2020-10-13 14:06:21 -07:00
|
|
|
#[macro_use]
|
|
|
|
extern crate criterion;
|
|
|
|
|
2021-12-25 05:36:41 -08:00
|
|
|
use group::ff::Field;
|
2022-01-20 10:28:44 -08:00
|
|
|
use halo2_proofs::arithmetic::FieldExt;
|
|
|
|
use halo2_proofs::circuit::{Cell, Layouter, SimpleFloorPlanner};
|
|
|
|
use halo2_proofs::pasta::{EqAffine, Fp};
|
|
|
|
use halo2_proofs::plonk::*;
|
|
|
|
use halo2_proofs::poly::{commitment::Params, Rotation};
|
|
|
|
use halo2_proofs::transcript::{Blake2bRead, Blake2bWrite, Challenge255};
|
2022-01-20 08:16:48 -08:00
|
|
|
use rand_core::OsRng;
|
2020-10-13 14:06:21 -07:00
|
|
|
|
|
|
|
use std::marker::PhantomData;
|
|
|
|
|
2021-12-08 13:41:13 -08:00
|
|
|
use criterion::{BenchmarkId, Criterion};
|
2020-10-13 14:06:21 -07:00
|
|
|
|
2021-12-08 13:41:13 -08:00
|
|
|
fn criterion_benchmark(c: &mut Criterion) {
|
2020-10-13 14:06:21 -07:00
|
|
|
/// This represents an advice column at a certain row in the ConstraintSystem
|
|
|
|
#[derive(Copy, Clone, Debug)]
|
|
|
|
pub struct Variable(Column<Advice>, usize);
|
|
|
|
|
2021-02-18 23:24:21 -08:00
|
|
|
#[derive(Clone)]
|
2021-06-23 05:33:04 -07:00
|
|
|
struct PlonkConfig {
|
2020-10-13 14:06:21 -07:00
|
|
|
a: Column<Advice>,
|
|
|
|
b: Column<Advice>,
|
|
|
|
c: Column<Advice>,
|
|
|
|
|
|
|
|
sa: Column<Fixed>,
|
|
|
|
sb: Column<Fixed>,
|
|
|
|
sc: Column<Fixed>,
|
|
|
|
sm: Column<Fixed>,
|
|
|
|
}
|
|
|
|
|
2021-06-23 05:33:04 -07:00
|
|
|
trait StandardCs<FF: FieldExt> {
|
2021-06-21 11:51:32 -07:00
|
|
|
fn raw_multiply<F>(
|
|
|
|
&self,
|
|
|
|
layouter: &mut impl Layouter<FF>,
|
|
|
|
f: F,
|
|
|
|
) -> Result<(Cell, Cell, Cell), Error>
|
2020-10-13 14:06:21 -07:00
|
|
|
where
|
2021-06-21 11:51:32 -07:00
|
|
|
F: FnMut() -> Result<(FF, FF, FF), Error>;
|
|
|
|
fn raw_add<F>(
|
|
|
|
&self,
|
|
|
|
layouter: &mut impl Layouter<FF>,
|
|
|
|
f: F,
|
|
|
|
) -> Result<(Cell, Cell, Cell), Error>
|
2020-10-13 14:06:21 -07:00
|
|
|
where
|
2021-06-21 11:51:32 -07:00
|
|
|
F: FnMut() -> Result<(FF, FF, FF), Error>;
|
|
|
|
fn copy(&self, layouter: &mut impl Layouter<FF>, a: Cell, b: Cell) -> Result<(), Error>;
|
2020-10-13 14:06:21 -07:00
|
|
|
}
|
|
|
|
|
2021-01-20 05:48:51 -08:00
|
|
|
#[derive(Clone)]
|
2020-11-12 16:08:08 -08:00
|
|
|
struct MyCircuit<F: FieldExt> {
|
2020-10-13 14:06:21 -07:00
|
|
|
a: Option<F>,
|
|
|
|
k: u32,
|
|
|
|
}
|
|
|
|
|
2021-06-23 05:33:04 -07:00
|
|
|
struct StandardPlonk<F: FieldExt> {
|
|
|
|
config: PlonkConfig,
|
2020-10-13 14:06:21 -07:00
|
|
|
_marker: PhantomData<F>,
|
|
|
|
}
|
|
|
|
|
2021-06-23 05:33:04 -07:00
|
|
|
