Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update FixedBaseMSM to match algebra #55

Merged
merged 1 commit into from
Jan 17, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
44 changes: 14 additions & 30 deletions src/generator.rs
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
use crate::{r1cs_to_qap::R1CSToQAP, Groth16, ProvingKey, Vec, VerifyingKey};
use ark_ec::{pairing::Pairing, scalar_mul::fixed_base::FixedBase, CurveGroup};
use ark_ff::{Field, PrimeField, UniformRand, Zero};
use ark_ec::{pairing::Pairing, scalar_mul::BatchMulPreprocessing, CurveGroup};
use ark_ff::{Field, UniformRand, Zero};
use ark_poly::{EvaluationDomain, GeneralEvaluationDomain};
use ark_relations::r1cs::{
ConstraintSynthesizer, ConstraintSystem, OptimizationGoal, Result as R1CSResult,
Expand Down Expand Up @@ -107,8 +107,6 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
.map(|i| usize::from(!b[i].is_zero()))
.sum();

let scalar_bits = E::ScalarField::MODULUS_BIT_SIZE as usize;

let gamma_inverse = gamma.inverse().ok_or(SynthesisError::UnexpectedIdentity)?;
let delta_inverse = delta.inverse().ok_or(SynthesisError::UnexpectedIdentity)?;

Expand All @@ -128,21 +126,19 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {

// Compute B window table
let g2_time = start_timer!(|| "Compute G2 table");
let g2_window = FixedBase::get_mul_window_size(non_zero_b);
let g2_table = FixedBase::get_window_table::<E::G2>(scalar_bits, g2_window, g2_generator);
let g2_table = BatchMulPreprocessing::new(g2_generator, non_zero_b);
end_timer!(g2_time);

// Compute the B-query in G2
let b_g2_time = start_timer!(|| format!("Calculate B G2 of size {}", b.len()));
let b_g2_query = FixedBase::msm::<E::G2>(scalar_bits, g2_window, &g2_table, &b);
let b_g2_query = g2_table.batch_mul(&b);
drop(g2_table);
end_timer!(b_g2_time);

// Compute G window table
let g1_window_time = start_timer!(|| "Compute G1 window table");
let g1_window =
FixedBase::get_mul_window_size(non_zero_a + non_zero_b + qap_num_variables + m_raw + 1);
let g1_table = FixedBase::get_window_table::<E::G1>(scalar_bits, g1_window, g1_generator);
let num_scalars = non_zero_a + non_zero_b + qap_num_variables + m_raw + 1;
let g1_table = BatchMulPreprocessing::new(g1_generator, num_scalars);
end_timer!(g1_window_time);

// Generate the R1CS proving key
Expand All @@ -156,30 +152,26 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {

// Compute the A-query
let a_time = start_timer!(|| "Calculate A");
let a_query = FixedBase::msm::<E::G1>(scalar_bits, g1_window, &g1_table, &a);
let a_query = g1_table.batch_mul(&a);
drop(a);
end_timer!(a_time);

// Compute the B-query in G1
let b_g1_time = start_timer!(|| "Calculate B G1");
let b_g1_query = FixedBase::msm::<E::G1>(scalar_bits, g1_window, &g1_table, &b);
let b_g1_query = g1_table.batch_mul(&b);
drop(b);
end_timer!(b_g1_time);

// Compute the H-query
let h_time = start_timer!(|| "Calculate H");
let h_query = FixedBase::msm::<E::G1>(
scalar_bits,
g1_window,
&g1_table,
&QAP::h_query_scalars::<_, D<E::ScalarField>>(m_raw - 1, t, zt, delta_inverse)?,
);

let h_scalars =
QAP::h_query_scalars::<_, D<E::ScalarField>>(m_raw - 1, t, zt, delta_inverse)?;
let h_query = g1_table.batch_mul(&h_scalars);
end_timer!(h_time);

// Compute the L-query
let l_time = start_timer!(|| "Calculate L");
let l_query = FixedBase::msm::<E::G1>(scalar_bits, g1_window, &g1_table, &l);
let l_query = g1_table.batch_mul(&l);
drop(l);
end_timer!(l_time);

Expand All @@ -188,8 +180,7 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
// Generate R1CS verification key
let verifying_key_time = start_timer!(|| "Generate the R1CS verification key");
let gamma_g2 = g2_generator * &gamma;
let gamma_abc_g1 = FixedBase::msm::<E::G1>(scalar_bits, g1_window, &g1_table, &gamma_abc);

let gamma_abc_g1 = g1_table.batch_mul(&gamma_abc);
drop(g1_table);

end_timer!(verifying_key_time);
Expand All @@ -199,16 +190,9 @@ impl<E: Pairing, QAP: R1CSToQAP> Groth16<E, QAP> {
beta_g2: beta_g2.into_affine(),
gamma_g2: gamma_g2.into_affine(),
delta_g2: delta_g2.into_affine(),
gamma_abc_g1: E::G1::normalize_batch(&gamma_abc_g1),
gamma_abc_g1,
};

let batch_normalization_time = start_timer!(|| "Convert proving key elements to affine");
let a_query = E::G1::normalize_batch(&a_query);
let b_g1_query = E::G1::normalize_batch(&b_g1_query);
let b_g2_query = E::G2::normalize_batch(&b_g2_query);
let h_query = E::G1::normalize_batch(&h_query);
let l_query = E::G1::normalize_batch(&l_query);
end_timer!(batch_normalization_time);
end_timer!(setup_time);

Ok(ProvingKey {
Expand Down
Loading