packing.hpp
Go to the documentation of this file.
1 //---------------------------------------------------------------------------//
2 // Copyright (c) 2018-2021 Mikhail Komarov <nemo@nil.foundation>
3 // Copyright (c) 2020-2021 Nikita Kaskov <nbering@nil.foundation>
4 //
5 // MIT License
6 //
7 // Permission is hereby granted, free of charge, to any person obtaining a copy
8 // of this software and associated documentation files (the "Software"), to deal
9 // in the Software without restriction, including without limitation the rights
10 // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 // copies of the Software, and to permit persons to whom the Software is
12 // furnished to do so, subject to the following conditions:
13 //
14 // The above copyright notice and this permission notice shall be included in all
15 // copies or substantial portions of the Software.
16 //
17 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20 // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 // SOFTWARE.
24 //---------------------------------------------------------------------------//
25 
26 #ifndef CRYPTO3_ZK_BLUEPRINT_BASIC_COMPONENTS_HPP
27 #define CRYPTO3_ZK_BLUEPRINT_BASIC_COMPONENTS_HPP
28 
29 #include <cassert>
30 #include <memory>
31 
32 #include <nil/crypto3/zk/components/component.hpp>
33 
34 #include <nil/crypto3/multiprecision/number.hpp>
35 #include <nil/crypto3/zk/snark/relations/constraint_satisfaction_problems/r1cs.hpp>
36 
37 namespace nil {
38  namespace crypto3 {
39  namespace zk {
40  namespace components {
41 
42  /* forces lc to take value 0 or 1 by adding constraint lc * (1-lc) = 0 */
43  template<typename FieldType>
44  void generate_boolean_r1cs_constraint(blueprint<FieldType> &bp,
45  const blueprint_linear_combination<FieldType> &lc) {
46  bp.add_r1cs_constraint(snark::r1cs_constraint<FieldType>(lc, 1 - lc, 0));
47  }
48 
49  template<typename FieldType>
50  void generate_r1cs_equals_const_constraint(blueprint<FieldType> &bp,
51  const blueprint_linear_combination<FieldType> &lc,
52  const typename FieldType::value_type &c) {
53  bp.add_r1cs_constraint(snark::r1cs_constraint<FieldType>(1, lc, c));
54  }
55 
56  template<typename FieldType>
57  class packing_component : public component<FieldType> {
58  private:
59  /* no internal variables */
60  public:
61  const blueprint_linear_combination_vector<FieldType> bits;
62  const blueprint_linear_combination<FieldType> packed;
63 
64  packing_component(blueprint<FieldType> &bp,
65  const blueprint_linear_combination_vector<FieldType> &bits,
66  const blueprint_linear_combination<FieldType> &packed) :
67  component<FieldType>(bp),
68  bits(bits), packed(packed) {
69  }
70 
71  /* adds constraint result = \sum bits[i] * 2^i */
72  void generate_r1cs_constraints(bool enforce_bitness) {
73  this->bp.add_r1cs_constraint(
74  snark::r1cs_constraint<FieldType>(1, blueprint_packing_sum<FieldType>(bits), packed));
75 
76  if (enforce_bitness) {
77  for (std::size_t i = 0; i < bits.size(); ++i) {
78  generate_boolean_r1cs_constraint<FieldType>(this->bp, bits[i]);
79  }
80  }
81  }
82 
83  void generate_r1cs_witness_from_packed() {
84  packed.evaluate(this->bp);
85  auto lc_val = this->bp.lc_val(packed).data;
86 
87  // assert(lc_val == 0 ||
88  // multiprecision::msb(lc_val) + 1 <=
89  // bits.size()); // `bits` is large enough to represent this packed value
90  bits.fill_with_bits_of_field_element(this->bp, this->bp.lc_val(packed));
91  }
92 
93  void generate_r1cs_witness_from_bits() {
94  bits.evaluate(this->bp);
95  this->bp.lc_val(packed) = bits.get_field_element_from_bits(this->bp);
96  }
97  };
98 
99  template<typename FieldType>
100  class multipacking_component : public component<FieldType> {
101  private:
