Skip to content
This repository was archived by the owner on Aug 15, 2024. It is now read-only.

computing setup_precomputations in a separate thread #29

Open
wants to merge 1 commit into
base: plonk_release
Choose a base branch
from
Open

computing setup_precomputations in a separate thread #29

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
271 changes: 141 additions & 130 deletions src/plonk/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,192 +133,203 @@ pub fn prove_by_steps<E: Engine, C: crate::Circuit<E>, T: Transcript<E::Fr>>(
circuit: C,
hints: &Vec<(usize, TranspilationVariant)>,
setup: &SetupPolynomials<E, PlonkCsWidth4WithNextStepParams>,
setup_precomputations: Option<&SetupPolynomialsPrecomputations<E, PlonkCsWidth4WithNextStepParams>>,
// setup_precomputations will be computed inside this function
_setup_precomputations: Option<
&SetupPolynomialsPrecomputations<E, PlonkCsWidth4WithNextStepParams>,
>,
csr_mon_basis: &Crs<E, CrsForMonomialForm>,
) -> Result<Proof<E, PlonkCsWidth4WithNextStepParams>, SynthesisError> {
use crate::plonk::better_cs::cs::Circuit;
use crate::plonk::better_cs::utils::{commit_point_as_xy};
use crate::plonk::better_cs::prover::prove_steps::{FirstVerifierMessage, SecondVerifierMessage, ThirdVerifierMessage, FourthVerifierMessage};

use std::time::Instant;
crossbeam::scope(|scope| {
let precomputations_handle = scope.spawn(move |_| make_precomputations(setup));

let adapted_curcuit = AdaptorCircuit::<E, PlonkCsWidth4WithNextStepParams, _>::new(circuit, &hints);
use std::time::Instant;

let mut assembly = self::better_cs::prover::ProverAssembly::new_with_size_hints(setup.num_inputs, setup.n);
let adapted_curcuit = AdaptorCircuit::<E, PlonkCsWidth4WithNextStepParams, _>::new(circuit, &hints);

let subtime = Instant::now();
let mut assembly = self::better_cs::prover::ProverAssembly::new_with_size_hints(setup.num_inputs, setup.n);

adapted_curcuit.synthesize(&mut assembly)?;
assembly.finalize();
let subtime = Instant::now();

println!("Synthesis taken {:?}", subtime.elapsed());
adapted_curcuit.synthesize(&mut assembly)?;
assembly.finalize();

let worker = Worker::new();
println!("Synthesis taken {:?}", subtime.elapsed());

let now = Instant::now();
let worker = Worker::new();

let mut transcript = T::new();
let now = Instant::now();

let mut precomputed_omegas = crate::plonk::better_cs::prover::prove_steps::PrecomputedOmegas::< E::Fr, BitReversedOmegas<E::Fr> >::None;
let mut precomputed_omegas_inv = crate::plonk::better_cs::prover::prove_steps::PrecomputedOmegas::< E::Fr, OmegasInvBitreversed<E::Fr> >::None;
let mut transcript = T::new();

let mut proof = Proof::<E, PlonkCsWidth4WithNextStepParams>::empty();
let mut precomputed_omegas = crate::plonk::better_cs::prover::prove_steps::PrecomputedOmegas::<E::Fr, BitReversedOmegas<E::Fr>>::None;
let mut precomputed_omegas_inv = crate::plonk::better_cs::prover::prove_steps::PrecomputedOmegas::<E::Fr, OmegasInvBitreversed<E::Fr>>::None;

let subtime = Instant::now();
let mut proof = Proof::<E, PlonkCsWidth4WithNextStepParams>::empty();

let (first_state, first_message) = assembly.first_step_with_monomial_form_key(
&worker,
csr_mon_basis,
&mut precomputed_omegas_inv
)?;
let subtime = Instant::now();

println!("First step (witness commitment) taken {:?}", subtime.elapsed());
let (first_state, first_message) = assembly.first_step_with_monomial_form_key(
&worker,
csr_mon_basis,
&mut precomputed_omegas_inv
)?;

proof.n = first_message.n;
proof.num_inputs = first_message.num_inputs;
proof.input_values = first_message.input_values;
proof.wire_commitments = first_message.wire_commitments;
println!("First step (witness commitment) taken {:?}", subtime.elapsed());

for inp in proof.input_values.iter() {
transcript.commit_field_element(inp);
}
proof.n = first_message.n;
proof.num_inputs = first_message.num_inputs;
proof.input_values = first_message.input_values;
proof.wire_commitments = first_message.wire_commitments;

