Pass all tests for TE coordinates

w3f · Sep 25, 2024 · 542b462 · 542b462
1 parent a196581
commit 542b462
Show file tree

Hide file tree

Showing 9 changed files with 156 additions and 28 deletions.
diff --git a/common/src/gadgets/sw_cond_add.rs b/common/src/gadgets/sw_cond_add.rs
@@ -245,6 +245,7 @@ mod tests {
     use ark_ed_on_bls12_381_bandersnatch::SWAffine;
     use ark_poly::Polynomial;
     use ark_std::test_rng;
+    use ark_ff::Zero;
 
     use crate::test_helpers::*;
     use crate::test_helpers::cond_sum;
@@ -279,12 +280,50 @@ mod tests {
         domain.divide_by_vanishing_poly(&c1);
         domain.divide_by_vanishing_poly(&c2);
 
-        // test_gadget(gadget);
+        //test_gadget(gadget);
     }
 
+
     #[test]
     fn test_sw_cond_add_gadget() {
         _test_sw_cond_add_gadget(false);
         _test_sw_cond_add_gadget(true);
     }
+
+    #[test]
+    fn test_linearized_constrain() {
+        let rng = &mut test_rng();
+
+        let log_n = 10;
+        let n = 2usize.pow(log_n);
+        let domain = Domain::new(n, false);
+        let seed = SWAffine::generator();
+
+        let bitmask = random_bitvec(domain.capacity - 1, 0.5, rng);
+        let points = random_vec::<SWAffine, _>(domain.capacity - 1, rng);
+        let expected_res = seed + cond_sum(&bitmask, &points);
+
+        let bitmask_col = BitColumn::init(bitmask, &domain);
+        let points_col = AffineColumn::private_column(points, &domain);
+        let gadget = SwCondAdd::init(bitmask_col, points_col, seed, &domain);
+        let res = gadget.acc.points.last().unwrap();
+        assert_eq!(res, &expected_res);
+
+        let cs = gadget.constraints();
+        let (c1, c2) = (&cs[0], &cs[1]);
+        let c1 = c1.interpolate_by_ref();
+        let c2 = c2.interpolate_by_ref();
+
+        let random_point = random_vec(1, rng)[0];
+        //let random_point = <SWAffine as AffineRepr>::BaseField::zero();
+        let vals = gadget.evaluate_assignment(&random_point);
+        let linearized_evaluation = gadget.constraints_linearized(&random_point);
+        let result0 = linearized_evaluation[0].evaluate(&(random_point*domain.omega())) + vals.evaluate_constraints_main()[0];
+        let result1 = linearized_evaluation[1].evaluate(&(random_point*domain.omega())) + vals.evaluate_constraints_main()[1];
+        assert_eq!(c1.evaluate(&random_point), result0);
+        assert_eq!(c2.evaluate(&random_point), result1);
+
+
+    }
+
 }
diff --git a/common/src/gadgets/te_cond_add.rs b/common/src/gadgets/te_cond_add.rs
@@ -192,7 +192,7 @@ impl<F: Field, Curve: TECurveConfig<BaseField=F>> VerifierGadget<F> for TeCondAd
         //b (y_3 (x_1 y_2 - x_2 y_1) - x_1 y_1 + x_2 y_2) + (1 - b) (y_3 - y_1) = 0
         let mut c2 =
             b * (
-                y3 * (x1*y2 + x2*y1)
+                y3 * (x1*y2 - x2*y1)
                     - (x1*y1 - x2*y2)
             ) + (F::one() - b) * (y3 - y1);
 
@@ -237,8 +237,8 @@ impl<F: Field, Curve: TECurveConfig<BaseField=F>> CondAddValues<F> for TeCondAdd
         let (x1, y1) = self.acc;
         let (x2, y2) = self.points;
 
