Skip to content

Commit 0d83d91

Browse files
darth-cydarth-cy
committed
Add commitments to witness section info
1 parent 8bb5ed5 commit 0d83d91

File tree

1 file changed

+99
-30
lines changed

1 file changed

+99
-30
lines changed

spartan_parallel/src/lib.rs

Lines changed: 99 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -530,50 +530,58 @@ impl<E: ExtensionField, Pcs: PolynomialCommitmentScheme<E>> ProverWitnessSecInfo
530530

531531
// Information regarding one witness sec
532532
#[derive(Clone)]
533-
struct VerifierWitnessSecInfo {
533+
struct VerifierWitnessSecInfo<E: ExtensionField, Pcs: PolynomialCommitmentScheme<E>> {
534534
// Number of inputs per block
535535
num_inputs: Vec<usize>,
536536
// Number of proofs per block, used by merge
537537
num_proofs: Vec<usize>,
538+
// One commitment per circuit
539+
comm_w: Vec<Pcs::Commitment>
538540
}
539541

540-
impl VerifierWitnessSecInfo {
542+
impl<E: ExtensionField, Pcs: PolynomialCommitmentScheme<E>> VerifierWitnessSecInfo<E, Pcs> {
541543
// Unfortunately, cannot obtain all metadata from the commitment
542-
fn new(num_inputs: Vec<usize>, num_proofs: &Vec<usize>) -> VerifierWitnessSecInfo {
544+
fn new(num_inputs: Vec<usize>, num_proofs: &Vec<usize>, comm_w: Vec<Pcs::Commitment>) -> VerifierWitnessSecInfo {
543545
let l = num_inputs.len();
544546
VerifierWitnessSecInfo {
545547
num_inputs,
546548
num_proofs: num_proofs[..l].to_vec(),
549+
comm_w,
547550
}
548551
}
549552

550553
fn dummy() -> VerifierWitnessSecInfo {
551554
VerifierWitnessSecInfo {
552555
num_inputs: Vec::new(),
553556
num_proofs: Vec::new(),
557+
comm_w: Vec::new(),
554558
}
555559
}
556560

557561
fn pad() -> VerifierWitnessSecInfo {
558562
VerifierWitnessSecInfo {
559563
num_inputs: vec![1],
560564
num_proofs: vec![1],
565+
comm_w: vec![Pcs::Commitment::default()],
561566
}
562567
}
563568

564569
// Concatenate the components in the given order to a new verifier witness sec
565570
fn concat(components: Vec<&VerifierWitnessSecInfo>) -> VerifierWitnessSecInfo {
566571
let mut num_inputs = Vec::new();
567572
let mut num_proofs = Vec::new();
573+
let mut comm_w = Vec::new();
568574

569575
for c in components {
570576
num_inputs.extend(c.num_inputs.clone());
571577
num_proofs.extend(c.num_proofs.clone());
578+
comm_w.extend(c.comm_w.clone());
572579
}
573580

574581
VerifierWitnessSecInfo {
575582
num_inputs,
576583
num_proofs,
584+
comm_w,
577585
}
578586
}
579587

@@ -589,6 +597,7 @@ impl VerifierWitnessSecInfo {
589597
let mut inst_map = Vec::new();
590598
let mut merged_num_inputs = Vec::new();
591599
let mut merged_num_proofs = Vec::new();
600+
let mut merged_comm_w = Vec::new();
592601
while inst_map.len() < merged_size {
593602
// Choose the next instance with the most proofs
594603
let mut next_max_num_proofs = 0;
@@ -606,13 +615,15 @@ impl VerifierWitnessSecInfo {
606615
inst_map.push(next_component);
607616
merged_num_inputs.push(components[next_component].num_inputs[pointers[next_component]]);
608617
merged_num_proofs.push(components[next_component].num_proofs[pointers[next_component]]);
618+
merged_comm_w.push(components[next_component].comm_w[pointers[next_component]]);
609619
pointers[next_component] = pointers[next_component] + 1;
610620
}
611621

