Skip to content

Commit

Permalink
Merge pull request #39 from w3f/return-result
Browse files Browse the repository at this point in the history 
PCS methods return Results
  • Loading branch information
@swasilyev
swasilyev authored Feb 19, 2025
2 parents 9274141 + e86d114 commit f6f555f
Show file tree
Hide file tree
Showing 9 changed files with 58 additions and 60 deletions.
6 changes: 3 additions & 3 deletions src/aggregation/multiple.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ pub fn aggregate_polys<F: PrimeField, CS: PCS<F>, T: Transcript<F, CS>>(
let q = poly::sum_with_powers(gamma, &qs);
let t_commit =
start_timer!(|| ark_std::format!("commitment to a degree-{} polynomial", q.degree()));
let qc = CS::commit(ck, &q);
let qc = CS::commit(ck, &q).unwrap();
// "W" in the paper
end_timer!(t_commit);
transcript.commit_to_q(&qc);
Expand Down Expand Up @@ -236,13 +236,13 @@ mod tests {
end_timer!(t_aggregate_polys);

let claims = group_by_commitment(&opening.fcs, &opening.xss, &opening.yss);
let onec = CS::commit(&vk.clone().into(), &poly::constant(F::one()));
let onec = CS::commit(&vk.clone().into(), &poly::constant(F::one())).unwrap();

let t_aggregate_claims = start_timer!(|| format!("Aggregate {} claims", claims.len()));
let agg_claim = aggregate_claims::<_, CS, _>(claims, &agg_proof, &onec, transcript);
end_timer!(t_aggregate_claims);

assert_eq!(CS::commit(&ck, &agg_poly), agg_claim.c);
assert_eq!(CS::commit(&ck, &agg_poly).unwrap(), agg_claim.c);
assert_eq!(zeta, agg_claim.xs[0]);
assert_eq!(agg_poly.evaluate(&zeta), agg_claim.ys[0]);
assert!(agg_claim.ys[0].is_zero());
Expand Down
4 changes: 2 additions & 2 deletions src/aggregation/single.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ impl<F: PrimeField, C: Commitment<F>> Claim<F, C> {
CS: PCS<F, C = C>,
{
Claim {
c: CS::commit(ck, poly),
c: CS::commit(ck, poly).unwrap(),
x: at,
y: poly.evaluate(&at),
}
Expand Down Expand Up @@ -126,7 +126,7 @@ mod tests {
.collect::<Vec<_>>();
let agg_claim = aggregate_claims::<F, CS>(&claims_at_same_x, &rs);

assert_eq!(CS::commit(&ck, &agg_poly), agg_claim.c);
assert_eq!(CS::commit(&ck, &agg_poly).unwrap(), agg_claim.c);
assert_eq!(same_x, agg_claim.x);
assert_eq!(agg_poly.evaluate(&same_x), agg_claim.y);
}
Expand Down
4 changes: 2 additions & 2 deletions src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ mod tests {
let (fs, roots, vss) = generate_test_data(rng, d, t, m);

let g = Fflonk::combine(t, &fs);
let gc = CS::commit(&params.ck(), &g);
let gc = CS::commit(&params.ck(), &g).unwrap();

let proof = FflonkyKzg::<F, CS>::open_single(&params.ck(), &fs, t, &roots, transcript);
assert!(FflonkyKzg::<F, CS>::verify_single(
Expand Down Expand Up @@ -245,7 +245,7 @@ mod tests {
let gcs: Vec<_> = fss
.iter()
.zip(ts)
.map(|(fs, t)| CS::commit(&params.ck(), &Fflonk::combine(t, &fs)))
.map(|(fs, t)| CS::commit(&params.ck(), &Fflonk::combine(t, &fs)).unwrap())
.collect();

let proof = FflonkyKzg::<F, CS>::open(&params.ck(), &fss, &ts, &rootss, transcript);
Expand Down
12 changes: 6 additions & 6 deletions src/pcs/id/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,15 +110,15 @@ impl<F: PrimeField> PCS<F> for IdentityCommitment {
()
}

fn commit(_ck: &(), p: &Poly<F>) -> Self::C {
WrappedPolynomial(p.clone())
fn commit(_ck: &(), p: &Poly<F>) -> Result<Self::C, ()> {
Ok(WrappedPolynomial(p.clone()))
}