impl<FF: FieldExt> StandardPlonk<FF> {
|
|
|
|
fn new(config: PlonkConfig) -> Self {
|
|
|
|
StandardPlonk {
|
2020-10-13 14:06:21 -07:00
|
|
|
config,
|
|
|
|
_marker: PhantomData,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-06-23 05:33:04 -07:00
|
|
|
impl<FF: FieldExt> StandardCs<FF> for StandardPlonk<FF> {
|
2021-06-21 11:51:32 -07:00
|
|
|
fn raw_multiply<F>(
|
|
|
|
&self,
|
|
|
|
layouter: &mut impl Layouter<FF>,
|
|
|
|
mut f: F,
|
|
|
|
) -> Result<(Cell, Cell, Cell), Error>
|
2020-10-13 14:06:21 -07:00
|
|
|
where
|
2021-06-21 11:51:32 -07:00
|
|
|
F: FnMut() -> Result<(FF, FF, FF), Error>,
|
2020-10-13 14:06:21 -07:00
|
|
|
{
|
2021-06-21 11:51:32 -07:00
|
|
|
layouter.assign_region(
|
|
|
|
|| "raw_multiply",
|
|
|
|
|mut region| {
|
|
|
|
let mut value = None;
|
|
|
|
let lhs = region.assign_advice(
|
|
|
|
|| "lhs",
|
|
|
|
self.config.a,
|
|
|
|
0,
|
|
|
|
|| {
|
|
|
|
value = Some(f()?);
|
2021-05-26 15:55:40 -07:00
|
|
|
Ok(value.ok_or(Error::Synthesis)?.0)
|
2021-06-21 11:51:32 -07:00
|
|
|
},
|
|
|
|
)?;
|
|
|
|
let rhs = region.assign_advice(
|
|
|
|
|| "rhs",
|
|
|
|
self.config.b,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.1),
|
2021-06-21 11:51:32 -07:00
|
|
|
)?;
|
|
|
|
let out = region.assign_advice(
|
|
|
|
|| "out",
|
|
|
|
self.config.c,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.2),
|
2021-06-21 11:51:32 -07:00
|
|
|
)?;
|
|
|
|
|
|
|
|
region.assign_fixed(|| "a", self.config.sa, 0, || Ok(FF::zero()))?;
|
|
|
|
region.assign_fixed(|| "b", self.config.sb, 0, || Ok(FF::zero()))?;
|
|
|
|
region.assign_fixed(|| "c", self.config.sc, 0, || Ok(FF::one()))?;
|
|
|
|
region.assign_fixed(|| "a * b", self.config.sm, 0, || Ok(FF::one()))?;
|
2021-11-27 07:08:01 -08:00
|
|
|
Ok((lhs.cell(), rhs.cell(), out.cell()))
|
2021-01-22 08:57:38 -08:00
|
|
|
},
|
2021-06-21 11:51:32 -07:00
|
|
|
)
|
2020-10-13 14:06:21 -07:00
|
|
|
}
|
2021-06-21 11:51:32 -07:00
|
|
|
fn raw_add<F>(
|
|
|
|
&self,
|
|
|
|
layouter: &mut impl Layouter<FF>,
|
|
|
|
mut f: F,
|
|
|
|
) -> Result<(Cell, Cell, Cell), Error>
|
2020-10-13 14:06:21 -07:00
|
|
|
where
|
2021-06-21 11:51:32 -07:00
|
|
|
F: FnMut() -> Result<(FF, FF, FF), Error>,
|
2020-10-13 14:06:21 -07:00
|
|
|
{
|
2021-06-21 11:51:32 -07:00
|
|
|
layouter.assign_region(
|
|
|
|
|| "raw_add",
|
|
|
|
|mut region| {
|
|
|
|
let mut value = None;
|
|
|
|
let lhs = region.assign_advice(
|
|
|
|
|| "lhs",
|
|
|
|
self.config.a,
|
|
|
|
0,
|
|
|
|
|| {
|
|
|
|
value = Some(f()?);
|
2021-05-26 15:55:40 -07:00
|
|
|
Ok(value.ok_or(Error::Synthesis)?.0)
|
2021-06-21 11:51:32 -07:00
|
|
|
},
|
|
|
|
