finish with parallelization. Kate division is next
This commit is contained in:
parent
a0aaf7a6e4
commit
08cbd05a26
@ -120,22 +120,29 @@ pub fn create_aggregate_on_srs_using_information<E: Engine, C: Circuit<E>, S: Sy
|
|||||||
let mut value = value;
|
let mut value = value;
|
||||||
value.negate();
|
value.negate();
|
||||||
|
|
||||||
let poly = kate_divison(
|
polynomial_commitment_opening(
|
||||||
|
n,
|
||||||
|
0,
|
||||||
s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()),
|
s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()),
|
||||||
w,
|
w,
|
||||||
);
|
&srs
|
||||||
|
)
|
||||||
|
|
||||||
let negative_poly = poly[0..n].iter().rev();
|
// let poly = kate_divison(
|
||||||
let positive_poly = poly[n..].iter();
|
// s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()),
|
||||||
multiexp(
|
// w,
|
||||||
srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
|
// );
|
||||||
srs.g_positive_x[0..positive_poly.len()].iter()
|
|
||||||
),
|
// let negative_poly = poly[0..n].iter().rev();
|
||||||
negative_poly.chain_ext(positive_poly)
|
// let positive_poly = poly[n..].iter();
|
||||||
).into_affine()
|
// multiexp(
|
||||||
|
// srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
|
||||||
|
// srs.g_positive_x[0..positive_poly.len()].iter()
|
||||||
|
// ),
|
||||||
|
// negative_poly.chain_ext(positive_poly)
|
||||||
|
// ).into_affine()
|
||||||
};
|
};
|
||||||
|
|
||||||
// TODO: parallelize
|
|
||||||
// Let's open up C to every y.
|
// Let's open up C to every y.
|
||||||
fn compute_value<E: Engine>(y: &E::Fr, poly_positive: &[E::Fr], poly_negative: &[E::Fr]) -> E::Fr {
|
fn compute_value<E: Engine>(y: &E::Fr, poly_positive: &[E::Fr], poly_negative: &[E::Fr]) -> E::Fr {
|
||||||
let mut value = E::Fr::zero();
|
let mut value = E::Fr::zero();
|
||||||
@ -173,19 +180,27 @@ pub fn create_aggregate_on_srs_using_information<E: Engine, C: Circuit<E>, S: Sy
|
|||||||
let mut value = value;
|
let mut value = value;
|
||||||
value.negate();
|
value.negate();
|
||||||
|
|
||||||
let poly = kate_divison(
|
polynomial_commitment_opening(
|
||||||
|
n,
|
||||||
|
0,
|
||||||
s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()),
|
s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()),
|
||||||
*y,
|
*y,
|
||||||
);
|
&srs
|
||||||
|
)
|
||||||
|
|
||||||
let negative_poly = poly[0..n].iter().rev();
|
// let poly = kate_divison(
|
||||||
let positive_poly = poly[n..].iter();
|
// s_poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(s_poly_positive.iter()),
|
||||||
multiexp(
|
// *y,
|
||||||
srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
|
// );
|
||||||
srs.g_positive_x[0..positive_poly.len()].iter()
|
|
||||||
),
|
// let negative_poly = poly[0..n].iter().rev();
|
||||||
negative_poly.chain_ext(positive_poly)
|
// let positive_poly = poly[n..].iter();
|
||||||
).into_affine()
|
// multiexp(
|
||||||
|
// srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
|
||||||
|
// srs.g_positive_x[0..positive_poly.len()].iter()
|
||||||
|
// ),
|
||||||
|
// negative_poly.chain_ext(positive_poly)
|
||||||
|
// ).into_affine()
|
||||||
};
|
};
|
||||||
|
|
||||||
c_openings.push((opening, value));
|
c_openings.push((opening, value));
|
||||||
@ -213,35 +228,45 @@ pub fn create_aggregate_on_srs_using_information<E: Engine, C: Circuit<E>, S: Sy
|
|||||||
value.mul_assign(&r);
|
value.mul_assign(&r);
|
||||||
expected_value.add_assign(&value);
|
expected_value.add_assign(&value);
|
||||||
|
|
||||||
for (mut coeff, target) in s_poly_negative.into_iter().zip(poly_negative.iter_mut()) {
|
