fix: simplify kzg-commit (#780)

.github/workflows/rust.yml

@@ -354,7 +354,7 @@ jobs:
 
   prove-and-verify-tests:
     runs-on: non-gpu
-    needs: [build, library-tests, docs, python-tests, python-integration-tests]
+    needs: [build, library-tests, docs]
     steps:
       - uses: actions/checkout@v4
       - uses: actions-rs/toolchain@v1
@@ -394,14 +394,18 @@ jobs:
       - name: Replace memory definition in nodejs
         run: |
           sed -i "3s|.*|imports['env'] = {memory: new WebAssembly.Memory({initial:20,maximum:65536,shared:true})}|" tests/wasm/nodejs/ezkl.js
+      - name: KZG prove and verify tests (public outputs + column overflow)
+        run: cargo nextest run --release --verbose tests::kzg_prove_and_verify_with_overflow_::w
+      - name: KZG prove and verify tests (public outputs + fixed params + column overflow)
+        run: cargo nextest run --release --verbose tests::kzg_prove_and_verify_with_overflow_fixed_params_
+      - name: KZG prove and verify tests (hashed inputs + column overflow)
+        run: cargo nextest run --release --verbose tests::kzg_prove_and_verify_with_overflow_hashed_inputs_
       - name: KZG prove and verify tests (public outputs)
         run: cargo nextest run --release --verbose tests::kzg_prove_and_verify_tight_lookup_::t
       - name: IPA prove and verify tests
         run: cargo nextest run --release --verbose tests::ipa_prove_and_verify_::t --test-threads 1
       - name: IPA prove and verify tests (ipa outputs)
         run: cargo nextest run --release --verbose tests::ipa_prove_and_verify_ipa_output
-      - name: KZG prove and verify tests (public outputs + column overflow)
-        run: cargo nextest run --release --verbose tests::kzg_prove_and_verify_with_overflow_::w
       - name: KZG prove and verify tests single inner col
         run: cargo nextest run --release --verbose tests::kzg_prove_and_verify_single_col
       - name: KZG prove and verify tests triple inner col
@@ -412,8 +416,6 @@ jobs:
         run: cargo nextest run --release --verbose tests::kzg_prove_and_verify_octuple_col --test-threads 8
       - name: KZG prove and verify tests (kzg outputs)
         run: cargo nextest run --release --verbose tests::kzg_prove_and_verify_kzg_output
-      - name: KZG prove and verify tests (public outputs + fixed params + column overflow)
-        run: cargo nextest run --release --verbose tests::kzg_prove_and_verify_with_overflow_fixed_params_
       - name: KZG prove and verify tests (public outputs)
         run: cargo nextest run --release --verbose tests::kzg_prove_and_verify_::t
       - name: KZG prove and verify tests (public inputs)
@@ -545,8 +547,6 @@ jobs:
         with:
           crate: cargo-nextest
           locked: true
-      - name: Download MNIST
-        run: sh data.sh
       - name: Examples
         run: cargo nextest run --release tests_examples
 

.gitignore

@@ -1,6 +1,5 @@
 target
 pkg
-data
 *.csv
 !examples/notebooks/eth_price.csv
 *.ipynb_checkpoints

data.sh

@@ -1,11 +0,0 @@
-#! /bin/bash
-
-mkdir data
-cd data
-
-wget http://yann.lecun.com/exdb/mnist/train-images-idx3-ubyte.gz
-wget http://yann.lecun.com/exdb/mnist/train-labels-idx1-ubyte.gz
-wget http://yann.lecun.com/exdb/mnist/t10k-images-idx3-ubyte.gz
-wget http://yann.lecun.com/exdb/mnist/t10k-labels-idx1-ubyte.gz
-
-gzip -d *.gz

examples/conv2d_mnist/main.rs

@@ -308,6 +308,7 @@ pub fn runconv() {
         tst_lbl: _,
         ..
     } = MnistBuilder::new()
+        .base_path("examples/data")
         .label_format_digit()
         .training_set_length(50_000)
         .validation_set_length(10_000)

