-
Notifications
You must be signed in to change notification settings - Fork 182
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sumcheck IOP for LogUp-GKR #295
Merged
irakliyk
merged 28 commits into
facebook:logup-gkr
from
Al-Kindi-0:al-sumcheck-for-logup-gkr
Aug 21, 2024
Merged
Changes from 24 commits
Commits
Show all changes
28 commits
Select commit
Hold shift + click to select a range
8ac25c7
feat: math utilities needed for sum-check protocol
Al-Kindi-0 5e06378
feat: add sum-check prover and verifier
Al-Kindi-0 16389d6
tests: add sanity tests for utils
Al-Kindi-0 380aa1a
doc: document sumcheck_round
Al-Kindi-0 7a1a99e
feat: use SmallVec
Al-Kindi-0 1901066
docs: improve documentation of sum-check
Al-Kindi-0 8a57216
feat: add remaining functions for sum-check verifier
Al-Kindi-0 ff9e6fa
chore: move prover into sub-mod
Al-Kindi-0 7e24f8f
chore: remove utils mod
Al-Kindi-0 23044e8
chore: remove utils mod
Al-Kindi-0 ad0497d
chore: move logup evaluator trait to separate file
Al-Kindi-0 d721bc2
feat: add multi-threading support and simplify input sum-check
Al-Kindi-0 2e5a704
chore: fix Sync issue
Al-Kindi-0 06454d9
chore: pacify clippy
Al-Kindi-0 2c07857
chore: fix toml formatting
Al-Kindi-0 2e02f1f
feat: add benchmarks and address feedback
Al-Kindi-0 e7a50c0
feat: address feedback and add benchmarks
Al-Kindi-0 2b64dbf
feat: simplify sum-check bench
Al-Kindi-0 ea7cb84
feat: add sum-check benchmarks
Al-Kindi-0 dae27e6
doc: improve documentation
Al-Kindi-0 9543e1a
chore: pacify clippy
Al-Kindi-0 60c8591
chore: pacify clippy
Al-Kindi-0 7338caf
chore: pacify clippy
Al-Kindi-0 43c7441
chore: pacify clippy
Al-Kindi-0 f85e44f
feat: reduce memory allocation in bind least signi
Al-Kindi-0 be0c2cd
doc: add docs to logup evaluator trait
Al-Kindi-0 1847d0d
chore: improve var naming
Al-Kindi-0 3adc855
doc: improve
Al-Kindi-0 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
// Copyright (c) Facebook, Inc. and its affiliates. | ||
// | ||
// This source code is licensed under the MIT license found in the | ||
// LICENSE file in the root directory of this source tree. | ||
|
||
use alloc::vec::Vec; | ||
|
||
use math::{ExtensionOf, FieldElement, StarkField, ToElements}; | ||
|
||
use super::EvaluationFrame; | ||
|
||
pub trait LogUpGkrEvaluator: Clone + Sync { | ||
/// Defines the base field of the evaluator. | ||
type BaseField: StarkField; | ||
|
||
/// Public inputs need to compute the final claim. | ||
type PublicInputs: ToElements<Self::BaseField> + Send; | ||
|
||
/// Gets a list of all oracles involved in LogUp-GKR; this is intended to be used in construction of | ||
/// MLEs. | ||
fn get_oracles(&self) -> Vec<LogUpGkrOracle<Self::BaseField>>; | ||
|
||
/// Returns the number of random values needed to evaluate a query. | ||
fn get_num_rand_values(&self) -> usize; | ||
|
||
/// Returns the number of fractions in the LogUp-GKR statement. | ||
fn get_num_fractions(&self) -> usize; | ||
irakliyk marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
/// Returns the maximal degree of the multi-variate associated to the input layer. | ||
/// | ||
/// This is equal to the max of $1 + deg_k(\text{numerator}_i) * deg_k(\text{denominator}_j)$ where | ||
/// $i$ and $j$ range over the number of numerators and denominators, respectively, and $deg_k$ | ||
/// is the degree of a multi-variate polynomial in its $k$-th variable. | ||
fn max_degree(&self) -> usize; | ||
|
||
/// Builds a query from the provided main trace frame and periodic values. | ||
/// | ||
/// Note: it should be possible to provide an implementation of this method based on the | ||
/// information returned from `get_oracles()`. However, this implementation is likely to be | ||
/// expensive compared to the hand-written implementation. However, we could provide a test | ||
/// which verifies that `get_oracles()` and `build_query()` methods are consistent. | ||