mul_add_polynomials(& mut poly_negative[..], &s_poly_negative[..], r);
|
||||||
coeff.mul_assign(&r);
|
mul_add_polynomials(& mut poly_positive[..], &s_poly_positive[..], r);
|
||||||
target.add_assign(&coeff);
|
|
||||||
|
// for (mut coeff, target) in s_poly_negative.into_iter().zip(poly_negative.iter_mut()) {
|
||||||
|
// coeff.mul_assign(&r);
|
||||||
|
// target.add_assign(&coeff);
|
||||||
|
// }
|
||||||
|
|
||||||
|
// for (mut coeff, target) in s_poly_positive.into_iter().zip(poly_positive.iter_mut()) {
|
||||||
|
// coeff.mul_assign(&r);
|
||||||
|
// target.add_assign(&coeff);
|
||||||
|
// }
|
||||||
}
|
}
|
||||||
|
|
||||||
for (mut coeff, target) in s_poly_positive.into_iter().zip(poly_positive.iter_mut()) {
|
|
||||||
coeff.mul_assign(&r);
|
|
||||||
target.add_assign(&coeff);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: parallelize
|
|
||||||
let s_opening = {
|
let s_opening = {
|
||||||
let mut value = expected_value;
|
let mut value = expected_value;
|
||||||
value.negate();
|
value.negate();
|
||||||
|
|
||||||
let poly = kate_divison(
|
polynomial_commitment_opening(
|
||||||
|
n,
|
||||||
|
0,
|
||||||
poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(poly_positive.iter()),
|
poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(poly_positive.iter()),
|
||||||
z,
|
z,
|
||||||
);
|
&srs
|
||||||
|
)
|
||||||
|
|
||||||
let negative_poly = poly[0..n].iter().rev();
|
// let poly = kate_divison(
|
||||||
let positive_poly = poly[n..].iter();
|
// poly_negative.iter().rev().chain_ext(Some(value).iter()).chain_ext(poly_positive.iter()),
|
||||||
multiexp(
|
// z,
|
||||||
srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
|
// );
|
||||||
srs.g_positive_x[0..positive_poly.len()].iter()
|
|
||||||
),
|
// let negative_poly = poly[0..n].iter().rev();
|
||||||
negative_poly.chain_ext(positive_poly)
|
// let positive_poly = poly[n..].iter();
|
||||||
).into_affine()
|
// multiexp(
|
||||||
|
// srs.g_negative_x[1..(negative_poly.len() + 1)].iter().chain_ext(
|
||||||
|
// srs.g_positive_x[0..positive_poly.len()].iter()
|
||||||
|
// ),
|
||||||
|
// negative_poly.chain_ext(positive_poly)
|
||||||
|
// ).into_affine()
|
||||||
};
|
};
|
||||||
|
|
||||||
Aggregate {
|
Aggregate {
|
||||||
|
@ -253,7 +253,7 @@ pub fn create_proof_on_srs<E: Engine, C: Circuit<E>, S: SynthesisDriver>(
|
|||||||
);
|
);
|
||||||
|
|
||||||
// negative powers [-1, -2n], positive [1, n]
|
// negative powers [-1, -2n], positive [1, n]
|
||||||
let (s_poly_negative, s_poly_positive) = {
|
let (mut s_poly_negative, s_poly_positive) = {
|
||||||
let mut tmp = SxEval::new(y, n);
|
let mut tmp = SxEval::new(y, n);
|
||||||
S::synthesize(&mut tmp, circuit)?;
|
S::synthesize(&mut tmp, circuit)?;
|
||||||
|
|
||||||
@ -266,18 +266,26 @@ pub fn create_proof_on_srs<E: Engine, C: Circuit<E>, S: SynthesisDriver>(
|
|||||||
{
|
{
|
||||||
// extend to have powers [n+1, 2n]
|
// extend to have powers [n+1, 2n]
|
||||||
rxy_prime.resize(4 * n + 1 + NUM_BLINDINGS, E::Fr::zero());
|
rxy_prime.resize(4 * n + 1 + NUM_BLINDINGS, E::Fr::zero());
|
||||||
// add coefficients in front of X^{-2n}...X^{-n-1}, X^{-n}...X^{-1}
|
s_poly_negative.reverse();
|
||||||
for (r, s) in rxy_prime[NUM_BLINDINGS..(2 * n + NUM_BLINDINGS)]
|
|
||||||
.iter_mut()
|
let neg_poly_len = s_poly_negative.len();
|
||||||
.rev()
|
add_polynomials(&mut rxy_prime[(NUM_BLINDINGS+neg_poly_len)..(2 * n + NUM_BLINDINGS)], &s_poly_negative[..]);
|
||||||
.zip(s_poly_negative)
|
s_poly_negative.reverse();
|
||||||
{
|
|
||||||
r.add_assign(&s);
|
add_polynomials(&mut rxy_prime[(2 * n + 1 + NUM_BLINDINGS)..], &s_poly_positive[..])