src/circuit/modules/polycommit.rs

@@ -44,12 +44,11 @@ impl PolyCommitChip {
     /// Commit to the message using the KZG commitment scheme
     pub fn commit<Scheme: CommitmentScheme<Scalar = Fp, Curve = G1Affine>>(
         message: Vec<Scheme::Scalar>,
-        degree: u32,
         num_unusable_rows: u32,
         params: &Scheme::ParamsProver,
     ) -> Vec<G1Affine> {
         let k = params.k();
-        let domain = halo2_proofs::poly::EvaluationDomain::new(degree, k);
+        let domain = halo2_proofs::poly::EvaluationDomain::new(2, k);
         let n = 2_u64.pow(k) - num_unusable_rows as u64;
         let num_poly = (message.len() / n as usize) + 1;
         let mut poly = vec![domain.empty_lagrange(); num_poly];

src/execute.rs

@@ -1228,22 +1228,14 @@ pub(crate) fn calibrate(
     );
 
     if matches!(target, CalibrationTarget::Resources { col_overflow: true }) {
-        let lookup_log_rows = ((best_params.run_args.lookup_range.1
-            - best_params.run_args.lookup_range.0) as f32)
-            .log2()
-            .ceil() as u32
-            + 1;
-        let mut reduction = std::cmp::max(
-            (best_params
-                .model_instance_shapes
-                .iter()
-                .map(|x| x.iter().product::<usize>())
-                .sum::<usize>() as f32)
-                .log2()
-                .ceil() as u32
-                + 1,
-            lookup_log_rows,
-        );
+        let lookup_log_rows = best_params.lookup_log_rows_with_blinding();
+        let module_log_row = best_params.module_constraint_logrows_with_blinding();
+        let instance_logrows = best_params.log2_total_instances_with_blinding();
+        let dynamic_lookup_logrows = best_params.dynamic_lookup_and_shuffle_logrows_with_blinding();
+
+        let mut reduction = std::cmp::max(lookup_log_rows, module_log_row);
+        reduction = std::cmp::max(reduction, instance_logrows);
+        reduction = std::cmp::max(reduction, dynamic_lookup_logrows);
         reduction = std::cmp::max(reduction, crate::graph::MIN_LOGROWS);
 
         info!(

src/graph/mod.rs

@@ -483,7 +483,22 @@ pub struct GraphSettings {
 }
 
 impl GraphSettings {
-    fn model_constraint_logrows(&self) -> u32 {
+    /// Calc the number of rows required for lookup tables
+    pub fn lookup_log_rows(&self) -> u32 {
+        ((self.run_args.lookup_range.1 - self.run_args.lookup_range.0) as f32)
+            .log2()
+            .ceil() as u32
+    }
+
+    /// Calc the number of rows required for lookup tables
+    pub fn lookup_log_rows_with_blinding(&self) -> u32 {
+        ((self.run_args.lookup_range.1 - self.run_args.lookup_range.0) as f32
+            + RESERVED_BLINDING_ROWS as f32)
+            .log2()
+            .ceil() as u32
+    }
+
+    fn model_constraint_logrows_with_blinding(&self) -> u32 {
         (self.num_rows as f64 + RESERVED_BLINDING_ROWS as f64)
             .log2()
             .ceil() as u32
@@ -495,14 +510,31 @@ impl GraphSettings {
             .ceil() as u32
     }
 
+    /// calculate the number of rows required for the dynamic lookup and shuffle
+    pub fn dynamic_lookup_and_shuffle_logrows_with_blinding(&self) -> u32 {
+        (self.total_dynamic_col_size as f64
+            + self.total_shuffle_col_size as f64
+            + RESERVED_BLINDING_ROWS as f64)
+            .log2()
+            .ceil() as u32
+    }
+
     fn dynamic_lookup_and_shuffle_col_size(&self) -> usize {
         self.total_dynamic_col_size + self.total_shuffle_col_size
     }
 
-    fn module_constraint_logrows(&self) -> u32 {
+    /// calculate the number of rows required for the module constraints
+    pub fn module_constraint_logrows(&self) -> u32 {
         (self.module_sizes.max_constraints() as f64).log2().ceil() as u32
     }
 
+    /// calculate the number of rows required for the module constraints
+    pub fn module_constraint_logrows_with_blinding(&self) -> u32 {
+        (self.module_sizes.max_constraints() as f64 + RESERVED_BLINDING_ROWS as f64)
+            .log2()
+            .ceil() as u32
+    }
+
     fn constants_logrows(&self) -> u32 {
         (self.total_const_size as f64 / self.run_args.num_inner_cols as f64)
             .log2()
@@ -529,6 +561,14 @@ impl GraphSettings {
         std::cmp::max((sum as f64).log2().ceil() as u32, 1)
     }
 