-        let mut c_acc_x = b * (x2*y1 - x1*y2) + F::one() - b;
-        let mut c_acc_y = F::zero();
+        let mut c_acc_x = F::zero();
+        let mut c_acc_y = b * (x1*y2 - x2*y1) + F::one() - b;
 
         c_acc_x *= self.not_last;
         c_acc_y *= self.not_last;
@@ -253,6 +253,7 @@ mod tests {
     use ark_ed_on_bls12_381_bandersnatch::EdwardsAffine;
     use ark_poly::Polynomial;
     use ark_std::test_rng;
+    use ark_ff::Zero;
 
     use crate::test_helpers::*;
     use crate::test_helpers::cond_sum;
@@ -294,4 +295,39 @@ mod tests {
         _test_te_cond_add_gadget(false);
         _test_te_cond_add_gadget(true);
     }
+
+    #[test]
+    fn test_linearized_constrain() {
+        let rng = &mut test_rng();
+
+        let log_n = 10;
+        let n = 2usize.pow(log_n);
+        let domain = Domain::new(n, false);
+        let seed = EdwardsAffine::generator();
+
+        let bitmask = random_bitvec(domain.capacity - 1, 0.5, rng);
+        let points = random_vec::<EdwardsAffine, _>(domain.capacity - 1, rng);
+        let expected_res = seed + cond_sum(&bitmask, &points);
+
+        let bitmask_col = BitColumn::init(bitmask, &domain);
+        let points_col = AffineColumn::private_column(points, &domain);
+        let gadget = TeCondAdd::init(bitmask_col, points_col, seed, &domain);
+        let res = gadget.acc.points.last().unwrap();
+        assert_eq!(res, &expected_res);
+
+        let cs = gadget.constraints();
+        let (c1, c2) = (&cs[0], &cs[1]);
+        let c1 = c1.interpolate_by_ref();
+        let c2 = c2.interpolate_by_ref();
+
+        let random_point = random_vec::<<EdwardsAffine as AffineRepr>::BaseField, _>(1, rng)[0];
+        let vals = gadget.evaluate_assignment(&random_point);
+        let linearized_evaluation = gadget.constraints_linearized(&random_point);
+        let result0 = linearized_evaluation[0].evaluate(&(random_point*domain.omega())) + vals.evaluate_constraints_main()[0];
+        let result1 = linearized_evaluation[1].evaluate(&(random_point*domain.omega())) + vals.evaluate_constraints_main()[1];
+        assert_eq!(c1.evaluate(&random_point), result0);
+        assert_eq!(c2.evaluate(&random_point), result1);        
+
+    }
+
 }
diff --git a/common/src/piop.rs b/common/src/piop.rs
@@ -49,4 +49,4 @@ pub trait VerifierPiop<F: PrimeField, C: Commitment<F>> {
     fn constraint_polynomials_linearized_commitments(&self) -> Vec<C>;
 
     fn domain_evaluated(&self) -> &EvaluatedDomain<F>;
-}
+}
diff --git a/common/src/prover.rs b/common/src/prover.rs
@@ -71,6 +71,8 @@ impl<F: PrimeField, CS: PCS<F>, T: Transcript<F, CS>> PlonkProver<F, CS, T> {
         let agg_at_zeta = aggregate_polys(&polys_at_zeta, &nus);
         let agg_at_zeta_proof = CS::open(&self.pcs_ck, &agg_at_zeta, zeta);
         let lin_at_zeta_omega_proof = CS::open(&self.pcs_ck, &lin, zeta_omega);
+
+        println!("zeta {:?}, alpha {:?}, nu {:?}", zeta, alphas,  nus);
         Proof {
             column_commitments,
             quotient_commitment,
@@ -79,6 +81,7 @@ impl<F: PrimeField, CS: PCS<F>, T: Transcript<F, CS>> PlonkProver<F, CS, T> {
             agg_at_zeta_proof,
             lin_at_zeta_omega_proof,
         }
+
     }
 
     fn aggregate_evaluations(polys: &[Evaluations<F>], coeffs: &[F]) -> Evaluations<F> {

diff --git a/common/src/setup.rs b/common/src/setup.rs
@@ -26,4 +26,4 @@ impl<F: PrimeField, CS: PCS<F>, D: EvaluationDomain<F>> Setup<F, CS, D> {
     pub fn commit_to_column(&self, col: &FieldColumn<F>) -> CS::C {
         CS::commit(&self.pcs_params.ck(), col.as_poly())
     }
-}
+}
diff --git a/common/src/verifier.rs b/common/src/verifier.rs
@@ -94,6 +94,8 @@ impl<F: PrimeField, CS: PCS<F>, T: Transcript<F, CS>> PlonkVerifier<F, CS, T> {
             zeta,
             nus,
         };
+        println!("zeta {:?}, alpha {:?}, nu {:?}", challenges.zeta, challenges.alphas,  challenges.nus);
+
         (challenges, transcript.to_rng())
     }
 }

diff --git a/ring/src/lib.rs b/ring/src/lib.rs
@@ -81,10 +81,13 @@ mod tests {
     use crate::ring::{Ring, RingBuilderKey};
     use crate::ring_prover::RingProver;
     use crate::ring_verifier::RingVerifier;
+    use common::gadgets::VerifierGadget;
 
     use super::*;
 