612622
(
613623
VerifierWitnessSecInfo {
614624
num_inputs: merged_num_inputs,
615625
num_proofs: merged_num_proofs,
626+
comm_w: merged_comm_w,
616627
},
617628
inst_map,
618629
)
@@ -637,6 +648,14 @@ pub struct SNARK<E: ExtensionField, Pcs: PolynomialCommitmentScheme<E>> {
637648
block_w2_comm_list: Vec<Pcs::Commitment>,
638649
block_w3_comm_list: Vec<Pcs::Commitment>,
639650
block_w3_shifted_comm_list: Vec<Pcs::Commitment>,
651+
652+
init_phy_mem_w2_comm: Option<Pcs::Commitment>,
653+
init_phy_mem_w3_comm: Option<Pcs::Commitment>,
654+
init_phy_mem_w3_shifted_comm: Option<Pcs::Commitment>,
655+
init_vir_mem_w2_comm: Option<Pcs::Commitment>,
656+
init_vir_mem_w3_comm: Option<Pcs::Commitment>,
657+
init_vir_mem_w3_shifted_comm: Option<Pcs::Commitment>,
658+
640659
phy_mem_addr_w2_comm: Option<Pcs::Commitment>,
641660
phy_mem_addr_w3_comm: Option<Pcs::Commitment>,
642661
phy_mem_addr_w3_shifted_comm: Option<Pcs::Commitment>,
@@ -1613,7 +1632,7 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
16131632

16141633
// Initial Physical Memory-as-a-whole
16151634
let timer_sec_gen = Timer::new("init_phy_mem_witness_gen");
1616-
let (init_phy_mem_w2_prover, _, init_phy_mem_w3_prover, _, init_phy_mem_w3_shifted_prover, _) =
1635+
let (init_phy_mem_w2_prover, init_phy_mem_w2_comm, init_phy_mem_w3_prover, init_phy_mem_w3_comm, init_phy_mem_w3_shifted_prover, init_phy_mem_w3_shifted_comm) =
16171636
Self::mem_gen::<INIT_PHY_MEM_WIDTH>(
16181637
total_num_init_phy_mem_accesses,
16191638
&init_phy_mems_list,
@@ -1626,7 +1645,7 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
16261645

16271646
// Initial Virtual Memory-as-a-whole
16281647
let timer_sec_gen = Timer::new("init_vir_mem_witness_gen");
1629-
let (init_vir_mem_w2_prover, _, init_vir_mem_w3_prover, _, init_vir_mem_w3_shifted_prover, _) =
1648+
let (init_vir_mem_w2_prover, init_vir_mem_w2_comm, init_vir_mem_w3_prover, init_vir_mem_w3_comm, init_vir_mem_w3_shifted_prover, init_vir_mem_w3_shifted_comm) =
16301649
Self::mem_gen::<INIT_VIR_MEM_WIDTH>(
16311650
total_num_init_vir_mem_accesses,
16321651
&init_vir_mems_list,
@@ -1648,6 +1667,24 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
16481667
transcript,
16491668
&poly_pp,
16501669
);
1670+
1671+
for op_comm in vec![
1672+
init_phy_mem_w2_comm,
1673+
init_phy_mem_w3_comm,
1674+
init_phy_mem_w3_shifted_comm,
1675+
init_vir_mem_w2_comm,
1676+
init_vir_mem_w3_comm,
1677+
init_vir_mem_w3_shifted_comm,
1678+
phy_mem_addr_w2_comm,
1679+
phy_mem_addr_w3_comm,
1680+
phy_mem_addr_w3_shifted_comm,
1681+
] {
1682+
match op_comm {
1683+
Some(comm) => Pcs::write_commitment(comm, transcript),
1684+
None => Ok(()),
1685+
}
1686+
}
1687+
16511688
timer_sec_gen.stop();
16521689

