fix: integrate verification strategies

privacy-scaling-explorations · Jul 5, 2022 · 8c94550 · 8c94550
1 parent dd7c385
commit 8c94550
Show file tree

Hide file tree

Showing 13 changed files with 310 additions and 276 deletions.
diff --git a/halo2_gadgets/benches/poseidon.rs b/halo2_gadgets/benches/poseidon.rs
@@ -5,7 +5,8 @@ use halo2_gadgets::poseidon::{
 };
 use halo2_proofs::poly::{
     commitment::ParamsProver,
-    ipa::{commitment::IPACommitmentScheme, multiopen::ProverIPA, strategy::BatchVerifier},
+
+    ipa::{commitment::IPACommitmentScheme, multiopen::ProverIPA, strategy::SingleStrategy},
 };
 use halo2_proofs::{
     circuit::{Layouter, SimpleFloorPlanner, Value},
@@ -252,11 +253,10 @@ fn bench_poseidon<S, const WIDTH: usize, const RATE: usize, const L: usize>(
     c.bench_function(&verifier_name, |b| {
         b.iter(|| {
             use halo2_proofs::poly::VerificationStrategy;
-            let strategy = BatchVerifier::new(&params, OsRng);
+            let strategy = SingleStrategy::new(&params);
             let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(&proof[..]);
-            let strategy =
-                verify_proof(&params, pk.get_vk(), strategy, &[&[]], &mut transcript).unwrap();
-            assert!(strategy.finalize());
+            assert!(verify_proof(&params, pk.get_vk(), strategy, &[&[]], &mut transcript).is_ok());
+
         });
     });
 }

diff --git a/halo2_proofs/benches/plonk.rs b/halo2_proofs/benches/plonk.rs
@@ -7,7 +7,7 @@ use halo2_proofs::circuit::{Cell, Layouter, SimpleFloorPlanner, Value};
 use halo2_proofs::plonk::*;
 use halo2_proofs::poly::ipa::commitment::{IPACommitmentScheme, ParamsIPA};
 use halo2_proofs::poly::ipa::multiopen::ProverIPA;
-use halo2_proofs::poly::ipa::strategy::BatchVerifier;
+use halo2_proofs::poly::ipa::strategy::SingleStrategy;
 use halo2_proofs::poly::Rotation;
 use halo2_proofs::transcript::TranscriptReadBuffer;
 use halo2_proofs::transcript::TranscriptWriterBuffer;
@@ -295,8 +295,7 @@ fn criterion_benchmark(c: &mut Criterion) {
 
     fn verifier(params: &ParamsIPA<EqAffine>, vk: &VerifyingKey<EqAffine>, proof: &[u8]) {
         use halo2_proofs::poly::VerificationStrategy;
-        let strategy = BatchVerifier::new(params, OsRng);
-
+        let strategy = SingleStrategy::new(&params);
         let mut transcript = Blake2bRead::<_, _, Challenge255<_>>::init(proof);
         assert!(verify_proof(params, vk, strategy, &[&[]], &mut transcript).is_ok());
     }

diff --git a/halo2_proofs/src/plonk/verifier.rs b/halo2_proofs/src/plonk/verifier.rs
@@ -9,7 +9,7 @@ use super::{
 };
 use crate::arithmetic::{CurveAffine, FieldExt};
 use crate::poly::commitment::{CommitmentScheme, Verifier};
-// use crate::poly::VerificationStrategy;
+use crate::poly::VerificationStrategy;
 use crate::poly::{
     commitment::{Blind, Params, MSM},
     Guard, VerifierQuery,
@@ -21,50 +21,6 @@ mod batch;
 #[cfg(feature = "batch")]
 pub use batch::BatchVerifier;
 
-/// Trait representing a strategy for verifying Halo 2 proofs.
-pub trait VerificationStrategy<'params, C: CurveAffine> {
-    /// The output type of this verification strategy after processing a proof.
-    type Output;
-
-    /// Obtains an MSM from the verifier strategy and yields back the strategy's
-    /// output.
-    fn process<E: EncodedChallenge<C>>(
-        self,
-        f: impl FnOnce(MSM<'params, C>) -> Result<Guard<'params, C, E>, Error>,
-    ) -> Result<Self::Output, Error>;
-}
-
-/// A verifier that checks a single proof at a time.
-#[derive(Debug)]
-pub struct SingleVerifier<'params, C: CurveAffine> {
-    msm: MSM<'params, C>,
-}
-
-impl<'params, C: CurveAffine> SingleVerifier<'params, C> {
-    /// Constructs a new single proof verifier.
-    pub fn new(params: &'params Params<C>) -> Self {
-        SingleVerifier {
-            msm: MSM::new(params),
-        }
-    }
-}
-
-impl<'params, C: CurveAffine> VerificationStrategy<'params, C> for SingleVerifier<'params, C> {
-    type Output = ();
-
-    fn process<E: EncodedChallenge<C>>(
-        self,
-        f: impl FnOnce(MSM<'params, C>) -> Result<Guard<'params, C, E>, Error>,
-    ) -> Result<Self::Output, Error> {
-        let guard = f(self.msm)?;
-        let msm = guard.use_challenges();
-        if msm.eval() {
-            Ok(())
-        } else {
-            Err(Error::ConstraintSystemFailure)
-        }
-    }
-}
 use crate::poly::commitment::ParamsVerifier;
 