-    fn _test_ring_proof<CS: PCS<Fq>, P: AffineRepr<BaseField=Fq, ScalarField=Fr>, CondAddT: CondAdd<Fq, P> + ProverGadget<Fq>>(domain_size: usize) {
+    fn _test_ring_proof<CS: PCS<Fq>, P: AffineRepr<BaseField=Fq, ScalarField=Fr>, CondAddT: CondAdd<Fq, P> + ProverGadget<Fq>>(domain_size: usize)
+        where CondAddT::CondAddValT : VerifierGadget<Fq>
+    {
         let rng = &mut test_rng();
 
         let (pcs_params, piop_params) = setup::<_, CS, P>(rng, domain_size);
@@ -107,23 +110,22 @@ mod tests {
 
         let ring_verifier = RingVerifier::init(verifier_key, piop_params, Transcript::new(b"ring-vrf-test"));
         let t_verify = start_timer!(|| "Verify");
-        let res = ring_verifier.verify_ring_proof::<SwCondAddValues<Fq>>(proof, result.into_affine());
+        let res = ring_verifier.verify_ring_proof::<CondAddT::CondAddValT>(proof, result.into_affine());
         end_timer!(t_verify);
         assert!(res);
     }
 
-    #[test]
-    fn test_lagrangian_commitment() {
+    fn _test_lagrangian_commitment<P: AffineRepr<BaseField=Fq>>() {
         let rng = &mut test_rng();
 
         let domain_size = 2usize.pow(9);
 
-        let (pcs_params, piop_params) = setup::<_, KZG<Bls12_381>, SWAffine>(rng, domain_size);
+        let (pcs_params, piop_params) = setup::<_, KZG<Bls12_381>, P>(rng, domain_size);
         let ring_builder_key = RingBuilderKey::from_srs(&pcs_params, domain_size);
 
         let max_keyset_size = piop_params.keyset_part_size;
         let keyset_size: usize = rng.gen_range(0..max_keyset_size);
-        let pks = random_vec::<SWAffine, _>(keyset_size, rng);
+        let pks = random_vec::<P, _>(keyset_size, rng);
 
         let (_, verifier_key) = index::<_, KZG::<Bls12_381>, _>(&pcs_params, &piop_params, &pks);
 
@@ -145,6 +147,16 @@ mod tests {
         (pcs_params, piop_params)
     }
 
+    #[test]
+    fn test_lagrangian_commitment_sw() {
+        _test_lagrangian_commitment::<SWAffine>();
+    }
+
+    #[test]
+    fn test_lagrangian_commitment_te() {
+        _test_lagrangian_commitment::<SWAffine>();
+    }
+
     #[test]
     fn test_complement_point() {
         let p = find_complement_point::<BandersnatchConfig>();
@@ -164,7 +176,12 @@ mod tests {
     }
 
     #[test]
-    fn test_ring_proof_id() {
+    fn test_ring_proof_id_sw() {
         _test_ring_proof::<fflonk::pcs::IdentityCommitment, SWAffine, SwCondAdd<Fq, SWAffine>>(2usize.pow(10));
     }
+
+    #[test]
+    fn test_ring_proof_id_te() {
+        _test_ring_proof::<fflonk::pcs::IdentityCommitment, EdwardsAffine, TeCondAdd<Fq, EdwardsAffine>>(2usize.pow(10));
+    }
 }
diff --git a/ring/src/piop/params.rs b/ring/src/piop/params.rs
@@ -93,7 +93,8 @@ impl<F: PrimeField, P: AffineRepr<BaseField=F>> PiopParams<F, P> {
 
 #[cfg(test)]
 mod tests {
-    use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, Fq, Fr, SWAffine};
+    use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, Fq, Fr, SWAffine, EdwardsAffine};
+    use ark_ec::AffineRepr;
     use ark_std::{test_rng, UniformRand};
     use ark_std::ops::Mul;
 
@@ -102,16 +103,25 @@ mod tests {
 
     use crate::piop::params::PiopParams;
 
