Skip to content

Commit

Permalink
feat(halo2_proofs): add log for debugging
Browse files Browse the repository at this point in the history
  • Loading branch information
@chokobole
chokobole committed Feb 21, 2024
1 parent fa020ff commit 77878b3
Show file tree
Hide file tree
Showing 9 changed files with 45 additions and 2 deletions.
14 changes: 14 additions & 0 deletions halo2_proofs/src/bn254.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -271,6 +271,7 @@ pub trait TranscriptWriteState<C: CurveAffine, E: EncodedChallenge<C>>:
pub struct Blake2bWrite<W: Write, C: CurveAffine, E: EncodedChallenge<C>> {
state: cxx::UniquePtr<ffi::Blake2bWriter>,
writer: W,
proof_idx: usize,
_marker: PhantomData<(W, C, E)>,
}

Expand Down Expand Up @@ -315,12 +316,16 @@ impl<W: Write, C: CurveAffine> TranscriptWrite<C, Challenge255<C>>
for Blake2bWrite<W, C, Challenge255<C>>
{
fn write_point(&mut self, point: C) -> io::Result<()> {
println!("Proof[{}]: {:?}", self.proof_idx, point);
self.proof_idx += 1;
self.common_point(point)?;
let compressed = point.to_bytes();
self.writer.write_all(compressed.as_ref())
}

fn write_scalar(&mut self, scalar: C::Scalar) -> io::Result<()> {
println!("Proof[{}]: {:?}", self.proof_idx, scalar);
self.proof_idx += 1;
self.common_scalar(scalar)?;
let data = scalar.to_repr();
self.writer.write_all(data.as_ref())
Expand All @@ -343,6 +348,7 @@ impl<W: Write, C: CurveAffine> TranscriptWriterBuffer<W, C, Challenge255<C>>
Blake2bWrite {
state: ffi::new_blake2b_writer(),
writer: writer,
proof_idx: 0,
_marker: PhantomData,
}
}
Expand All @@ -357,6 +363,7 @@ impl<W: Write, C: CurveAffine> TranscriptWriterBuffer<W, C, Challenge255<C>>
pub struct PoseidonWrite<W: Write, C: CurveAffine, E: EncodedChallenge<C>> {
state: cxx::UniquePtr<ffi::PoseidonWriter>,
writer: W,
proof_idx: usize,
_marker: PhantomData<(W, C, E)>,
}

Expand Down Expand Up @@ -411,12 +418,14 @@ impl<W: Write, C: CurveAffine> TranscriptWrite<C, Challenge255<C>>
for PoseidonWrite<W, C, Challenge255<C>>
{
fn write_point(&mut self, point: C) -> io::Result<()> {
println!("Proof[{}]: {:?}", self.proof_idx, point);
self.common_point(point)?;
let compressed = point.to_bytes();
self.writer.write_all(compressed.as_ref())
}

fn write_scalar(&mut self, scalar: C::Scalar) -> io::Result<()> {
println!("Proof[{}]: {:?}", self.proof_idx, scalar);
self.common_scalar(scalar)?;
let data = scalar.to_repr();
self.writer.write_all(data.as_ref())
Expand All @@ -429,6 +438,7 @@ impl<W: Write, C: CurveAffine, E: EncodedChallenge<C>> PoseidonWrite<W, C, E> {
PoseidonWrite {
state: ffi::new_poseidon_writer(),
writer,
proof_idx: 0,
_marker: PhantomData,
}
}
Expand All @@ -452,6 +462,7 @@ impl<W: Write, C: CurveAffine> TranscriptWriteState<C, Challenge255<C>>
pub struct Sha256Write<W: Write, C: CurveAffine, E: EncodedChallenge<C>> {
state: cxx::UniquePtr<ffi::Sha256Writer>,
writer: W,
proof_idx: usize,
_marker: PhantomData<(W, C, E)>,
}

Expand Down Expand Up @@ -513,6 +524,7 @@ impl<W: Write, C: CurveAffine> TranscriptWrite<C, Challenge255<C>>
for Sha256Write<W, C, Challenge255<C>>
{
fn write_point(&mut self, point: C) -> io::Result<()> {
println!("Proof[{}]: {:?}", self.proof_idx, point);
self.common_point(point)?;

let coords = point.coordinates();
Expand All @@ -531,6 +543,7 @@ impl<W: Write, C: CurveAffine> TranscriptWrite<C, Challenge255<C>>
}

fn write_scalar(&mut self, scalar: C::Scalar) -> io::Result<()> {
println!("Proof[{}]: {:?}", self.proof_idx, scalar);
self.common_scalar(scalar)?;
let data = scalar.to_repr();

