Fix big proof

build/cli.cjs

@@ -6100,40 +6100,44 @@ async function groth16Prove(zkeyFileName, witnessFileName, logger) {
     if (logger) logger.debug("Building ABC");
     const [buffA_T, buffB_T, buffC_T] = await buldABC1(curve, zkey, buffWitness, buffCoeffs, logger);
 
-    if (logger) logger.debug("Reading A Points");
-    const buffBasesA = await readSection$1(fdZKey, sectionsZKey, 5);
-    if (logger) logger.debug("Reading B1 Points");
-    const buffBasesB1 = await readSection$1(fdZKey, sectionsZKey, 6);
-    if (logger) logger.debug("Reading B2 Points");
-    const buffBasesB2 = await readSection$1(fdZKey, sectionsZKey, 7);
-    if (logger) logger.debug("Reading C Points");
-    const buffBasesC = await readSection$1(fdZKey, sectionsZKey, 8);
-    if (logger) logger.debug("Reading H Points");
-    const buffBasesH = await readSection$1(fdZKey, sectionsZKey, 9);
-
     const inc = power == Fr.s ? curve.Fr.shift : curve.Fr.w[power+1];
 
-    const buffA = await Fr.ifft(buffA_T, "", "", logger, "FFT_A");
+    const buffA = await Fr.ifft(buffA_T, "", "", logger, "IFFT_A");
     const buffAodd = await Fr.batchApplyKey(buffA, Fr.e(1), inc);
-    const buffAodd_T = await Fr.fft(buffAodd, "", "", logger, "IFFT_A");
+    const buffAodd_T = await Fr.fft(buffAodd, "", "", logger, "FFT_A");
 
-    const buffB = await Fr.ifft(buffB_T, "", "", logger, "FFT_B");
+    const buffB = await Fr.ifft(buffB_T, "", "", logger, "IFFT_B");
     const buffBodd = await Fr.batchApplyKey(buffB, Fr.e(1), inc);
-    const buffBodd_T = await Fr.fft(buffBodd, "", "", logger, "IFFT_B");
+    const buffBodd_T = await Fr.fft(buffBodd, "", "", logger, "FFT_B");
 
-    const buffC = await Fr.ifft(buffC_T, "", "", logger, "FFT_C");
+    const buffC = await Fr.ifft(buffC_T, "", "", logger, "IFFT_C");
     const buffCodd = await Fr.batchApplyKey(buffC, Fr.e(1), inc);
-    const buffCodd_T = await Fr.fft(buffCodd, "", "", logger, "IFFT_C");
+    const buffCodd_T = await Fr.fft(buffCodd, "", "", logger, "FFT_C");
 
-    const buffPodd_T = await joinABC(curve, zkey, buffAodd_T, buffBodd_T, buffCodd_T);
+    if (logger) logger.debug("Join ABC");
+    const buffPodd_T = await joinABC(curve, zkey, buffAodd_T, buffBodd_T, buffCodd_T, logger);
 
     let proof = {};
 
-    proof.pi_a = await curve.G1.multiExpAffine(buffBasesA, buffWitness);
-    let pib1 = await curve.G1.multiExpAffine(buffBasesB1, buffWitness);
-    proof.pi_b = await curve.G2.multiExpAffine(buffBasesB2, buffWitness);
-    proof.pi_c = await curve.G1.multiExpAffine(buffBasesC, buffWitness.slice((zkey.nPublic+1)*curve.Fr.n8));
-    const resH = await curve.G1.multiExpAffine(buffBasesH, buffPodd_T);
+    if (logger) logger.debug("Reading A Points");
+    const buffBasesA = await readSection$1(fdZKey, sectionsZKey, 5);
+    proof.pi_a = await curve.G1.multiExpAffine(buffBasesA, buffWitness, logger, "multiexp A");
+
+    if (logger) logger.debug("Reading B1 Points");
+    const buffBasesB1 = await readSection$1(fdZKey, sectionsZKey, 6);
+    let pib1 = await curve.G1.multiExpAffine(buffBasesB1, buffWitness, logger, "multiexp B1");
+
+    if (logger) logger.debug("Reading B2 Points");
+    const buffBasesB2 = await readSection$1(fdZKey, sectionsZKey, 7);
+    proof.pi_b = await curve.G2.multiExpAffine(buffBasesB2, buffWitness, logger, "multiexp B2");
+
+    if (logger) logger.debug("Reading C Points");
+    const buffBasesC = await readSection$1(fdZKey, sectionsZKey, 8);
+    proof.pi_c = await curve.G1.multiExpAffine(buffBasesC, buffWitness.slice((zkey.nPublic+1)*curve.Fr.n8), logger, "multiexp C");
+
+    if (logger) logger.debug("Reading H Points");
+    const buffBasesH = await readSection$1(fdZKey, sectionsZKey, 9);
+    const resH = await curve.G1.multiExpAffine(buffBasesH, buffPodd_T, logger, "multiexp H");
 
