github/darkfi
1
1
Fork 0
mirror of https://github.com/darkrenaissance/darkfi.git synced 2026-01-10 15:17:57 -05:00
Code Issues Packages Projects Releases Wiki Activity
1,255 Commits 7 Branches 11 Tags
e6867df4ec6fb1002e7e733eb245bacceed46c9a
Commit Graph

173 Commits

Author SHA1 Message Date
narodnik
71ae901729 add comment about delta 2021-09-11 13:34:24 +02:00
narodnik
5d99b5817e fft.sage: add link to cp algorithms 2021-09-11 11:16:44 +02:00
narodnik
5233a8efd9 add example of fft (fast fourier transform) 2021-09-11 11:13:10 +02:00
narodnik
5b2da654b9 rename confusing h(X) to c(X) 2021-09-06 16:39:22 +02:00
narodnik
2f1ab4a53f halo2: fix TODO item by using quo_rem() function instead of / 2021-08-28 14:08:57 +02:00
narodnik
9f983a998e halo2: add final evaluation check for h(X) 2021-08-28 13:34:14 +02:00
narodnik
93575638bd halo2: working permutation argument 2021-08-28 13:18:08 +02:00
narodnik
b4b3c877cf halo2: create permuted indices 
diff --git a/scripts/halo/halo2.sage b/scripts/halo/halo2.sage
index ae207ea..9510eaf 100644
--- a/scripts/halo/halo2.sage
+++ b/scripts/halo/halo2.sage
@@ -60,12 +60,13 @@ F_1_1, F_2_1, F_3_1, F_4_1 = 1, 0, 0, 0
 I_1 = var_z

 # Row 2
-# A1 == I
+# ~0 == 0
 A_1_2, A_2_2, A_3_2, A_4_2 = var_zero, 0, 0, 0
 F_1_2, F_2_2, F_3_2, F_4_2 = 0, 1, 0, 0
 I_2 = 0

 # Row 3
+# Boolean check
 # (1 - s)(s + 0) == 0
 A_1_3, A_2_3, A_3_3, A_4_3 = var_s, var_s, var_zero, var_zero
 F_1_3, F_2_3, F_3_3, F_4_3 = 0, 0, 1, 0
@@ -151,17 +152,63 @@ for i, (A_1_i, A_2_i, A_3_i, A_4_i, F_1_i, F_2_i, F_3_i, F_4_i, I_i) in \

 # beta, gamma

-#       0   1   2    3             4           5    6       ...     15
-# A1:   1,  0,  s,   s,            s,          0,   z
-#      16  17  18   19            20          21   22       ...     31
-# A2:   -,  -,  s,   x,            x,        sxy,   -
-#      32  33  34   35            36          37   38       ...     47
-# A3:   -,  -,  0,   y,            y, (1-s)(x+y),   -
-#      48  49  50   51            52          53   54       ...     63
-# A4:   -,  -,  0, sxy, (1-s)(x + y),          z,   -
-#      64  65  66   67            68          69   70       ...     79
-# A5:   -,  -,  -,   -,            -,          -,   z
-permuted_indices_A1 = []
+#       0   1   2    3             4           5      ...     15
+# A1:   z,  0,  s,   s,            s,          0,
+#
+#      16  17  18   19            20          21      ...     31
+# A2:   -,  -,  s,   x,            x,        sxy,
+#
+#      32  33  34   35            36          37      ...     47
+# A3:   -,  -,  0,   y,            y, (1-s)(x+y),
+#
+#      48  49  50   51            52          53      ...     63
+# A4:   -,  -,  0, sxy, (1-s)(x + y),          z,
+#
+#      64  65  66   67            68          69      ...     79
+# A5:   z,  -,  -,   -,            -,          -,
+
+# z = (0 53 64)
+# 0 = (1 5 34 50)
+# s = (2 3 4 18)
+# x = (19 20)
+# sxy = (21 51)
+# y = (35 36)
+# (1-s)(x+y) = (37 52)
+
+permuted_indices = list(range(n * 5))
+assert len(permuted_indices) == 80
+
+# Apply the actual permutation cycles
+# z
+permuted_indices[0] = 53
+permuted_indices[53] = 64
+permuted_indices[64] = 0
+# ~0
+permuted_indices[1] = 5
+permuted_indices[5] = 34
+permuted_indices[34] = 50
+permuted_indices[50] = 1
+# s
+permuted_indices[2] = 3
+permuted_indices[3] = 4
+permuted_indices[4] = 18
+permuted_indices[18] = 2
+# x
+permuted_indices[19] = 20
+permuted_indices[20] = 19
+# sxy
+permuted_indices[21] = 51
+permuted_indices[51] = 21
+# y
+permuted_indices[35] = 36
+permuted_indices[36] = 35
+# (1-s)(x+y)
+permuted_indices[37] = 52
+permuted_indices[52] = 37
+
+witness = A1 + A2 + A3 + A4 + I
+for i, val in enumerate(witness):
+    assert val == witness[permuted_indices[i]]