Expand All @@ -552,6 +565,7 @@ impl<W: Write, C: CurveAffine, E: EncodedChallenge<C>> Sha256Write<W, C, E> {
Sha256Write {
state: ffi::new_sha256_writer(),
writer,
proof_idx: 0,
_marker: PhantomData,
}
}
Expand Down
2 changes: 2 additions & 0 deletions halo2_proofs/src/plonk.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,12 +204,14 @@ impl<C: CurveAffine> VerifyingKey<C> {
.to_state();

let s = format!("{:?}", vk.pinned());
println!("vk_str: {}", s);

hasher.update(&(s.len() as u64).to_le_bytes());
hasher.update(s.as_bytes());

// Hash in final Blake2bState
vk.transcript_repr = C::Scalar::from_bytes_wide(hasher.finalize().as_array());
println!("Halo2(transcript_repr): {:?}", vk.transcript_repr);

vk
}
Expand Down
10 changes: 8 additions & 2 deletions halo2_proofs/src/plonk/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -414,8 +414,9 @@ pub fn create_proof<

for (index, phase) in meta.challenge_phase.iter().enumerate() {
if current_phase == *phase {
let existing =
challenges.insert(index, *transcript.squeeze_challenge_scalar::<()>());
let challenge = transcript.squeeze_challenge_scalar::<()>();
println!("Halo2(challenge[{:?}]): {:?}", index, *challenge);
let existing = challenges.insert(index, *challenge);
assert!(existing.is_none());
}
}
Expand All @@ -431,6 +432,7 @@ pub fn create_proof<

// Sample theta challenge for keeping lookup columns linearly independent
let theta: ChallengeTheta<_> = transcript.squeeze_challenge_scalar();
println!("Halo2(theta): {:?}", *theta);

let lookups: Vec<Vec<lookup::prover::Permuted<Scheme::Curve>>> = instance
.iter()
Expand Down Expand Up @@ -461,9 +463,11 @@ pub fn create_proof<

// Sample beta challenge
let beta: ChallengeBeta<_> = transcript.squeeze_challenge_scalar();
println!("Halo2(beta): {:?}", *beta);

// Sample gamma challenge
let gamma: ChallengeGamma<_> = transcript.squeeze_challenge_scalar();
println!("Halo2(gamma): {:?}", *gamma);

// Commit to permutations.
let permutations: Vec<permutation::prover::Committed<Scheme::Curve>> = instance
Expand Down Expand Up @@ -501,6 +505,7 @@ pub fn create_proof<

// Obtain challenge for keeping all separate gates linearly independent
let y: ChallengeY<_> = transcript.squeeze_challenge_scalar();
println!("Halo2(y): {:?}", *y);

// Calculate the advice polys
let advice: Vec<AdviceSingle<Scheme::Curve, Coeff>> = advice
Expand Down Expand Up @@ -545,6 +550,7 @@ pub fn create_proof<
let vanishing = vanishing.construct(params, domain, h_poly, &mut rng, transcript)?;

let x: ChallengeX<_> = transcript.squeeze_challenge_scalar();
println!("Halo2(x): {:?}", *x);
let xn = x.pow(&[params.n() as u64, 0, 0, 0]);

if P::QUERY_INSTANCE {
Expand Down
6 changes: 6 additions & 0 deletions halo2_proofs/src/plonk/verifier.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,7 @@ pub fn verify_proof<
for (phase, challenge) in vk.cs.challenge_phase.iter().zip(challenges.iter_mut()) {
if current_phase == *phase {
*challenge = *transcript.squeeze_challenge_scalar::<()>();
println!("Halo2(challenge[{:?}]): {:?}", phase.0, *challenge);
}
}
}
Expand All @@ -121,6 +122,7 @@ pub fn verify_proof<

// Sample theta challenge for keeping lookup columns linearly independent
let theta: ChallengeTheta<_> = transcript.squeeze_challenge_scalar();
println!("Halo2(theta): {:?}", *theta);

let lookups_permuted = (0..num_proofs)
.map(|_| -> Result<Vec<_>, _> {
Expand All @@ -135,9 +137,11 @@ pub fn verify_proof<

// Sample beta challenge
let beta: ChallengeBeta<_> = transcript.squeeze_challenge_scalar();
println!("Halo2(beta): {:?}", *beta);

// Sample gamma challenge
let gamma: ChallengeGamma<_> = transcript.squeeze_challenge_scalar();
println!("Halo2(gamma): {:?}", *gamma);

let permutations_committed = (0..num_proofs)
.map(|_| {
Expand All @@ -161,12 +165,14 @@ pub fn verify_proof<

// Sample y challenge, which keeps the gates linearly independent.
let y: ChallengeY<_> = transcript.squeeze_challenge_scalar();
println!("Halo2(y): {:?}", *y);

let vanishing = vanishing.read_commitments_after_y(vk, transcript)?;

