Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rust implementation of extension field elements multiplication #167

Merged
merged 19 commits into from
Aug 22, 2024
Merged

Rust implementation of extension field elements multiplication #167

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
094f105
Adds preliminary Rust implementation for extf_mul
raugfer Aug 20, 2024
e00a665
Merge branch 'main' into rust-extf-mul
raugfer Aug 20, 2024
4d9d117
Applies formatting to Rust code
raugfer Aug 20, 2024
3fd8e4e
Adds missing import
raugfer Aug 20, 2024
f3a88aa
Simplifications to extf_mul code
raugfer Aug 20, 2024
1717c49
Adjustments to comments
raugfer Aug 20, 2024
e66c20a
Splits the extf_mul function and adds irreducible polynomials as para…
raugfer Aug 21, 2024
97d3e98
Refactoring of extf_mul
raugfer Aug 21, 2024
38032f3
Refactors extf_mul, moves curve_id specifics to lib.rs
raugfer Aug 21, 2024
00729f5
fix incorrect ecip naming
feltroidprime Aug 21, 2024
dc5a809
Adjusts padding at the end of extf_mul
raugfer Aug 21, 2024
78e4d11
Merge branch 'main' into rust-extf-mul
raugfer Aug 21, 2024
34bf405
Fixes corner case for zero polynomial where the coefficient list is e…
raugfer Aug 21, 2024
0915ae2
Adds parse_field_elements_from_list function
raugfer Aug 21, 2024
c57e50d
Replaces bytes by bigint when calling ecip and extf_mul from Python
raugfer Aug 21, 2024
de781fe
Removes unnecessary import
raugfer Aug 21, 2024
6e2c50a
move parsing to io.rs
feltroidprime Aug 22, 2024
0a68d85
apply clippy --fix
feltroidprime Aug 22, 2024
356b24a
apply clippy suggestions
feltroidprime Aug 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 1 addition & 5 deletions hydra/garaga/hints/ecip.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,12 +107,8 @@ def zk_ecip_hint(
if ec_group_class == G1Point and use_rust:
pts = []
c_id = Bs[0].curve_id
if c_id == CurveID.BLS12_381:
nb = 48
else:
nb = 32
for pt in Bs:
pts.extend([pt.x.to_bytes(nb, "big"), pt.y.to_bytes(nb, "big")])
pts.extend([pt.x, pt.y])
field_type = get_field_type_from_ec_point(Bs[0])
field = get_base_field(c_id.value, field_type)

Expand Down
29 changes: 7 additions & 22 deletions hydra/garaga/hints/extf_mul.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import operator
from functools import reduce

from garaga import garaga_rs
from garaga.algebra import ModuloCircuitElement, Polynomial, PyFelt
from garaga.definitions import (
direct_to_tower,
Expand All @@ -19,29 +20,13 @@ def nondeterministic_extension_field_mul_divmod(
curve_id: int,
extension_degree: int,
) -> tuple[list[PyFelt], list[PyFelt]]:

Ps = [Polynomial(P) for P in Ps]
field = get_base_field(curve_id)

P_irr = get_irreducible_poly(curve_id, extension_degree)

z_poly = reduce(operator.mul, Ps) # Π(Pi)
z_polyq, z_polyr = divmod(z_poly, P_irr)

z_polyr_coeffs = z_polyr.get_coeffs()
z_polyq_coeffs = z_polyq.get_coeffs()
# assert len(z_polyq_coeffs) <= (
# extension_degree - 1
# ), f"len z_polyq_coeffs={len(z_polyq_coeffs)}, degree: {z_polyq.degree()}"
assert (
len(z_polyr_coeffs) <= extension_degree
), f"len z_polyr_coeffs={len(z_polyr_coeffs)}, degree: {z_polyr.degree()}"

# Extend polynomials with 0 coefficients to match the expected lengths.
# TODO : pass exact expected max degree when len(Ps)>2.
z_polyq_coeffs += [field(0)] * (extension_degree - 1 - len(z_polyq_coeffs))
z_polyr_coeffs += [field(0)] * (extension_degree - len(z_polyr_coeffs))

ps = [[c.value for c in P] for P in Ps]
q, r = garaga_rs.nondeterministic_extension_field_mul_divmod(
curve_id, extension_degree, ps
)
z_polyq_coeffs = [field(c) for c in q] if len(q) > 0 else [field.zero()]
z_polyr_coeffs = [field(c) for c in r] if len(r) > 0 else [field.zero()]
return (z_polyq_coeffs, z_polyr_coeffs)