 y = K.random_element()
 2021-08-28 13:18:08 +02:00
narodnik
8d9b8c8fcd halo2: remove useless constraint 2021-08-28 13:18:08 +02:00
narodnik
51bc448a1d halo2: add comment with indices table for permutation cycles 2021-08-26 21:38:58 +02:00
narodnik
1518a44377 halo2: add random blinding rows 2021-08-26 21:30:56 +02:00
narodnik
3077d70e68 halo2: fix broken arithmetization since gates are independent 2021-08-25 21:47:31 +02:00
narodnik
74b8ed57fa halo2: create lagrange witness and selector polys 2021-08-25 16:52:03 +02:00
narodnik
d7085255cc halo2: delta value used in permutation arg 2021-08-25 16:51:48 +02:00
narodnik
4db7da2a1e halo2 arithmetization of a circuit 2021-08-25 12:07:38 +02:00
narodnik
e3af3e9e2c add clarifying comment to plonk.sage 2021-08-24 21:27:10 +02:00
narodnik
348a3ad89a begin halo2 prover 2021-08-24 21:27:10 +02:00
narodnik
9e368c89dd plonk: finish prover system 2021-08-23 07:18:20 +02:00
narodnik
19eee83000 plonk: compute quotient polynomial proof 2021-08-23 06:58:10 +02:00
narodnik
3bce1fe733 plonk: make permutations zero indexed 2021-08-22 22:54:29 +02:00
narodnik
9e463a31ca plonk: round 1 calculate witness polys 2021-08-22 22:51:46 +02:00
narodnik
2875df7cab correct number of constraints to be power of 2 by adding a fake one 2021-08-22 20:00:52 +02:00
narodnik
917015546c beginning of the plonk algorithm: setup the circuit and initialize the gates 2021-08-22 19:41:19 +02:00
narodnik
482320062f renamed: plonk_naive.sage -> plonk-naive.sage 2021-08-22 19:41:19 +02:00
narodnik
8062041449 minor plonk sage changes 2021-08-16 15:04:15 +02:00
narodnik
e5d0ca1d16 plonk "simple" example 2021-08-08 14:39:03 +02:00
narodnik
2cc4480c38 round 2 2021-08-08 13:19:35 +02:00
narodnik
04dc04ece5 plonk-simple round 1 of proving phase 2021-08-08 12:09:19 +02:00
narodnik
a241497ddc simple plonk manual worked example 2021-08-08 11:52:30 +02:00
narodnik
354c4ffd99 get root of unity for 2-adic subgroup within vesta base field Fq, which has an order of 32 2021-08-08 09:12:30 +02:00
narodnik
3d2f35c26a renamed: plonk.sage -> plonk_naive.sage 2021-08-08 08:28:25 +02:00
narodnik
3f17311bbe add clarifying comment 2021-08-07 11:19:12 +02:00
narodnik
61837f09ab reduced plonk permutation argument 2021-08-07 11:16:56 +02:00
narodnik
b695238755 plonk generate copy constraints 2021-08-07 08:36:32 +02:00
narodnik
d76c2836de comment out test in groth_poly_commit.py 2021-08-07 08:36:32 +02:00
narodnik
19fb93b778 plonk constraints setup 2021-08-06 12:14:56 +02:00
narodnik
181108ca90 mostly working halo1 impl 2021-07-24 15:15:59 +02:00
narodnik
b5243dcbbe sonic: print constant_coefficient 2021-07-23 22:46:00 +02:00
narodnik
c3a65d8479 halo1 sage script 2021-07-23 22:45:33 +02:00
narodnik
db91508dc9 sonic: bugfix due to typo s/v/w/ 2021-07-23 11:29:38 +02:00
narodnik
d890d902fc halo1: polynomial commitment over ring example 2021-07-23 11:28:45 +02:00
narodnik
514e286fe0 create functions for polynomial commitment proofs in sage 2021-07-21 23:16:04 +02:00
narodnik
e51b0abc99 polynomial commitment proof based off groth16 inner product argument 2021-07-21 22:27:02 +02:00
narodnik
b907aaf5f3 groth inner product zero knowledge argument of knowledge 2021-07-21 19:37:15 +02:00
narodnik
49864a8349 sonic: add blinding factors to r(X, Y) for step zkP1 2021-07-18 14:52:12 +02:00
narodnik
c80be76d6d comment out blinding factors for poly 2021-07-18 09:26:25 +02:00
narodnik
76cb1e37c0 sonic: add sonic protocol steps to sage version 2021-07-17 11:30:55 +02:00
narodnik
cd11aecbd8 sonic: add protocol steps 2021-07-17 11:24:41 +02:00
narodnik
8663911041 remove hardcoded fp 2021-07-17 11:18:08 +02:00
narodnik
f5b4e93f92 sage version of sonic arithmetization 2021-07-17 10:50:56 +02:00