+    /// calculate the log2 of the total number of instances
+    pub fn log2_total_instances_with_blinding(&self) -> u32 {
+        let sum = self.total_instances().iter().sum::<usize>() + RESERVED_BLINDING_ROWS;
+
+        // max between 1 and the log2 of the sums
+        std::cmp::max((sum as f64).log2().ceil() as u32, 1)
+    }
+
     /// save params to file
     pub fn save(&self, path: &std::path::PathBuf) -> Result<(), std::io::Error> {
         // buf writer
@@ -1133,7 +1173,7 @@ impl GraphCircuit {
         );
 
         // These are upper limits, going above these is wasteful, but they are not hard limits
-        let model_constraint_logrows = self.settings().model_constraint_logrows();
+        let model_constraint_logrows = self.settings().model_constraint_logrows_with_blinding();
         let min_bits = self.table_size_logrows(safe_lookup_range, max_range_size)?;
         let constants_logrows = self.settings().constants_logrows();
         max_logrows = std::cmp::min(

src/graph/modules.rs

@@ -314,7 +314,6 @@ impl GraphModules {
                     let commitments = inputs.iter().fold(vec![], |mut acc, x| {
                         let res = PolyCommitChip::commit::<Scheme>(
                             x.to_vec(),
-                            vk.cs().degree() as u32,
                             (vk.cs().blinding_factors() + 1) as u32,
                             srs,
                         );

src/lib.rs

@@ -200,13 +200,13 @@ pub struct RunArgs {
     /// Hand-written parser for graph variables, eg. batch_size=1
     #[arg(short = 'V', long, value_parser = parse_key_val::<String, usize>, default_value = "batch_size->1", value_delimiter = ',')]
     pub variables: Vec<(String, usize)>,
-    /// Flags whether inputs are public, private, hashed
+    /// Flags whether inputs are public, private, hashed, fixed, kzgcommit
     #[arg(long, default_value = "private")]
     pub input_visibility: Visibility,
-    /// Flags whether outputs are public, private, hashed
+    /// Flags whether outputs are public, private, fixed, hashed, kzgcommit
     #[arg(long, default_value = "public")]
     pub output_visibility: Visibility,
-    /// Flags whether params are public, private, hashed
+    /// Flags whether params are fixed, private, hashed, kzgcommit
     #[arg(long, default_value = "private")]
     pub param_visibility: Visibility,
     #[arg(long, default_value = "false")]
@@ -248,6 +248,12 @@ impl Default for RunArgs {
 impl RunArgs {
     ///
     pub fn validate(&self) -> Result<(), Box<dyn std::error::Error>> {
+        if self.param_visibility == Visibility::Public {
+            return Err(
+                "params cannot be public instances, you are probably trying to use `fixed` or `kzgcommit`"
+                    .into(),
+            );
+        }
         if self.scale_rebase_multiplier < 1 {
             return Err("scale_rebase_multiplier must be >= 1".into());
         }

src/python.rs

@@ -547,7 +547,6 @@ fn kzg_commit(
 
     let output = PolyCommitChip::commit::<KZGCommitmentScheme<Bn256>>(
         message,
-        vk.cs().degree() as u32,
         (vk.cs().blinding_factors() + 1) as u32,
         &srs,
     );
@@ -606,7 +605,6 @@ fn ipa_commit(
 
     let output = PolyCommitChip::commit::<IPACommitmentScheme<G1Affine>>(
         message,
-        vk.cs().degree() as u32,
         (vk.cs().blinding_factors() + 1) as u32,
         &srs,
     );
@@ -1168,26 +1166,21 @@ fn prove(
     settings_path=PathBuf::from(DEFAULT_SETTINGS),
     vk_path=PathBuf::from(DEFAULT_VK),
     srs_path=None,
-    non_reduced_srs=DEFAULT_USE_REDUCED_SRS_FOR_VERIFICATION.parse::<bool>().unwrap(),
+    reduced_srs=DEFAULT_USE_REDUCED_SRS_FOR_VERIFICATION.parse::<bool>().unwrap(),
 ))]
 fn verify(
     proof_path: PathBuf,
     settings_path: PathBuf,
     vk_path: PathBuf,
     srs_path: Option<PathBuf>,
-    non_reduced_srs: bool,
+    reduced_srs: bool,
 ) -> Result<bool, PyErr> {
-    crate::execute::verify(
-        proof_path,
-        settings_path,
-        vk_path,
-        srs_path,
-        non_reduced_srs,
-    )
-    .map_err(|e| {
-        let err_str = format!("Failed to run verify: {}", e);
-        PyRuntimeError::new_err(err_str)
-    })?;
+    crate::execute::verify(proof_path, settings_path, vk_path, srs_path, reduced_srs).map_err(
+        |e| {
+            let err_str = format!("Failed to run verify: {}", e);
+            PyRuntimeError::new_err(err_str)
+        },
+    )?;
 
