Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: refactor the verify api #359

Merged
merged 10 commits into from
Sep 27, 2024
Merged

feat: refactor the verify api #359

merged 10 commits into from
Sep 27, 2024

Conversation

guorong009
Copy link

Description

Improve the verify api - verify_proof, in a way that it does return the bool value indicating proof is valid or not.
This way, we remove the confusion or misuse, related to verify_proof api.

Related issues

Changes

  • Update several VerificationStrategy impls
  • Update the verify_proof so that it returns the bool
  • Update the related tests

@guorong009 guorong009 self-assigned this Jul 9, 2024
@codecov-commenter
Copy link

codecov-commenter commented Jul 9, 2024

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 68.85246% with 19 lines in your changes missing coverage. Please review.

Project coverage is 85.01%. Comparing base (7c368af) to head (6061bf6).

Files with missing lines Patch % Lines
halo2_backend/src/plonk/verifier/batch.rs 0.00% 10 Missing ⚠️
halo2_backend/src/poly/ipa/strategy.rs 14.28% 6 Missing ⚠️
halo2_backend/src/plonk/prover.rs 66.66% 2 Missing ⚠️
halo2_backend/src/plonk/verifier.rs 96.29% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main     #359      +/-   ##
==========================================
+ Coverage   84.99%   85.01%   +0.02%     
==========================================
  Files          85       85              
  Lines       18684    18711      +27     
==========================================
+ Hits        15880    15907      +27     
  Misses       2804     2804              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Member

@ed255 ed255 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general looks good to me! I think returning a bool simplifies the usage a lot. Please take a look at my comments :)

halo2_backend/src/plonk/verifier.rs Outdated Show resolved Hide resolved
@@ -155,7 +155,7 @@ where
E::G1: CurveExt<AffineExt = E::G1Affine>,
E::G2Affine: SerdeCurveAffine,
{
type Output = ();
Copy link
Member

@ed255 ed255 Jul 12, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see that all the implementations of VerificationStrategy have Output = Self.
That seems redundant, we could remove this associated type. Then the verification process either returns bool, or the VerificationStrategy object, no need to do VerificationStrategy::Output which is already VerificationStragey all the time.

Also, I think we should discourage the usage of verification functions that return the VerificationStrategy because returning a bool is much clearer. Since this PR is scheduled to be merged after the 0.4 release, and we determined that in the 0.5 release we can remove the halo2_proofs legacy layer, maybe we can just remove the verification methods that return VerificationStrategy? If not, at least could we mark them as deprecated via cfg?

Or is there any strong reason to keep the API that takes and returns a VerificationStrategy object?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the proposal from @ed255
And if we break API is indeed a good time to do it!

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ed255
I agree that Output = Self is redundant.
For the quick patch, I remove the Output type from VerificationStrategy trait. e5153c4

Or is there any strong reason to keep the API that takes and returns a VerificationStrategy object?

This is related to process API.
I think this API could be useful for batch verification, like following one.

pub fn finalize(self, params: &ParamsVerifierIPA<C>, vk: &VerifyingKey<C>) -> bool {
fn accumulate_msm<'params, C: CurveAffine>(
mut acc: MSMIPA<'params, C>,
msm: MSMIPA<'params, C>,
) -> MSMIPA<'params, C> {
// Scale the MSM by a random factor to ensure that if the existing MSM has
// `is_zero() == false` then this argument won't be able to interfere with it
// to make it true, with high probability.
acc.scale(C::Scalar::random(OsRng));
acc.add_msm(&msm);
acc
}
let final_msm = self
.items
.into_par_iter()
.enumerate()
.map(|(i, item)| {
let strategy = BatchStrategy::new(params);
let mut transcript = Blake2bRead::init(&item.proof[..]);
verify_proof_with_strategy(params, vk, strategy, &item.instances, &mut transcript)
.map_err(|e| {
tracing::debug!("Batch item {} failed verification: {}", i, e);
e
})
.map(|st| st.msm)
})
.try_fold_and_reduce(
|| ParamsVerifier::<'_, C>::empty_msm(params),
|acc, res| res.map(|proof_msm| accumulate_msm(acc, proof_msm)),
);
match final_msm {
// ZAL: Verification is (supposedly) cheap, hence we don't use an accelerator engine
Ok(msm) => msm.check(&H2cEngine::new()),
Err(_) => false,
}

The BatchVerifier delays the MSM check until it accumulates all the MSM from every batch items.

