test(halo2_proofs): change shuffle circuit test to work with `Tachyon…

…Prover`
kroma-network · Mar 21, 2024 · aad3f31 · aad3f31
1 parent acd0229
commit aad3f31
Showing 1 changed file with 64 additions and 39 deletions.
diff --git a/halo2_proofs/examples/shuffle.rs b/halo2_proofs/examples/shuffle.rs
@@ -1,26 +1,33 @@
 use ff::BatchInvert;
 use halo2_proofs::{
-    arithmetic::{CurveAffine, FieldExt},
+    arithmetic::FieldExt,
+    bn254::{
+        GWCProver, PoseidonWrite as TachyonPoseidonWrite, ProvingKey as TachyonProvingKey,
+        TachyonProver as _,
+    },
     circuit::{floor_planner::V1, Layouter, Value},
+    consts::{TranscriptType, SEED},
     dev::{metadata, FailureLocation, MockProver, VerifyFailure},
-    halo2curves::pasta::EqAffine,
-    plonk::*,
+    plonk::{
+        keygen_pk2, tachyon::create_proof as create_tachyon_proof, verify_proof, Advice, Challenge,
+        Circuit, Column, ConstraintSystem, Error, Expression, FirstPhase, SecondPhase, Selector,
+    },
     poly::{
-        commitment::ParamsProver,
-        ipa::{
-            commitment::{IPACommitmentScheme, ParamsIPA},
-            multiopen::{ProverIPA, VerifierIPA},
-            strategy::AccumulatorStrategy,
+        commitment::Params,
+        kzg::{
+            commitment::{KZGCommitmentScheme, ParamsKZG},
+            multiopen::VerifierGWC,
+            strategy::SingleStrategy,
         },
-        Rotation, VerificationStrategy,
-    },
-    transcript::{
-        Blake2bRead, Blake2bWrite, Challenge255, TranscriptReadBuffer, TranscriptWriterBuffer,
+        Rotation,
     },
+    transcript::{Challenge255, PoseidonRead},
 };
 
 use env_logger;
-use rand_core::{OsRng, RngCore};
+use halo2curves::bn256::{Bn256, Fr, G2Affine};
+use halo2curves::group::Curve;
+use rand_core::{OsRng, RngCore, SeedableRng};
 use std::iter;
 
 fn rand_2d_array<F: FieldExt, R: RngCore, const W: usize, const H: usize>(
@@ -282,44 +289,63 @@ fn test_mock_prover<F: FieldExt, const W: usize, const H: usize>(
     };
 }
 
-fn test_prover<C: CurveAffine, const W: usize, const H: usize>(
+fn test_prover<const W: usize, const H: usize>(
     k: u32,
-    circuit: MyCircuit<C::Scalar, W, H>,
+    circuit: MyCircuit<Fr, W, H>,
     expected: bool,
 ) {
-    let params = ParamsIPA::<C>::new(k);
-    let vk = keygen_vk(&params, &circuit).unwrap();
-    let pk = keygen_pk(&params, vk, &circuit).unwrap();
-
-    let proof = {
-        let mut transcript = Blake2bWrite::<_, _, Challenge255<_>>::init(vec![]);
+    let params = ParamsKZG::<Bn256>::unsafe_setup_with_s(k, Fr::from(2));
+
+    let pk = keygen_pk2(&params, &circuit).unwrap();
+    let mut tachyon_pk = {
+        let mut pk_bytes: Vec<u8> = vec![];
+        pk.write(&mut pk_bytes, halo2_proofs::SerdeFormat::RawBytesUnchecked)
+            .unwrap();
+        TachyonProvingKey::from(pk_bytes.as_slice())
+    };
 
-        create_proof::<IPACommitmentScheme<C>, ProverIPA<C>, _, _, _, _>(
-            &params,
-            &pk,
-            &[circuit],
-            &[&[]],
-            OsRng,
-            &mut transcript,
+    let mut tachyon_prover = {
+        let mut params_bytes = vec![];
+        params.write(&mut params_bytes).unwrap();
+        GWCProver::<KZGCommitmentScheme<Bn256>>::from_params(
+            TranscriptType::Poseidon as u8,
+            k,
+            params_bytes.as_slice(),
         )
-        .expect("proof generation should not fail");
-
-        transcript.finalize()
     };
 
+    let s_g2 = tachyon_prover.s_g2();
+    let expected_s_g2 = (G2Affine::generator() + G2Affine::generator()).to_affine();
+    assert_eq!(s_g2, expected_s_g2);
+
+    let rng = halo2_proofs::xor_shift_rng::XORShiftRng::from_seed(SEED);
+    let mut transcript = TachyonPoseidonWrite::init(vec![]);
+    create_tachyon_proof::<_, _, _, _, _>(
+        &mut tachyon_prover,
+        &mut tachyon_pk,
+        &[circuit],
+        &[&[]],
+        rng,
+        &mut transcript,
+    )
+    .unwrap();
+
+    let mut proof = transcript.finalize();
+    let proof_last = tachyon_prover.get_proof();
+    proof.extend_from_slice(&proof_last);
+
     let accepted = {
-        let strategy = AccumulatorStrategy::new(&params);
-        let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
+        let strategy = SingleStrategy::new(&params);
+        let mut transcript = PoseidonRead::<_, _, Challenge255<_>>::init(&proof[..]);
 
-        verify_proof::<IPACommitmentScheme<C>, VerifierIPA<C>, _, _, _>(
+        verify_proof::<KZGCommitmentScheme<Bn256>, VerifierGWC<Bn256>, _, _, _>(
             &params,
             pk.get_vk(),
             strategy,
             &[&[]],
             &mut transcript,
         )
-        .map(|strategy| strategy.finalize())
-        .unwrap_or_default()
+        .is_ok()
     };
 
     assert_eq!(accepted, expected);
@@ -333,10 +359,9 @@ fn main() {
     const K: u32 = 8;
 
     let circuit = &MyCircuit::<_, W, H>::rand(&mut OsRng);
-
     {
         test_mock_prover(K, circuit.clone(), Ok(()));
-        test_prover::<EqAffine, W, H>(K, circuit.clone(), true);
+        test_prover::<W, H>(K, circuit.clone(), true);
     }
 
     #[cfg(not(feature = "sanity-checks"))]
@@ -360,6 +385,6 @@ fn main() {
                 },
             )]),
         );
-        test_prover::<EqAffine, W, H>(K, circuit, false);
+        test_prover::<W, H>(K, circuit, false);
     }
 }