 /// Returns a boolean indicating whether or not the proof is valid
@@ -74,8 +30,7 @@ pub fn verify_proof<
     E: EncodedChallenge<Scheme::Curve>,
     T: TranscriptRead<Scheme::Curve, E>,
     V: Verifier<'params, Scheme>,
-    Strategy: VerificationStrategy<'params, Scheme, V, R>,
-    R: RngCore,
+    Strategy: VerificationStrategy<'params, Scheme, V>,
 >(
     params: &'params Scheme::ParamsVerifier,
     vk: &VerifyingKey<Scheme::Curve>,

diff --git a/halo2_proofs/src/plonk/verifier/batch.rs b/halo2_proofs/src/plonk/verifier/batch.rs
@@ -1,49 +1,65 @@
-use std::{io, marker::PhantomData};
+use std::{
+    io::{self, Read},
+    marker::PhantomData,
+};
 
 use group::ff::Field;
-use pasta_curves::arithmetic::CurveAffine;
+use halo2curves::CurveAffine;
 use rand_core::{OsRng, RngCore};
 use rayon::iter::{IndexedParallelIterator, IntoParallelIterator, ParallelIterator};
 
 use super::{verify_proof, VerificationStrategy};
 use crate::{
     multicore,
     plonk::{Error, VerifyingKey},
-    poly::commitment::{Guard, Params, MSM},
-    transcript::{Blake2bRead, EncodedChallenge, TranscriptRead},
+    poly::{
+        commitment::{Params, MSM},
+        ipa::{
+            commitment::{IPACommitmentScheme, ParamsIPA, ParamsVerifierIPA},
+            msm::MSMIPA,
+            multiopen::VerifierIPA,
+            strategy::GuardIPA,
+        },
+    },
+    transcript::{Blake2bRead, EncodedChallenge, TranscriptRead, TranscriptReadBuffer},
 };
 
 /// A proof verification strategy that returns the proof's MSM.
 ///
 /// `BatchVerifier` handles the accumulation of the MSMs for the batched proofs.
 #[derive(Debug)]
 struct BatchStrategy<'params, C: CurveAffine> {
-    msm: MSM<'params, C>,
+    msm: MSMIPA<'params, C>,
 }
 
-impl<'params, C: CurveAffine> BatchStrategy<'params, C> {
-    fn new(params: &'params Params<C>) -> Self {
+impl<'params, C: CurveAffine>
+    VerificationStrategy<'params, IPACommitmentScheme<C>, VerifierIPA<'params, C>>
+    for BatchStrategy<'params, C>
+{
+    type Output = MSMIPA<'params, C>;
+
+    fn new(params: &'params ParamsVerifierIPA<C>) -> Self {
         BatchStrategy {
-            msm: MSM::new(params),
+            msm: MSMIPA::new(params),
         }
     }
-}
-
-impl<'params, C: CurveAffine> VerificationStrategy<'params, C> for BatchStrategy<'params, C> {
-    type Output = MSM<'params, C>;
 
-    fn process<E: EncodedChallenge<C>>(
+    fn process(
         self,
-        f: impl FnOnce(MSM<'params, C>) -> Result<Guard<'params, C, E>, Error>,
+        f: impl FnOnce(MSMIPA<'params, C>) -> Result<GuardIPA<'params, C>, Error>,
     ) -> Result<Self::Output, Error> {
         let guard = f(self.msm)?;
         Ok(guard.use_challenges())
     }
+
+    fn finalize(self) -> bool {
+        unreachable!()
+    }
 }
 
 #[derive(Debug)]
 struct BatchItem<C: CurveAffine> {
-    instances: Vec<Vec<Vec<C::Scalar>>>,
+    instances: Vec<Vec<Vec<C::ScalarExt>>>,
     proof: Vec<u8>,
 }
 
@@ -73,11 +89,15 @@ impl<C: CurveAffine> BatchVerifier<C> {
     /// This uses [`OsRng`] internally instead of taking an `R: RngCore` argument, because
     /// the internal parallelization requires access to a RNG that is guaranteed to not
     /// clone its internal state when shared between threads.
-    pub fn finalize(self, params: &Params<C>, vk: &VerifyingKey<C>) -> bool {
+    pub fn check<E: EncodedChallenge<C>>(
+        self,
+        params: &ParamsVerifierIPA<C>,
+        vk: &VerifyingKey<C>,
+    ) -> bool {
         fn accumulate_msm<'params, C: CurveAffine>(
-            mut acc: MSM<'params, C>,
-            msm: MSM<'params, C>,
-        ) -> MSM<'params, C> {
+            mut acc: MSMIPA<'params, C>,
+            msm: MSMIPA<'params, C>,
+        ) -> MSMIPA<'params, C> {
             // Scale the MSM by a random factor to ensure that if the existing MSM has
             // `is_zero() == false` then this argument won't be able to interfere with it
             // to make it true, with high probability.
@@ -113,7 +133,7 @@ impl<C: CurveAffine> BatchVerifier<C> {
             .try_reduce(|| params.empty_msm(), |a, b| Ok(accumulate_msm(a, b)));
 
         match final_msm {
-            Ok(msm) => msm.eval(),
+            Ok(msm) => msm.check(),
             Err(_) => false,
         }
     }