for c in proof.wire_commitments.iter() {
commit_point_as_xy::<E, _>(&mut transcript, &c);
}
for inp in proof.input_values.iter() {
transcript.commit_field_element(inp);
}

let beta = transcript.get_challenge();
let gamma = transcript.get_challenge();
for c in proof.wire_commitments.iter() {
commit_point_as_xy::<E, _>(&mut transcript, &c);
}

let first_verifier_message = FirstVerifierMessage::<E, PlonkCsWidth4WithNextStepParams> {
beta,
gamma,
let beta = transcript.get_challenge();
let gamma = transcript.get_challenge();

_marker: std::marker::PhantomData
};
let first_verifier_message = FirstVerifierMessage::<E, PlonkCsWidth4WithNextStepParams> {
beta,
gamma,

let subtime = Instant::now();
_marker: std::marker::PhantomData
};

let (second_state, second_message) = self::better_cs::prover::ProverAssembly::second_step_from_first_step(
first_state,
first_verifier_message,
&setup,
csr_mon_basis,
&setup_precomputations,
&mut precomputed_omegas_inv,
&worker
)?;
let setup_precomputations = precomputations_handle
.join()
.expect("setup_precomputations computing thread failed")?;

println!("Second step (grand product commitment) taken {:?}", subtime.elapsed());
let subtime = Instant::now();

proof.grand_product_commitment = second_message.z_commitment;
commit_point_as_xy::<E, _>(&mut transcript, &proof.grand_product_commitment);
let (second_state, second_message) = self::better_cs::prover::ProverAssembly::second_step_from_first_step(
first_state,
first_verifier_message,
&setup,
csr_mon_basis,
&Some(&setup_precomputations),
&mut precomputed_omegas_inv,
&worker
)?;

let alpha = transcript.get_challenge();
println!("Second step (grand product commitment) taken {:?}", subtime.elapsed());

let second_verifier_message = SecondVerifierMessage::<E, PlonkCsWidth4WithNextStepParams> {
alpha,
beta,
gamma,
proof.grand_product_commitment = second_message.z_commitment;
commit_point_as_xy::<E, _>(&mut transcript, &proof.grand_product_commitment);

_marker: std::marker::PhantomData
};
let alpha = transcript.get_challenge();

let subtime = Instant::now();
let second_verifier_message = SecondVerifierMessage::<E, PlonkCsWidth4WithNextStepParams> {
alpha,
beta,
gamma,

let (third_state, third_message) = self::better_cs::prover::ProverAssembly::third_step_from_second_step(
second_state,
second_verifier_message,
&setup,
csr_mon_basis,
&setup_precomputations,
&mut precomputed_omegas,
&mut precomputed_omegas_inv,
&worker
)?;
_marker: std::marker::PhantomData
};

println!("Third step (quotient calculation and commitment) taken {:?}", subtime.elapsed());
let subtime = Instant::now();

proof.quotient_poly_commitments = third_message.quotient_poly_commitments;
let (third_state, third_message) = self::better_cs::prover::ProverAssembly::third_step_from_second_step(
second_state,
second_verifier_message,
&setup,
csr_mon_basis,
&Some(&setup_precomputations),
&mut precomputed_omegas,
&mut precomputed_omegas_inv,
&worker
)?;

for c in proof.quotient_poly_commitments.iter() {
commit_point_as_xy::<E, _>(&mut transcript, &c);
}
println!("Third step (quotient calculation and commitment) taken {:?}", subtime.elapsed());

let z = transcript.get_challenge();
proof.quotient_poly_commitments = third_message.quotient_poly_commitments;

let third_verifier_message = ThirdVerifierMessage::<E, PlonkCsWidth4WithNextStepParams> {
alpha,
beta,
gamma,
z,
for c in proof.quotient_poly_commitments.iter() {
commit_point_as_xy::<E, _>(&mut transcript, &c);
}

