finish with parallelization. Kate division is next

This commit is contained in:
Alex Vlasov 2019-03-15 21:49:31 +03:00
parent a0aaf7a6e4
commit 08cbd05a26
4 changed files with 101 additions and 60 deletions

@ -120,22 +120,29 @@ pub fn create_aggregate_on_srs_using_information<E: Engine, C: Circuit<E>, S: Sy
let mut value = value; let mut value = value;
value.negate(); value.negate();
let poly = kate_divison( polynomial_commitment_opening(
n,
0,
s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()), s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()),
w, w,
); &srs
)
let negative_poly = poly[0..n].iter().rev(); // let poly = kate_divison(
let positive_poly = poly[n..].iter(); // s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()),
multiexp( // w,
srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext( // );
srs.g_positive_x[0..positive_poly.len()].iter()
), // let negative_poly = poly[0..n].iter().rev();
negative_poly.chain_ext(positive_poly) // let positive_poly = poly[n..].iter();
).into_affine() // multiexp(
// srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
// srs.g_positive_x[0..positive_poly.len()].iter()
// ),
// negative_poly.chain_ext(positive_poly)
// ).into_affine()
}; };
// TODO: parallelize
// Let's open up C to every y. // Let's open up C to every y.
fn compute_value<E: Engine>(y: &E::Fr, poly_positive: &[E::Fr], poly_negative: &[E::Fr]) -> E::Fr { fn compute_value<E: Engine>(y: &E::Fr, poly_positive: &[E::Fr], poly_negative: &[E::Fr]) -> E::Fr {
let mut value = E::Fr::zero(); let mut value = E::Fr::zero();
@ -173,19 +180,27 @@ pub fn create_aggregate_on_srs_using_information<E: Engine, C: Circuit<E>, S: Sy
let mut value = value; let mut value = value;
value.negate(); value.negate();
let poly = kate_divison( polynomial_commitment_opening(
n,
0,
s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()), s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()),
*y, *y,
); &srs
)
let negative_poly = poly[0..n].iter().rev(); // let poly = kate_divison(
let positive_poly = poly[n..].iter(); // s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()),
multiexp( // *y,
srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext( // );
srs.g_positive_x[0..positive_poly.len()].iter()
), // let negative_poly = poly[0..n].iter().rev();
negative_poly.chain_ext(positive_poly) // let positive_poly = poly[n..].iter();
).into_affine() // multiexp(
// srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
// srs.g_positive_x[0..positive_poly.len()].iter()
// ),
// negative_poly.chain_ext(positive_poly)
// ).into_affine()
}; };
c_openings.push((opening, value)); c_openings.push((opening, value));
@ -213,35 +228,45 @@ pub fn create_aggregate_on_srs_using_information<E: Engine, C: Circuit<E>, S: Sy
value.mul_assign(&r); value.mul_assign(&r);
expected_value.add_assign(&value); expected_value.add_assign(&value);
for (mut coeff, target) in s_poly_negative.into_iter().zip(poly_negative.iter_mut()) { mul_add_polynomials(& mut poly_negative[..], &s_poly_negative[..], r);
coeff.mul_assign(&r); mul_add_polynomials(& mut poly_positive[..], &s_poly_positive[..], r);
target.add_assign(&coeff);
// for (mut coeff, target) in s_poly_negative.into_iter().zip(poly_negative.iter_mut()) {
// coeff.mul_assign(&r);
// target.add_assign(&coeff);
// }
// for (mut coeff, target) in s_poly_positive.into_iter().zip(poly_positive.iter_mut()) {
// coeff.mul_assign(&r);
// target.add_assign(&coeff);
// }
} }
for (mut coeff, target) in s_poly_positive.into_iter().zip(poly_positive.iter_mut()) {
coeff.mul_assign(&r);
target.add_assign(&coeff);
}
}
// TODO: parallelize
let s_opening = { let s_opening = {
let mut value = expected_value; let mut value = expected_value;
value.negate(); value.negate();
let poly = kate_divison( polynomial_commitment_opening(
n,
0,
poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(poly_positive.iter()), poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(poly_positive.iter()),
z, z,
); &srs
)
let negative_poly = poly[0..n].iter().rev(); // let poly = kate_divison(
let positive_poly = poly[n..].iter(); // poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(poly_positive.iter()),
multiexp( // z,
srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext( // );
srs.g_positive_x[0..positive_poly.len()].iter()
), // let negative_poly = poly[0..n].iter().rev();
negative_poly.chain_ext(positive_poly) // let positive_poly = poly[n..].iter();
).into_affine() // multiexp(
// srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
// srs.g_positive_x[0..positive_poly.len()].iter()
// ),
// negative_poly.chain_ext(positive_poly)
// ).into_affine()
}; };
Aggregate { Aggregate {