     const r = curve.Fr.random();
     const s = curve.Fr.random();
@@ -6221,29 +6225,23 @@ async function buldABC1(curve, zkey, witness, coeffs, logger) {
 }
 
 
-async function joinABC(curve, zkey, a, b, c) {
-    const concurrency = curve.tm.concurrency;
+async function joinABC(curve, zkey, a, b, c, logger) {
+    const MAX_CHUNK_SIZE = 1 << 22;
 
     const n8 = curve.Fr.n8;
     const nElements = Math.floor(a.byteLength / curve.Fr.n8);
-    const elementsPerChunk = Math.floor(nElements/concurrency);
 
     const promises = [];
 
-    for (let i=0; i<concurrency; i++) {
-        let n;
-        if (i< concurrency-1) {
-            n = elementsPerChunk;
-        } else {
-            n = nElements - i*elementsPerChunk;
-        }
-        if (n==0) continue;
+    for (let i=0; i<nElements; i += MAX_CHUNK_SIZE) {
+        if (logger) logger.debug(`JoinABC: ${i}/${nElements}`);
+        const n= Math.min(nElements - i, MAX_CHUNK_SIZE);
 
         const task = [];
 
-        const aChunk = a.slice(i*elementsPerChunk*n8, (i*elementsPerChunk + n)*n8 );
-        const bChunk = b.slice(i*elementsPerChunk*n8, (i*elementsPerChunk + n)*n8 );
-        const cChunk = c.slice(i*elementsPerChunk*n8, (i*elementsPerChunk + n)*n8 );
+        const aChunk = a.slice(i*n8, (i + n)*n8 );
+        const bChunk = b.slice(i*n8, (i + n)*n8 );
+        const cChunk = c.slice(i*n8, (i + n)*n8 );
 
         task.push({cmd: "ALLOCSET", var: 0, buff: aChunk});
         task.push({cmd: "ALLOCSET", var: 1, buff: bChunk});

build/main.cjs

@@ -1588,40 +1588,44 @@ async function groth16Prove(zkeyFileName, witnessFileName, logger) {
     if (logger) logger.debug("Building ABC");
     const [buffA_T, buffB_T, buffC_T] = await buldABC1(curve, zkey, buffWitness, buffCoeffs, logger);
 
-    if (logger) logger.debug("Reading A Points");
-    const buffBasesA = await readSection(fdZKey, sectionsZKey, 5);
-    if (logger) logger.debug("Reading B1 Points");
-    const buffBasesB1 = await readSection(fdZKey, sectionsZKey, 6);
-    if (logger) logger.debug("Reading B2 Points");
-    const buffBasesB2 = await readSection(fdZKey, sectionsZKey, 7);
-    if (logger) logger.debug("Reading C Points");
-    const buffBasesC = await readSection(fdZKey, sectionsZKey, 8);
-    if (logger) logger.debug("Reading H Points");
-    const buffBasesH = await readSection(fdZKey, sectionsZKey, 9);
-
     const inc = power == Fr.s ? curve.Fr.shift : curve.Fr.w[power+1];
 
-    const buffA = await Fr.ifft(buffA_T, "", "", logger, "FFT_A");
+    const buffA = await Fr.ifft(buffA_T, "", "", logger, "IFFT_A");
     const buffAodd = await Fr.batchApplyKey(buffA, Fr.e(1), inc);
-    const buffAodd_T = await Fr.fft(buffAodd, "", "", logger, "IFFT_A");
+    const buffAodd_T = await Fr.fft(buffAodd, "", "", logger, "FFT_A");
 
