chore(zk): regroup compute load proof optionals

zama-ai · Oct 29, 2024 · df9fd6c · df9fd6c
1 parent 69482de
commit df9fd6c
Show file tree

Hide file tree

Showing 8 changed files with 533 additions and 182 deletions.
diff --git a/tfhe-zk-pok/src/backward_compatibility/mod.rs b/tfhe-zk-pok/src/backward_compatibility/mod.rs
@@ -1,8 +1,12 @@
+pub mod pke;
+pub mod pke_v2;
+
+use std::error::Error;
+use std::fmt::Display;
+
 use tfhe_versionable::VersionsDispatch;
 
-use crate::curve_api::{Compressible, Curve};
-use crate::proofs::pke::{CompressedProof as PKEv1CompressedProof, Proof as PKEv1Proof};
-use crate::proofs::pke_v2::{CompressedProof as PKEv2CompressedProof, Proof as PKEv2Proof};
+use crate::curve_api::Curve;
 use crate::proofs::GroupElements;
 use crate::serialization::{
     SerializableAffine, SerializableCubicExtField, SerializableFp, SerializableFp2,
@@ -34,33 +38,20 @@ pub type SerializableG1AffineVersions = SerializableAffineVersions<SerializableF
 pub type SerializableG2AffineVersions = SerializableAffineVersions<SerializableFp2>;
 pub type SerializableFp12Versions = SerializableQuadExtFieldVersions<SerializableFp6>;
 
-#[derive(VersionsDispatch)]
-pub enum PKEv1ProofVersions<G: Curve> {
-    V0(PKEv1Proof<G>),
-}
-
-#[derive(VersionsDispatch)]
-pub enum PKEv2ProofVersions<G: Curve> {
-    V0(PKEv2Proof<G>),
-}
+/// The proof was missing some elements
+#[derive(Debug)]
+pub struct IncompleteProof;
 
-#[derive(VersionsDispatch)]
-pub enum PKEv1CompressedProofVersions<G: Curve>
-where
-    G::G1: Compressible,
-    G::G2: Compressible,
-{
-    V0(PKEv1CompressedProof<G>),
+impl Display for IncompleteProof {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(
+            f,
+            "incomplete serialized ZK proof, missing some pre-computed elements"
+        )
+    }
 }
 
-#[derive(VersionsDispatch)]
-pub enum PKEv2CompressedProofVersions<G: Curve>
-where
-    G::G1: Compressible,
-    G::G2: Compressible,
-{
-    V0(PKEv2CompressedProof<G>),
-}
+impl Error for IncompleteProof {}
 
 #[derive(VersionsDispatch)]
 #[allow(dead_code)]