_marker: std::marker::PhantomData
};
let z = transcript.get_challenge();

let subtime = Instant::now();
let third_verifier_message = ThirdVerifierMessage::<E, PlonkCsWidth4WithNextStepParams> {
alpha,
beta,
gamma,
z,

let (fourth_state, fourth_message) = self::better_cs::prover::ProverAssembly::fourth_step_from_third_step(
third_state,
third_verifier_message,
&setup,
&worker
)?;
_marker: std::marker::PhantomData
};

println!("Fourth step (openings at z) taken {:?}", subtime.elapsed());
let subtime = Instant::now();

proof.wire_values_at_z = fourth_message.wire_values_at_z;
proof.wire_values_at_z_omega = fourth_message.wire_values_at_z_omega;
proof.permutation_polynomials_at_z = fourth_message.permutation_polynomials_at_z;
proof.grand_product_at_z_omega = fourth_message.grand_product_at_z_omega;
proof.quotient_polynomial_at_z = fourth_message.quotient_polynomial_at_z;
proof.linearization_polynomial_at_z = fourth_message.linearization_polynomial_at_z;
let (fourth_state, fourth_message) = self::better_cs::prover::ProverAssembly::fourth_step_from_third_step(
third_state,
third_verifier_message,
&setup,
&worker
)?;

for el in proof.wire_values_at_z.iter() {
transcript.commit_field_element(el);
}
println!("Fourth step (openings at z) taken {:?}", subtime.elapsed());

for el in proof.wire_values_at_z_omega.iter() {
transcript.commit_field_element(el);
}
proof.wire_values_at_z = fourth_message.wire_values_at_z;
proof.wire_values_at_z_omega = fourth_message.wire_values_at_z_omega;
proof.permutation_polynomials_at_z = fourth_message.permutation_polynomials_at_z;
proof.grand_product_at_z_omega = fourth_message.grand_product_at_z_omega;
proof.quotient_polynomial_at_z = fourth_message.quotient_polynomial_at_z;
proof.linearization_polynomial_at_z = fourth_message.linearization_polynomial_at_z;

for el in proof.permutation_polynomials_at_z.iter() {
transcript.commit_field_element(el);
}
for el in proof.wire_values_at_z.iter() {
transcript.commit_field_element(el);
}

transcript.commit_field_element(&proof.quotient_polynomial_at_z);
transcript.commit_field_element(&proof.linearization_polynomial_at_z);
for el in proof.wire_values_at_z_omega.iter() {
transcript.commit_field_element(el);
}

let v = transcript.get_challenge();
for el in proof.permutation_polynomials_at_z.iter() {
transcript.commit_field_element(el);
}

let fourth_verifier_message = FourthVerifierMessage::<E, PlonkCsWidth4WithNextStepParams> {
alpha,
beta,
gamma,
z,
v,
transcript.commit_field_element(&proof.quotient_polynomial_at_z);
transcript.commit_field_element(&proof.linearization_polynomial_at_z);

_marker: std::marker::PhantomData
};
let v = transcript.get_challenge();

let subtime = Instant::now();
let fourth_verifier_message = FourthVerifierMessage::<E, PlonkCsWidth4WithNextStepParams> {
alpha,
beta,
gamma,
z,
v,

let fifth_message = self::better_cs::prover::ProverAssembly::fifth_step_from_fourth_step(
fourth_state,
fourth_verifier_message,
&setup,
csr_mon_basis,
&worker
)?;
_marker: std::marker::PhantomData
};

println!("Fifth step (proving opening at z) taken {:?}", subtime.elapsed());
let subtime = Instant::now();

proof.opening_at_z_proof = fifth_message.opening_proof_at_z;
proof.opening_at_z_omega_proof = fifth_message.opening_proof_at_z_omega;
let fifth_message = self::better_cs::prover::ProverAssembly::fifth_step_from_fourth_step(
fourth_state,
fourth_verifier_message,
&setup,
csr_mon_basis,
&worker
)?;

println!("Proving taken {:?}", now.elapsed());
println!("Fifth step (proving opening at z) taken {:?}", subtime.elapsed());

Ok(proof)
proof.opening_at_z_proof = fifth_message.opening_proof_at_z;
proof.opening_at_z_omega_proof = fifth_message.opening_proof_at_z_omega;

println!("Proving taken {:?}", now.elapsed());

Ok(proof)
}).expect("crossbeam::scope (proving by steps) execution failed")
}

pub fn prove<E: Engine, C: crate::Circuit<E>, T: Transcript<E::Fr>>(
Expand Down Expand Up @@ -419,4 +430,4 @@ pub fn verify<E: Engine, T: Transcript<E::Fr>>(
verification_key: &VerificationKey<E, PlonkCsWidth4WithNextStepParams>
) -> Result<bool, SynthesisError> {
self::better_cs::verifier::verify::<E, PlonkCsWidth4WithNextStepParams, T>(&proof, &verification_key)
}
}