Expand Down
71 changes: 21 additions & 50 deletions tools/garaga_rs/src/ecip/core.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,118 +3,89 @@ use lambdaworks_math::elliptic_curve::short_weierstrass::curves::bls12_381::fiel
use lambdaworks_math::elliptic_curve::short_weierstrass::curves::bn_254::field_extension::BN254PrimeField;
use lambdaworks_math::field::element::FieldElement;
use lambdaworks_math::field::traits::IsPrimeField;
use lambdaworks_math::traits::ByteConversion;

use crate::ecip::curve::{SECP256K1PrimeField, SECP256R1PrimeField, X25519PrimeField};
use crate::ecip::ff::FF;
use crate::ecip::g1point::G1Point;
use crate::ecip::rational_function::FunctionFelt;
use crate::ecip::rational_function::RationalFunction;
use crate::io::parse_field_elements_from_list;

use num_bigint::{BigInt, BigUint, ToBigInt};

use super::curve::CurveParamsProvider;

pub fn zk_ecip_hint(
list_bytes: Vec<Vec<u8>>,
list_values: Vec<BigUint>,
list_scalars: Vec<BigUint>,
curve_id: usize,
) -> Result<[Vec<String>; 5], String> {
match curve_id {
0 => {
let list_felts: Vec<FieldElement<BN254PrimeField>> = list_bytes
.into_iter()
.map(|x| {
FieldElement::<BN254PrimeField>::from_bytes_be(&x)
.map_err(|e| format!("Byte conversion error: {:?}", e))
})
.collect::<Result<Vec<FieldElement<BN254PrimeField>>, _>>()?;
let list_felts = parse_field_elements_from_list::<BN254PrimeField>(&list_values)?;

let points: Vec<G1Point<BN254PrimeField>> = list_felts
.chunks(2)
.map(|chunk| G1Point::new(chunk[0].clone(), chunk[1].clone()))
.collect();

let scalars: Vec<Vec<i8>> = extract_scalars::<BN254PrimeField>(list_scalars);
Ok(run_ecip::<BN254PrimeField>(points, scalars))
let dss: Vec<Vec<i8>> = construct_digits_vectors::<BN254PrimeField>(list_scalars);
Ok(run_ecip::<BN254PrimeField>(points, dss))
}
1 => {
let list_felts: Vec<FieldElement<BLS12381PrimeField>> = list_bytes
.into_iter()
.map(|x| {
FieldElement::<BLS12381PrimeField>::from_bytes_be(&x)
.map_err(|e| format!("Byte conversion error: {:?}", e))
})
.collect::<Result<Vec<FieldElement<BLS12381PrimeField>>, _>>()?;
let list_felts = parse_field_elements_from_list::<BLS12381PrimeField>(&list_values)?;

let points: Vec<G1Point<BLS12381PrimeField>> = list_felts
.chunks(2)
.map(|chunk| G1Point::new(chunk[0].clone(), chunk[1].clone()))
.collect();

let scalars: Vec<Vec<i8>> = extract_scalars::<BLS12381PrimeField>(list_scalars);
Ok(run_ecip::<BLS12381PrimeField>(points, scalars))
let dss: Vec<Vec<i8>> = construct_digits_vectors::<BLS12381PrimeField>(list_scalars);
Ok(run_ecip::<BLS12381PrimeField>(points, dss))
}
2 => {
let list_felts: Vec<FieldElement<SECP256K1PrimeField>> = list_bytes
.into_iter()
.map(|x| {
FieldElement::<SECP256K1PrimeField>::from_bytes_be(&x)
.map_err(|e| format!("Byte conversion error: {:?}", e))
})
.collect::<Result<Vec<FieldElement<SECP256K1PrimeField>>, _>>()?;
let list_felts = parse_field_elements_from_list::<SECP256K1PrimeField>(&list_values)?;

let points: Vec<G1Point<SECP256K1PrimeField>> = list_felts
.chunks(2)
.map(|chunk| G1Point::new(chunk[0].clone(), chunk[1].clone()))
.collect();

let scalars: Vec<Vec<i8>> = extract_scalars::<SECP256K1PrimeField>(list_scalars);
Ok(run_ecip::<SECP256K1PrimeField>(points, scalars))
let dss: Vec<Vec<i8>> = construct_digits_vectors::<SECP256K1PrimeField>(list_scalars);
Ok(run_ecip::<SECP256K1PrimeField>(points, dss))
}
3 => {
let list_felts: Vec<FieldElement<SECP256R1PrimeField>> = list_bytes
.into_iter()
.map(|x| {
FieldElement::<SECP256R1PrimeField>::from_bytes_be(&x)
.map_err(|e| format!("Byte conversion error: {:?}", e))
})
.collect::<Result<Vec<FieldElement<SECP256R1PrimeField>>, _>>()?;
let list_felts = parse_field_elements_from_list::<SECP256R1PrimeField>(&list_values)?;