102  std::vector<packing_component<FieldType>> packers;
103 
104  public:
105  const blueprint_linear_combination_vector<FieldType> bits;
106  const blueprint_linear_combination_vector<FieldType> packed_vars;
107 
108  const std::size_t chunk_size;
109  const std::size_t num_chunks;
110  // const std::size_t last_chunk_size;
111 
112  // last_chunk_size(bits.size() - (num_chunks-1) * chunk_size)
113  multipacking_component(blueprint<FieldType> &bp,
114  const blueprint_linear_combination_vector<FieldType> &bits,
115  const blueprint_linear_combination_vector<FieldType> &packed_vars,
116  std::size_t chunk_size) :
117  component<FieldType>(bp),
118  bits(bits), packed_vars(packed_vars), chunk_size(chunk_size),
119  num_chunks((bits.size() + (chunk_size - 1)) / chunk_size) {
120 
121  assert(packed_vars.size() == num_chunks);
122  for (std::size_t i = 0; i < num_chunks; ++i) {
123  packers.emplace_back(packing_component<FieldType>(
124  this->bp,
125  blueprint_linear_combination_vector<FieldType>(
126  bits.begin() + i * chunk_size,
127  bits.begin() + std::min((i + 1) * chunk_size, bits.size())),
128  packed_vars[i]));
129  }
130  }
131 
132  void generate_r1cs_constraints(bool enforce_bitness) {
133  for (std::size_t i = 0; i < num_chunks; ++i) {
134  packers[i].generate_r1cs_constraints(enforce_bitness);
135  }
136  }
137 
138  void generate_r1cs_witness_from_packed() {
139  for (std::size_t i = 0; i < num_chunks; ++i) {
140  packers[i].generate_r1cs_witness_from_packed();
141  }
142  }
143 
144  void generate_r1cs_witness_from_bits() {
145  for (std::size_t i = 0; i < num_chunks; ++i) {
146  packers[i].generate_r1cs_witness_from_bits();
147  }
148  }
149  };
150 
151  template<typename FieldType>
152  class field_vector_copy_component : public component<FieldType> {
153  public:
154  const blueprint_variable_vector<FieldType> source;
155  const blueprint_variable_vector<FieldType> target;
156  const blueprint_linear_combination<FieldType> do_copy;
157 
158  field_vector_copy_component(blueprint<FieldType> &bp,
159  const blueprint_variable_vector<FieldType> &source,
160  const blueprint_variable_vector<FieldType> &target,
161  const blueprint_linear_combination<FieldType> &do_copy) :
162  component<FieldType>(bp),
163  source(source), target(target), do_copy(do_copy) {
164 
165  assert(source.size() == target.size());
166  }
167  void generate_r1cs_constraints() {
168  for (std::size_t i = 0; i < source.size(); ++i) {
169  this->bp.add_r1cs_constraint(
170  snark::r1cs_constraint<FieldType>(do_copy, source[i] - target[i], 0));
171  }
172  }
173 
174  void generate_r1cs_witness() {
175  do_copy.evaluate(this->bp);
176  assert(this->bp.lc_val(do_copy) == FieldType::value_type::one() ||
177  this->bp.lc_val(do_copy) == FieldType::value_type::zero());
178  if (this->bp.lc_val(do_copy) != FieldType::value_type::zero()) {
179  for (std::size_t i = 0; i < source.size(); ++i) {
180  this->bp.val(target[i]) = this->bp.val(source[i]);
181  }
182  }
183  }
184  };
185 
186  template<typename FieldType>
187  class bit_vector_copy_component : public component<FieldType> {
188  public:
189  const blueprint_variable_vector<FieldType> source_bits;
190  const blueprint_variable_vector<FieldType> target_bits;
191  const blueprint_linear_combination<FieldType> do_copy;
192 
193  blueprint_variable_vector<FieldType> packed_source;
194  blueprint_variable_vector<FieldType> packed_target;
195 
196  std::shared_ptr<multipacking_component<FieldType>> pack_source;
197  std::shared_ptr<multipacking_component<FieldType>> pack_target;
198  std::shared_ptr<field_vector_copy_component<FieldType>> copier;
199 
200  const std::size_t chunk_size;
201  const std::size_t num_chunks;
202 
203  bit_vector_copy_component(blueprint<FieldType> &bp,