     Ok(true)
 }

src/wasm.rs

@@ -1,3 +1,4 @@
+use crate::circuit::modules::polycommit::PolyCommitChip;
 use crate::circuit::modules::poseidon::spec::{PoseidonSpec, POSEIDON_RATE, POSEIDON_WIDTH};
 use crate::circuit::modules::poseidon::PoseidonChip;
 use crate::circuit::modules::Module;
@@ -147,6 +148,44 @@ pub fn floatToFelt(
     )?))
 }
 
+/// Generate a kzg commitment.
+#[wasm_bindgen]
+#[allow(non_snake_case)]
+pub fn kzgCommit(
+    message: wasm_bindgen::Clamped<Vec<u8>>,
+    vk: wasm_bindgen::Clamped<Vec<u8>>,
+    settings: wasm_bindgen::Clamped<Vec<u8>>,
+    params_ser: wasm_bindgen::Clamped<Vec<u8>>,
+) -> Result<wasm_bindgen::Clamped<Vec<u8>>, JsError> {
+    let message: Vec<Fr> = serde_json::from_slice(&message[..])
+        .map_err(|e| JsError::new(&format!("Failed to deserialize message: {}", e)))?;
+
+    let mut reader = std::io::BufReader::new(&params_ser[..]);
+    let params: ParamsKZG<Bn256> =
+        halo2_proofs::poly::commitment::Params::<'_, G1Affine>::read(&mut reader)
+            .map_err(|e| JsError::new(&format!("Failed to deserialize params: {}", e)))?;
+
+    let mut reader = std::io::BufReader::new(&vk[..]);
+    let circuit_settings: GraphSettings = serde_json::from_slice(&settings[..])
+        .map_err(|e| JsError::new(&format!("Failed to deserialize settings: {}", e)))?;
+    let vk = VerifyingKey::<G1Affine>::read::<_, GraphCircuit>(
+        &mut reader,
+        halo2_proofs::SerdeFormat::RawBytes,
+        circuit_settings,
+    )
+    .map_err(|e| JsError::new(&format!("Failed to deserialize vk: {}", e)))?;
+
+    let output = PolyCommitChip::commit::<KZGCommitmentScheme<Bn256>>(
+        message,
+        (vk.cs().blinding_factors() + 1) as u32,
+        &params,
+    );
+
+    Ok(wasm_bindgen::Clamped(
+        serde_json::to_vec(&output).map_err(|e| JsError::new(&format!("{}", e)))?,
+    ))
+}
+
 /// Converts a buffer to vector of 4 u64s representing a fixed point field element
 #[wasm_bindgen]
 #[allow(non_snake_case)]

tests/integration_tests.rs

@@ -899,7 +899,7 @@ mod native_tests {
             seq!(N in 0..=45 {
 
                 #(#[test_case(WASM_TESTS[N])])*
-                fn prove_and_verify_with_overflow_(test: &str) {
+                fn kzg_prove_and_verify_with_overflow_(test: &str) {
                     crate::native_tests::init_binary();
                     // crate::native_tests::init_wasm();
                     let test_dir = TempDir::new(test).unwrap();
@@ -912,7 +912,20 @@ mod native_tests {
                 }
 
                 #(#[test_case(WASM_TESTS[N])])*
-                fn prove_and_verify_with_overflow_fixed_params_(test: &str) {
+                fn kzg_prove_and_verify_with_overflow_hashed_inputs_(test: &str) {
+                    crate::native_tests::init_binary();
+                    // crate::native_tests::init_wasm();
+                    let test_dir = TempDir::new(test).unwrap();
+                    env_logger::init();
+                    let path = test_dir.path().to_str().unwrap(); crate::native_tests::mv_test_(path, test);
+                    prove_and_verify(path, test.to_string(), "safe", "hashed", "private", "public", 1, None, true, "single", Commitments::KZG, 2);
+                    #[cfg(not(feature = "icicle"))]
+                    run_js_tests(path, test.to_string(), "testWasm", false);
+                    // test_dir.close().unwrap();
+                }
+
+                #(#[test_case(WASM_TESTS[N])])*
+                fn kzg_prove_and_verify_with_overflow_fixed_params_(test: &str) {
                     crate::native_tests::init_binary();
                     // crate::native_tests::init_wasm();
                     let test_dir = TempDir::new(test).unwrap();