// Sample x challenge, which is used to ensure the circuit is
// satisfied with high probability.
let x: ChallengeX<_> = transcript.squeeze_challenge_scalar();
println!("Halo2(x): {:?}", *x);
let instance_evals = if V::QUERY_INSTANCE {
(0..num_proofs)
.map(|_| -> Result<Vec<_>, _> {
Expand Down
1 change: 1 addition & 0 deletions halo2_proofs/src/poly/kzg/multiopen/gwc/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ where
R: RngCore,
{
let v: ChallengeV<_> = transcript.squeeze_challenge_scalar();
println!("GWC(v): {:?}", *v);
let commitment_data = construct_intermediate_sets(queries);

for commitment_at_a_point in commitment_data.iter() {
Expand Down
2 changes: 2 additions & 0 deletions halo2_proofs/src/poly/kzg/multiopen/gwc/verifier.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ where
I: IntoIterator<Item = VerifierQuery<'com, E::G1Affine, MSMKZG<E>>> + Clone,
{
let v: ChallengeV<_> = transcript.squeeze_challenge_scalar();
println!("GWC(v): {:?}", *v);

let commitment_data = construct_intermediate_sets(queries);

Expand All @@ -68,6 +69,7 @@ where
.collect::<Result<Vec<E::G1Affine>, Error>>()?;

let u: ChallengeU<_> = transcript.squeeze_challenge_scalar();
println!("GWC(u): {:?}", *u);

let mut commitment_multi = MSMKZG::<E>::new();
let mut eval_multi = E::Scalar::zero();
Expand Down
3 changes: 3 additions & 0 deletions halo2_proofs/src/poly/kzg/multiopen/shplonk/prover.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@ where
// TODO: explore if it is safe to use same challenge
// for different sets that are already combined with anoter challenge
let y: ChallengeY<_> = transcript.squeeze_challenge_scalar();
println!("SHPlonk(y): {:?}", *y);

let quotient_contribution =
|rotation_set: &RotationSetExtension<E::G1Affine>| -> Polynomial<E::Scalar, Coeff> {
Expand Down Expand Up @@ -189,6 +190,7 @@ where
.collect();

let v: ChallengeV<_> = transcript.squeeze_challenge_scalar();
println!("SHPlonk(v): {:?}", *v);

let quotient_polynomials = rotation_sets
.par_iter()
Expand All @@ -205,6 +207,7 @@ where
let h = self.params.commit(&h_x, Blind::default()).to_affine();
transcript.write_point(h)?;
let u: ChallengeU<_> = transcript.squeeze_challenge_scalar();
println!("SHPlonk(u): {:?}", *u);

let linearisation_contribution =
|rotation_set: RotationSetExtension<E::G1Affine>| -> (Polynomial<E::Scalar, Coeff>, E::Scalar) {
Expand Down
3 changes: 3 additions & 0 deletions halo2_proofs/src/poly/kzg/multiopen/shplonk/verifier.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,10 +71,13 @@ where
);

let y: ChallengeY<_> = transcript.squeeze_challenge_scalar();
println!("SHPlonk(y): {:?}", *y);
let v: ChallengeV<_> = transcript.squeeze_challenge_scalar();
println!("SHPlonk(v): {:?}", *v);

let h1 = transcript.read_point().map_err(|_| Error::SamplingError)?;
let u: ChallengeU<_> = transcript.squeeze_challenge_scalar();
println!("SHPlonk(u): {:?}", *u);
let h2 = transcript.read_point().map_err(|_| Error::SamplingError)?;

let (mut z_0_diff_inverse, mut z_0) = (E::Scalar::zero(), E::Scalar::zero());
Expand Down
6 changes: 6 additions & 0 deletions halo2_proofs/src/transcript.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,7 @@ impl<R: Read, C: CurveAffine> Transcript<C, Challenge255<C>>
pub struct Blake2bWrite<W: Write, C: CurveAffine, E: EncodedChallenge<C>> {
state: Blake2bState,
writer: W,
proof_idx: usize,
_marker: PhantomData<(C, E)>,
}

Expand All @@ -307,6 +308,7 @@ impl<W: Write, C: CurveAffine> TranscriptWriterBuffer<W, C, Challenge255<C>>
.personal(b"Halo2-Transcript")
.to_state(),
writer,
proof_idx: 0,
_marker: PhantomData,
}
}
Expand Down Expand Up @@ -342,11 +344,15 @@ impl<W: Write, C: CurveAffine> TranscriptWrite<C, Challenge255<C>>
for Blake2bWrite<W, C, Challenge255<C>>
{
fn write_point(&mut self, point: C) -> io::Result<()> {
println!("Proof[{}]: {:?}", self.proof_idx, point);
self.proof_idx += 1;
self.common_point(point)?;
let compressed = point.to_bytes();
self.writer.write_all(compressed.as_ref())
}
fn write_scalar(&mut self, scalar: C::Scalar) -> io::Result<()> {
println!("Proof[{}]: {:?}", self.proof_idx, scalar);
self.proof_idx += 1;
self.common_scalar(scalar)?;
let data = scalar.to_repr();
self.writer.write_all(data.as_ref())
Expand Down

0 comments on commit 77878b3

Please sign in to comment.