diff --git a/tfhe-zk-pok/src/backward_compatibility/pke.rs b/tfhe-zk-pok/src/backward_compatibility/pke.rs
@@ -0,0 +1,117 @@
+use tfhe_versionable::{Upgrade, Version, VersionsDispatch};
+
+use crate::curve_api::{CompressedG1, CompressedG2, Compressible, Curve};
+use crate::proofs::pke::{
+    CompressedComputeLoadProofFields, CompressedProof, ComputeLoadProofFields, Proof,
+};
+
+use super::IncompleteProof;
+
+#[derive(Version)]
+pub struct ProofV0<G: Curve> {
+    c_hat: G::G2,
+    c_y: G::G1,
+    pi: G::G1,
+    c_hat_t: Option<G::G2>,
+    c_h: Option<G::G1>,
+    pi_kzg: Option<G::G1>,
+}
+
+impl<G: Curve> Upgrade<Proof<G>> for ProofV0<G> {
+    type Error = IncompleteProof;
+
+    fn upgrade(self) -> Result<Proof<G>, Self::Error> {
+        let compute_load_proof_fields = match (self.c_hat_t, self.c_h, self.pi_kzg) {
+            (None, None, None) => None,
+            (Some(c_hat_t), Some(c_h), Some(pi_kzg)) => Some(ComputeLoadProofFields {
+                c_hat_t,
+                c_h,
+                pi_kzg,
+            }),
+            _ => {
+                return Err(IncompleteProof);
+            }
+        };
+
+        Ok(Proof {
+            c_hat: self.c_hat,
+            c_y: self.c_y,
+            pi: self.pi,
+            compute_load_proof_fields,
+        })
+    }
+}
+
+#[derive(VersionsDispatch)]
+pub enum ProofVersions<G: Curve> {
+    V0(ProofV0<G>),
+    V1(Proof<G>),
+}
+
+#[derive(VersionsDispatch)]
+#[allow(dead_code)]
+pub(crate) enum ComputeLoadProofFieldVersions<G: Curve> {
+    V0(ComputeLoadProofFields<G>),
+}
+
+pub struct CompressedProofV0<G: Curve>
+where
+    G::G1: Compressible,
+    G::G2: Compressible,
+{
+    c_hat: CompressedG2<G>,
+    c_y: CompressedG1<G>,
+    pi: CompressedG1<G>,
+    c_hat_t: Option<CompressedG2<G>>,
+    c_h: Option<CompressedG1<G>>,
+    pi_kzg: Option<CompressedG1<G>>,
+}
+
+impl<G: Curve> Upgrade<CompressedProof<G>> for CompressedProofV0<G>
+where
+    G::G1: Compressible,
+    G::G2: Compressible,
+{
+    type Error = IncompleteProof;
+
+    fn upgrade(self) -> Result<CompressedProof<G>, Self::Error> {
+        let compute_load_proof_fields = match (self.c_hat_t, self.c_h, self.pi_kzg) {
+            (None, None, None) => None,
+            (Some(c_hat_t), Some(c_h), Some(pi_kzg)) => Some(CompressedComputeLoadProofFields {
+                c_hat_t,
+                c_h,
+                pi_kzg,
+            }),
+            _ => {
+                return Err(IncompleteProof);
+            }
+        };
+
+        Ok(CompressedProof {
+            c_hat: self.c_hat,
+            c_y: self.c_y,
+            pi: self.pi,
+            compute_load_proof_fields,
+        })
+    }
+}
+
+#[derive(VersionsDispatch)]
+pub enum CompressedProofVersions<G: Curve>
+where
+    G::G1: Compressible,
+    G::G2: Compressible,
+{
+    V0(CompressedProofV0<G>),
+    V1(CompressedProof<G>),
+}
+
+#[derive(VersionsDispatch)]
+#[allow(dead_code)]
+pub(crate) enum CompressedComputeLoadProofFieldsVersions<G: Curve>
+where
+    G::G1: Compressible,
+    G::G2: Compressible,
+{
+    V0(CompressedComputeLoadProofFields<G>),
+}
diff --git a/tfhe-zk-pok/src/backward_compatibility/pke_v2.rs b/tfhe-zk-pok/src/backward_compatibility/pke_v2.rs
@@ -0,0 +1,142 @@
+// to follow the notation of the paper
+#![allow(non_snake_case)]
+
+use tfhe_versionable::{Upgrade, Version, VersionsDispatch};
+
+use crate::curve_api::{CompressedG1, CompressedG2, Compressible, Curve};
+use crate::proofs::pke_v2::{
+    CompressedComputeLoadProofFields, CompressedProof, ComputeLoadProofFields, Proof,
+};
+
+use super::IncompleteProof;
+
+#[derive(Version)]
+pub struct ProofV0<G: Curve> {
+    C_hat_e: G::G2,
+    C_e: G::G1,