204  const blueprint_variable_vector<FieldType> &source_bits,
205  const blueprint_variable_vector<FieldType> &target_bits,
206  const blueprint_linear_combination<FieldType> &do_copy,
207  std::size_t chunk_size) :
208  component<FieldType>(bp),
209  source_bits(source_bits), target_bits(target_bits), do_copy(do_copy), chunk_size(chunk_size),
210  num_chunks((source_bits.size() + (chunk_size - 1)) / chunk_size) {
211 
212  assert(source_bits.size() == target_bits.size());
213 
214  packed_source.allocate(bp, num_chunks);
215  pack_source.reset(
216  new multipacking_component<FieldType>(bp, source_bits, packed_source, chunk_size));
217 
218  packed_target.allocate(bp, num_chunks);
219  pack_target.reset(
220  new multipacking_component<FieldType>(bp, target_bits, packed_target, chunk_size));
221 
222  copier.reset(
223  new field_vector_copy_component<FieldType>(bp, packed_source, packed_target, do_copy));
224  }
225 
226  void generate_r1cs_constraints(bool enforce_source_bitness, bool enforce_target_bitness) {
227  pack_source->generate_r1cs_constraints(enforce_source_bitness);
228  pack_target->generate_r1cs_constraints(enforce_target_bitness);
229 
230  copier->generate_r1cs_constraints();
231  }
232 
233  void generate_r1cs_witness() {
234  do_copy.evaluate(this->bp);
235  assert(this->bp.lc_val(do_copy) == FieldType::value_type::zero() ||
236  this->bp.lc_val(do_copy) == FieldType::value_type::one());
237  if (this->bp.lc_val(do_copy) == FieldType::value_type::one()) {
238  for (std::size_t i = 0; i < source_bits.size(); ++i) {
239  this->bp.val(target_bits[i]) = this->bp.val(source_bits[i]);
240  }
241  }
242 
243  pack_source->generate_r1cs_witness_from_bits();
244  pack_target->generate_r1cs_witness_from_bits();
245  }
246  };
247 
248  template<typename FieldType>
249  class dual_variable_component : public component<FieldType> {
250  private:
251  std::shared_ptr<packing_component<FieldType>> consistency_check;
252 
253  public:
254  blueprint_variable<FieldType> packed;
255  blueprint_variable_vector<FieldType> bits;
256 
257  dual_variable_component(blueprint<FieldType> &bp, std::size_t width) : component<FieldType>(bp) {
258  packed.allocate(bp);
259  bits.allocate(bp, width);
260  consistency_check.reset(new packing_component<FieldType>(bp, bits, packed));
261  }
262 
263  dual_variable_component(blueprint<FieldType> &bp,
264  const blueprint_variable_vector<FieldType> &bits) :
265  component<FieldType>(bp),
266  bits(bits) {
267  packed.allocate(bp);
268  consistency_check.reset(new packing_component<FieldType>(bp, bits, packed));
269  }
270 
271  dual_variable_component(blueprint<FieldType> &bp, const blueprint_variable<FieldType> &packed,
272  std::size_t width) :
273  component<FieldType>(bp),
274  packed(packed) {
275  bits.allocate(bp, width);
276  consistency_check.reset(new packing_component<FieldType>(bp, bits, packed));
277  }
278 
279  void generate_r1cs_constraints(bool enforce_bitness) {
280  consistency_check->generate_r1cs_constraints(enforce_bitness);
281  }
282 
283  void generate_r1cs_witness_from_packed() {
284  consistency_check->generate_r1cs_witness_from_packed();
285  }
286  void generate_r1cs_witness_from_bits() {
287  consistency_check->generate_r1cs_witness_from_bits();
288  }
289  };
290 
291  template<typename FieldType, typename VarT>
292  void create_linear_combination_constraints(
293  blueprint<FieldType> &bp,
294  const std::vector<typename FieldType::value_type> &base,
295  const std::vector<std::pair<VarT, typename FieldType::value_type>> &v,
296  const VarT &target) {
297 
298  for (std::size_t i = 0; i < base.size(); ++i) {
299  blueprint_linear_combination<FieldType> a, b, c;
300 
301  a.add_term(blueprint_variable<FieldType>(0));
