Skip to content

Commit

Permalink
Update FixedBaseMSM to match algebra (#55)
Browse files Browse the repository at this point in the history
  • Loading branch information
Pratyush authored Jan 17, 2024
1 parent 42b38f1 commit 596d91f
Showing 1 changed file with 14 additions and 30 deletions.
44 changes: 14 additions & 30 deletions src/generator.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::{r1cs_to_qap::R1CSToQAP, Groth16, ProvingKey, Vec, VerifyingKey};
use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup};
use ark_ff::{Field, PrimeField, UniformRand, Zero};
use ark_ec::{pairing::Pairing, scalar_mul::BatchMulPreprocessing, CurveGroup};
use ark_ff::{Field, UniformRand, Zero};
use ark_poly::{EvaluationDomain, GeneralEvaluationDomain};
use ark_relations::r1cs::{
ConstraintSynthesizer, ConstraintSystem, OptimizationGoal, Result as R1CSResult,
Expand Down Expand Up @@ -107,8 +107,6 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
.map(|i| usize::from(!b[i].is_zero()))
.sum();

let scalar_bits = E::ScalarField::MODULUS_BIT_SIZE as usize;

let gamma_inverse = gamma.inverse().ok_or(SynthesisError::UnexpectedIdentity)?;
let delta_inverse = delta.inverse().ok_or(SynthesisError::UnexpectedIdentity)?;

Expand All @@ -128,21 +126,19 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {

// Compute B window table
let g2_time = start_timer!(|| "Compute G2 table");
let g2_window = FixedBase::get_mul_window_size(non_zero_b);
let g2_table = FixedBase::get_window_table::<E::G2>(scalar_bits, g2_window, g2_generator);
let g2_table = BatchMulPreprocessing::new(g2_generator, non_zero_b);
end_timer!(g2_time);

// Compute the B-query in G2
let b_g2_time = start_timer!(|| format!("Calculate B G2 of size {}", b.len()));
let b_g2_query = FixedBase::msm::<E::G2>(scalar_bits, g2_window, &g2_table, &b);
let b_g2_query = g2_table.batch_mul(&b);
drop(g2_table);
end_timer!(b_g2_time);

// Compute G window table
let g1_window_time = start_timer!(|| "Compute G1 window table");
let g1_window =
FixedBase::get_mul_window_size(non_zero_a + non_zero_b + qap_num_variables + m_raw + 1);
let g1_table = FixedBase::get_window_table::<E::G1>(scalar_bits, g1_window, g1_generator);
let num_scalars = non_zero_a + non_zero_b + qap_num_variables + m_raw + 1;
let g1_table = BatchMulPreprocessing::new(g1_generator, num_scalars);
end_timer!(g1_window_time);

// Generate the R1CS proving key
Expand All @@ -156,30 +152,26 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {

// Compute the A-query
let a_time = start_timer!(|| "Calculate A");
let a_query = FixedBase::msm::<E::G1>(scalar_bits, g1_window, &g1_table, &a);
let a_query = g1_table.batch_mul(&a);
drop(a);
end_timer!(a_time);

// Compute the B-query in G1
let b_g1_time = start_timer!(|| "Calculate B G1");
let b_g1_query = FixedBase::msm::<E::G1>(scalar_bits, g1_window, &g1_table, &b);
let b_g1_query = g1_table.batch_mul(&b);
drop(b);
end_timer!(b_g1_time);

// Compute the H-query
let h_time = start_timer!(|| "Calculate H");
let h_query = FixedBase::msm::<E::G1>(
scalar_bits,
g1_window,
&g1_table,
&QAP::h_query_scalars::<_, D<E::ScalarField>>(m_raw - 1, t, zt, delta_inverse)?,
);

let h_scalars =
QAP::h_query_scalars::<_, D<E::ScalarField>>(m_raw - 1, t, zt, delta_inverse)?;
let h_query = g1_table.batch_mul(&h_scalars);
end_timer!(h_time);

// Compute the L-query
let l_time = start_timer!(|| "Calculate L");
let l_query = FixedBase::msm::<E::G1>(scalar_bits, g1_window, &g1_table, &l);
let l_query = g1_table.batch_mul(&l);
drop(l);
end_timer!(l_time);

Expand All @@ -188,8 +180,7 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
// Generate R1CS verification key
let verifying_key_time = start_timer!(|| "Generate the R1CS verification key");
let gamma_g2 = g2_generator * &gamma;
let gamma_abc_g1 = FixedBase::msm::<E::G1>(scalar_bits, g1_window, &g1_table, &gamma_abc);

let gamma_abc_g1 = g1_table.batch_mul(&gamma_abc);
drop(g1_table);

end_timer!(verifying_key_time);
Expand All @@ -199,16 +190,9 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
beta_g2: beta_g2.into_affine(),
gamma_g2: gamma_g2.into_affine(),
delta_g2: delta_g2.into_affine(),
gamma_abc_g1: E::G1::normalize_batch(&gamma_abc_g1),
gamma_abc_g1,
};

let batch_normalization_time = start_timer!(|| "Convert proving key elements to affine");
let a_query = E::G1::normalize_batch(&a_query);
let b_g1_query = E::G1::normalize_batch(&b_g1_query);
let b_g2_query = E::G2::normalize_batch(&b_g2_query);
let h_query = E::G1::normalize_batch(&h_query);
let l_query = E::G1::normalize_batch(&l_query);
end_timer!(batch_normalization_time);
end_timer!(setup_time);

Ok(ProvingKey {
Expand Down

0 comments on commit 596d91f

Please sign in to comment.