let points: Vec<G1Point<SECP256R1PrimeField>> = list_felts
.chunks(2)
.map(|chunk| G1Point::new(chunk[0].clone(), chunk[1].clone()))
.collect();

let scalars: Vec<Vec<i8>> = extract_scalars::<SECP256R1PrimeField>(list_scalars);
Ok(run_ecip::<SECP256R1PrimeField>(points, scalars))
let dss: Vec<Vec<i8>> = construct_digits_vectors::<SECP256R1PrimeField>(list_scalars);
Ok(run_ecip::<SECP256R1PrimeField>(points, dss))
}
4 => {
let list_felts: Vec<FieldElement<X25519PrimeField>> = list_bytes
.into_iter()
.map(|x| {
FieldElement::<X25519PrimeField>::from_bytes_be(&x)
.map_err(|e| format!("Byte conversion error: {:?}", e))
})
.collect::<Result<Vec<FieldElement<X25519PrimeField>>, _>>()?;
let list_felts = parse_field_elements_from_list::<X25519PrimeField>(&list_values)?;

let points: Vec<G1Point<X25519PrimeField>> = list_felts
.chunks(2)
.map(|chunk| G1Point::new(chunk[0].clone(), chunk[1].clone()))
.collect();

let scalars: Vec<Vec<i8>> = extract_scalars::<X25519PrimeField>(list_scalars);
Ok(run_ecip::<X25519PrimeField>(points, scalars))
let dss: Vec<Vec<i8>> = construct_digits_vectors::<X25519PrimeField>(list_scalars);
Ok(run_ecip::<X25519PrimeField>(points, dss))
}
_ => Err(String::from("Invalid curve ID")),
}
}

fn extract_scalars<F: IsPrimeField + CurveParamsProvider<F>>(list: Vec<BigUint>) -> Vec<Vec<i8>> {
fn construct_digits_vectors<F: IsPrimeField + CurveParamsProvider<F>>(
list: Vec<BigUint>,
) -> Vec<Vec<i8>> {
let mut dss_ = Vec::new();

for i in 0..list.len() {
let scalar_biguint = list[i].clone();
for scalar_biguint in list {
let neg_3_digits = neg_3_base_le(scalar_biguint);
dss_.push(neg_3_digits);
}
Expand Down
28 changes: 28 additions & 0 deletions tools/garaga_rs/src/ecip/curve.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,12 @@ use lambdaworks_math::field::fields::montgomery_backed_prime_fields::{
IsModulus, MontgomeryBackendPrimeField,
};

use crate::ecip::polynomial::Polynomial;
use lambdaworks_math::field::traits::IsPrimeField;
use lambdaworks_math::unsigned_integer::element::U256;
use num_bigint::BigUint;
use std::cmp::PartialEq;
use std::collections::HashMap;

#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum CurveID {
Expand Down Expand Up @@ -72,6 +74,21 @@ pub struct CurveParams<F: IsPrimeField> {
pub g_y: FieldElement<F>,
pub n: FieldElement<F>, // Order of the curve
pub h: u32, // Cofactor
pub irreducible_polys: HashMap<usize, &'static [i8]>,
}

pub fn get_irreducible_poly<F: IsPrimeField + CurveParamsProvider<F>>(
ext_degree: usize,
) -> Polynomial<F> {
let coeffs = (F::get_curve_params().irreducible_polys)[&ext_degree];
fn lift<F: IsPrimeField>(c: i8) -> FieldElement<F> {
if c >= 0 {
FieldElement::from(c as u64)
} else {
-FieldElement::from(-c as u64)
}
}
return Polynomial::new(coeffs.iter().map(|x| lift::<F>(*x)).collect());
}