-    const buffB = await Fr.ifft(buffB_T, "", "", logger, "FFT_B");
+    const buffB = await Fr.ifft(buffB_T, "", "", logger, "IFFT_B");
     const buffBodd = await Fr.batchApplyKey(buffB, Fr.e(1), inc);
-    const buffBodd_T = await Fr.fft(buffBodd, "", "", logger, "IFFT_B");
+    const buffBodd_T = await Fr.fft(buffBodd, "", "", logger, "FFT_B");
 
-    const buffC = await Fr.ifft(buffC_T, "", "", logger, "FFT_C");
+    const buffC = await Fr.ifft(buffC_T, "", "", logger, "IFFT_C");
     const buffCodd = await Fr.batchApplyKey(buffC, Fr.e(1), inc);
-    const buffCodd_T = await Fr.fft(buffCodd, "", "", logger, "IFFT_C");
+    const buffCodd_T = await Fr.fft(buffCodd, "", "", logger, "FFT_C");
 
-    const buffPodd_T = await joinABC(curve, zkey, buffAodd_T, buffBodd_T, buffCodd_T);
+    if (logger) logger.debug("Join ABC");
+    const buffPodd_T = await joinABC(curve, zkey, buffAodd_T, buffBodd_T, buffCodd_T, logger);
 
     let proof = {};
 
-    proof.pi_a = await curve.G1.multiExpAffine(buffBasesA, buffWitness);
-    let pib1 = await curve.G1.multiExpAffine(buffBasesB1, buffWitness);
-    proof.pi_b = await curve.G2.multiExpAffine(buffBasesB2, buffWitness);
-    proof.pi_c = await curve.G1.multiExpAffine(buffBasesC, buffWitness.slice((zkey.nPublic+1)*curve.Fr.n8));
-    const resH = await curve.G1.multiExpAffine(buffBasesH, buffPodd_T);
+    if (logger) logger.debug("Reading A Points");
+    const buffBasesA = await readSection(fdZKey, sectionsZKey, 5);
+    proof.pi_a = await curve.G1.multiExpAffine(buffBasesA, buffWitness, logger, "multiexp A");
+
+    if (logger) logger.debug("Reading B1 Points");
+    const buffBasesB1 = await readSection(fdZKey, sectionsZKey, 6);
+    let pib1 = await curve.G1.multiExpAffine(buffBasesB1, buffWitness, logger, "multiexp B1");
+
+    if (logger) logger.debug("Reading B2 Points");
+    const buffBasesB2 = await readSection(fdZKey, sectionsZKey, 7);
+    proof.pi_b = await curve.G2.multiExpAffine(buffBasesB2, buffWitness, logger, "multiexp B2");
+
+    if (logger) logger.debug("Reading C Points");
+    const buffBasesC = await readSection(fdZKey, sectionsZKey, 8);
+    proof.pi_c = await curve.G1.multiExpAffine(buffBasesC, buffWitness.slice((zkey.nPublic+1)*curve.Fr.n8), logger, "multiexp C");
+
+    if (logger) logger.debug("Reading H Points");
+    const buffBasesH = await readSection(fdZKey, sectionsZKey, 9);
+    const resH = await curve.G1.multiExpAffine(buffBasesH, buffPodd_T, logger, "multiexp H");
 
     const r = curve.Fr.random();
     const s = curve.Fr.random();
@@ -1709,29 +1713,23 @@ async function buldABC1(curve, zkey, witness, coeffs, logger) {
 }
 
 
-async function joinABC(curve, zkey, a, b, c) {
-    const concurrency = curve.tm.concurrency;
+async function joinABC(curve, zkey, a, b, c, logger) {
+    const MAX_CHUNK_SIZE = 1 << 22;
 
     const n8 = curve.Fr.n8;
     const nElements = Math.floor(a.byteLength / curve.Fr.n8);
-    const elementsPerChunk = Math.floor(nElements/concurrency);
 
     const promises = [];
 