-    #[test]
-    fn test_powers_of_h() {
+    fn _test_powers_of_h<P: AffineRepr<BaseField=Fq, ScalarField = Fr>>() {
         let rng = &mut test_rng();
-        let h = SWAffine::rand(rng);
-        let seed = SWAffine::rand(rng);
+        let h = P::rand(rng);
+        let seed = P::rand(rng);
         let domain = Domain::new(1024, false);
-        let params = PiopParams::<Fq, SWAffine>::setup(domain, h, seed);
+        let params = PiopParams::<Fq, P>::setup(domain, h, seed);
         let t = Fr::rand(rng);
         let t_bits = params.scalar_part(t);
         let th = cond_sum(&t_bits, &params.power_of_2_multiples_of_h());
-        assert_eq!(th, params.h.mul(t));
+        assert_eq!(th, params.h.mul(t).into());
+    }
+
+    #[test]
+    fn test_powers_of_h_te() {
+        _test_powers_of_h::<EdwardsAffine>();
+    }
+
+    #[test]
+    fn test_powers_of_h_sw() {
+        _test_powers_of_h::<SWAffine>();
     }
 }
diff --git a/ring/src/ring.rs b/ring/src/ring.rs
@@ -230,7 +230,8 @@ impl<F: PrimeField, KzgCurve: Pairing<ScalarField=F>> RingBuilderKey<F, KzgCurve
 #[cfg(test)]
 mod tests {
     use ark_bls12_381::{Bls12_381, Fr, G1Affine};
-    use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, SWAffine};
+    use ark_ed_on_bls12_381_bandersnatch::{BandersnatchConfig, SWAffine, Fq};
+    use ark_ed_on_bls12_381_bandersnatch::EdwardsAffine;
     use ark_std::{test_rng, UniformRand};
     use fflonk::pcs::kzg::KZG;
     use fflonk::pcs::kzg::urs::URS;
@@ -244,10 +245,9 @@ mod tests {
 
     use super::*;
 
-    type TestRing = Ring<Fr, Bls12_381, SWAffine>;
+    type TestRing<P> = Ring<Fr, Bls12_381, P>;
 
-    #[test]
-    fn test_ring_mgmt() {
+    fn _test_ring_mgmt<P: AffineRepr<BaseField=Fq>>() {
         let rng = &mut test_rng();
 
         let domain_size = 1 << 9;
@@ -278,7 +278,16 @@ mod tests {
     }
 
     #[test]
-    fn test_empty_rings() {
+    fn test_ring_mgmt_sw() {
+        _test_ring_mgmt::<SWAffine>();
+    }
+
+    #[test]
+    fn test_ring_mgmt_te() {
+        _test_ring_mgmt::<EdwardsAffine>();
+    }
+
+    fn _test_empty_rings<P: AffineRepr<BaseField=Fq>>() {
         let rng = &mut test_rng();
 
         let domain_size = 1 << 9;
@@ -288,16 +297,28 @@ mod tests {
         let srs = |range: Range<usize>| Ok(ring_builder_key.lis_in_g1[range].to_vec());
 
         // piop params
-        let h = SWAffine::rand(rng);
-        let seed = SWAffine::rand(rng);
+        let h = P::rand(rng);
+        let seed = P::rand(rng);
         let domain = Domain::new(domain_size, true);
         let piop_params = PiopParams::setup(domain, h, seed);
 
-        let ring = TestRing::empty(&piop_params, srs, ring_builder_key.g1);
+        let ring = TestRing::<P>::empty(&piop_params, srs, ring_builder_key.g1);
         let same_ring = TestRing::with_keys(&piop_params, &[], &ring_builder_key);
         assert_eq!(ring, same_ring);
+
+    }
+
+    #[test]
+    fn test_empty_rings_sw() {
+        _test_empty_rings::<SWAffine>();
     }
 
+    #[test]
+    fn test_empty_rings_te() {
+        _test_empty_rings::<EdwardsAffine>();
+    }
+
+
     fn get_monomial_commitment(pcs_params: &URS<Bls12_381>, piop_params: &PiopParams<Fr, SWAffine>, keys: &[SWAffine]) -> (G1Affine, G1Affine) {
         let (_, verifier_key) = crate::piop::index::<_, KZG::<Bls12_381>, _>(pcs_params, piop_params, keys);
         let [monimial_cx, monimial_cy] = verifier_key.fixed_columns_committed.points;