Skip to content
This repository was archived by the owner on Feb 17, 2025. It is now read-only.

Commit 4b0dd69

Browse files
ETatuzovaETatuzova
committed
External gates #21 
1 parent f0936d7 commit 4b0dd69

File tree

4 files changed

+62
-48
lines changed

4 files changed

+62
-48
lines changed

include/nil/blueprint/transpiler/templates/commitment_scheme.hpp

+5-19
Original file line numberDiff line numberDiff line change
@@ -114,7 +114,8 @@ contract modular_commitment_scheme_$TEST_NAME$ {
114114
$POINTS_INITIALIZATION$
115115
}
116116
117-
function prepare_U_V(bytes calldata blob, commitment_state memory state, uint256 xi) internal view{
117+
function prepare_U_V(bytes calldata blob, commitment_state memory state, uint256 xi) internal view returns(bool result){
118+
result = true;
118119
uint64 ind = 0;
119120
prepare_eval_points(state.unique_eval_points, xi);
120121
// Prepare denominators
@@ -151,7 +152,6 @@ contract modular_commitment_scheme_$TEST_NAME$ {
151152
addmod(state.unique_eval_points[ind][2], modulus - state.unique_eval_points[ind][0], modulus),
152153
modulus
153154
);
154-
console.log("STATE 3 factor", state.factors[ind]);
155155
state.denominators[ind][3] = 1;
156156
state.denominators[ind][2] =
157157
modulus - addmod(
@@ -181,6 +181,7 @@ contract modular_commitment_scheme_$TEST_NAME$ {
181181
state.denominators[ind][3] = mulmod(state.denominators[ind][3], state.factors[ind], modulus);
182182
} else {
183183
console.log("UNPROCESSED length");
184+
return false;
184185
}
185186
unchecked{ind++;}
186187
}
@@ -236,7 +237,7 @@ contract modular_commitment_scheme_$TEST_NAME$ {
236237
state.combined_U[ind][1] = addmod(state.combined_U[ind][1], tmp[1], modulus);
237238
state.combined_U[ind][2] = addmod(state.combined_U[ind][2], tmp[2], modulus);
238239
} else {
239-
require(false, "Unsupported eval points length");
240+
return false;
240241
}
241242
}
242243
offset += state.unique_eval_points[cur_point].length * 0x20;
@@ -250,10 +251,8 @@ contract modular_commitment_scheme_$TEST_NAME$ {
250251
251252
function compute_combined_Q(bytes calldata blob,commitment_state memory state) internal view returns(uint256[2] memory y){
252253
for(uint256 p = 0; p < unique_points; ){
253-
console.log("Point size = ", state.unique_eval_points[p].length);
254254
uint256[2] memory tmp;
255255
uint256 offset = state.initial_data_offset - state.poly_num * 0x40; // Save initial data offset for future use;
256-
console.logBytes(blob[offset: offset+0x20]);
257256
uint256 cur = 0;
258257
for(uint256 b = 0; b < batches_num;){
259258
for(uint256 j = 0; j < state.batch_sizes[b];){
@@ -275,21 +274,13 @@ contract modular_commitment_scheme_$TEST_NAME$ {
275274
}
276275
unchecked{b++;}
277276
}
278-
console.log("Before U and V ", tmp[0]);
279-
console.log("Before U and V ", tmp[1]);
280277
tmp[0] = mulmod(tmp[0], state.factors[p], modulus);
281278
tmp[1] = mulmod(tmp[1], state.factors[p], modulus);
282279
uint256 s = state.x;
283280
tmp[0] = addmod(tmp[0], modulus - polynomial.evaluate(state.combined_U[p], s , modulus), modulus);
284281
tmp[1] = addmod(tmp[1], modulus - polynomial.evaluate(state.combined_U[p], modulus - s, modulus), modulus);
285282
tmp[0] = mulmod(tmp[0], field.inverse_static(polynomial.evaluate(state.denominators[p], s, modulus), modulus), modulus);
286283
tmp[1] = mulmod(tmp[1], field.inverse_static(polynomial.evaluate(state.denominators[p], modulus - s, modulus), modulus), modulus);
287-
console.log("Factor = ", state.factors[p] );
288-
console.log("U[0]= ", mulmod( field.inverse_static(state.factors[p], modulus), polynomial.evaluate(state.combined_U[p], s, modulus), modulus));
289-
console.log("U[1]= ", mulmod( field.inverse_static(state.factors[p], modulus), polynomial.evaluate(state.combined_U[p], modulus - s, modulus), modulus));
290-
console.log("Denominator[0]= ", polynomial.evaluate(state.denominators[p], s, modulus));
291-
console.log("Denominator[1]= ", polynomial.evaluate(state.denominators[p], modulus - s, modulus));
292-
console.log("Point size", state.unique_eval_points[p].length);
293284
y[0] = addmod(y[0], tmp[0], modulus);
294285
y[1] = addmod(y[1], tmp[1], modulus);
295286
unchecked{p++;}
@@ -412,10 +403,8 @@ contract modular_commitment_scheme_$TEST_NAME$ {
412403
),
413404
modulus
414405
);
415-
console.log("tmp = ", tmp);
416406
uint256 tmp1 = mulmod(colinear_value , 2, modulus);
417407
tmp1 = mulmod(tmp1 , x, modulus);
418-
console.log("tmp1 = ", tmp1);
419408
if( tmp != tmp1 ){
420409
console.log("Colinear check failed");
421410
return false;
@@ -479,7 +468,6 @@ contract modular_commitment_scheme_$TEST_NAME$ {
479468
console.log("Initial points:", basic_marshalling.get_length(blob, offset));
480469
offset += 0x8 + 0x20*basic_marshalling.get_length(blob, offset);
481470
}
482-
console.logBytes32(bytes32(basic_marshalling.get_uint256_be(blob, offset)));
483471
484472
unchecked{
485473
state.round_data_offset = offset + 0x8;
@@ -488,7 +476,6 @@ contract modular_commitment_scheme_$TEST_NAME$ {
488476
console.log("Initial merkle proofs", basic_marshalling.get_length(blob, offset));
489477
offset += 0x8;
490478
}
491-
console.logBytes32(bytes32(basic_marshalling.get_uint256_be(blob, offset)));
492479
state.initial_proof_offset = offset;
493480
for(uint8 i = 0; i < lambda;){
494481
for(uint j = 0; j < batches_num;){
@@ -499,7 +486,6 @@ contract modular_commitment_scheme_$TEST_NAME$ {
499486
unchecked{i++;}
500487
}
501488
console.log("Round merkle proof:", basic_marshalling.get_length(blob, offset));
502-
console.logBytes32(bytes32(basic_marshalling.get_uint256_be(blob, offset)));
503489
offset += 0x8;
504490
state.round_proof_offset = offset;
505491
@@ -524,7 +510,7 @@ contract modular_commitment_scheme_$TEST_NAME$ {
524510
return false;
525511
}
526512
527-
prepare_U_V(blob, state, challenge);
513+
if( !prepare_U_V(blob, state, challenge) ) return false;
528514
529515
state.leaf_data = new bytes(state.max_batch * 0x40 + 0x40);
530516
for(uint256 i = 0; i < lambda;){