302  b.add_term(blueprint_variable<FieldType>(0), base[i]);
303 
304  for (auto &p : v) {
305  b.add_term(p.first.all_vars[i], p.second);
306  }
307 
308  c.add_term(target.all_vars[i]);
309 
310  bp.add_r1cs_constraint(snark::r1cs_constraint<FieldType>(a, b, c));
311  }
312  }
313 
314  template<typename FieldType, typename VarT>
315  void create_linear_combination_witness(
316  blueprint<FieldType> &bp,
317  const std::vector<typename FieldType::value_type> &base,
318  const std::vector<std::pair<VarT, typename FieldType::value_type>> &v,
319  const VarT &target) {
320  for (std::size_t i = 0; i < base.size(); ++i) {
321  bp.val(target.all_vars[i]) = base[i];
322 
323  for (auto &p : v) {
324  bp.val(target.all_vars[i]) += p.second * bp.val(p.first.all_vars[i]);
325  }
326  }
327  }
328 
329  template<typename FieldType>
330  std::size_t multipacking_num_chunks(const std::size_t num_bits) {
331  return (num_bits + (FieldType::capacity()) - 1) / FieldType::capacity();
332  }
333 
334  } // namespace components
335  } // namespace zk
336  } // namespace crypto3
337 } // namespace nil
338 #endif // CRYPTO3_ZK_BLUEPRINT_BASIC_COMPONENTS_HPP
nil::crypto3::zk::components::bit_vector_copy_component
Definition: packing.hpp:187
nil::crypto3::zk::components::bit_vector_copy_component::chunk_size
const std::size_t chunk_size
Definition: packing.hpp:200
nil::crypto3::zk::components::bit_vector_copy_component::bit_vector_copy_component
bit_vector_copy_component(blueprint< FieldType > &bp, const blueprint_variable_vector< FieldType > &source_bits, const blueprint_variable_vector< FieldType > &target_bits, const blueprint_linear_combination< FieldType > &do_copy, std::size_t chunk_size)
Definition: packing.hpp:203
nil::crypto3::zk::components::bit_vector_copy_component::packed_source
blueprint_variable_vector< FieldType > packed_source
Definition: packing.hpp:193
nil::crypto3::zk::components::bit_vector_copy_component::pack_target
std::shared_ptr< multipacking_component< FieldType > > pack_target
Definition: packing.hpp:197
nil::crypto3::zk::components::bit_vector_copy_component::do_copy
const blueprint_linear_combination< FieldType > do_copy
Definition: packing.hpp:191
nil::crypto3::zk::components::bit_vector_copy_component::generate_r1cs_constraints
void generate_r1cs_constraints(bool enforce_source_bitness, bool enforce_target_bitness)
Definition: packing.hpp:226
nil::crypto3::zk::components::bit_vector_copy_component::num_chunks
const std::size_t num_chunks
Definition: packing.hpp:201
nil::crypto3::zk::components::bit_vector_copy_component::packed_target
blueprint_variable_vector< FieldType > packed_target
Definition: packing.hpp:194
nil::crypto3::zk::components::bit_vector_copy_component::pack_source
std::shared_ptr< multipacking_component< FieldType > > pack_source
Definition: packing.hpp:196
nil::crypto3::zk::components::bit_vector_copy_component::target_bits
const blueprint_variable_vector< FieldType > target_bits
Definition: packing.hpp:190
nil::crypto3::zk::components::bit_vector_copy_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: packing.hpp:233
nil::crypto3::zk::components::bit_vector_copy_component::copier
std::shared_ptr< field_vector_copy_component< FieldType > > copier
Definition: packing.hpp:198
nil::crypto3::zk::components::bit_vector_copy_component::source_bits
const blueprint_variable_vector< FieldType > source_bits
Definition: packing.hpp:189
nil::crypto3::zk::components::blueprint_linear_combination_vector
Definition: blueprint_linear_combination.hpp:115
nil::crypto3::zk::components::blueprint_linear_combination
Definition: blueprint_linear_combination.hpp:47
nil::crypto3::zk::components::blueprint_variable_vector
Definition: blueprint_variable.hpp:57