fn build_query<E>(&self, frame: &EvaluationFrame<E>, periodic_values: &[E], query: &mut [E]) | ||
where | ||
E: FieldElement<BaseField = Self::BaseField>; | ||
|
||
/// Evaluates the provided query and writes the results into the numerators and denominators. | ||
/// | ||
/// Note: it is also possible to combine `build_query()` and `evaluate_query()` into a single | ||
/// method to avoid the need to first build the query struct and then evaluate it. However: | ||
/// - We assume that the compiler will be able to optimize this away. | ||
/// - Merging the methods will make it more difficult avoid inconsistencies between | ||
/// `evaluate_query()` and `get_oracles()` methods. | ||
fn evaluate_query<F, E>( | ||
&self, | ||
query: &[F], | ||
rand_values: &[E], | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. nit: would rename this to |
||
numerators: &mut [E], | ||
denominators: &mut [E], | ||
) where | ||
F: FieldElement<BaseField = Self::BaseField>, | ||
E: FieldElement<BaseField = Self::BaseField> + ExtensionOf<F>; | ||
|
||
/// Computes the final claim for the LogUp-GKR circuit. | ||
/// | ||
/// The default implementation of this method returns E::ZERO as it is expected that the | ||
/// fractional sums will cancel out. However, in cases when some boundary conditions need to | ||
/// be imposed on the LogUp-GKR relations, this method can be overridden to compute the final | ||
/// expected claim. | ||
fn compute_claim<E>(&self, _inputs: &Self::PublicInputs, _rand_values: &[E]) -> E | ||
where | ||
E: FieldElement<BaseField = Self::BaseField>, | ||
{ | ||
E::ZERO | ||
} | ||
} | ||
|
||
#[derive(Clone, Debug, PartialEq, PartialOrd, Eq, Ord)] | ||
pub enum LogUpGkrOracle<B: StarkField> { | ||
CurrentRow(usize), | ||
NextRow(usize), | ||
PeriodicValue(Vec<B>), | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
[package] | ||
name = "winter-sumcheck" | ||
version = "0.1.0" | ||
description = "Implementation of the sum-check protocol for the LogUp-GKR protocol" | ||
authors = ["winterfell contributors"] | ||
readme = "README.md" | ||
license = "MIT" | ||
repository = "https://github.com/novifinancial/winterfell" | ||
documentation = "https://docs.rs/winter-sumcheck/0.1.0" | ||
categories = ["cryptography", "no-std"] | ||
keywords = ["crypto", "sumcheck", "iop"] | ||
edition = "2021" | ||
rust-version = "1.78" | ||
|
||
[[bench]] | ||
name = "sum_check_plain" | ||
harness = false | ||
|
||
[[bench]] | ||
name = "sum_check_high_degree" | ||
harness = false | ||
|
||
[[bench]] | ||
name = "eq_function" | ||
harness = false | ||
required-features = ["concurrent"] | ||
|
||
[[bench]] | ||
name = "bind_variable" | ||
harness = false | ||
required-features = ["concurrent"] | ||
|
||
[features] | ||
concurrent = ["utils/concurrent", "dep:rayon", "std"] | ||
default = ["std"] | ||
std = ["utils/std"] | ||
|
||
[dependencies] | ||
air = { version = "0.9", path = "../air", package = "winter-air", default-features = false } | ||
crypto = { version = "0.9", path = "../crypto", package = "winter-crypto", default-features = false } | ||
math = { version = "0.9", path = "../math", package = "winter-math", default-features = false } | ||
utils = { version = "0.9", path = "../utils/core", package = "winter-utils", default-features = false } | ||
rayon = { version = "1.8", optional = true } | ||
smallvec = { version = "1.13", default-features = false } | ||
thiserror = { version = "1.0", git = "https://github.com/bitwalker/thiserror", branch = "no-std", default-features = false } | ||
irakliyk marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
[dev-dependencies] | ||
criterion = "0.5" | ||
rand-utils = { version = "0.9", path = "../utils/rand", package = "winter-rand-utils" } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# Winter sum-check | ||
This crate contains an implementation of the sum-check protocol intended to be used for [LogUp-GKR](https://eprint.iacr.org/2023/1284) by the Winterfell STARK prover and verifier. | ||
|
||
The crate provides two implementations of the sum-check protocol: | ||
|
||
* An implementation for the sum-check protocol as used in [LogUp-GKR](https://eprint.iacr.org/2023/1284). | ||
* An implementation which generalizes the previous one to the case where the numerators and denominators appearing in the fractional sum-checks in Section 3 of [LogUp-GKR](https://eprint.iacr.org/2023/1284) can be non-linear compositions of multi-linear polynomials. | ||
|
||
The first implementation is intended to be used by the GKR protocol for proving the correct evaluation of all of the layers of the fractionl sum circuit except for the input layer. The second implementation is intended to be used for proving the correct evaluation of the input layer. | ||
|
||
|
||
## Crate features | ||
This crate can be compiled with the following features: | ||
|
||
* `std` - enabled by default and relies on the Rust standard library. | ||
* `concurrent` - implies `std` and also re-exports `rayon` crate and enables multi-threaded execution for some of the crate functions. | ||
* `no_std` - does not rely on Rust's standard library and enables compilation to WebAssembly. | ||
|
||
To compile with `no_std`, disable default features via `--no-default-features` flag. | ||
|
||
License | ||
------- | ||
|
||
This project is [MIT licensed](../LICENSE). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
// Copyright (c) Facebook, Inc. and its affiliates. | ||
// | ||
// This source code is licensed under the MIT license found in the | ||
// LICENSE file in the root directory of this source tree. | ||
|
||
use std::time::Duration; | ||
|
||
use criterion::{criterion_group, criterion_main, BatchSize, BenchmarkId, Criterion}; | ||
use math::{fields::f64::BaseElement, FieldElement}; | ||
use rand_utils::{rand_value, rand_vector}; | ||
#[cfg(feature = "concurrent")] | ||
pub use rayon::prelude::*; | ||
|
||
const POLY_SIZE: [usize; 2] = [1 << 18, 1 << 20]; | ||
|
||
fn bind_variable_serial(c: &mut Criterion) { | ||
let mut group = c.benchmark_group("Bind variable evaluations"); | ||
group.sample_size(10); | ||
group.measurement_time(Duration::from_secs(10)); | ||
|
||
for &poly_size in POLY_SIZE.iter() { | ||
group.bench_function(BenchmarkId::new("serial", poly_size), |b| { | ||
b.iter_batched( | ||
|| { | ||
let random_challenge: BaseElement = rand_value(); | ||
let poly_evals: Vec<BaseElement> = rand_vector(poly_size); | ||
(random_challenge, poly_evals) | ||
}, | ||
|(random_challenge, poly_evals)| { | ||
let mut poly_evals = poly_evals; | ||
bind_least_significant_variable_serial(&mut poly_evals, random_challenge) | ||
}, | ||
BatchSize::SmallInput, | ||
) | ||
}); | ||
} | ||
} | ||
|
||
fn bind_variable_parallel(c: &mut Criterion) { | ||
let mut group = c.benchmark_group("Bind variable function evaluations"); | ||
group.sample_size(10); | ||
group.measurement_time(Duration::from_secs(10)); | ||
|
||
for &poly_size in POLY_SIZE.iter() { | ||
group.bench_function(BenchmarkId::new("parallel", poly_size), |b| { | ||
b.iter_batched( | ||
|| { | ||
let random_challenge: BaseElement = rand_value(); | ||
let poly_evals: Vec<BaseElement> = rand_vector(poly_size); | ||
(random_challenge, poly_evals) | ||
}, | ||
|(random_challenge, poly_evals)| { | ||
let mut poly_evals = poly_evals; | ||
bind_least_significant_variable_parallel(&mut poly_evals, random_challenge) | ||
}, | ||
BatchSize::SmallInput, | ||
) | ||
}); | ||
} | ||
} | ||
|
||
fn bind_least_significant_variable_serial<E: FieldElement>( | ||
evaluations: &mut Vec<E>, | ||
round_challenge: E, | ||
) { | ||
let num_evals = evaluations.len() >> 1; | ||
|
||
for i in 0..num_evals { | ||
evaluations[i] = evaluations[i << 1] | ||