include/nil/blueprint/transpiler/templates/gate_argument.hpp

+3-2
Original file line numberDiff line numberDiff line change
@@ -26,16 +26,17 @@ pragma solidity >=0.8.4;
2626
2727
import "../../types.sol";
2828
import "../../basic_marshalling.sol";
29+
import "../../interfaces/modular_gate_argument.sol";
2930
import "hardhat/console.sol";
3031
31-
library modular_gate_argument_$TEST_NAME${
32+
contract modular_gate_argument_$TEST_NAME$ is IGateArgument{
3233
uint256 constant modulus = $MODULUS$;
3334
3435
// Append commitments
3536
function verify(
3637
bytes calldata blob,
3738
uint256 theta
38-
) internal view returns (uint256 F){
39+
) external view returns (uint256 F){
3940
console.log("Compute gate argument");
4041
$GATE_ARGUMENT_COMPUTATION$
4142
}

include/nil/blueprint/transpiler/templates/lookup_argument.hpp

+3-2
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55

66
namespace nil {
77
namespace blueprint {
8-
std::string lookup_library_call = R"(
8+
/* std::string lookup_library_call = R"(
99
{
1010
uint256 lookup_offset = table_offset + quotient_offset + uint256(uint8(blob[z_offset + basic_marshalling.get_length(blob, z_offset - 0x8) *0x20 + 0xf])) * 0x20;
1111
uint256[4] memory lookup_argument;
@@ -22,7 +22,7 @@ namespace nil {
2222
F[6] = lookup_argument[3];
2323
}
2424
)";
25-
25+
*/
2626
std::string modular_dummy_lookup_argument_library_template = R"(
2727
// SPDX-License-Identifier: Apache-2.0.
2828
//---------------------------------------------------------------------------//
@@ -81,6 +81,7 @@ import "../../cryptography/transcript.sol";
8181
import "../../interfaces/modular_lookup_argument.sol";
8282
import "hardhat/console.sol";
8383
84+
//contract modular_lookup_argument_$TEST_NAME$ is ILookupArgument{
8485
library modular_lookup_argument_$TEST_NAME${
8586
uint256 constant modulus = $MODULUS$;
8687
uint8 constant tables = 1;