16531690
// Virtual Memory-as-a-whole
@@ -1701,6 +1738,14 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
17011738
let (vir_mem_addr_w3_mle, vir_mem_addr_w3_p_comm, vir_mem_addr_w3_v_comm) = Self::mat_to_comm(&vir_mem_addr_w3, &poly_pp);
17021739
let (vir_mem_addr_w3_shifted_mle, vir_mem_addr_w3_shifted_p_comm, vir_mem_addr_w3_shifted_v_comm) = Self::mat_to_comm(&vir_mem_addr_w3_shifted_mat, &poly_pp);
17031740

1741+
for comm in vec![
1742+
vir_mem_addr_w2_v_comm,
1743+
vir_mem_addr_w3_v_comm,
1744+
vir_mem_addr_w3_shifted_v_comm,
1745+
] {
1746+
Pcs::write_commitment(comm, transcript);
1747+
}
1748+
17041749
let vir_mem_addr_w2_prover =
17051750
ProverWitnessSecInfo::new(vec![vir_mem_addr_w2], vec![vir_mem_addr_w2_mle], vec![vir_mem_addr_w2_p_comm]);
17061751
let vir_mem_addr_w3_prover =
@@ -2394,6 +2439,14 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
23942439
block_w2_comm_list,
23952440
block_w3_comm_list,
23962441
block_w3_shifted_comm_list,
2442+
2443+
init_phy_mem_w2_comm,
2444+
init_phy_mem_w3_comm,
2445+
init_phy_mem_w3_shifted_comm,
2446+
init_vir_mem_w2_comm,
2447+
init_vir_mem_w3_comm,
2448+
init_vir_mem_w3_shifted_comm,
2449+
23972450
phy_mem_addr_w2_comm,
23982451
phy_mem_addr_w3_comm,
23992452
phy_mem_addr_w3_shifted_comm,
@@ -2744,21 +2797,23 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
27442797
.next_power_of_two()
27452798
})
27462799
.collect();
2747-
VerifierWitnessSecInfo::new(block_w2_size_list, &block_num_proofs)
2800+
VerifierWitnessSecInfo::new(block_w2_size_list, &block_num_proofs, self.block_w2_comm_list)
27482801
};
27492802
(
2750-
VerifierWitnessSecInfo::new(vec![num_ios], &vec![1]),
2751-
VerifierWitnessSecInfo::new(vec![num_ios], &vec![consis_num_proofs]),
2752-
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![consis_num_proofs]),
2753-
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![consis_num_proofs]),
2803+
VerifierWitnessSecInfo::new(vec![num_ios], &vec![1], vec![Pcs::Commitment::default()]),
2804+
VerifierWitnessSecInfo::new(vec![num_ios], &vec![consis_num_proofs], vec![self.perm_exec_w2_comm]),
2805+
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![consis_num_proofs], vec![self.perm_exec_w3_comm]),
2806+
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![consis_num_proofs], vec![self.perm_exec_w3_shifted_comm]),
27542807
block_w2_verifier,
27552808
VerifierWitnessSecInfo::new(
27562809
vec![W3_WIDTH; block_num_instances],
27572810
&block_num_proofs.clone(),
2811+
self.block_w3_comm_list,
27582812
),
27592813
VerifierWitnessSecInfo::new(
27602814
vec![W3_WIDTH; block_num_instances],
27612815
&block_num_proofs.clone(),
2816+
self.block_w3_shifted_comm_list,
27622817
),
27632818
)
27642819
};
@@ -2782,9 +2837,10 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
27822837
VerifierWitnessSecInfo::new(
27832838
vec![INIT_PHY_MEM_WIDTH],
27842839
&vec![total_num_init_phy_mem_accesses],
2840+
vec![self.init_phy_mem_w2_comm.expect("commitment should exist")]
27852841
),
2786-
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_init_phy_mem_accesses]),
2787-
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_init_phy_mem_accesses]),
2842+
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_init_phy_mem_accesses], vec![self.init_phy_mem_w3_comm.expect("commitment should exist")]),
2843+
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_init_phy_mem_accesses], vec![self.init_phy_mem_w3_shifted_comm.expect("commitment should exist")]),
27882844
)
27892845
} else {
27902846
(
@@ -2801,9 +2857,10 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
28012857
VerifierWitnessSecInfo::new(
28022858
vec![INIT_VIR_MEM_WIDTH],
28032859
&vec![total_num_init_vir_mem_accesses],
2860+
vec![self.init_vir_mem_w2_comm.expect("commitment should exist")],
28042861
),
2805-
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_init_vir_mem_accesses]),
2806-
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_init_vir_mem_accesses]),
2862+
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_init_vir_mem_accesses], vec![self.init_vir_mem_w3_comm.expect("commitment should exist")]),
2863+
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_init_vir_mem_accesses], vec![self.init_vir_mem_w3_shifted_comm.expect("commitment should exist")]),
28072864
)
28082865
} else {
28092866
(
@@ -2817,9 +2874,9 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
28172874
let (phy_mem_addr_w2_verifier, phy_mem_addr_w3_verifier, phy_mem_addr_w3_shifted_verifier) = {
28182875
if total_num_phy_mem_accesses > 0 {
28192876
(
2820-
VerifierWitnessSecInfo::new(vec![PHY_MEM_WIDTH], &vec![total_num_phy_mem_accesses]),
2821-
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_phy_mem_accesses]),
2822-
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_phy_mem_accesses]),
2877+
VerifierWitnessSecInfo::new(vec![PHY_MEM_WIDTH], &vec![total_num_phy_mem_accesses], vec![self.phy_mem_addr_w2_comm.expect("commitment should exist")]),
2878+
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_phy_mem_accesses], vec![self.phy_mem_addr_w3_comm].expect("commitment should exist")),
2879+
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_phy_mem_accesses], vec![self.phy_mem_addr_w3_shifted_comm].expect("commitment should exist")),
28232880
)
28242881
} else {
28252882
(
@@ -2832,10 +2889,18 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
28322889