fn open(_ck: &(), _p: &Poly<F>, _x: F) -> Self::Proof {
()
fn open(_ck: &(), _p: &Poly<F>, _x: F) -> Result<Self::Proof, ()> {
Ok(())
}

fn verify(_vk: &(), c: Self::C, x: F, z: F, _proof: Self::Proof) -> bool {
c.evaluate(&x) == z
fn verify(_vk: &(), c: Self::C, x: F, z: F, _proof: Self::Proof) -> Result<(), ()> {
(c.evaluate(&x) == z).then(|| ()).ok_or(())
}
}
58 changes: 25 additions & 33 deletions src/pcs/kzg/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,6 @@ impl<E: Pairing> KZG<E> {
rs: &[E::ScalarField],
vk: &KzgVerifierKey<E>,
) -> AccumulatedOpening<E> {
assert_eq!(openings.len(), rs.len());
let openings = Self::parse(openings);
let ((accs, proofs), ys): ((Vec<E::G1>, Vec<E::G1Affine>), Vec<E::ScalarField>) =
openings.into_iter().unzip();
Expand Down Expand Up @@ -117,8 +116,7 @@ impl<E: Pairing> KZG<E> {
fn _commit(coeffs: &[E::ScalarField], bases: &[E::G1Affine]) -> KzgCommitment<E> {
// `msm` allows to call into implementation of `VariableBaseMSM` for `Projective.
// This allows to call into custom implementations of `msm` (`msm_unchecked` not).
let len = usize::min(coeffs.len(), bases.len());
let proj = <E::G1 as VariableBaseMSM>::msm(&bases[..len], &coeffs[..len]).unwrap();
let proj = <E::G1 as VariableBaseMSM>::msm(&bases[..coeffs.len()], &coeffs).unwrap();
KzgCommitment(proj.into_affine())
}
}
Expand All @@ -135,35 +133,28 @@ impl<E: Pairing> PCS<E::ScalarField> for KZG<E> {
URS::<E>::generate(max_degree + 1, 2, rng)
}

fn commit(ck: &Self::CK, p: &Poly<E::ScalarField>) -> Self::C {
fn commit(ck: &Self::CK, p: &Poly<E::ScalarField>) -> Result<Self::C, ()> {
let ck = &ck.monomial;
assert!(
p.degree() <= ck.max_degree(),
"Can't commit to degree {} polynomial using {} bases",
p.degree(),
ck.max_evals()
);
Self::_commit(&p.coeffs, &ck.powers_in_g1)
if p.degree() > ck.max_degree() {
return Err(());
}
Ok(Self::_commit(&p.coeffs, &ck.powers_in_g1))
}

fn commit_evals(ck: &Self::CK, evals: &Evaluations<E::ScalarField>) -> Self::C {
fn commit_evals(ck: &Self::CK, evals: &Evaluations<E::ScalarField>) -> Result<Self::C, ()> {
let ck = ck
.lagrangian
.as_ref()
.expect("lagrangian key hadn't been generated");
assert_eq!(evals.domain(), ck.domain);
assert!(
evals.evals.len() <= ck.max_evals(),
"Can't commit to {} values using {} bases",
evals.evals.len(),
ck.max_evals()
);
Self::_commit(&evals.evals, &ck.lis_in_g)
if evals.evals.len() > ck.max_evals() || evals.domain() != ck.domain {
return Err(());
}
Ok(Self::_commit(&evals.evals, &ck.lis_in_g))
}

fn open(ck: &Self::CK, p: &Poly<E::ScalarField>, x: E::ScalarField) -> Self::Proof {
fn open(ck: &Self::CK, p: &Poly<E::ScalarField>, x: E::ScalarField) -> Result<Self::Proof, ()> {
let q = Self::compute_quotient(p, x);
Self::commit(ck, &q).0
Self::commit(ck, &q).map(|c| c.0)
}

fn verify(
Expand All @@ -172,14 +163,14 @@ impl<E: Pairing> PCS<E::ScalarField> for KZG<E> {
x: E::ScalarField,
y: E::ScalarField,
proof: Self::Proof,
) -> bool {
) -> Result<(), ()> {
let opening = KzgOpening {
c: c.0,
x,
y,
proof,
};
Self::verify_single(opening, vk)
Self::verify_single(opening, vk).then(|| ()).ok_or(())
}

