New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat(Zeromorph PCS): Add Zeromorph Multilinear PCS Scheme #339

Merged

moodlezoup merged 17 commits into a16z:main from PatStiles:feat/zeromorph_pcs

Jun 3, 2024

Contributor

PatStiles commented May 3, 2024

Refactors #66 for new Jolt CommitmentScheme Trait and addresses #249.

PatStiles marked this pull request as draft

May 3, 2024 05:10

PatStiles marked this pull request as ready for review

May 23, 2024 05:10

moodlezoup reviewed

View reviewed changes

Collaborator

moodlezoup left a comment

This is huge, thank you @PatStiles !!

I'm going to read the zeromorph paper and do another pass tomorrow, but in the mean time here are some nits –– also, it looks like tests are broken after the recent git merge, could you fix those (and the other CI failures)?

jolt-core/src/poly/unipoly.rs Outdated

Comment on lines 146 to 149

+                      #[cfg(feature = "multicore")]
+                      let iter = self.coeffs.par_iter_mut();
+                      #[cfg(not(feature = "multicore"))]
+                      let iter = self.coeffs.iter_mut();

Collaborator

moodlezoup May 29, 2024

the multicore feature is a vestigial thing, we should get rid of it entirely

Suggested change

      
                    #[cfg(feature = "multicore")]
          
                    let iter = self.coeffs.par_iter_mut();
          
                    #[cfg(not(feature = "multicore"))]
          
                    let iter = self.coeffs.iter_mut();
          
                    let iter = self.coeffs.par_iter_mut();

Collaborator

moodlezoup May 29, 2024

This AddAssign impl is a bit unintuitive, I'd expect adding a scalar to a univariate polynomial to only change the degree-0 coefficient. Maybe move this function to the struct impl and rename it shift_coefficients or something?

jolt-core/src/poly/commitment/kzg.rs Outdated

+              }
+              #[derive(Debug, Clone, Eq, PartialEq, Default)]
+              pub struct UVKZGPCS<P: Pairing> {

Collaborator

moodlezoup May 29, 2024

nit:

Suggested change

      
            pub struct UVKZGPCS<P: Pairing> {
          
            pub struct UnivariateKZG<P: Pairing> {

jolt-core/src/poly/commitment/kzg.rs Outdated

Comment on lines 191 to 193

+                  fn kzg_verify<P: Pairing>(
+                      vk: &KZGVerifierKey<P>,
+                      commitment: &P::G1Affine,
+                      point: &P::ScalarField,
+                      proof: &P::G1Affine,
+                      evaluation: &P::ScalarField,
+                  ) -> Result<bool, ProofVerifyError> {
+                      let lhs = P::pairing(
+                          commitment.into_group() - vk.g1.into_group() * evaluation,
+                          vk.g2,
+                      );
+                      let rhs = P::pairing(proof, vk.beta_g2.into_group() - (vk.g2 * point));
+                      Ok(lhs == rhs)
+                  }

Collaborator

moodlezoup May 29, 2024

let's move this to the UVKZGPCS impl

jolt-core/src/poly/commitment/kzg.rs Outdated

Comment on lines 133 to 137

+                      let scalars = poly.as_vec();
+                      let bases = pk.g1_powers();
+                      let c = <P::G1 as VariableBaseMSM>::msm(
+                          &bases[offset..scalars.len()],
+                          &poly.as_vec()[offset..],

Collaborator

moodlezoup May 29, 2024

Let's just make the coeffs field on UniPoly pub, so we can avoid these as_vec() calls

jolt-core/src/poly/commitment/kzg.rs Outdated

Comment on lines 155 to 156

		&pk.g1_powers()[..poly.as_vec().len()],
		&poly.as_vec().as_slice(),

Collaborator

moodlezoup May 29, 2024

same thing here

jolt-core/src/poly/commitment/kzg.rs Outdated

Comment on lines 173 to 174

		&pk.g1_powers()[..witness_poly.as_vec().len()],
		&witness_poly.as_vec().as_slice(),