28332890
let (vir_mem_addr_w2_verifier, vir_mem_addr_w3_verifier, vir_mem_addr_w3_shifted_verifier) = {
28342891
if total_num_vir_mem_accesses > 0 {
2892+
for comm in vec![
2893+
self.vir_mem_addr_w2_comm,
2894+
self.vir_mem_addr_w3_comm,
2895+
self.vir_mem_addr_w3_shifted_comm,
2896+
] {
2897+
Pcs::write_commitment(comm, transcript);
2898+
}
2899+
28352900
(
2836-
VerifierWitnessSecInfo::new(vec![VIR_MEM_WIDTH], &vec![total_num_vir_mem_accesses]),
2837-
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_vir_mem_accesses]),
2838-
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_vir_mem_accesses]),
2901+
VerifierWitnessSecInfo::new(vec![VIR_MEM_WIDTH], &vec![total_num_vir_mem_accesses], vec![self.vir_mem_addr_w2_comm]),
2902+
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_vir_mem_accesses], vec![self.vir_mem_addr_w3_comm]),
2903+
VerifierWitnessSecInfo::new(vec![W3_WIDTH], &vec![total_num_vir_mem_accesses], vec![self.vir_mem_addr_w3_shifted_comm]),
28392904
)
28402905
} else {
28412906
(
@@ -2848,16 +2913,16 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
28482913