/// A trait that provides curve parameters for a specific field type.
Expand Down Expand Up @@ -99,6 +116,7 @@ impl CurveParamsProvider<SECP256K1PrimeField> for SECP256K1PrimeField {
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
),
h: 1,
irreducible_polys: HashMap::from([]), // Provide appropriate values here
}
}
}
Expand All @@ -122,6 +140,7 @@ impl CurveParamsProvider<SECP256R1PrimeField> for SECP256R1PrimeField {
"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
),
h: 1,
irreducible_polys: HashMap::from([]), // Provide appropriate values here
}
}
}
Expand All @@ -143,6 +162,7 @@ impl CurveParamsProvider<X25519PrimeField> for X25519PrimeField {
"1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
),
h: 8,
irreducible_polys: HashMap::from([]), // Provide appropriate values here
}
}
}
Expand All @@ -158,6 +178,10 @@ impl CurveParamsProvider<BN254PrimeField> for BN254PrimeField {
g_y: FieldElement::from_hex_unchecked("2"), // Replace with actual 'g_y'
n: FieldElement::from_hex_unchecked("1"), // Replace with actual 'n'
h: 1, // Replace with actual 'h'
irreducible_polys: HashMap::from([
(6, [82, 0, 0, -18, 0, 0, 1].as_slice()),
(12, [82, 0, 0, 0, 0, 0, -18, 0, 0, 0, 0, 0, 1].as_slice()),
]),
}
}
}
Expand All @@ -173,6 +197,10 @@ impl CurveParamsProvider<BLS12381PrimeField> for BLS12381PrimeField {
g_y: FieldElement::from_hex_unchecked("2"), // Replace with actual 'g_y'
n: FieldElement::from_hex_unchecked("1"), // Replace with actual 'n'
h: 1, // Replace with actual 'h'
irreducible_polys: HashMap::from([
(6, [2, 0, 0, -2, 0, 0, 1].as_slice()),
(12, [2, 0, 0, 0, 0, 0, -2, 0, 0, 0, 0, 0, 1].as_slice()),
]),
}
}
}
6 changes: 5 additions & 1 deletion tools/garaga_rs/src/ecip/polynomial.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ impl<F: IsPrimeField> Polynomial<F> {
Polynomial::new(vec![FieldElement::<F>::zero()])
}

pub fn one() -> Self {
Polynomial::new(vec![FieldElement::<F>::one()])
}

pub fn mul_with_ref(&self, other: &Polynomial<F>) -> Polynomial<F> {
if self.degree() == -1 || other.degree() == -1 {
return Polynomial::zero();
Expand Down Expand Up @@ -142,7 +146,7 @@ impl<F: IsPrimeField> Polynomial<F> {
for (i, coeff) in self.coefficients.iter().enumerate().skip(1) {
let u_64 = i as u64;
let degree = &FieldElement::<F>::from(u_64);
new_coeffs[i - 1] = *(&coeff) * degree;
new_coeffs[i - 1] = coeff * degree;
}
Polynomial::new(new_coeffs)
}
Expand Down
30 changes: 30 additions & 0 deletions tools/garaga_rs/src/extf_mul.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
use crate::ecip::{
curve::{get_irreducible_poly, CurveParamsProvider},
polynomial::{pad_with_zero_coefficients_to_length, Polynomial},
};
use lambdaworks_math::field::traits::IsPrimeField;

// Returns (Q(X), R(X)) such that Π(Pi)(X) = Q(X) * P_irr(X) + R(X), for a given curve and extension degree.
// R(X) is the result of the multiplication in the extension field.
// Q(X) is used for verification.
pub fn nondeterministic_extension_field_mul_divmod<F: IsPrimeField + CurveParamsProvider<F>>(
ext_degree: usize,
ps: Vec<Polynomial<F>>,
) -> (Polynomial<F>, Polynomial<F>) {
let mut z_poly = Polynomial::one();
for poly in ps {
z_poly = z_poly.mul_with_ref(&poly);
}

let p_irr = get_irreducible_poly(ext_degree);

let (z_polyq, mut z_polyr) = z_poly.divmod(&p_irr);
assert!(z_polyr.coefficients.len() <= ext_degree);

// Extend polynomial with 0 coefficients to match the expected length.
if z_polyr.coefficients.len() < ext_degree {
pad_with_zero_coefficients_to_length(&mut z_polyr, ext_degree);
}

(z_polyq, z_polyr)
}
24 changes: 24 additions & 0 deletions tools/garaga_rs/src/io.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
use lambdaworks_math::field::element::FieldElement;
use lambdaworks_math::field::traits::IsPrimeField;
use lambdaworks_math::traits::ByteConversion;
use num_bigint::BigUint;

pub fn parse_field_elements_from_list<F: IsPrimeField>(
coeffs: &[BigUint],
) -> Result<Vec<FieldElement<F>>, String>
where
FieldElement<F>: ByteConversion,
{
let length = (F::field_bit_size() + 7) / 8;
coeffs
.iter()
.map(|x| {
let bytes = x.to_bytes_be();
let pad_length = length.saturating_sub(bytes.len());
let mut padded_bytes = vec![0u8; pad_length];
padded_bytes.extend(bytes);
FieldElement::from_bytes_be(&padded_bytes)
.map_err(|e| format!("Byte conversion error: {:?}", e))
})
.collect()
}
Loading
Loading