Collaborator

moodlezoup May 29, 2024

...and here

jolt-core/src/poly/unipoly.rs Outdated

@@ @@ -50,6 +55,49 @@ impl<F: JoltField> UniPoly<F> { @@
                       gaussian_elimination(&mut vandermonde)
                   }
+                  /// Divide self by another polynomial, and returns the
+                  /// quotient and remainder.
+                  pub fn divide_with_q_and_r(&self, divisor: &Self) -> Option<(Self, Self)> {

Collaborator

moodlezoup May 29, 2024

nit

Suggested change

      
                pub fn divide_with_q_and_r(&self, divisor: &Self) -> Option<(Self, Self)> {
          
                pub fn divide_with_remainder(&self, divisor: &Self) -> Option<(Self, Self)> {

jolt-core/src/poly/commitment/zeromorph.rs Outdated

Comment on lines 20 to 21

		#[cfg(feature = "ark-msm")]
		use ark_ec::VariableBaseMSM;

Collaborator

moodlezoup May 29, 2024

we got rid of this feature

Suggested change

      
            #[cfg(feature = "ark-msm")]
          
            use ark_ec::VariableBaseMSM;

jolt-core/src/poly/commitment/zeromorph.rs Outdated

+                      .take(num_vars + 1)
+                      .collect();
+                  // offsets of x =

Collaborator

moodlezoup May 29, 2024

nit: delete comment

jolt-core/src/poly/commitment/zeromorph.rs Outdated

Comment on lines 212 to 216

+                      .zip(offsets_of_x)
+                      .zip(squares_of_x)
+                      .zip(&vs)
+                      .zip(&vs[1..])
+                      .zip(challenges.iter().rev())

Collaborator

moodlezoup May 29, 2024

nit: use izip! here

moodlezoup reviewed

View reviewed changes

jolt-core/src/poly/commitment/zeromorph.rs Outdated

+                      transcript: &mut ProofTranscript,
+                  ) -> Self::Proof {
+                      let eval = poly.evaluate(&opening_point);
+                      Zeromorph::<P>::open(&setup.0, &poly, &opening_point, &eval, transcript).unwrap()

Collaborator

moodlezoup May 30, 2024

is there any reason to have this CommitmentScheme impl wrap the struct impl? If not, I'd prefer to get rid of the struct impl

Ethan-000 mentioned this pull request

Add support for Zeromorph and/or HyperKZG commitments in addition to Hyrax #208

Closed

PatStiles force-pushed the feat/zeromorph_pcs branch from 198c252 to 830cf41 Compare

May 31, 2024 19:53

PatStiles added 13 commits

May 31, 2024 14:17


          add kzg

26a84ab


          port quotient construction methods and unipoly methods

372d770


          zm skeleton

20d12d6


          IT VERIFIES!

a4033db


          batched commits work

74c6ac7


          jolt-zeromorph works

59e97a0


          add e2e pcs benches + nit

e9d5530


          split zm and kzg rm old kzg

f14e9aa

fmt

34d58e0

nit

ff5e564


          nits

f50f071


          use izip

f4ae5b3


          fix incorrect jolt vm interface

8ece39b

PatStiles force-pushed the feat/zeromorph_pcs branch from 830cf41 to 8ece39b Compare

May 31, 2024 20:46

PatStiles added 4 commits

May 31, 2024 14:59

fmt

34a380a


          nits

8d6dccd

nit

5b67258

ci

802df0a

Ethan-000 mentioned this pull request

feat: hyperkzg pcs #373

Merged

moodlezoup approved these changes

View reviewed changes

Collaborator

moodlezoup left a comment

Amazing work! Thanks for the fixes

moodlezoup merged commit 0924c23 into a16z:main

2 of 3 checks passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet