refactor: Refactor testing setup and remove dependencies in provider …

…module - Removal of the redundant `src/provider/util/fb_msm.rs` file which included functions for scalar multiplication - Update of `kzg_commitment.rs` with the removal of `ff::PrimeFieldBits` dependency, transitional update of requirements, and improved method setups.
microsoft · May 2, 2024 · 35449ac · 35449ac
1 parent 795c032
commit 35449ac
Show file tree

Hide file tree

Showing 9 changed files with 28 additions and 338 deletions.
diff --git a/benches/pcs.rs b/benches/pcs.rs
@@ -156,7 +156,7 @@ fn bench_pcs(c: &mut Criterion) {
     bench_pcs_proving_internal,
     bench_pcs_verifying_internal,
     (ipa_assets, IPAEvaluationEngine<Bn256Engine>),
-    (mlkzg_assets, MLEvaluationEngine<Bn256, Bn256EngineKZG>),
+    (hyperkzg_assets, MLEvaluationEngine<Bn256, Bn256EngineKZG>),
     (zm_assets, ZMPCS<Bn256, Bn256EngineZM>)
   );
 }

diff --git a/src/provider/hyperkzg.rs b/src/provider/hyperkzg.rs
@@ -20,8 +20,8 @@ use crate::{
   zip_with,
 };
 use core::marker::PhantomData;
-use ff::{Field, PrimeFieldBits};
-use group::{Group as _, Curve};
+use ff::Field;
+use group::{Curve, Group as _};
 use halo2curves::pairing::{Engine, MillerLoopResult, MultiMillerLoop};
 use itertools::Itertools;
 use rayon::prelude::*;
@@ -54,7 +54,7 @@ where
   NE: NovaEngine<GE = E::G1, Scalar = E::Fr>,
   E::G1: DlogGroup<AffineGroupElement = E::G1Affine, Scalar = E::Fr>,
   E::Fr: TranscriptReprTrait<E::G1>,
-  E::G1Affine: TranscriptReprTrait<E::G1>, // TODO: this bound on DlogGroup is really unusable!
+  E::G1Affine: TranscriptReprTrait<E::G1>,
 {
   fn compute_challenge(
     com: &[E::G1Affine],
@@ -109,7 +109,6 @@ where
   E::G2Affine: Serialize + DeserializeOwned,
   E::G1: DlogGroup<AffineGroupElement = E::G1Affine, Scalar = E::Fr>,
   <E::G1 as Group>::Base: TranscriptReprTrait<E::G1>, // Note: due to the move of the bound TranscriptReprTrait<G> on G::Base from Group to Engine
-  E::Fr: PrimeFieldBits, // TODO due to use of gen_srs_for_testing, make optional
   E::Fr: TranscriptReprTrait<E::G1>,
   E::G1Affine: TranscriptReprTrait<E::G1>,
 {
@@ -299,7 +298,7 @@ where
       assert!(t == 3);
       assert!(W.len() == 3);
       // We write a special case for t=3, since this what is required for
-      // mlkzg. Following the paper directly, we must compute:
+      // hyperkzg. Following the paper directly, we must compute:
       // let L0 = C_B - vk.G * B_u[0] + W[0] * u[0];
       // let L1 = C_B - vk.G * B_u[1] + W[1] * u[1];
       // let L2 = C_B - vk.G * B_u[2] + W[2] * u[2];
@@ -421,7 +420,7 @@ where
 #[cfg(test)]
 mod tests {
   use super::*;
-  use crate::provider::util::test_utils::prove_verify_from_num_vars;
+  use crate::provider::test_utils::prove_verify_from_num_vars;
   use crate::{
     provider::keccak::Keccak256Transcript, CommitmentKey,
   };
@@ -468,54 +467,6 @@ mod tests {
     assert!(EvaluationEngine::<E, NE>::prove(&ck, &pk, &mut tr, &C, &poly, &point, &eval).is_ok());
   }
 
