge * self.evaluations.z_eval);
E_scalar += -r_0_eval + (u_challenge * self.evaluations.z_eval);

// We group all the remaining scalar multiplications in the
// verification process, with the purpose of
// parallelizing them
let remaining_scalarmuls_points = vec![
opening_key.g,
self.w_z_chall_w_comm.0,
self.w_z_chall_comm.0,
self.w_z_chall_w_comm.0,
];

let remaining_scalarmuls_scalars = vec![
E_scalar,
u_challenge,
z_challenge,
(u_challenge * z_challenge * domain.group_gen),
];

// Compute the scalar multiplications in single-core
#[cfg(not(feature = "std"))]
let remaining_scalarmuls: Vec<G1Projective> =
remaining_scalarmuls_points
.iter()
.zip(remaining_scalarmuls_scalars.iter())
.map(|(point, scalar)| point * scalar)
.collect();

// Compute the scalar multiplications in multi-core
#[cfg(feature = "std")]
let remaining_scalarmuls: Vec<G1Projective> =
remaining_scalarmuls_points
.par_iter()
.zip(remaining_scalarmuls_scalars.par_iter())
.map(|(point, scalar)| point * scalar)
.collect();

let E = E * opening_key.g;
// [E]_1 = E * G
let E = remaining_scalarmuls[0];

// Compute the G_1 element of the first pairing:
// [W_z]_1 + u * [W_zw]_1
//
// Note that we negate this value to be able to subtract
// the pairings later on, using the multi Miller loop
let left = G1Affine::from(
-(self.w_z_chall_comm.0
+ u_challenge * self.w_z_chall_w_comm.0),
-(self.w_z_chall_comm.0 + remaining_scalarmuls[1]),
);

// Compute the G_1 element of the second pairing:
// z * [W_z]_1 + (u * z * w) * [W_zw]_1 + [F]_1 - [E]_1
let right = G1Affine::from(
z_challenge * self.w_z_chall_comm.0
+ (u_challenge * z_challenge * domain.group_gen)
* self.w_z_chall_w_comm.0
+ F
- E,
remaining_scalarmuls[2] + remaining_scalarmuls[3] + F - E,
);

// Compute the two pairings and subtract them
Expand Down

0 comments on commit ee6190b

Please sign in to comment.