nil::crypto3::zk::components::blueprint_variable
Definition: blueprint_variable.hpp:46
nil::crypto3::zk::components::blueprint
Definition: blueprint.hpp:46
nil::crypto3::zk::components::blueprint::val
FieldType::value_type & val(const blueprint_variable< FieldType > &var)
Definition: blueprint.hpp:70
nil::crypto3::zk::components::blueprint::add_r1cs_constraint
void add_r1cs_constraint(const snark::r1cs_constraint< FieldType > &constr)
Definition: blueprint.hpp:98
nil::crypto3::zk::components::component
Definition: component.hpp:37
nil::crypto3::zk::components::component::bp
blueprint< FieldType > & bp
Definition: component.hpp:39
nil::crypto3::zk::components::dual_variable_component
Definition: packing.hpp:249
nil::crypto3::zk::components::dual_variable_component::generate_r1cs_constraints
void generate_r1cs_constraints(bool enforce_bitness)
Definition: packing.hpp:279
nil::crypto3::zk::components::dual_variable_component::dual_variable_component
dual_variable_component(blueprint< FieldType > &bp, const blueprint_variable< FieldType > &packed, std::size_t width)
Definition: packing.hpp:271
nil::crypto3::zk::components::dual_variable_component::generate_r1cs_witness_from_bits
void generate_r1cs_witness_from_bits()
Definition: packing.hpp:286
nil::crypto3::zk::components::dual_variable_component::packed
blueprint_variable< FieldType > packed
Definition: packing.hpp:254
nil::crypto3::zk::components::dual_variable_component::generate_r1cs_witness_from_packed
void generate_r1cs_witness_from_packed()
Definition: packing.hpp:283
nil::crypto3::zk::components::dual_variable_component::dual_variable_component
dual_variable_component(blueprint< FieldType > &bp, std::size_t width)
Definition: packing.hpp:257
nil::crypto3::zk::components::dual_variable_component::bits
blueprint_variable_vector< FieldType > bits
Definition: packing.hpp:255
nil::crypto3::zk::components::dual_variable_component::dual_variable_component
dual_variable_component(blueprint< FieldType > &bp, const blueprint_variable_vector< FieldType > &bits)
Definition: packing.hpp:263
nil::crypto3::zk::components::field_vector_copy_component
Definition: packing.hpp:152
nil::crypto3::zk::components::field_vector_copy_component::do_copy
const blueprint_linear_combination< FieldType > do_copy
Definition: packing.hpp:156
nil::crypto3::zk::components::field_vector_copy_component::source
const blueprint_variable_vector< FieldType > source
Definition: packing.hpp:154
nil::crypto3::zk::components::field_vector_copy_component::target
const blueprint_variable_vector< FieldType > target
Definition: packing.hpp:155
nil::crypto3::zk::components::field_vector_copy_component::field_vector_copy_component
field_vector_copy_component(blueprint< FieldType > &bp, const blueprint_variable_vector< FieldType > &source, const blueprint_variable_vector< FieldType > &target, const blueprint_linear_combination< FieldType > &do_copy)
Definition: packing.hpp:158
nil::crypto3::zk::components::field_vector_copy_component::generate_r1cs_witness
void generate_r1cs_witness()
Definition: packing.hpp:174
nil::crypto3::zk::components::field_vector_copy_component::generate_r1cs_constraints
void generate_r1cs_constraints()
Definition: packing.hpp:167
nil::crypto3::zk::components::multipacking_component
Definition: packing.hpp:100
nil::crypto3::zk::components::multipacking_component::multipacking_component
multipacking_component(blueprint< FieldType > &bp, const blueprint_linear_combination_vector< FieldType > &bits, const blueprint_linear_combination_vector< FieldType > &packed_vars, std::size_t chunk_size)
Definition: packing.hpp:113
nil::crypto3::zk::components::multipacking_component::generate_r1cs_constraints
void generate_r1cs_constraints(bool enforce_bitness)
