-
Notifications
You must be signed in to change notification settings - Fork 130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: refactor the verify api #359
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #359 +/- ##
==========================================
+ Coverage 84.99% 85.01% +0.02%
==========================================
Files 85 85
Lines 18684 18711 +27
==========================================
+ Hits 15880 15907 +27
Misses 2804 2804 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general looks good to me! I think returning a bool
simplifies the usage a lot. Please take a look at my comments :)
@@ -155,7 +155,7 @@ where | |||
E::G1: CurveExt<AffineExt = E::G1Affine>, | |||
E::G2Affine: SerdeCurveAffine, | |||
{ | |||
type Output = (); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see that all the implementations of VerificationStrategy
have Output = Self
.
That seems redundant, we could remove this associated type. Then the verification process either returns bool, or the VerificationStrategy
object, no need to do VerificationStrategy::Output
which is already VerificationStragey
all the time.
Also, I think we should discourage the usage of verification functions that return the VerificationStrategy
because returning a bool
is much clearer. Since this PR is scheduled to be merged after the 0.4
release, and we determined that in the 0.5
release we can remove the halo2_proofs
legacy layer, maybe we can just remove the verification methods that return VerificationStrategy
? If not, at least could we mark them as deprecated via cfg
?
Or is there any strong reason to keep the API that takes and returns a VerificationStrategy
object?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the proposal from @ed255
And if we break API is indeed a good time to do it!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ed255
I agree that Output = Self
is redundant.
For the quick patch, I remove the Output
type from VerificationStrategy
trait. e5153c4
Or is there any strong reason to keep the API that takes and returns a VerificationStrategy object?
This is related to process
API.
I think this API could be useful for batch verification, like following one.
halo2/halo2_backend/src/plonk/verifier/batch.rs
Lines 93 to 129 in 9fc59c1
pub fn finalize(self, params: &ParamsVerifierIPA<C>, vk: &VerifyingKey<C>) -> bool { | |
fn accumulate_msm<'params, C: CurveAffine>( | |
mut acc: MSMIPA<'params, C>, | |
msm: MSMIPA<'params, C>, | |
) -> MSMIPA<'params, C> { | |
// Scale the MSM by a random factor to ensure that if the existing MSM has | |
// `is_zero() == false` then this argument won't be able to interfere with it | |
// to make it true, with high probability. | |
acc.scale(C::Scalar::random(OsRng)); | |
acc.add_msm(&msm); | |
acc | |
} | |
let final_msm = self | |
.items | |
.into_par_iter() | |
.enumerate() | |
.map(|(i, item)| { | |
let strategy = BatchStrategy::new(params); | |
let mut transcript = Blake2bRead::init(&item.proof[..]); | |
verify_proof_with_strategy(params, vk, strategy, &item.instances, &mut transcript) | |
.map_err(|e| { | |
tracing::debug!("Batch item {} failed verification: {}", i, e); | |
e | |
}) | |
.map(|st| st.msm) | |
}) | |
.try_fold_and_reduce( | |
|| ParamsVerifier::<'_, C>::empty_msm(params), | |
|acc, res| res.map(|proof_msm| accumulate_msm(acc, proof_msm)), | |
); | |
match final_msm { | |
// ZAL: Verification is (supposedly) cheap, hence we don't use an accelerator engine | |
Ok(msm) => msm.check(&H2cEngine::new()), | |
Err(_) => false, | |
} |
The
BatchVerifier
delays the MSM check until it accumulates all the MSM from every batch items.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The current state of this PR looks good to me (removal of Output
from trait).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree with both concerns from Ed.
@@ -147,7 +143,8 @@ impl<'params, C: CurveAffine> VerificationStrategy<'params, IPACommitmentScheme< | |||
/// specific failing proofs, it must re-process the proofs separately. | |||
#[must_use] | |||
fn finalize(self) -> bool { | |||
unreachable!() | |||
// TODO: Verification is cheap, ZkAccel on verifier is not a priority. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we file an issue for the TODO?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I think we should.
We can discuss if it is worthy or not, to apply ZkAccel
on verification.
@@ -155,7 +155,7 @@ where | |||
E::G1: CurveExt<AffineExt = E::G1Affine>, | |||
E::G2Affine: SerdeCurveAffine, | |||
{ | |||
type Output = (); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the proposal from @ed255
And if we break API is indeed a good time to do it!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that is really nice, anything that de-obfuscates halo2 is welcomed! thanks for taking care about it!
I request changes. I think that there's a missing CHANGES.TXT
(or whatever) describing the breaking changes.
@@ -155,7 +155,7 @@ where | |||
E::G1: CurveExt<AffineExt = E::G1Affine>, | |||
E::G2Affine: SerdeCurveAffine, | |||
{ | |||
type Output = (); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently, the |
Mmmmmm... yes, I see. Updating the I also think that we have to move |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm approving this PR because the comments/requests I made have all been addressed, and everything else looks good to me.
I still think it would be interesting to explore having the verification functions return bool, but now I see that with batched verification this is not a straight forward change to do; perhaps it can be explored in a future PR.
Description
Improve the verify api -
verify_proof
, in a way that it does return thebool
value indicating proof is valid or not.This way, we remove the confusion or misuse, related to
verify_proof
api.Related issues
Changes
VerificationStrategy
implsverify_proof
so that it returns thebool