-  #[test]
-  fn test_mlkzg_alternative() {
-    fn test_inner(n: usize, poly: &[Fr], point: &[Fr], eval: Fr) -> Result<(), NovaError> {
-      let ck: CommitmentKey<NE> =
-        <KZGCommitmentEngine<E> as CommitmentEngineTrait<NE>>::setup(b"test", n);
-      let (pk, vk): (KZGProverKey<E>, KZGVerifierKey<E>) = EvaluationEngine::<E, NE>::setup(&ck);
-
-      // make a commitment
-      let C = KZGCommitmentEngine::commit(&ck, poly);
-
-      // prove an evaluation
-      let mut prover_transcript = Keccak256Transcript::new(b"TestEval");
-      let proof =
-        EvaluationEngine::<E, NE>::prove(&ck, &pk, &mut prover_transcript, &C, poly, point, &eval)
-          .unwrap();
-
-      // verify the evaluation
-      let mut verifier_transcript = Keccak256Transcript::<NE>::new(b"TestEval");
-      EvaluationEngine::<E, NE>::verify(&vk, &mut verifier_transcript, &C, point, &eval, &proof)
-    }
-
-    let n = 8;
-
-    // poly = [1, 2, 1, 4, 1, 2, 1, 4]
-    let poly = vec![
-      Fr::ONE,
-      Fr::from(2),
-      Fr::from(1),
-      Fr::from(4),
-      Fr::ONE,
-      Fr::from(2),
-      Fr::from(1),
-      Fr::from(4),
-    ];
-
-    // point = [4,3,8]
-    let point = vec![Fr::from(4), Fr::from(3), Fr::from(8)];
-
-    // eval = 57
-    let eval = Fr::from(57);
-
-    assert!(test_inner(n, &poly, &point, eval).is_ok());
-
-    // wrong eval
-    let eval = Fr::from(56);
-    assert!(test_inner(n, &poly, &point, eval).is_err());
-  }
-
   #[test]
   fn test_hyperkzg_small() {
     let n = 4;

diff --git a/src/provider/ipa_pc.rs b/src/provider/ipa_pc.rs
@@ -411,7 +411,7 @@ where
 #[cfg(test)]
 mod test {
   use crate::provider::ipa_pc::EvaluationEngine;
-  use crate::provider::util::test_utils::prove_verify_from_num_vars;
+  use crate::provider::test_utils::prove_verify_from_num_vars;
   use crate::provider::GrumpkinEngine;
 
   #[test]

diff --git a/src/provider/kzg_commitment.rs b/src/provider/kzg_commitment.rs
@@ -3,7 +3,6 @@
 
 use std::marker::PhantomData;
 
-use ff::PrimeFieldBits;
 use group::{prime::PrimeCurveAffine, Curve};
 use halo2curves::pairing::Engine;
 use rand::rngs::StdRng;
@@ -33,7 +32,6 @@ where
   E::G1: DlogGroup<AffineGroupElement = E::G1Affine, Scalar = E::Fr>,
   E::G1Affine: Serialize + for<'de> Deserialize<'de>,
   E::G2Affine: Serialize + for<'de> Deserialize<'de>,
-  E::Fr: PrimeFieldBits, // TODO due to use of gen_srs_for_testing, make optional
 {
   type CommitmentKey = UniversalKZGParam<E>;
   type Commitment = Commitment<NE>;

diff --git a/src/provider/mod.rs b/src/provider/mod.rs
@@ -15,7 +15,8 @@ pub(crate) mod traits;
 // a non-hiding variant of {kzg, zeromorph}
 pub(crate) mod kzg_commitment;
 pub(crate) mod non_hiding_kzg;
-pub(crate) mod util;
+#[cfg(test)]
+pub(crate) mod test_utils;
 
 // crate-private modules
 mod keccak;

diff --git a/src/provider/non_hiding_kzg.rs b/src/provider/non_hiding_kzg.rs
@@ -1,5 +1,5 @@
 //! Non-hiding variant of KZG10 scheme for univariate polynomials.
-use ff::{Field, PrimeField, PrimeFieldBits};
+use ff::Field;
 use group::{prime::PrimeCurveAffine, Curve, Group as _};
 use halo2curves::pairing::{Engine, MillerLoopResult, MultiMillerLoop};
 use rand_core::{CryptoRng, RngCore};
@@ -9,7 +9,6 @@ use std::{borrow::Borrow, marker::PhantomData, ops::Mul};
 use crate::{
   errors::{NovaError, PCSError},
   provider::traits::DlogGroup,
-  provider::util::fb_msm,
   traits::{commitment::Len, Group, TranscriptReprTrait},
 };
 