|
||||||
}
|
|
||||||
// add coefficients in front of X^{1}...X^{n}, X^{n+1}...X^{2*n}
|
// // add coefficients in front of X^{-2n}...X^{-n-1}, X^{-n}...X^{-1}
|
||||||
for (r, s) in rxy_prime[(2 * n + 1 + NUM_BLINDINGS)..].iter_mut().zip(s_poly_positive) {
|
// for (r, s) in rxy_prime[NUM_BLINDINGS..(2 * n + NUM_BLINDINGS)]
|
||||||
r.add_assign(&s);
|
// .iter_mut()
|
||||||
}
|
// .rev()
|
||||||
|
// .zip(s_poly_negative)
|
||||||
|
// {
|
||||||
|
// r.add_assign(&s);
|
||||||
|
// }
|
||||||
|
// // add coefficients in front of X^{1}...X^{n}, X^{n+1}...X^{2*n}
|
||||||
|
// for (r, s) in rxy_prime[(2 * n + 1 + NUM_BLINDINGS)..].iter_mut().zip(s_poly_positive) {
|
||||||
|
// r.add_assign(&s);
|
||||||
|
// }
|
||||||
}
|
}
|
||||||
|
|
||||||
// by this point all R related polynomials are blinded and evaluated for Y variable
|
// by this point all R related polynomials are blinded and evaluated for Y variable
|
||||||
@ -344,12 +352,15 @@ pub fn create_proof_on_srs<E: Engine, C: Circuit<E>, S: SynthesisDriver>(
|
|||||||
let z_opening = {
|
let z_opening = {
|
||||||
rx1[(2 * n + NUM_BLINDINGS)].add_assign(&rzy); // restore
|
rx1[(2 * n + NUM_BLINDINGS)].add_assign(&rzy); // restore
|
||||||
|
|
||||||
// skip powers from until reach -2n - NUM_BLINDINGS
|
let rx1_len = rx1.len();
|
||||||
for (t, &r) in txy[(2 * n + NUM_BLINDINGS)..].iter_mut().zip(rx1.iter()) {
|
mul_add_polynomials(&mut txy[(2 * n + NUM_BLINDINGS)..(2 * n + NUM_BLINDINGS + rx1_len)], &rx1[..], r1);
|
||||||
let mut r = r;
|
|
||||||
r.mul_assign(&r1);
|
// // skip powers from until reach -2n - NUM_BLINDINGS
|
||||||
t.add_assign(&r);
|
// for (t, &r) in txy[(2 * n + NUM_BLINDINGS)..].iter_mut().zip(rx1.iter()) {
|
||||||
}
|
// let mut r = r;
|
||||||
|
// r.mul_assign(&r1);
|
||||||
|
// t.add_assign(&r);
|
||||||
|
// }
|
||||||
|
|
||||||
let val = {
|
let val = {
|
||||||
let tmp = z_inv.pow(&[(4*n + 2*NUM_BLINDINGS) as u64]);
|
let tmp = z_inv.pow(&[(4*n + 2*NUM_BLINDINGS) as u64]);
|
||||||
|
@ -509,9 +509,9 @@ fn test_high_level_sonic_api() {
|
|||||||
println!("done in {:?}", start.elapsed());
|
println!("done in {:?}", start.elapsed());
|
||||||
|
|
||||||
println!("creating aggregate for {} proofs", samples);
|
println!("creating aggregate for {} proofs", samples);
|
||||||
let start = Instant::now();
|
|
||||||
let proofs: Vec<_> = (0..samples).map(|_| (proof.clone(), advice.clone())).collect();
|
let proofs: Vec<_> = (0..samples).map(|_| (proof.clone(), advice.clone())).collect();
|
||||||
|
|
||||||
|
let start = Instant::now();
|
||||||
let aggregate = create_aggregate::<Bn256, _>(circuit.clone(), &proofs, ¶ms);
|
let aggregate = create_aggregate::<Bn256, _>(circuit.clone(), &proofs, ¶ms);
|
||||||
println!("done in {:?}", start.elapsed());
|
println!("done in {:?}", start.elapsed());
|
||||||
|
|
||||||
|
@ -125,11 +125,16 @@ pub fn polynomial_commitment_opening<
|
|||||||
{
|
{
|
||||||
// let poly = parallel_kate_divison::<E, _>(polynomial_coefficients, point);
|
// let poly = parallel_kate_divison::<E, _>(polynomial_coefficients, point);
|
||||||
|
|
||||||
|
use std::time::Instant;
|
||||||
|
let start = Instant::now();
|
||||||
|
|
||||||
let poly = kate_divison(
|
let poly = kate_divison(
|
||||||
polynomial_coefficients,
|
polynomial_coefficients,
|
||||||
point,
|
point,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
println!("Kate division of size {} taken {:?}", poly.len(), start.elapsed());
|
||||||
|
|
||||||
let negative_poly = poly[0..largest_negative_power].iter().rev();
|
let negative_poly = poly[0..largest_negative_power].iter().rev();
|
||||||
let positive_poly = poly[largest_negative_power..].iter();
|
let positive_poly = poly[largest_negative_power..].iter();
|
||||||
multiexp(
|
multiexp(
|
||||||
|
Loading…
Reference in New Issue
Block a user