fn batch_verify<R: Rng>(
Expand All @@ -189,9 +180,10 @@ impl<E: Pairing> PCS<E::ScalarField> for KZG<E> {
y: Vec<E::ScalarField>,
proof: Vec<Self::Proof>,
rng: &mut R,
) -> bool {
assert_eq!(c.len(), x.len());
assert_eq!(c.len(), y.len());
) -> Result<(), ()> {
if c.len() != x.len() || c.len() != y.len() {
return Err(());
}
let openings = c
.into_iter()
.zip(x.into_iter())
Expand All @@ -204,7 +196,7 @@ impl<E: Pairing> PCS<E::ScalarField> for KZG<E> {
proof,
})
.collect();
Self::verify_batch(openings, vk, rng)
Self::verify_batch(openings, vk, rng).then(|| ()).ok_or(())
}
}

Expand Down Expand Up @@ -247,15 +239,15 @@ mod tests {
"Committing to a dense degree-{} polynomial",
ck.max_degree()
));
let c = KZG::<E>::commit(&ck, &p);
let c = KZG::<E>::commit(&ck, &p).unwrap();
end_timer!(t_commit);

let t_prove = start_timer!(|| "Generating an opening proof for a single point");
let proof = KZG::<E>::open(&ck, &p, x);
let proof = KZG::<E>::open(&ck, &p, x).unwrap();
end_timer!(t_prove);

let t_verify = start_timer!(|| "Verification of a single-point opening");
assert!(KZG::<E>::verify(&vk, c, x, z, proof));
assert!(KZG::<E>::verify(&vk, c, x, z, proof).is_ok());
end_timer!(t_verify);
}

Expand All @@ -273,8 +265,8 @@ mod tests {
let f = Poly::<E::ScalarField>::rand(d, rng);
let x = xs[i];
let y = f.evaluate(&x);
let c = KZG::<E>::commit(ck, &f).0;
let proof = KZG::<E>::open(ck, &f, x);
let c = KZG::<E>::commit(ck, &f).unwrap().0;
let proof = KZG::<E>::open(ck, &f, x).unwrap();
KzgOpening { c, x, y, proof }
})
.collect()
Expand Down
16 changes: 10 additions & 6 deletions src/pcs/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,35 +82,39 @@ pub trait PCS<F: PrimeField> {
// vk needs to be convertible to a ck that is only required to commit to the p=1 constant polynomial,
// see https://eprint.iacr.org/archive/2020/1536/1629188090.pdf, section 4.2
type VK: VerifierKey + Into<Self::CK>;

type Params: PcsParams<CK = Self::CK, VK = Self::VK>;

fn setup<R: Rng>(max_degree: usize, rng: &mut R) -> Self::Params;

fn commit(ck: &Self::CK, p: &Poly<F>) -> Self::C;
fn commit(ck: &Self::CK, p: &Poly<F>) -> Result<Self::C, ()>;

fn commit_evals(ck: &Self::CK, evals: &Evaluations<F>) -> Self::C {
fn commit_evals(ck: &Self::CK, evals: &Evaluations<F>) -> Result<Self::C, ()> {
let poly = evals.interpolate_by_ref();
Self::commit(ck, &poly)
}

fn open(ck: &Self::CK, p: &Poly<F>, x: F) -> Self::Proof; //TODO: eval?
fn open(ck: &Self::CK, p: &Poly<F>, x: F) -> Result<Self::Proof, ()>;

fn verify(vk: &Self::VK, c: Self::C, x: F, z: F, proof: Self::Proof) -> bool;
fn verify(vk: &Self::VK, c: Self::C, x: F, z: F, proof: Self::Proof) -> Result<(), ()>;