Definition: packing.hpp:132
nil::crypto3::zk::components::multipacking_component::num_chunks
const std::size_t num_chunks
Definition: packing.hpp:109
nil::crypto3::zk::components::multipacking_component::packed_vars
const blueprint_linear_combination_vector< FieldType > packed_vars
Definition: packing.hpp:106
nil::crypto3::zk::components::multipacking_component::generate_r1cs_witness_from_bits
void generate_r1cs_witness_from_bits()
Definition: packing.hpp:144
nil::crypto3::zk::components::multipacking_component::bits
const blueprint_linear_combination_vector< FieldType > bits
Definition: packing.hpp:105
nil::crypto3::zk::components::multipacking_component::generate_r1cs_witness_from_packed
void generate_r1cs_witness_from_packed()
Definition: packing.hpp:138
nil::crypto3::zk::components::multipacking_component::chunk_size
const std::size_t chunk_size
Definition: packing.hpp:108
nil::crypto3::zk::components::packing_component
Definition: packing.hpp:57
nil::crypto3::zk::components::packing_component::packed
const blueprint_linear_combination< FieldType > packed
Definition: packing.hpp:62
nil::crypto3::zk::components::packing_component::generate_r1cs_witness_from_bits
void generate_r1cs_witness_from_bits()
Definition: packing.hpp:93
nil::crypto3::zk::components::packing_component::bits
const blueprint_linear_combination_vector< FieldType > bits
Definition: packing.hpp:61
nil::crypto3::zk::components::packing_component::packing_component
packing_component(blueprint< FieldType > &bp, const blueprint_linear_combination_vector< FieldType > &bits, const blueprint_linear_combination< FieldType > &packed)
Definition: packing.hpp:64
nil::crypto3::zk::components::packing_component::generate_r1cs_constraints
void generate_r1cs_constraints(bool enforce_bitness)
Definition: packing.hpp:72
nil::crypto3::zk::components::packing_component::generate_r1cs_witness_from_packed
void generate_r1cs_witness_from_packed()
Definition: packing.hpp:83
nil::crypto3::algebra::min
constexpr T min(const vector< T, N > &v)
computes the minimum valued element
Definition: algebra/include/nil/crypto3/algebra/vector/math.hpp:135
nil::crypto3::algebra::vector
vector(T, U...) -> vector< std::enable_if_t<(std::is_same_v< T, U > &&...), T >, 1+sizeof...(U)>
deduction guide for uniform initialization
nil::crypto3::zk::components::generate_r1cs_equals_const_constraint
void generate_r1cs_equals_const_constraint(blueprint< FieldType > &bp, const blueprint_linear_combination< FieldType > &lc, const typename FieldType::value_type &c)
Definition: packing.hpp:50
nil::crypto3::zk::components::create_linear_combination_constraints
void create_linear_combination_constraints(blueprint< FieldType > &bp, const std::vector< typename FieldType::value_type > &base, const std::vector< std::pair< VarT, typename FieldType::value_type >> &v, const VarT &target)
Definition: packing.hpp:292
nil::crypto3::zk::components::multipacking_num_chunks
std::size_t multipacking_num_chunks(const std::size_t num_bits)
Definition: packing.hpp:330
nil::crypto3::zk::components::create_linear_combination_witness
void create_linear_combination_witness(blueprint< FieldType > &bp, const std::vector< typename FieldType::value_type > &base, const std::vector< std::pair< VarT, typename FieldType::value_type >> &v, const VarT &target)
Definition: packing.hpp:315
nil::crypto3::zk::components::generate_boolean_r1cs_constraint
void generate_boolean_r1cs_constraint(blueprint< FieldType > &bp, const blueprint_linear_combination< FieldType > &lc)
Definition: packing.hpp:44
nil
Definition: pair.hpp:31
nil::crypto3::zk::snark::linear_combination::add_term
void add_term(const variable< FieldType > &var)
Definition: variable.hpp:277
nil::crypto3::zk::snark::r1cs_constraint
Definition: r1cs.hpp:60