Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make code to match the last Plonk paper #830

Merged
merged 11 commits into from
Aug 8, 2024
Merged

Make code to match the last Plonk paper #830

merged 11 commits into from
Aug 8, 2024

Conversation

xevisalle
Copy link
Member

@xevisalle xevisalle commented Jun 27, 2024

This PR makes the protocol to match the last version of the Plonk paper. Furthermore, it includes a document specifying our implementation of Plonk, which deviates from the original one to include custom gates.

Main changes

The main changes are:

  • Make round 4 and 5 of the prover to match the paper.
  • Update the computation of the linearization polynomial r.
    • The prover now adds the evaluation of the public inputs polynomial at z_challenge to r.
    • The prover now subtracts the factor multiplying the evaluation of the vanishing polynomial at z_challenge by the quotient polynomial from r. As such, the quotient polynomial is not needed to compute W_z(X).
    • The verifier now computes r_0_eval. As such, the verifier no longer needs to receive r_eval.
    • The verifier now subtracts the factor multiplying the evaluation of the vanishing polynomial at z_challenge by the quotient polynomial commitment from [D]_1. As such, the verifier doesn't need to compute t_eval, as it is not needed to compute [E]_1.
  • The verifier adds u_challenge when computing the polynomial commitment [D]_1.

Minor changes

Some minor changes have been addressed:

  • Rename some variables to match the paper, making it easier to assess the correctness of the protocol.
  • Refactor the proof verification to improve the efficiency and to make the code more clear.
  • Other minor fixes.

Collateral effects

The above changes have led to the following collateral effects:

  • Proof verification is now 40% faster (~ from 6ms to 3.7ms on Apple M1).
  • Proof size has been reduced by 1 BlsScalar.

@xevisalle xevisalle linked an issue Jun 27, 2024 that may be closed by this pull request
Copy link

codecov bot commented Jun 27, 2024

Codecov Report

Attention: Patch coverage is 96.38298% with 17 lines in your changes missing coverage. Please review.

Project coverage is 85.44%. Comparing base (372319e) to head (883ace4).

Files Patch % Lines
src/composer/gate.rs 0.00% 5 Missing ⚠️
src/composer/compress.rs 55.55% 4 Missing ⚠️
src/commitment_scheme/kzg10/key.rs 90.00% 2 Missing ⚠️
src/compiler/prover.rs 97.95% 2 Missing ⚠️
src/proof_system/proof.rs 97.43% 2 Missing ⚠️
src/proof_system/widget/arithmetic/verifierkey.rs 75.00% 1 Missing ⚠️
...stem/widget/ecc/scalar_mul/fixed_base/proverkey.rs 88.88% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #830      +/-   ##
==========================================
+ Coverage   85.32%   85.44%   +0.11%     
==========================================
  Files          57       57              
  Lines        3687     3723      +36     
==========================================
+ Hits         3146     3181      +35     
- Misses        541      542       +1     
Files Coverage Δ
src/commitment_scheme/kzg10/proof.rs 31.57% <100.00%> (-5.27%) ⬇️
src/commitment_scheme/kzg10/srs.rs 85.07% <100.00%> (ø)
src/compiler.rs 98.83% <100.00%> (ø)
src/composer.rs 90.36% <100.00%> (ø)
src/composer/constraint_system/constraint.rs 63.46% <100.00%> (ø)
src/composer/permutation.rs 92.60% <100.00%> (ø)
src/debugger.rs 76.11% <100.00%> (ø)
src/fft/polynomial.rs 69.31% <100.00%> (-0.17%) ⬇️
src/proof_system/linearization_poly.rs 99.04% <100.00%> (-0.16%) ⬇️
src/proof_system/quotient_poly.rs 100.00% <100.00%> (ø)
... and 19 more

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 372319e...883ace4. Read the comment docs.

@xevisalle xevisalle changed the title Make rounds match the paper Make code to match the last Plonk paper Jul 7, 2024
@xevisalle xevisalle linked an issue Jul 8, 2024 that may be closed by this pull request
@xevisalle xevisalle self-assigned this Jul 8, 2024
@marta-belles marta-belles requested review from marta-belles and removed request for marta-belles July 8, 2024 15:03
@xevisalle xevisalle marked this pull request as ready for review July 8, 2024 15:04
@xevisalle xevisalle requested a review from marta-belles July 8, 2024 15:04
Copy link
Contributor

@marta-belles marta-belles left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@xevisalle xevisalle merged commit dc1d229 into master Aug 8, 2024
11 checks passed
@xevisalle xevisalle deleted the order branch August 8, 2024 08:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Make code to match the last version of the Plonk paper
2 participants