tests/wasm.rs

@@ -1,21 +1,29 @@
 #[cfg(all(target_arch = "wasm32", target_os = "unknown"))]
 #[cfg(test)]
 mod wasm32 {
+    use ezkl::circuit::modules::polycommit::PolyCommitChip;
     use ezkl::circuit::modules::poseidon::spec::{PoseidonSpec, POSEIDON_RATE, POSEIDON_WIDTH};
     use ezkl::circuit::modules::poseidon::PoseidonChip;
     use ezkl::circuit::modules::Module;
     use ezkl::graph::modules::POSEIDON_LEN_GRAPH;
-    use ezkl::graph::GraphWitness;
+    use ezkl::graph::GraphCircuit;
+    use ezkl::graph::{GraphSettings, GraphWitness};
     use ezkl::pfsys;
     use ezkl::wasm::{
         bufferToVecOfFelt, compiledCircuitValidation, encodeVerifierCalldata, feltToBigEndian,
         feltToFloat, feltToInt, feltToLittleEndian, genPk, genVk, genWitness, inputValidation,
-        pkValidation, poseidonHash, proofValidation, prove, settingsValidation, srsValidation,
-        u8_array_to_u128_le, verify, verifyAggr, vkValidation, witnessValidation,
+        kzgCommit, pkValidation, poseidonHash, proofValidation, prove, settingsValidation,
+        srsValidation, u8_array_to_u128_le, verify, verifyAggr, vkValidation, witnessValidation,
     };
+    use halo2_proofs::plonk::VerifyingKey;
+    use halo2_proofs::poly::commitment::CommitmentScheme;
+    use halo2_proofs::poly::kzg::commitment::KZGCommitmentScheme;
+    use halo2_proofs::poly::kzg::commitment::ParamsKZG;
     use halo2_solidity_verifier::encode_calldata;
+    use halo2curves::bn256::Bn256;
     use halo2curves::bn256::{Fr, G1Affine};
     use snark_verifier::util::arithmetic::PrimeField;
+    use wasm_bindgen::JsError;
     #[cfg(feature = "web")]
     pub use wasm_bindgen_rayon::init_thread_pool;
     use wasm_bindgen_test::*;
@@ -90,6 +98,45 @@ mod wasm32 {
         assert_eq!(calldata, reference_calldata);
     }
 
+    #[wasm_bindgen_test]
+    fn verify_kzg_commit() {
+        // create a vector of field elements Vec<Fr> and assign it to the message variable
+        let mut message: Vec<Fr> = vec![];
+        for i in 0..32 {
+            message.push(Fr::from(i as u64));
+        }
+        let message_ser = serde_json::to_vec(&message).unwrap();
+
+        let settings: GraphSettings = serde_json::from_slice(&SETTINGS).unwrap();
+        let mut reader = std::io::BufReader::new(SRS);
+        let params: ParamsKZG<Bn256> =
+            halo2_proofs::poly::commitment::Params::<'_, G1Affine>::read(&mut reader).unwrap();
+        let mut reader = std::io::BufReader::new(VK);
+        let vk = VerifyingKey::<G1Affine>::read::<_, GraphCircuit>(
+            &mut reader,
+            halo2_proofs::SerdeFormat::RawBytes,
+            settings.clone(),
+        )
+        .unwrap();
+        let commitment_ser = kzgCommit(
+            wasm_bindgen::Clamped(message_ser),
+            wasm_bindgen::Clamped(VK.to_vec()),
+            wasm_bindgen::Clamped(SETTINGS.to_vec()),
+            wasm_bindgen::Clamped(SRS.to_vec()),
+        )
+        .map_err(|_| "failed")
+        .unwrap();
+        let commitment: Vec<halo2curves::bn256::G1Affine> =
+            serde_json::from_slice(&commitment_ser[..]).unwrap();
+        let reference_commitment = PolyCommitChip::commit::<KZGCommitmentScheme<Bn256>>(
+            message,
+            (vk.cs().blinding_factors() + 1) as u32,
+            &params,
+        );
+
+        assert_eq!(commitment, reference_commitment);
+    }
+
     #[wasm_bindgen_test]
     async fn verify_field_serialization_roundtrip() {
         for i in 0..32 {