)?;
|
|
|
|
let rhs = region.assign_advice(
|
|
|
|
|| "rhs",
|
|
|
|
self.config.b,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.1),
|
2021-06-21 11:51:32 -07:00
|
|
|
)?;
|
|
|
|
let out = region.assign_advice(
|
|
|
|
|| "out",
|
|
|
|
self.config.c,
|
|
|
|
0,
|
2021-05-26 15:55:40 -07:00
|
|
|
|| Ok(value.ok_or(Error::Synthesis)?.2),
|
2021-06-21 11:51:32 -07:00
|
|
|
)?;
|
|
|
|
|
|
|
|
region.assign_fixed(|| "a", self.config.sa, 0, || Ok(FF::one()))?;
|
|
|
|
region.assign_fixed(|| "b", self.config.sb, 0, || Ok(FF::one()))?;
|
|
|
|
region.assign_fixed(|| "c", self.config.sc, 0, || Ok(FF::one()))?;
|
|
|
|
region.assign_fixed(|| "a * b", self.config.sm, 0, || Ok(FF::zero()))?;
|
2021-11-27 07:08:01 -08:00
|
|
|
Ok((lhs.cell(), rhs.cell(), out.cell()))
|
2021-01-22 08:57:38 -08:00
|
|
|
},
|
2021-06-21 11:51:32 -07:00
|
|
|
)
|
2020-10-13 14:06:21 -07:00
|
|
|
}
|
2021-06-21 11:51:32 -07:00
|
|
|
fn copy(
|
|
|
|
&self,
|
|
|
|
layouter: &mut impl Layouter<FF>,
|
|
|
|
left: Cell,
|
|
|
|
right: Cell,
|
|
|
|
) -> Result<(), Error> {
|
2021-07-08 11:47:51 -07:00
|
|
|
layouter.assign_region(|| "copy", |mut region| region.constrain_equal(left, right))
|
2020-10-13 14:06:21 -07:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-11-12 16:08:08 -08:00
|
|
|
impl<F: FieldExt> Circuit<F> for MyCircuit<F> {
|
2021-06-23 05:33:04 -07:00
|
|
|
type Config = PlonkConfig;
|
2021-06-21 11:10:59 -07:00
|
|
|
type FloorPlanner = SimpleFloorPlanner;
|
|
|
|
|
|
|
|
fn without_witnesses(&self) -> Self {
|
|
|
|
Self { a: None, k: self.k }
|
|
|
|
}
|
2020-10-13 14:06:21 -07:00
|
|
|
|
2021-06-23 05:33:04 -07:00
|
|
|
fn configure(meta: &mut ConstraintSystem<F>) -> PlonkConfig {
|
2021-07-12 14:28:16 -07:00
|
|
|
meta.set_minimum_degree(5);
|
|
|
|
|
2020-10-13 14:06:21 -07:00
|
|
|
let a = meta.advice_column();
|
|
|
|
let b = meta.advice_column();
|
|
|
|
let c = meta.advice_column();
|
|
|
|
|
2021-12-15 09:05:31 -08:00
|
|
|
meta.enable_equality(a);
|
|
|
|
meta.enable_equality(b);
|
|
|
|
meta.enable_equality(c);
|
2020-10-13 14:06:21 -07:00
|
|
|
|
|
|
|
let sm = meta.fixed_column();
|
|
|
|
let sa = meta.fixed_column();
|
|
|
|
let sb = meta.fixed_column();
|
|
|
|
let sc = meta.fixed_column();
|
|
|
|
|
2021-01-22 11:46:06 -08:00
|
|
|
meta.create_gate("Combined add-mult", |meta| {
|
2020-12-23 08:45:16 -08:00
|
|
|
let a = meta.query_advice(a, Rotation::cur());
|
|
|
|
let b = meta.query_advice(b, Rotation::cur());
|
|
|
|
let c = meta.query_advice(c, Rotation::cur());
|
|
|
|
|
|
|
|
let sa = meta.query_fixed(sa, Rotation::cur());
|
|
|
|