@ -253,7 +253,7 @@ pub fn create_proof_on_srs<E: Engine, C: Circuit<E>, S: SynthesisDriver>(
); );
// negative powers [-1, -2n], positive [1, n] // negative powers [-1, -2n], positive [1, n]
let (s_poly_negative, s_poly_positive) = { let (mut s_poly_negative, s_poly_positive) = {
let mut tmp = SxEval::new(y, n); let mut tmp = SxEval::new(y, n);
S::synthesize(&mut tmp, circuit)?; S::synthesize(&mut tmp, circuit)?;
@ -266,18 +266,26 @@ pub fn create_proof_on_srs<E: Engine, C: Circuit<E>, S: SynthesisDriver>(
{ {
// extend to have powers [n+1, 2n] // extend to have powers [n+1, 2n]
rxy_prime.resize(4 * n + 1 + NUM_BLINDINGS, E::Fr::zero()); rxy_prime.resize(4 * n + 1 + NUM_BLINDINGS, E::Fr::zero());
// add coefficients in front of X^{-2n}...X^{-n-1}, X^{-n}...X^{-1} s_poly_negative.reverse();
for (r, s) in rxy_prime[NUM_BLINDINGS..(2 * n + NUM_BLINDINGS)]
.iter_mut() let neg_poly_len = s_poly_negative.len();
.rev() add_polynomials(&mut rxy_prime[(NUM_BLINDINGS+neg_poly_len)..(2 * n + NUM_BLINDINGS)], &s_poly_negative[..]);
.zip(s_poly_negative) s_poly_negative.reverse();
{
r.add_assign(&s); add_polynomials(&mut rxy_prime[(2 * n + 1 + NUM_BLINDINGS)..], &s_poly_positive[..])
}
// add coefficients in front of X^{1}...X^{n}, X^{n+1}...X^{2*n} // // add coefficients in front of X^{-2n}...X^{-n-1}, X^{-n}...X^{-1}
for (r, s) in rxy_prime[(2 * n + 1 + NUM_BLINDINGS)..].iter_mut().zip(s_poly_positive) { // for (r, s) in rxy_prime[NUM_BLINDINGS..(2 * n + NUM_BLINDINGS)]
r.add_assign(&s); // .iter_mut()
} // .rev()
// .zip(s_poly_negative)
// {
// r.add_assign(&s);
// }
// // add coefficients in front of X^{1}...X^{n}, X^{n+1}...X^{2*n}
// for (r, s) in rxy_prime[(2 * n + 1 + NUM_BLINDINGS)..].iter_mut().zip(s_poly_positive) {
// r.add_assign(&s);
// }
} }
// by this point all R related polynomials are blinded and evaluated for Y variable // by this point all R related polynomials are blinded and evaluated for Y variable
@ -344,12 +352,15 @@ pub fn create_proof_on_srs<E: Engine, C: Circuit<E>, S: SynthesisDriver>(
let z_opening = { let z_opening = {
rx1[(2 * n + NUM_BLINDINGS)].add_assign(&rzy); // restore rx1[(2 * n + NUM_BLINDINGS)].add_assign(&rzy); // restore
// skip powers from until reach -2n - NUM_BLINDINGS let rx1_len = rx1.len();
for (t, &r) in txy[(2 * n + NUM_BLINDINGS)..].iter_mut().zip(rx1.iter()) { mul_add_polynomials(&mut txy[(2 * n + NUM_BLINDINGS)..(2 * n + NUM_BLINDINGS + rx1_len)], &rx1[..], r1);
let mut r = r;
r.mul_assign(&r1); // // skip powers from until reach -2n - NUM_BLINDINGS
t.add_assign(&r); // for (t, &r) in txy[(2 * n + NUM_BLINDINGS)..].iter_mut().zip(rx1.iter()) {
} // let mut r = r;
// r.mul_assign(&r1);
// t.add_assign(&r);
// }
let val = { let val = {
let tmp = z_inv.pow(&[(4*n + 2*NUM_BLINDINGS) as u64]); let tmp = z_inv.pow(&[(4*n + 2*NUM_BLINDINGS) as u64]);

@ -509,9 +509,9 @@ fn test_high_level_sonic_api() {
println!("done in {:?}", start.elapsed()); println!("done in {:?}", start.elapsed());
println!("creating aggregate for {} proofs", samples); println!("creating aggregate for {} proofs", samples);
let start = Instant::now();
let proofs: Vec<_> = (0..samples).map(|_| (proof.clone(), advice.clone())).collect(); let proofs: Vec<_> = (0..samples).map(|_| (proof.clone(), advice.clone())).collect();
let start = Instant::now();
let aggregate = create_aggregate::<Bn256, _>(circuit.clone(), &proofs, &params); let aggregate = create_aggregate::<Bn256, _>(circuit.clone(), &proofs, &params);
println!("done in {:?}", start.elapsed()); println!("done in {:?}", start.elapsed());

@ -125,11 +125,16 @@ pub fn polynomial_commitment_opening<
{ {
// let poly = parallel_kate_divison::<E, _>(polynomial_coefficients, point); // let poly = parallel_kate_divison::<E, _>(polynomial_coefficients, point);
use std::time::Instant;
let start = Instant::now();
let poly = kate_divison( let poly = kate_divison(
polynomial_coefficients, polynomial_coefficients,
point, point,
); );
println!("Kate division of size {} taken {:?}", poly.len(), start.elapsed());
let negative_poly = poly[0..largest_negative_power].iter().rev(); let negative_poly = poly[0..largest_negative_power].iter().rev();
let positive_poly = poly[largest_negative_power..].iter(); let positive_poly = poly[largest_negative_power..].iter();
multiexp( multiexp(