include/nil/blueprint/transpiler/templates/modular_verifier.hpp

+51-25
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,24 @@
55

66
namespace nil {
77
namespace blueprint {
8+
std::string lookup_library_call = R"(
9+
{
10+
uint256 lookup_offset = table_offset + quotient_offset + uint256(uint8(blob[z_offset + basic_marshalling.get_length(blob, z_offset - 0x8) *0x20 + 0xf])) * 0x20;
11+
uint256[4] memory lookup_argument;
12+
(lookup_argument, tr_state.current_challenge) = modular_lookup_argument_$TEST_NAME$.verify(
13+
blob[special_selectors_offset: table_offset + quotient_offset],
14+
blob[lookup_offset:lookup_offset + sorted_columns * 0x20],
15+
basic_marshalling.get_uint256_be(blob, 0x81),
16+
state.l0,
17+
tr_state.current_challenge
18+
);
19+
state.F[3] = lookup_argument[0];
20+
state.F[4] = lookup_argument[1];
21+
state.F[5] = lookup_argument[2];
22+
state.F[6] = lookup_argument[3];
23+
}
24+
)";
25+
826
std::string modular_verifier_template = R"(
927
// SPDX-License-Identifier: Apache-2.0.
1028
//---------------------------------------------------------------------------//
@@ -58,8 +76,8 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
5876
5977
function initialize(
6078
// address permutation_argument_address,
61-
// address lookup_argument_address,
62-
// address gate_argument_address,
79+
address lookup_argument_address,
80+
address gate_argument_address,
6381
address commitment_contract_address
6482
) public{
6583
console.log("Initialize");
@@ -68,30 +86,37 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
6886
transcript.update_transcript_b32(tr_state, vk1);
6987
transcript.update_transcript_b32(tr_state, vk2);
7088
71-
// _gate_argument_address = gate_argument_address;
7289
// _permutation_argument_address = permutation_argument_address;
73-
// _lookup_argument_address = lookup_argument_address;
90+
_lookup_argument_address = lookup_argument_address;
91+
_gate_argument_address = gate_argument_address;
7492
_commitment_contract_address = commitment_contract_address;
7593
7694
ICommitmentScheme commitment_scheme = ICommitmentScheme(commitment_contract_address);
7795
tr_state.current_challenge = commitment_scheme.initialize(tr_state.current_challenge);
7896
transcript_state = tr_state.current_challenge;
7997
}
8098
99+
struct verifier_state{
100+
uint256 xi;
101+
uint256 Z_at_xi;
102+
uint256 l0;
103+
uint256[f_parts] F;
104+
}
105+
81106
function verify(
82107
bytes calldata blob
83108
) public view{
109+
verifier_state memory state;
84110
uint256 gas = gasleft();
85111
uint256 xi = basic_marshalling.get_uint256_be(blob, $EVAL_PROOF_OFFSET$);
86-
uint256 Z_at_xi = addmod(field.pow_small(xi, rows_amount, modulus), modulus-1, modulus);
87-
uint256 l0 = mulmod(
88-
Z_at_xi,
112+
state.Z_at_xi = addmod(field.pow_small(xi, rows_amount, modulus), modulus-1, modulus);
113+
state.l0 = mulmod(
114+
state.Z_at_xi,
89115
field.inverse_static(mulmod(addmod(xi, modulus - 1, modulus), rows_amount, modulus), modulus),
90116
modulus
91117
);
92-
uint256[f_parts] memory F;
93118
94-
console.log("l0 = ", l0);
119+
console.log("l0 = ", state.l0);