let sb = meta.query_fixed(sb, Rotation::cur());
|
|
|
|
let sc = meta.query_fixed(sc, Rotation::cur());
|
|
|
|
let sm = meta.query_fixed(sm, Rotation::cur());
|
2020-10-13 14:06:21 -07:00
|
|
|
|
2021-07-25 13:32:11 -07:00
|
|
|
vec![a.clone() * sa + b.clone() * sb + a * b * sm - (c * sc)]
|
2020-10-13 14:06:21 -07:00
|
|
|
});
|
|
|
|
|
2021-06-23 05:33:04 -07:00
|
|
|
PlonkConfig {
|
2020-10-13 14:06:21 -07:00
|
|
|
a,
|
|
|
|
b,
|
|
|
|
c,
|
|
|
|
sa,
|
|
|
|
sb,
|
|
|
|
sc,
|
|
|
|
sm,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
fn synthesize(
|
|
|
|
&self,
|
2021-06-23 05:33:04 -07:00
|
|
|
config: PlonkConfig,
|
2021-06-21 11:10:59 -07:00
|
|
|
mut layouter: impl Layouter<F>,
|
2020-10-13 14:06:21 -07:00
|
|
|
) -> Result<(), Error> {
|
2021-06-23 05:33:04 -07:00
|
|
|
let cs = StandardPlonk::new(config);
|
2020-10-13 14:06:21 -07:00
|
|
|
|
2021-07-13 08:15:30 -07:00
|
|
|
for _ in 0..((1 << (self.k - 1)) - 3) {
|
2020-10-13 14:06:21 -07:00
|
|
|
let mut a_squared = None;
|
2021-06-21 11:51:32 -07:00
|
|
|
let (a0, _, c0) = cs.raw_multiply(&mut layouter, || {
|
2020-10-13 14:06:21 -07:00
|
|
|
a_squared = self.a.map(|a| a.square());
|
|
|
|
Ok((
|
2021-05-26 15:55:40 -07:00
|
|
|
self.a.ok_or(Error::Synthesis)?,
|
|
|
|
self.a.ok_or(Error::Synthesis)?,
|
|
|
|
a_squared.ok_or(Error::Synthesis)?,
|
2020-10-13 14:06:21 -07:00
|
|
|
))
|
|
|
|
})?;
|
2021-06-21 11:51:32 -07:00
|
|
|
let (a1, b1, _) = cs.raw_add(&mut layouter, || {
|
2020-10-13 14:06:21 -07:00
|
|
|
let fin = a_squared.and_then(|a2| self.a.map(|a| a + a2));
|
|
|
|
Ok((
|
2021-05-26 15:55:40 -07:00
|
|
|
self.a.ok_or(Error::Synthesis)?,
|
|
|
|
a_squared.ok_or(Error::Synthesis)?,
|
|
|
|
fin.ok_or(Error::Synthesis)?,
|
2020-10-13 14:06:21 -07:00
|
|
|
))
|
|
|
|
})?;
|
2021-06-21 11:51:32 -07:00
|
|
|
cs.copy(&mut layouter, a0, a1)?;
|
|
|
|
cs.copy(&mut layouter, b1, c0)?;
|
2020-10-13 14:06:21 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
Ok(())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-12-08 13:41:13 -08:00
|
|
|
fn keygen(k: u32) -> (Params<EqAffine>, ProvingKey<EqAffine>) {
|
|
|
|
let params: Params<EqAffine> = Params::new(k);
|
|
|
|
let empty_circuit: MyCircuit<Fp> = MyCircuit { a: None, k };
|
|
|
|
let vk = keygen_vk(¶ms, &empty_circuit).expect("keygen_vk should not fail");
|
|
|
|
let pk = keygen_pk(¶ms, vk, &empty_circuit).expect("keygen_pk should not fail");
|
|
|
|
(params, pk)
|
|
|
|
}
|
2020-10-13 14:06:21 -07:00
|
|
|
|
2021-12-08 13:41:13 -08:00
|
|
|
fn prover(k: u32, params: &Params<EqAffine>, pk: &ProvingKey<EqAffine>) -> Vec<u8> {
|