+    C_r_tilde: G::G1,
+    C_R: G::G1,
+    C_hat_bin: G::G2,
+    C_y: G::G1,
+    C_h1: G::G1,
+    C_h2: G::G1,
+    C_hat_t: G::G2,
+    pi: G::G1,
+    pi_kzg: G::G1,
+
+    C_hat_h3: Option<G::G2>,
+    C_hat_w: Option<G::G2>,
+}
+
+impl<G: Curve> Upgrade<Proof<G>> for ProofV0<G> {
+    type Error = IncompleteProof;
+
+    fn upgrade(self) -> Result<Proof<G>, Self::Error> {
+        let compute_load_proof_fields = match (self.C_hat_h3, self.C_hat_w) {
+            (None, None) => None,
+            (Some(C_hat_h3), Some(C_hat_w)) => Some(ComputeLoadProofFields { C_hat_h3, C_hat_w }),
+            _ => return Err(IncompleteProof),
+        };
+
+        Ok(Proof {
+            C_hat_e: self.C_hat_e,
+            C_e: self.C_e,
+            C_r_tilde: self.C_r_tilde,
+            C_R: self.C_R,
+            C_hat_bin: self.C_hat_bin,
+            C_y: self.C_y,
+            C_h1: self.C_h1,
+            C_h2: self.C_h2,
+            C_hat_t: self.C_hat_t,
+            pi: self.pi,
+            pi_kzg: self.pi_kzg,
+            compute_load_proof_fields,
+        })
+    }
+}
+
+#[derive(VersionsDispatch)]
+pub enum ProofVersions<G: Curve> {
+    V0(ProofV0<G>),
+    V1(Proof<G>),
+}
+
+#[derive(VersionsDispatch)]
+#[allow(dead_code)]
+pub(crate) enum ComputeLoadProofFieldVersions<G: Curve> {
+    V0(ComputeLoadProofFields<G>),
+}
+
+pub struct CompressedProofV0<G: Curve>
+where
+    G::G1: Compressible,
+    G::G2: Compressible,
+{
+    C_hat_e: CompressedG2<G>,
+    C_e: CompressedG1<G>,
+    C_r_tilde: CompressedG1<G>,
+    C_R: CompressedG1<G>,
+    C_hat_bin: CompressedG2<G>,
+    C_y: CompressedG1<G>,
+    C_h1: CompressedG1<G>,
+    C_h2: CompressedG1<G>,
+    C_hat_t: CompressedG2<G>,
+    pi: CompressedG1<G>,
+    pi_kzg: CompressedG1<G>,
+
+    C_hat_h3: Option<CompressedG2<G>>,
+    C_hat_w: Option<CompressedG2<G>>,
+}
+
+impl<G: Curve> Upgrade<CompressedProof<G>> for CompressedProofV0<G>
+where
+    G::G1: Compressible,
+    G::G2: Compressible,
+{
+    type Error = IncompleteProof;
+
+    fn upgrade(self) -> Result<CompressedProof<G>, Self::Error> {
+        let compute_load_proof_fields = match (self.C_hat_h3, self.C_hat_w) {
+            (None, None) => None,
+            (Some(C_hat_h3), Some(C_hat_w)) => {
+                Some(CompressedComputeLoadProofFields { C_hat_h3, C_hat_w })
+            }
+            _ => return Err(IncompleteProof),
+        };
+
+        Ok(CompressedProof {
+            C_hat_e: self.C_hat_e,
+            C_e: self.C_e,
+            C_r_tilde: self.C_r_tilde,
+            C_R: self.C_R,
+            C_hat_bin: self.C_hat_bin,
+            C_y: self.C_y,
+            C_h1: self.C_h1,
+            C_h2: self.C_h2,
+            C_hat_t: self.C_hat_t,
+            pi: self.pi,
+            pi_kzg: self.pi_kzg,
+            compute_load_proof_fields,
+        })
+    }
+}
+
+#[derive(VersionsDispatch)]
+pub enum CompressedProofVersions<G: Curve>
+where
+    G::G1: Compressible,
+    G::G2: Compressible,
+{
+    V0(CompressedProofV0<G>),
+    V1(CompressedProof<G>),
+}
+
+#[derive(VersionsDispatch)]
+#[allow(dead_code)]
+pub(crate) enum CompressedComputeLoadProofFieldsVersions<G: Curve>
+where
+    G::G1: Compressible,
+    G::G2: Compressible,
+{
+    V0(CompressedComputeLoadProofFields<G>),
+}
diff --git a/tfhe-zk-pok/src/curve_api.rs b/tfhe-zk-pok/src/curve_api.rs
@@ -128,6 +128,9 @@ pub trait Compressible: Sized {
     fn uncompress(compressed: Self::Compressed) -> Result<Self, Self::UncompressError>;
 }
 
+pub type CompressedG1<G> = <<G as Curve>::G1 as Compressible>::Compressed;
+pub type CompressedG2<G> = <<G as Curve>::G2 as Compressible>::Compressed;
+
 pub trait PairingGroupOps<Zp, G1, G2>:
     Copy
     + Send