@@ -119,10 +118,7 @@ impl<E: Engine> UniversalKZGParam<E> {
   }
 }
 
-impl<E: Engine> UniversalKZGParam<E>
-where
-  E::Fr: PrimeFieldBits,
-{
+impl<E: Engine> UniversalKZGParam<E> {
   /// Build SRS for testing.
   /// WARNING: THIS FUNCTION IS FOR TESTING PURPOSE ONLY.
   /// THE OUTPUT SRS SHOULD NOT BE USED IN PRODUCTION.
@@ -131,25 +127,24 @@ where
     let g = E::G1::random(&mut rng);
     let h = E::G2::random(rng);
 
-    let nz_powers_of_beta = (0..=max_degree)
-      .scan(beta, |acc, _| {
-        let val = *acc;
-        *acc *= beta;
-        Some(val)
-      })
-      .collect::<Vec<E::Fr>>();
-
-    let window_size = fb_msm::get_mul_window_size(max_degree);
-    let scalar_bits = E::Fr::NUM_BITS as usize;
-
     let (powers_of_g_projective, powers_of_h_projective) = rayon::join(
       || {
-        let g_table = fb_msm::get_window_table(scalar_bits, window_size, g);
-        fb_msm::multi_scalar_mul::<E::G1>(scalar_bits, window_size, &g_table, &nz_powers_of_beta)
+        (0..=max_degree)
+          .scan(g, |acc, _| {
+            let val = *acc;
+            *acc *= beta;
+            Some(val)
+          })
+          .collect::<Vec<E::G1>>()
       },
       || {
-        let h_table = fb_msm::get_window_table(scalar_bits, window_size, h);
-        fb_msm::multi_scalar_mul::<E::G2>(scalar_bits, window_size, &h_table, &nz_powers_of_beta)
+        (0..=max_degree)
+          .scan(h, |acc, _| {
+            let val = *acc;
+            *acc *= beta;
+            Some(val)
+          })
+          .collect::<Vec<E::G2>>()
       },
     );
 
@@ -306,6 +301,7 @@ where
 mod tests {
   use super::*;
   use crate::spartan::polys::univariate::UniPoly;
+  use ff::PrimeField;
   use rand::{thread_rng, Rng};
   use rand_core::{CryptoRng, RngCore};
 
@@ -318,7 +314,6 @@ mod tests {
   where
     E: MultiMillerLoop,
     E::G1: DlogGroup<AffineGroupElement = E::G1Affine, Scalar = E::Fr>,
-    E::Fr: PrimeFieldBits,
   {
     for _ in 0..100 {
       let mut rng = &mut thread_rng();

diff --git a/src/provider/non_hiding_zeromorph.rs b/src/provider/non_hiding_zeromorph.rs
@@ -18,7 +18,7 @@ use crate::{
   },
   Commitment,
 };
-use ff::{BatchInvert, Field, PrimeField, PrimeFieldBits};
+use ff::{BatchInvert, Field, PrimeField};
 use group::{Curve, Group as _};
 use halo2curves::pairing::{Engine, MillerLoopResult, MultiMillerLoop};
 use itertools::Itertools as _;
@@ -463,7 +463,6 @@ where
   E::G1Affine: Serialize + DeserializeOwned,
   E::G2Affine: Serialize + DeserializeOwned,
   <E::G1 as Group>::Base: TranscriptReprTrait<E::G1>, // Note: due to the move of the bound TranscriptReprTrait<G> on G::Base from Group to Engine
-  E::Fr: PrimeFieldBits, // TODO due to use of gen_srs_for_testing, make optional
 {
   type ProverKey = ZMProverKey<E>;
   type VerifierKey = ZMVerifierKey<E>;
@@ -529,8 +528,8 @@ mod test {
       non_hiding_zeromorph::{
         batched_lifted_degree_quotient, eval_and_quotient_scalars, trim, ZMEvaluation, ZMPCS,
       },
+      test_utils::prove_verify_from_num_vars,
       traits::DlogGroup,
-      util::test_utils::prove_verify_from_num_vars,
       Bn256EngineZM,
     },
     spartan::polys::multilinear::MultilinearPolynomial,

diff --git a/src/provider/util/fb_msm.rs b/src/provider/util/fb_msm.rs