2021-12-25 05:36:41 -08:00
|
|
|
let rng = OsRng;
|
|
|
|
|
2021-12-08 13:41:13 -08:00
|
|
|
let circuit: MyCircuit<Fp> = MyCircuit {
|
2021-12-25 05:36:41 -08:00
|
|
|
a: Some(Fp::random(rng)),
|
2021-12-08 13:41:13 -08:00
|
|
|
k,
|
|
|
|
};
|
2020-10-13 14:06:21 -07:00
|
|
|
|
2021-12-08 13:41:13 -08:00
|
|
|
let mut transcript = Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]);
|
2021-12-25 05:36:41 -08:00
|
|
|
create_proof(params, pk, &[circuit], &[&[]], rng, &mut transcript)
|
2021-12-08 13:41:13 -08:00
|
|
|
.expect("proof generation should not fail");
|
|
|
|
transcript.finalize()
|
|
|
|
}
|
2020-10-13 14:06:21 -07:00
|
|
|
|
2021-12-08 13:41:13 -08:00
|
|
|
fn verifier(params: &Params<EqAffine>, vk: &VerifyingKey<EqAffine>, proof: &[u8]) {
|
2022-01-26 15:13:19 -08:00
|
|
|
let strategy = SingleVerifier::new(params);
|
2021-12-08 13:41:13 -08:00
|
|
|
let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(proof);
|
2022-01-26 15:13:19 -08:00
|
|
|
assert!(verify_proof(params, vk, strategy, &[&[]], &mut transcript).is_ok());
|
2021-12-08 13:41:13 -08:00
|
|
|
}
|
2020-10-13 14:06:21 -07:00
|
|
|
|
2021-12-08 13:41:13 -08:00
|
|
|
let k_range = 8..=16;
|
2020-10-13 14:06:21 -07:00
|
|
|
|
2021-12-08 13:41:13 -08:00
|
|
|
let mut keygen_group = c.benchmark_group("plonk-keygen");
|
|
|
|
keygen_group.sample_size(10);
|
|
|
|
for k in k_range.clone() {
|
|
|
|
keygen_group.bench_with_input(BenchmarkId::from_parameter(k), &k, |b, &k| {
|
|
|
|
b.iter(|| keygen(k));
|
|
|
|
});
|
|
|
|
}
|
|
|
|
keygen_group.finish();
|
|
|
|
|
|
|
|
let mut prover_group = c.benchmark_group("plonk-prover");
|
|
|
|
prover_group.sample_size(10);
|
|
|
|
for k in k_range.clone() {
|
|
|
|
let (params, pk) = keygen(k);
|
|
|
|
|
|
|
|
prover_group.bench_with_input(
|
|
|
|
BenchmarkId::from_parameter(k),
|
|
|
|
&(k, ¶ms, &pk),
|
|
|
|
|b, &(k, params, pk)| {
|
|
|
|
b.iter(|| prover(k, params, pk));
|
|
|
|
},
|
|
|
|
);
|
|
|
|
}
|
|
|
|
prover_group.finish();
|
|
|
|
|
|
|
|
let mut verifier_group = c.benchmark_group("plonk-verifier");
|
|
|
|
for k in k_range {
|
|
|
|
let (params, pk) = keygen(k);
|
|
|
|
let proof = prover(k, ¶ms, &pk);
|
|
|
|
|
|
|
|
verifier_group.bench_with_input(
|
|
|
|
BenchmarkId::from_parameter(k),
|
|
|
|
&(¶ms, pk.get_vk(), &proof[..]),
|
|
|
|
|b, &(params, vk, proof)| {
|
|
|
|
b.iter(|| verifier(params, vk, proof));
|
|
|
|
},
|
|
|
|
);
|
|
|
|
}
|
|
|
|
verifier_group.finish();
|
2020-10-13 14:06:21 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
criterion_group!(benches, criterion_benchmark);
|
|
|
|
criterion_main!(benches);
|