+ round_challenge * (evaluations[(i << 1) + 1] - evaluations[i << 1]); | ||
} | ||
evaluations.truncate(num_evals); | ||
} | ||
|
||
fn bind_least_significant_variable_parallel<E: FieldElement>( | ||
evaluations: &mut Vec<E>, | ||
round_challenge: E, | ||
) { | ||
let num_evals = evaluations.len() >> 1; | ||
|
||
let mut result = unsafe { utils::uninit_vector(num_evals) }; | ||
result.par_iter_mut().enumerate().for_each(|(i, ev)| { | ||
*ev = evaluations[i << 1] | ||
+ round_challenge * (evaluations[(i << 1) + 1] - evaluations[i << 1]) | ||
}); | ||
*evaluations = result | ||
} | ||
irakliyk marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
criterion_group!(group, bind_variable_serial, bind_variable_parallel); | ||
criterion_main!(group); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,96 @@ | ||
// Copyright (c) Facebook, Inc. and its affiliates. | ||
// | ||
// This source code is licensed under the MIT license found in the | ||
// LICENSE file in the root directory of this source tree. | ||
|
||
use std::time::Duration; | ||
|
||
use criterion::{criterion_group, criterion_main, BatchSize, BenchmarkId, Criterion}; | ||
use math::{fields::f64::BaseElement, FieldElement}; | ||
use rand_utils::rand_vector; | ||
#[cfg(feature = "concurrent")] | ||
pub use rayon::prelude::*; | ||
|
||
const LOG_POLY_SIZE: [usize; 2] = [18, 20]; | ||
|
||
fn evaluate_eq_serial(c: &mut Criterion) { | ||
let mut group = c.benchmark_group("EQ function evaluations"); | ||
group.sample_size(10); | ||
group.measurement_time(Duration::from_secs(10)); | ||
|
||
for &log_poly_size in LOG_POLY_SIZE.iter() { | ||
group.bench_function(BenchmarkId::new("serial", log_poly_size), |b| { | ||
b.iter_batched( | ||
|| { | ||
let randomness: Vec<BaseElement> = rand_vector(log_poly_size); | ||
randomness | ||
}, | ||
|rand| eq_evaluations(&rand), | ||
BatchSize::SmallInput, | ||
) | ||
}); | ||
} | ||
} | ||
|
||
fn evaluate_eq_parallel(c: &mut Criterion) { | ||
let mut group = c.benchmark_group("EQ function evaluations"); | ||
group.sample_size(10); | ||
group.measurement_time(Duration::from_secs(10)); | ||
|
||
for &log_poly_size in LOG_POLY_SIZE.iter() { | ||
group.bench_function(BenchmarkId::new("parallel", log_poly_size), |b| { | ||
b.iter_batched( | ||
|| { | ||
let randomness: Vec<BaseElement> = rand_vector(log_poly_size); | ||
randomness | ||
}, | ||
|rand| eq_evaluations_par(&rand), | ||
BatchSize::SmallInput, | ||
) | ||
}); | ||
} | ||
} | ||
|
||
fn eq_evaluations<E: FieldElement>(query: &[E]) -> Vec<E> { | ||
let n = 1 << query.len(); | ||
let mut evals = unsafe { utils::uninit_vector(n) }; | ||
|
||
let mut size = 1; | ||
evals[0] = E::ONE; | ||
for r_i in query.iter() { | ||
let (left_evals, right_evals) = evals.split_at_mut(size); | ||
left_evals.iter_mut().zip(right_evals.iter_mut()).for_each(|(left, right)| { | ||
let factor = *left; | ||
*right = factor * *r_i; | ||
*left -= *right; | ||
}); | ||
|
||
size *= 2; | ||
} | ||
evals | ||
} | ||
|
||
fn eq_evaluations_par<E: FieldElement>(query: &[E]) -> Vec<E> { | ||
let n = 1 << query.len(); | ||
let mut evals = unsafe { utils::uninit_vector(n) }; | ||
|
||
let mut size = 1; | ||
evals[0] = E::ONE; | ||
for r_i in query.iter() { | ||
let (left_evals, right_evals) = evals.split_at_mut(size); | ||
left_evals | ||
.par_iter_mut() | ||
.zip(right_evals.par_iter_mut()) | ||
.for_each(|(left, right)| { | ||
let factor = *left; | ||
*right = factor * *r_i; | ||
*left -= *right; | ||
}); | ||
|
||
size <<= 1; | ||
} | ||
evals | ||
} | ||
irakliyk marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
criterion_group!(group, evaluate_eq_serial, evaluate_eq_parallel); | ||
criterion_main!(group); |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we add a docstring here? This trait does a lot of things and it's a little bit hard to get a handle on exactly what