Skip to content

Digest simplifications #238

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
srinathsetty merged 3 commits into from
Oct 27, 2023
Merged

Digest simplifications #238

srinathsetty merged 3 commits into from
Oct 27, 2023

Conversation

@srinathsetty
Copy link
Collaborator

@srinathsetty srinathsetty commented Oct 27, 2023

PR #229 introduces simplifications to digest computation, but it makes the verifier compute digests on its own, changing the behavior prior to that PR. This PR restores that functionality with an internal type.

@porcuquine
Copy link
Contributor

porcuquine commented Oct 27, 2023

I think the digest computations removed in 9f9d45c are there so that applications (like Lurk) can generate accurate cache keys for public parameters. In particular, we need to invalidate caches whenever circuits change.

@srinathsetty
Copy link
Collaborator Author

srinathsetty commented Oct 27, 2023

I think the digest computations removed in 9f9d45c are there so that applications (like Lurk) can generate accurate cache keys for public parameters. In particular, we need to invalidate caches whenever circuits change.

R1CSShape is an internal type that isn't exposed, I don't think, to users of Nova. If so, how will Lurk determine when the R1CS digest changes? The public parameters type still has a digest field. Please let me know if I misunderstood the intended usage of digest field on R1CSShape type.

@srinathsetty srinathsetty force-pushed the digest_simplifications branch from dd9e9f8 to ca4ab1c Compare October 27, 2023 01:19
@srinathsetty srinathsetty merged commit 71ecb66 into main Oct 27, 2023
@srinathsetty srinathsetty deleted the digest_simplifications branch October 27, 2023 01:54
@srinathsetty
Copy link
Collaborator Author

srinathsetty commented Oct 27, 2023

I think the digest computations removed in 9f9d45c are there so that applications (like Lurk) can generate accurate cache keys for public parameters. In particular, we need to invalidate caches whenever circuits change.

R1CSShape is an internal type that isn't exposed, I don't think, to users of Nova. If so, how will Lurk determine when the R1CS digest changes? The public parameters type still has a digest field. Please let me know if I misunderstood the intended usage of digest field on R1CSShape type.

Please open an issue and/or a PR (or reply here) if the digest on R1CS is still required.

@huitseeker
Copy link
Contributor

huitseeker commented Oct 27, 2023

On this PR

[#229] makes the verifier compute digests on its own

I am not sure that I understand this statement with precision. In #229, as in prior behavior, both spartan::snark and spartan::ppsnark exit the setup() function with a verifier key which digest is computed and populated (that is, the OnceCell it contains is set). That is because the digest of the VerifierKey needs to be populated in the Proverkey. There is no digest re-computation involved past that point: further .digest() calls resolve to a simple getter.

The difference introduced in #229 is that should the VerifierKey in question then be serialized and deserialized, the first access of the digest() would need to recompute it. This is so that it's not possible to pass the verifier a struct with a digest that doesn't match the associated contents of the verifier key.

In other terms, in order for this line:

Nova/src/spartan/ppsnark.rs

Lines 1518 to 1519 in bd6e4e1

// append the verifier key (including commitment to R1CS matrices) and the RelaxedR1CSInstance to the transcript
transcript.absorb(b"vk", &vk.digest());

to involve an actual digest re-computation, the verifier would need to be passed a verifier key that did not go through the setup function.

Are you saying that for the verifier to be passed a VerifyingKey which digest works for the purpose of the FS heuristic, but contains a wrong parameter (e.g. a wrong num_cons, an incorrect basis in the evaluation engine's verifier key) is ok? If not, then shouldn't that line involve a digest re-computation anyway?

On R1CS digests

  • the R1CSShape type is part of the Nova public API, through e.g. RelaxedR1CSSNARKTrait,
  • by and large, the Nova Public parameters are not universal, due to the embedded R1CSShape dependent items it contains. Everything else is: the constants are the same from one proof to another, and the only constrain on CommitmentKeys is that they be of sufficient sizes for the proof at hand. Having separate digests for the universal and circuit-specific portions of the logic is useful.

srinathsetty added a commit that referenced this pull request Oct 27, 2023
@srinathsetty
Revert "Digest simplifications (#238)"
2991192 
This reverts commit 71ecb66.
@srinathsetty srinathsetty mentioned this pull request Oct 27, 2023
Merged
srinathsetty added a commit that referenced this pull request Oct 27, 2023
@srinathsetty
Revert "Digest simplifications (#238)"
bd264bd 
This reverts commit 71ecb66.
srinathsetty added a commit that referenced this pull request Oct 27, 2023
@srinathsetty
Restore digest computation and fix API inconsistency (#242)
e79498b 
* Revert "Digest simplifications (#238)"

This reverts commit 71ecb66.

* upgrade neptune

* make the public interface uniform wrt refs vs. copies

* simplify prove_step
@huitseeker huitseeker mentioned this pull request Oct 30, 2023
Merged
huitseeker added a commit to huitseeker/Nova that referenced this pull request Nov 3, 2023
@huitseeker @srinathsetty
Update the RecursiveSNARK API (Nova forward port) (microsoft#87)
f81bd4c 
* Digest simplifications (microsoft#238)

* remove unused digest computations

* avoid a verifier having to recompute a digest

* update crate version

Restore digest computation and fix API inconsistency (microsoft#242)

* Revert "Digest simplifications (microsoft#238)"

This reverts commit 71ecb66.

* upgrade neptune

* make the public interface uniform wrt refs vs. copies

* simplify prove_step

* refactor: Adapt supernova RecursiveSNARK to Nova API changes

- Updated `RecursiveSNARK` struct in `supernova/mod.rs` to include `z0_primary` and `z0_secondary` fields, simplifying method parameters.
- Refactored `prove_step` method in `RecursiveSNARK` struct to leverage the new instance variables, `z0_primary` and `z0_secondary`,
- Replaced all usages of `z0_primary` and `z0_secondary` in function calls with their respective instance variables.

---------

Co-authored-by: Srinath Setty <srinath@microsoft.com>
huitseeker pushed a commit to huitseeker/Nova that referenced this pull request Jan 11, 2024
@samuelburnham
ci: Add comparative GPU benchmarks on merge_group (microsoft#238)
85c04b3 
* ci: Add comparative benchmarks on `merge_group` (WIP)

* Add other benchmarks and refactor

* Remove caching for now and test action on `pull_request`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@srinathsetty @porcuquine @huitseeker