28492914
let (block_vars_verifier, exec_inputs_verifier) = {
28502915
// add the commitment to the verifier's transcript
2916+
for comm in self.block_vars_comm_list.into_iter().chain(vec![self.exec_inputs_comm]) {
2917+
Pcs::write_commitment(comm, transcript);
2918+
}
2919+
28512920
(
2852-
VerifierWitnessSecInfo::new(block_num_vars, &block_num_proofs),
2853-
VerifierWitnessSecInfo::new(vec![num_ios], &vec![consis_num_proofs]),
2921+
VerifierWitnessSecInfo::new(block_num_vars, &block_num_proofs, self.block_vars_comm_list),
2922+
VerifierWitnessSecInfo::new(vec![num_ios], &vec![consis_num_proofs], vec![self.exec_inputs_comm]),
28542923
)
28552924
};
28562925

2857-
for comm in self.block_vars_comm_list.into_iter().chain(vec![self.exec_inputs_comm]) {
2858-
Pcs::write_commitment(comm, transcript);
2859-
}
2860-
28612926
let init_phy_mems_verifier = {
28622927
if input_stack.len() > 0 {
28632928
assert_eq!(
@@ -2887,6 +2952,7 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
28872952
VerifierWitnessSecInfo::new(
28882953
vec![INIT_PHY_MEM_WIDTH],
28892954
&vec![total_num_init_phy_mem_accesses],
2955+
vec![Pcs::Commitment::default()],
28902956
)
28912957
} else {
28922958
VerifierWitnessSecInfo::dummy()
@@ -2921,6 +2987,7 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
29212987
VerifierWitnessSecInfo::new(
29222988
vec![INIT_VIR_MEM_WIDTH],
29232989
&vec![total_num_init_vir_mem_accesses],
2990+
vec![Pcs::Commitment::default()],
29242991
)
29252992
} else {
29262993
VerifierWitnessSecInfo::dummy()
@@ -2936,8 +3003,8 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
29363003
Pcs::write_commitment(comm, transcript);
29373004
}
29383005
(
2939-
VerifierWitnessSecInfo::new(vec![PHY_MEM_WIDTH], &vec![total_num_phy_mem_accesses]),
2940-
VerifierWitnessSecInfo::new(vec![PHY_MEM_WIDTH], &vec![total_num_phy_mem_accesses]),
3006+
VerifierWitnessSecInfo::new(vec![PHY_MEM_WIDTH], &vec![total_num_phy_mem_accesses], vec![self.addr_phy_mems_comm.expect("commitment should exist")]),
3007+
VerifierWitnessSecInfo::new(vec![PHY_MEM_WIDTH], &vec![total_num_phy_mem_accesses], vec![self.addr_phy_mems_shifted_comm.expect("commitment should exist")]),
29413008
)
29423009
} else {
29433010
(
@@ -2952,15 +3019,17 @@ impl<E: ExtensionField + Send + Sync, Pcs: PolynomialCommitmentScheme<E>> SNARK<
29523019
for comm in vec![
29533020
self.addr_vir_mems_comm,
29543021
self.addr_vir_mems_shifted_comm,
3022+
self.addr_ts_bits_comm,
29553023
] {
29563024
Pcs::write_commitment(comm, transcript);
29573025
}
29583026
(
2959-
VerifierWitnessSecInfo::new(vec![VIR_MEM_WIDTH], &vec![total_num_vir_mem_accesses]),
2960-
VerifierWitnessSecInfo::new(vec![VIR_MEM_WIDTH], &vec![total_num_vir_mem_accesses]),
3027+
VerifierWitnessSecInfo::new(vec![VIR_MEM_WIDTH], &vec![total_num_vir_mem_accesses], vec![self.addr_vir_mems_comm.expect("commitment should exist")]),
3028+
VerifierWitnessSecInfo::new(vec![VIR_MEM_WIDTH], &vec![total_num_vir_mem_accesses], vec![self.addr_vir_mems_shifted_comm.expect("commitment should exist")]),
29613029
VerifierWitnessSecInfo::new(
29623030
vec![mem_addr_ts_bits_size],
29633031
&vec![total_num_vir_mem_accesses],
3032+
vec![self.addr_ts_bits_comm.expect("commitment should exist")],
29643033
),
29653034
)
29663035
} else {

0 commit comments

Comments
 (0)