arkworks-rs · tsunrise · Jul 27, 2021 · May 4, 2021 · May 4, 2021 · May 5, 2021
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -3,7 +3,7 @@ on:
   pull_request:
   push:
     branches:
-      - master
+      - main
 env:
   RUST_BACKTRACE: 1
 
@@ -50,14 +50,6 @@ jobs:
           toolchain: ${{ matrix.rust }}
           override: true
 
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            target
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-
       - name: Check examples
         uses: actions-rs/cargo@v1
         with:
@@ -75,16 +67,14 @@ jobs:
         uses: actions-rs/cargo@v1
         with:
             command: check
-            args: --all-features --examples --workspace --benches
+            args: --all-features --examples --all --benches
         if: matrix.rust == 'nightly'
 
       - name: Test
         uses: actions-rs/cargo@v1
         with:
             command: test
-            args: "--workspace \
-                   --all-features \
-                   --exclude ark-poly-benches"
+            args: --release
 
   check_no_std:
     name: Check no_std
@@ -115,14 +105,7 @@ jobs:
             target
           key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
 
-      - name: check
-        uses: actions-rs/cargo@v1
-        with:
-            command: check
-            args: --examples --workspace --exclude ark-poly-benches --target thumbv6m-none-eabi
-
-      - name: build
-        uses: actions-rs/cargo@v1
-        with:
-            command: build
-            args: --workspace --exclude ark-poly-benches --target thumbv6m-none-eabi
+      - name: ldt
+        run: |
+          cargo build --no-default-features --target aarch64-unknown-none
+          cargo check --examples --no-default-features --target aarch64-unknown-none
diff --git a/Cargo.toml b/Cargo.toml
@@ -0,0 +1,25 @@
+[package]
+name = "ark-ldt"
+version = "0.1.0"
+authors = ["arkworks contributors"]
+edition = "2018"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+ark-ff = { version = "^0.3.0", default-features = false }
+ark-std = { version = "^0.3.0", default-features = false }
+ark-relations = { version = "^0.3.0", default-features = false }
+ark-r1cs-std = { version = "^0.3.0", default-features = false}
+ark-sponge = { version = "^0.3.0", default-features = false }
+ark-poly = { version = "0.3.0", default-features = false }
+tracing = { version = "0.1", default-features = false, features = [ "attributes" ], optional = true}
+
+
+[dev-dependencies]
+ark-test-curves = { version = "^0.3.0", default-features = false, features = ["bls12_381_scalar_field", "mnt4_753_scalar_field"] }
+
+[features]
+default = ["std"]
+std = ["ark-ff/std", "ark-std/std", "ark-relations/std", "ark-r1cs-std/std", "ark-sponge/std", "ark-poly/std"]
+r1cs = ["ark-sponge/r1cs", "tracing"]
diff --git a/src/direct/constraints.rs b/src/direct/constraints.rs
@@ -0,0 +1,35 @@
+use ark_ff::PrimeField;
+use ark_r1cs_std::boolean::Boolean;
+use ark_r1cs_std::eq::EqGadget;
+use ark_r1cs_std::fields::fp::FpVar;
+use ark_r1cs_std::poly::polynomial::univariate::dense::DensePolynomialVar;
+use ark_relations::r1cs::SynthesisError;
+use ark_std::marker::PhantomData;
+
+pub struct DirectLDTGadget<CF: PrimeField> {
+    _marker: PhantomData<CF>,
+}
+
+impl<CF: PrimeField> DirectLDTGadget<CF> {
+    /// ### Verifier Side
+    ///
+    /// Verifier sample one element from domain and get its evaluation. Check if that evaluation
+    /// agrees with low-degree polynomial. Assume that `DensePolynomial` is low-degree, and verifier
+    /// need to check that.
+    pub fn verify_low_degree_single_round(
+        sampled_domain_element: FpVar<CF>,
+        sampled_evaluation_element: FpVar<CF>,
+        coefficients: &DensePolynomialVar<CF>,
+        degree_bound: usize,
+    ) -> Result<Boolean<CF>, SynthesisError> {
+        // make sure the degree is within degree_bound. No need to include degree_bound check
+        // in constraints because the verifier can just verify the size of circuit.
+        assert!(
+            coefficients.coeffs.len() <= degree_bound + 1,
+            "polynomial degree out of bound"
+        );
+        coefficients
+            .evaluate(&sampled_domain_element)?
+            .is_eq(&sampled_evaluation_element)
+    }
+}
diff --git a/src/direct/mod.rs b/src/direct/mod.rs
@@ -0,0 +1,133 @@
+/// R1CS constraints for DirectLDT
+#[cfg(feature = "r1cs")]
+pub mod constraints;
+
+use crate::domain::Radix2CosetDomain;
+use ark_ff::PrimeField;
+use ark_poly::univariate::DensePolynomial;
+use ark_poly::Polynomial;
+use ark_std::marker::PhantomData;
+use ark_std::vec::Vec;
+/// Direct LDT by interpolating evaluations and truncating coefficients to low degree.
+pub struct DirectLDT<F: PrimeField> {
+    marker: PhantomData<F>,
+}
+
+/// A linear-communication protocol for testing if a function is a polynomial of certain degree.
+/// Method is described in Aurora appendix C.1.
+///
+/// For now, the domain of the function needs to support IFFT.
+impl<F: PrimeField> DirectLDT<F> {
+    /// ### Prover Side
+    ///
+    /// Generate the coefficient of the low-degree polynomial obtained by interpolating the domain evaluations.
+    /// The polynomial is trimmed to `degree_bound` as necessary.
+    pub fn generate_low_degree_coefficients(
+        domain: Radix2CosetDomain<F>,
+        evaluations: Vec<F>,
+        degree_bound: usize,
+    ) -> DensePolynomial<F> {
+        let mut poly = domain.interpolate(evaluations);
+        // trim higher degree: if poly is higher degree, then the soundness should fail
+        poly.coeffs.truncate(degree_bound + 1);
+        poly
+    }
+
+    /// ### Verifier Side
+    ///
+    /// Verifier sample one element from domain and get its evaluation. Check if that evaluation
+    /// agrees with low-degree polynomial.
+    pub fn verify_low_degree_single_round(
+        sampled_domain_element: F,
+        sampled_evaluation_element: F,
+        coefficients: &DensePolynomial<F>,
+    ) -> bool {
+        return coefficients.evaluate(&sampled_domain_element) == sampled_evaluation_element;
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use crate::direct::{DirectLDT, Radix2CosetDomain};
+    use ark_ff::UniformRand;
+    use ark_poly::univariate::DensePolynomial;
+    use ark_poly::{EvaluationDomain, Polynomial, Radix2EvaluationDomain, UVPolynomial};
+    use ark_r1cs_std::alloc::AllocVar;
+    use ark_r1cs_std::fields::fp::FpVar;
+    use ark_r1cs_std::fields::FieldVar;
+    use ark_r1cs_std::poly::evaluations::univariate::EvaluationsVar;
+    use ark_r1cs_std::R1CSVar;
+    use ark_relations::r1cs::ConstraintSystem;
+    use ark_std::test_rng;
+    use ark_test_curves::bls12_381::Fr;
+
+    #[test]
+    fn test_native_coset() {
+        let mut rng = test_rng();
+        let degree = 51;
+        let poly = DensePolynomial::<Fr>::rand(degree, &mut rng);
+        let base_domain = Radix2EvaluationDomain::new(degree + 1).unwrap();
+        let offset = Fr::rand(&mut rng);
+        let coset = Radix2CosetDomain::new(base_domain, offset);
+
+        // test evaluation
+        let expected_eval: Vec<_> = coset
+            .base_domain
+            .elements()
+            .map(|x| poly.evaluate(&(offset * x)))
+            .collect();
+        let actual_eval = coset.evaluate(&poly);
+        assert_eq!(actual_eval, expected_eval);
+
+        // test interpolation
+        let interpolated_poly = coset.interpolate(expected_eval.to_vec());
+        assert_eq!(interpolated_poly, poly);
+
+        // test consistency with r1cs-std
+        let cs = ConstraintSystem::new_ref();
+        let eval_var: Vec<_> = expected_eval
+            .iter()
+            .map(|x| FpVar::new_witness(ark_relations::ns!(cs, "eval_var"), || Ok(*x)).unwrap())
+            .collect();
+        let r1cs_coset = ark_r1cs_std::poly::domain::Radix2DomainVar {
+            gen: base_domain.group_gen,
+            offset: FpVar::constant(offset),
+            dim: ark_std::log2(degree.next_power_of_two()) as u64,
+        };
+        let eval_var = EvaluationsVar::from_vec_and_domain(eval_var, r1cs_coset, true);
+
+        let pt = Fr::rand(&mut rng);
+        let pt_var = FpVar::new_witness(ark_relations::ns!(cs, "random point"), || Ok(pt)).unwrap();
+
+        let expected = poly.evaluate(&pt);
+        let actual = eval_var.interpolate_and_evaluate(&pt_var).unwrap();
+
+        assert_eq!(actual.value().unwrap(), expected);
+        assert!(cs.is_satisfied().unwrap());
+    }
+
+    #[test]
+    fn test_direct_ldt() {
+        let degree = 51;
+
+        let mut rng = test_rng();
+        let poly = DensePolynomial::<Fr>::rand(degree, &mut rng);
+        let domain_coset = Radix2CosetDomain::new_radix2_coset(52, Fr::rand(&mut rng));
+        let evaluations = domain_coset.evaluate(&poly);
+
+        let low_degree_poly = DirectLDT::generate_low_degree_coefficients(
+            domain_coset.clone(),
+            evaluations.to_vec(),
+            degree,
+        );
+
+        let sampled_element = domain_coset.element(15);
+        let sampled_evaluation = evaluations[15];
+
+        assert!(DirectLDT::verify_low_degree_single_round(
+            sampled_element,
+            sampled_evaluation,
+            &low_degree_poly
+        ))
+    }
+}