Skip to content

fix: Reallocate commitment key to avoid pippenger error #11249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lucasxia01 merged 7 commits into from
Jan 16, 2025
Merged

fix: Reallocate commitment key to avoid pippenger error #11249

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3e73265
fix
lucasxia01 Jan 15, 2025
a10b01d
add assert to check in commit()
lucasxia01 Jan 15, 2025
c53d24f
more assert
lucasxia01 Jan 15, 2025
b44f6cb
initialize dyadic_size in commitment key
lucasxia01 Jan 16, 2025
7c777c2
remove infos
lucasxia01 Jan 16, 2025
f2bae7a
update comment
lucasxia01 Jan 16, 2025
970c409
add asserts to a bunch of pippenger functions
lucasxia01 Jan 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions barretenberg/cpp/src/barretenberg/commitment_schemes/commitment_key.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,7 @@ template <class Curve> class CommitmentKey {
CommitmentKey(const size_t num_points, std::shared_ptr<srs::factories::ProverCrs<Curve>> prover_crs)
: pippenger_runtime_state(num_points)
, srs(prover_crs)
, dyadic_size(get_num_needed_srs_points(num_points))

@lucasxia01 lucasxia01 Jan 16, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

used to not be set for plonk, led to errors because the assert would fail.

{}

/**
Expand All @@ -90,6 +91,9 @@ template <class Curve> class CommitmentKey {
PROFILE_THIS_NAME("commit");
// We must have a power-of-2 SRS points *after* subtracting by start_index.
size_t dyadic_poly_size = numeric::round_up_power_2(polynomial.size());
info("dyadic_poly_size: ", dyadic_poly_size);

@lucasxia01 lucasxia01 Jan 16, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will delete

info("dyadic_size: ", dyadic_size);
ASSERT(dyadic_poly_size <= dyadic_size && "Polynomial size exceeds commitment key size.");

@lucasxia01 lucasxia01 Jan 16, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

now we throw an error if we try to commit to too large of a polynomial

// Because pippenger prefers a power-of-2 size, we must choose a starting index for the points so that we don't
// exceed the dyadic_circuit_size. The actual start index of the points will be the smallest it can be so that
// the window of points is a power of 2 and still contains the scalars. The best we can do is pick a start index
Expand Down Expand Up @@ -211,6 +215,7 @@ template <class Curve> class CommitmentKey {
{
PROFILE_THIS_NAME("commit_structured");
ASSERT(polynomial.end_index() <= srs->get_monomial_size());
ASSERT(polynomial.end_index() <= dyadic_size && "Polynomial size exceeds commitment key size.");

// Percentage of nonzero coefficients beyond which we resort to the conventional commit method
constexpr size_t NONZERO_THRESHOLD = 75;
Expand Down
6 changes: 5 additions & 1 deletion ...tenberg/cpp/src/barretenberg/commitment_schemes/small_subgroup_ipa/small_subgroup_ipa.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ template <typename Flavor> class SmallSubgroupIPAProver {
const std::vector<FF>& multivariate_challenge,
const FF claimed_ipa_eval,
std::shared_ptr<typename Flavor::Transcript> transcript,
std::shared_ptr<typename Flavor::CommitmentKey> commitment_key)
std::shared_ptr<typename Flavor::CommitmentKey>& commitment_key)
: interpolation_domain(zk_sumcheck_data.interpolation_domain)
, concatenated_polynomial(zk_sumcheck_data.libra_concatenated_monomial_form)
, libra_concatenated_lagrange_form(zk_sumcheck_data.libra_concatenated_lagrange_form)
Expand All @@ -135,6 +135,10 @@ template <typename Flavor> class SmallSubgroupIPAProver {
, batched_quotient(QUOTIENT_LENGTH)

{
// Reallocate the commitment key if necessary. This is an edge case with SmallSubgroupIPA

@lucasxia01 lucasxia01 Jan 16, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could add more to this comment

if (commitment_key->dyadic_size < SUBGROUP_SIZE + 3) {

@ludamad ludamad Jan 16, 2025

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose this is safer than catching it in pippenger - but can we also add a check there? Approving though

@lucasxia01 lucasxia01 Jan 16, 2025

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what do you mean? the assert in commit() should serve that purpose right

commitment_key = std::make_shared<typename Flavor::CommitmentKey>(SUBGROUP_SIZE + 3);
}
// Extract the evaluation domain computed by ZKSumcheckData
if constexpr (std::is_same_v<Curve, curve::BN254>) {
bn_evaluation_domain = std::move(zk_sumcheck_data.bn_evaluation_domain);
Expand Down