-    for (let i=0; i<concurrency; i++) {
-        let n;
-        if (i< concurrency-1) {
-            n = elementsPerChunk;
-        } else {
-            n = nElements - i*elementsPerChunk;
-        }
-        if (n==0) continue;
+    for (let i=0; i<nElements; i += MAX_CHUNK_SIZE) {
+        if (logger) logger.debug(`JoinABC: ${i}/${nElements}`);
+        const n= Math.min(nElements - i, MAX_CHUNK_SIZE);
 
         const task = [];
 
-        const aChunk = a.slice(i*elementsPerChunk*n8, (i*elementsPerChunk + n)*n8 );
-        const bChunk = b.slice(i*elementsPerChunk*n8, (i*elementsPerChunk + n)*n8 );
-        const cChunk = c.slice(i*elementsPerChunk*n8, (i*elementsPerChunk + n)*n8 );
+        const aChunk = a.slice(i*n8, (i + n)*n8 );
+        const bChunk = b.slice(i*n8, (i + n)*n8 );
+        const cChunk = c.slice(i*n8, (i + n)*n8 );
 
         task.push({cmd: "ALLOCSET", var: 0, buff: aChunk});
         task.push({cmd: "ALLOCSET", var: 1, buff: bChunk});

src/groth16_prove.js

@@ -38,40 +38,44 @@ export default async function groth16Prove(zkeyFileName, witnessFileName, logger
     if (logger) logger.debug("Building ABC");
     const [buffA_T, buffB_T, buffC_T] = await buldABC1(curve, zkey, buffWitness, buffCoeffs, logger);
 
-    if (logger) logger.debug("Reading A Points");
-    const buffBasesA = await binFileUtils.readSection(fdZKey, sectionsZKey, 5);
-    if (logger) logger.debug("Reading B1 Points");
-    const buffBasesB1 = await binFileUtils.readSection(fdZKey, sectionsZKey, 6);
-    if (logger) logger.debug("Reading B2 Points");
-    const buffBasesB2 = await binFileUtils.readSection(fdZKey, sectionsZKey, 7);
-    if (logger) logger.debug("Reading C Points");
-    const buffBasesC = await binFileUtils.readSection(fdZKey, sectionsZKey, 8);
-    if (logger) logger.debug("Reading H Points");
-    const buffBasesH = await binFileUtils.readSection(fdZKey, sectionsZKey, 9);
-
     const inc = power == Fr.s ? curve.Fr.shift : curve.Fr.w[power+1];
 
-    const buffA = await Fr.ifft(buffA_T, "", "", logger, "FFT_A");
+    const buffA = await Fr.ifft(buffA_T, "", "", logger, "IFFT_A");
     const buffAodd = await Fr.batchApplyKey(buffA, Fr.e(1), inc);
-    const buffAodd_T = await Fr.fft(buffAodd, "", "", logger, "IFFT_A");
+    const buffAodd_T = await Fr.fft(buffAodd, "", "", logger, "FFT_A");
 
-    const buffB = await Fr.ifft(buffB_T, "", "", logger, "FFT_B");
+    const buffB = await Fr.ifft(buffB_T, "", "", logger, "IFFT_B");
     const buffBodd = await Fr.batchApplyKey(buffB, Fr.e(1), inc);
-    const buffBodd_T = await Fr.fft(buffBodd, "", "", logger, "IFFT_B");
+    const buffBodd_T = await Fr.fft(buffBodd, "", "", logger, "FFT_B");
 
-    const buffC = await Fr.ifft(buffC_T, "", "", logger, "FFT_C");
+    const buffC = await Fr.ifft(buffC_T, "", "", logger, "IFFT_C");
     const buffCodd = await Fr.batchApplyKey(buffC, Fr.e(1), inc);
-    const buffCodd_T = await Fr.fft(buffCodd, "", "", logger, "IFFT_C");
+    const buffCodd_T = await Fr.fft(buffCodd, "", "", logger, "FFT_C");
 
