Ns/test zk bad noise #1783
Ns/test zk bad noise #1783
Conversation
nsarlin-zama
requested review from
IceTDrinker
and removed request for
IceTDrinker
nsarlin-zama
force-pushed
the
ns/test_zk_bad_noise
branch
7 times, most recently
from
feb4af8 to
ef68e74
Compare
nsarlin-zama
force-pushed
the
ns/test_zk_bad_noise
branch
3 times, most recently
from
c131303 to
e75a72d
Compare
| let B_squared = inf_norm_bound_to_euclidean_squared(B_inf, d + k); | ||
| let (n, D, B_bound_squared, _) = | ||
| compute_crs_params(d, k, B_squared, t, msbs_zero_padding_bit_count, bound_type); |
There was a problem hiding this comment.
We still need the m_bound_bar here right ? and then when it's recomputed in the proof it needs to be smaller ?
There was a problem hiding this comment.
since its value only depends on B_inf_bar, d_bar (from the crs) and k (which is checked to be < k_bar), m_bound in the proof cannot go above m_bound_bar.
This removes the need for sqrt operations also fix a proof slack was too big in v2
nsarlin-zama
force-pushed
the
ns/test_zk_bad_noise
branch
from
2bd7871 to
60bd8ad
Compare
| }; | ||
|
|
||
| let B_with_slack_squared = inf_norm_bound_to_euclidean_squared(B, d + k); | ||
| let B_with_slack = isqrt(B_with_slack_squared) as u64; |
There was a problem hiding this comment.
no problem with floor vs round vs ceil here in this sqrt ?
There was a problem hiding this comment.
Here we want to always be within the bound so I think that floor is ok
| let bound_squared = | ||
| B_with_slack_squared - (e_sqr_norm - sqr(orig_value as u128)); | ||
| isqrt(bound_squared) as i64 |
There was a problem hiding this comment.
same question no shenanigans with floor/round/ceil ?
There was a problem hiding this comment.
same answer. The goal is to have a value x that is always accepted and x+1 is always refused, so I think that floor is the right choice
nsarlin-zama
force-pushed
the
ns/test_zk_bad_noise
branch
from
60bd8ad to
6946da2
Compare
tfhe-zk-pok/src/proofs/pke.rs
Outdated
| // ==== Generate test noise vectors with random coeffs and one completely out of bounds === | ||
| let mut testcase_bad_e1 = testcase.clone(); | ||
| let bad_idx = rng.gen::<usize>() % d; | ||
| let bad_term = (rng.gen::<i64>() % i64::MAX - B as i64) + B as i64; |
There was a problem hiding this comment.
does the bad term behave properly as well ? I'm having some doubts now
There was a problem hiding this comment.
It should be ok if we take it as a positive value and nok if we take the negative one, I'm fixing it for this case
nsarlin-zama
force-pushed
the
ns/test_zk_bad_noise
branch
from
6946da2 to
6edfadd
Compare
tfhe-zk-pok/src/proofs/pke.rs
Outdated
| // Generate a value between B + 1 and i64::MAX to make sure that it is out of bounds | ||
| let bad_term = (rng.gen::<i64>() % i64::MAX - (B + 1) as i64) + (B + 1) as i64; |
There was a problem hiding this comment.
does that work given this is signed ? I feel like the modulo operator can return signed values ?
There was a problem hiding this comment.
you might be looking for rem_euclid, or just generate the thing in a signed manner or use the possibility to generate random values from a range of values, I have a hard time reading this one
There was a problem hiding this comment.
Oh yeah I missed the gen::<i64>, I fixed it to generate u64 then cast
nsarlin-zama
force-pushed
the
ns/test_zk_bad_noise
branch
from
6edfadd to
a62928f
Compare
nsarlin-zama
force-pushed
the
ns/test_zk_bad_noise
branch
from
a62928f to
b4cd825
Compare
PR content/description
Adds a test for zk proofs with a larger noise than the accepted one.
This pr also include small refactor of the zk proofs for easier testing, and a few fixes. Each one is done in a separate commit.
The tests for v1 and v2 are not exactly analogous to more effectively test the edge cases of the proven norms