95120
96121
//0. Check proof size
97122
// No direct public input
@@ -110,11 +135,11 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
110135
blob[$Z_OFFSET$:$TABLE_Z_OFFSET$+$QUOTIENT_OFFSET$],
111136
transcript.get_field_challenge(tr_state, modulus),
112137
transcript.get_field_challenge(tr_state, modulus),
113-
l0
138+
state.l0
114139
);
115-
F[0] = permutation_argument[0];
116-
F[1] = permutation_argument[1];
117-
F[2] = permutation_argument[2];
140+
state.F[0] = permutation_argument[0];
141+
state.F[1] = permutation_argument[1];
142+
state.F[2] = permutation_argument[2];
118143
}
119144
120145
$LOOKUP_LIBRARY_CALL$
@@ -124,7 +149,8 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
124149
125150
{
126151
//6. Gate argument
127-
F[7] = modular_gate_argument_$TEST_NAME$.verify(blob[table_offset:table_end_offset], transcript.get_field_challenge(tr_state, modulus));
152+
IGateArgument modular_gate_argument = IGateArgument(_gate_argument_address);
153+
state.F[7] = modular_gate_argument.verify(blob[table_offset:table_end_offset], transcript.get_field_challenge(tr_state, modulus));
128154
}
129155
130156
// No public input gate
@@ -133,7 +159,7 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
133159
{
134160
//7. Push quotient to transcript
135161
for( uint8 i = 0; i < f_parts;){
136-
F_consolidated = addmod(F_consolidated, mulmod(F[i],transcript.get_field_challenge(tr_state, modulus), modulus), modulus);
162+
F_consolidated = addmod(F_consolidated, mulmod(state.F[i],transcript.get_field_challenge(tr_state, modulus), modulus), modulus);
137163
unchecked{i++;}
138164
}
139165
uint256 points_num = basic_marshalling.get_length(blob, $EVAL_PROOF_OFFSET$ + 0x20);
@@ -168,21 +194,21 @@ contract modular_verifier_$TEST_NAME$ is IModularVerifier{
168194
mulmod(basic_marshalling.get_uint256_be(blob, table_offset + quotient_offset + i *0x20), factor, modulus),
169195
modulus
170196
);
171-
factor = mulmod(factor, Z_at_xi + 1, modulus);
197+
factor = mulmod(factor, state.Z_at_xi + 1, modulus);
172198
unchecked{i++;}
173199
}
174200
console.log("T_consolidated = ", T_consolidated);
175-
if( F_consolidated == mulmod(T_consolidated, Z_at_xi, modulus) ) console.log("SUCCESS!");
201+
if( F_consolidated == mulmod(T_consolidated, state.Z_at_xi, modulus) ) console.log("SUCCESS!");
176202
}
177203
178-
console.log("F[0] = ", F[0]);
179-
console.log("F[1] = ", F[1]);
180-
console.log("F[2] = ", F[2]);
181-
console.log("F[3] = ", F[3]);
182-
console.log("F[4] = ", F[4]);
183-
console.log("F[5] = ", F[5]);
184-
console.log("F[6] = ", F[6]);
185-
console.log("F[7] = ", F[7]);
204+
console.log("F[0] = ", state.F[0]);
205+
console.log("F[1] = ", state.F[1]);
206+
console.log("F[2] = ", state.F[2]);
207+
console.log("F[3] = ", state.F[3]);
208+
console.log("F[4] = ", state.F[4]);
209+
console.log("F[5] = ", state.F[5]);
210+
console.log("F[6] = ", state.F[6]);
211+
console.log("F[7] = ", state.F[7]);
186212
console.log("F_consolidated = ", F_consolidated);
187213
console.log("Gas for verification:", gas-gasleft());
188214
}

0 commit comments

Comments
 (0)