// TODO: is the default implementation useful?
fn batch_verify<R: Rng>(
vk: &Self::VK,
c: Vec<Self::C>,
x: Vec<F>,
y: Vec<F>,
proof: Vec<Self::Proof>,
_rng: &mut R,
) -> bool {
) -> Result<(), ()> {
assert_eq!(c.len(), x.len());
assert_eq!(c.len(), y.len());
c.into_iter()
.zip(x.into_iter())
.zip(y.into_iter())
.zip(proof.into_iter())
.all(|(((c, x), y), proof)| Self::verify(vk, c, x, y, proof))
.all(|(((c, x), y), proof)| Self::verify(vk, c, x, y, proof).is_ok())
.then(|| ())
.ok_or(())
}
}
8 changes: 5 additions & 3 deletions src/shplonk.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ impl<F: PrimeField, CS: PCS<F>> Shplonk<F, CS> {
) -> AggregateProof<F, CS> {
let (agg_poly, zeta, agg_proof) = aggregate_polys::<F, CS, T>(ck, fs, xss, transcript);
assert!(agg_poly.evaluate(&zeta).is_zero());
let opening_proof = CS::open(ck, &agg_poly, zeta);
let opening_proof = CS::open(ck, &agg_poly, zeta).unwrap();
AggregateProof {
agg_proof,
opening_proof,
Expand All @@ -53,7 +53,8 @@ impl<F: PrimeField, CS: PCS<F>> Shplonk<F, CS> {
let onec = CS::commit(
&vk.clone().into(),
&Poly::from_coefficients_slice(&[F::one()]),
);
)
.unwrap();
let claims = group_by_commitment(fcs, xss, yss);
let agg_claim = aggregate_claims::<F, CS, T>(claims, &agg_proof, &onec, transcript);
CS::verify(
Expand All @@ -63,6 +64,7 @@ impl<F: PrimeField, CS: PCS<F>> Shplonk<F, CS> {
agg_claim.ys[0],
opening_proof,
)
.is_ok()
}
}

Expand Down Expand Up @@ -115,7 +117,7 @@ pub(crate) mod tests {
// polynomials
let fs: Vec<_> = (0..t).map(|_| Poly::<F>::rand(d, rng)).collect();
// commitments
let fcs: Vec<_> = fs.iter().map(|fi| CS::commit(&ck, fi)).collect();
let fcs: Vec<_> = fs.iter().map(|fi| CS::commit(&ck, fi).unwrap()).collect();

// evaluations per polynomial
let yss: Vec<_> = fs
Expand Down
8 changes: 4 additions & 4 deletions tests/plonk/batchy.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ impl<F: PrimeField, CS: PCS<F>> PlonkBatchKzgTest<F, CS> {
fn commit_polynomial(&self, ck: &CS::CK, poly: &Poly<F>) -> CS::C {
let t_commitment =
start_timer!(|| format!("Committing to degree {} polynomials", poly.degree()));
let commitment = CS::commit(ck, poly);
let commitment = CS::commit(ck, poly).unwrap();
end_timer!(t_commitment);
commitment
}
Expand Down Expand Up @@ -182,9 +182,9 @@ impl<F: PrimeField, CS: PCS<F>> DecoyPlonk<F, CS> for PlonkBatchKzgTest<F, CS> {
let agg_poly_at_zeta =
poly::sum_with_coeffs(self.challenges.nus.clone(), &polys_to_open_at_zeta);

let proof_at_zeta = CS::open(ck, &agg_poly_at_zeta, zeta);
let proof_at_zeta = CS::open(ck, &agg_poly_at_zeta, zeta).unwrap();
let proof_at_zeta_omega =
CS::open(ck, &self.polys.poly_to_open_at_zeta_omega_5(), zeta_omega);
CS::open(ck, &self.polys.poly_to_open_at_zeta_omega_5(), zeta_omega).unwrap();

// TODO: compute
let t_extra = start_timer!(|| "Extra: commiting to the linearization polynomial");
Expand Down Expand Up @@ -262,6 +262,6 @@ impl<F: PrimeField, CS: PCS<F>> DecoyPlonk<F, CS> for PlonkBatchKzgTest<F, CS> {
);
end_timer!(t_kzg_batch_opening);
end_timer!(t_kzg);
valid
valid.is_ok()
}
}
2 changes: 1 addition & 1 deletion tests/plonk/fflonky.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ impl<F: PrimeField, CS: PCS<F>> PlonkWithFflonkTest<F, CS> {
"committing to the combined polynomial: degree = {}",
poly.degree()
));
let commitment = CS::commit(ck, &poly);
let commitment = CS::commit(ck, &poly).unwrap();
end_timer!(t_commit_combined);

end_timer!(t_commit);
Expand Down

0 comments on commit f6f555f

Please sign in to comment.