-    const buffPodd_T = await joinABC(curve, zkey, buffAodd_T, buffBodd_T, buffCodd_T);
+    if (logger) logger.debug("Join ABC");
+    const buffPodd_T = await joinABC(curve, zkey, buffAodd_T, buffBodd_T, buffCodd_T, logger);
 
     let proof = {};
 
-    proof.pi_a = await curve.G1.multiExpAffine(buffBasesA, buffWitness);
-    let pib1 = await curve.G1.multiExpAffine(buffBasesB1, buffWitness);
-    proof.pi_b = await curve.G2.multiExpAffine(buffBasesB2, buffWitness);
-    proof.pi_c = await curve.G1.multiExpAffine(buffBasesC, buffWitness.slice((zkey.nPublic+1)*curve.Fr.n8));
-    const resH = await curve.G1.multiExpAffine(buffBasesH, buffPodd_T);
+    if (logger) logger.debug("Reading A Points");
+    const buffBasesA = await binFileUtils.readSection(fdZKey, sectionsZKey, 5);
+    proof.pi_a = await curve.G1.multiExpAffine(buffBasesA, buffWitness, logger, "multiexp A");
+
+    if (logger) logger.debug("Reading B1 Points");
+    const buffBasesB1 = await binFileUtils.readSection(fdZKey, sectionsZKey, 6);
+    let pib1 = await curve.G1.multiExpAffine(buffBasesB1, buffWitness, logger, "multiexp B1");
+
+    if (logger) logger.debug("Reading B2 Points");
+    const buffBasesB2 = await binFileUtils.readSection(fdZKey, sectionsZKey, 7);
+    proof.pi_b = await curve.G2.multiExpAffine(buffBasesB2, buffWitness, logger, "multiexp B2");
+
+    if (logger) logger.debug("Reading C Points");
+    const buffBasesC = await binFileUtils.readSection(fdZKey, sectionsZKey, 8);
+    proof.pi_c = await curve.G1.multiExpAffine(buffBasesC, buffWitness.slice((zkey.nPublic+1)*curve.Fr.n8), logger, "multiexp C");
+
+    if (logger) logger.debug("Reading H Points");
+    const buffBasesH = await binFileUtils.readSection(fdZKey, sectionsZKey, 9);
+    const resH = await curve.G1.multiExpAffine(buffBasesH, buffPodd_T, logger, "multiexp H");
 
     const r = curve.Fr.random();
     const s = curve.Fr.random();
@@ -289,29 +293,23 @@ async function buldABC(curve, zkey, witness, coeffs, logger) {
 }
 
 
-async function joinABC(curve, zkey, a, b, c) {
-    const concurrency = curve.tm.concurrency;
+async function joinABC(curve, zkey, a, b, c, logger) {
+    const MAX_CHUNK_SIZE = 1 << 22;
 
     const n8 = curve.Fr.n8;
     const nElements = Math.floor(a.byteLength / curve.Fr.n8);
-    const elementsPerChunk = Math.floor(nElements/concurrency);
 
     const promises = [];
 
-    for (let i=0; i<concurrency; i++) {
-        let n;
-        if (i< concurrency-1) {
-            n = elementsPerChunk;
-        } else {
-            n = nElements - i*elementsPerChunk;
-        }
-        if (n==0) continue;
+    for (let i=0; i<nElements; i += MAX_CHUNK_SIZE) {
+        if (logger) logger.debug(`JoinABC: ${i}/${nElements}`);
+        const n= Math.min(nElements - i, MAX_CHUNK_SIZE);
 
         const task = [];
 
-        const aChunk = a.slice(i*elementsPerChunk*n8, (i*elementsPerChunk + n)*n8 );
-        const bChunk = b.slice(i*elementsPerChunk*n8, (i*elementsPerChunk + n)*n8 );
-        const cChunk = c.slice(i*elementsPerChunk*n8, (i*elementsPerChunk + n)*n8 );
+        const aChunk = a.slice(i*n8, (i + n)*n8 );
+        const bChunk = b.slice(i*n8, (i + n)*n8 );
+        const cChunk = c.slice(i*n8, (i + n)*n8 );
 
         task.push({cmd: "ALLOCSET", var: 0, buff: aChunk});
         task.push({cmd: "ALLOCSET", var: 1, buff: bChunk});