What do you think about this? @ed255 @CPerezz

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ed255 @CPerezz any input about last comment?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current state of this PR looks good to me (removal of Output from trait).

Copy link
Member

@CPerezz CPerezz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree with both concerns from Ed.

@@ -147,7 +143,8 @@ impl<'params, C: CurveAffine> VerificationStrategy<'params, IPACommitmentScheme<
/// specific failing proofs, it must re-process the proofs separately.
#[must_use]
fn finalize(self) -> bool {
unreachable!()
// TODO: Verification is cheap, ZkAccel on verifier is not a priority.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we file an issue for the TODO?

Copy link
Author

@guorong009 guorong009 Jul 15, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I think we should.
We can discuss if it is worthy or not, to apply ZkAccel on verification.

@@ -155,7 +155,7 @@ where
E::G1: CurveExt<AffineExt = E::G1Affine>,
E::G2Affine: SerdeCurveAffine,
{
type Output = ();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the proposal from @ed255
And if we break API is indeed a good time to do it!

@guorong009 guorong009 requested review from ed255 and CPerezz July 15, 2024 08:17
@guorong009 guorong009 marked this pull request as ready for review September 24, 2024 09:19
@guorong009 guorong009 requested review from adria0 and kilic September 24, 2024 09:21
Copy link
Member

@adria0 adria0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that is really nice, anything that de-obfuscates halo2 is welcomed! thanks for taking care about it!
I request changes. I think that there's a missing CHANGES.TXT (or whatever) describing the breaking changes.

@@ -155,7 +155,7 @@ where
E::G1: CurveExt<AffineExt = E::G1Affine>,
E::G2Affine: SerdeCurveAffine,
{
type Output = ();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ed255 @CPerezz any input about last comment?

@guorong009
Copy link
Author

I think that is really nice, anything that de-obfuscates halo2 is welcomed! thanks for taking care about it! I request changes. I think that there's a missing CHANGES.TXT (or whatever) describing the breaking changes.

Currently, the halo2_proofs crate includes the CHANGELOG.md which seems not used at all.
I think the changes are just summarized in release PR.
Maybe, do we need explicit CHANGELOG file for documentation?
cc @davidnevadoc

@adria0
Copy link
Member

adria0 commented Sep 25, 2024

I think that is really nice, anything that de-obfuscates halo2 is welcomed! thanks for taking care about it! I request changes. I think that there's a missing CHANGES.TXT (or whatever) describing the breaking changes.

Currently, the halo2_proofs crate includes the CHANGELOG.md which seems not used at all. I think the changes are just summarized in release PR. Maybe, do we need explicit CHANGELOG file for documentation? cc @davidnevadoc

Mmmmmm... yes, I see. Updating the halo2_proofs/CHANGELOG.md should be enough. Let's do it when doing a release!

I also think that we have to move CHANGELOG.md to repo root, wdyt @guorong009 ?

@adria0 adria0 self-requested a review September 25, 2024 06:00
Copy link
Member

@ed255 ed255 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm approving this PR because the comments/requests I made have all been addressed, and everything else looks good to me.

I still think it would be interesting to explore having the verification functions return bool, but now I see that with batched verification this is not a straight forward change to do; perhaps it can be explored in a future PR.

@guorong009 guorong009 merged commit 553953d into main Sep 27, 2024
6 checks passed
@guorong009 guorong009 deleted the gr@verify-api-fix branch September 27, 2024 07:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

verifier.rs misleading API
5 participants