control num_instances in one place to improve soundness check
#901
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hero78119
changed the title
hero78119
commented
Apr 9, 2025
| pub raw_pi: Vec<Vec<E::BaseField>>, | ||
| // the evaluation of raw_pi. | ||
| pub pi_evals: Vec<E>, | ||
| opcode_proofs: BTreeMap<String, (usize, ZKVMOpcodeProof<E, PCS>)>, |
There was a problem hiding this comment.
here we have
- String: circuit name
- usize: circuit index
to carry information in proof. However a malicious prover can make both inconsistent.
The new fixed avoid duplicated information appear in different place
hero78119
force-pushed
the
feat/centralize_num_vars
branch
from
e41a67c to
1025644
Compare
hero78119
commented
Apr 9, 2025
| }) | ||
| .collect_vec(); | ||
|
|
||
| // (non uniform) collect dynamic address hints as witness for verifier |
There was a problem hiding this comment.
Move this information from table proof to centralized place, and aligned with opcode proof with same terminology: num_instance
hero78119
force-pushed
the
feat/centralize_num_vars
branch
from
1025644 to
005efdc
Compare
hero78119
changed the title
num_instances in one place to improve soundness check
hero78119
commented
Apr 9, 2025
| let mpcs_opcode_commitment = self | ||
| .opcode_proofs | ||
| .iter() | ||
| .map(|(circuit_name, (_, proof))| { |
There was a problem hiding this comment.
These change make less readibility since now we lost circuit_name and instead only circuit index. But it's ok we fix it later, for now mpcs still be the major bottleneck of proof size
github-merge-queue bot
pushed a commit
that referenced
this pull request
Apr 17, 2025
Build on top of #901. ### Design rationale zkvm + mpcs api: use `batch_commit/batch_opening` to commit/open **ALL** opcode together. In more detail, we commit `fixed_commit` and `witin_commit` separately with just one opening. basefold: batch opcodes with rmm with different "height", in other words, different "num_vars". For basefold to batch opcodes with different variables, for sumcheck part we apply suffix alignment techniques based on #870. For FRI part, we also apply suffix alignment techniques. So the smaller codeword will "involved" into the folding process when current length match. During implementation, there is key principle in mind: verifier only rely on one untrusted information "num_instances" from prover, and other information should derived from verifier key. ### Working items - [x] mpcs batch api + batch basefold prover - [x] batch basefold verifier ### Fibonacci Benchmark Results | Size | Branch | Proof Size | E2E Latency Change | Prover Speed (kHz) | |----------|----------------------|------------|--------------------|---------------------| | 2²⁰ | Master | 14.68 MB | - | 363 | | 2²⁰ | Batched + conjecture | 1.16 MB | -14.195% | 422 | | 2²⁰ | Batched | 2.02 MB | -11.599% | 411 | | 2²¹ | Master | 15.53 MB | - | 411 | | 2²¹ | Batched + conjecture | 1.24 MB | -11.178% | 451 | | 2²¹ | Batched | 2.16 MB | -6.4525% | 428 | | 2²² | Master | 16.42 MB | - | 406 | | 2²² | Batched + conjecture | 1.31 MB | -11.178% | 433 | | 2²² | Batched | 2.31 MB | -13.691% | 448 |
|
covered via #894 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This features is preliminary support to batched all opcode/table in one mpcs proof #894
Previously we got few issues
num_instanceare specify in each opcode proofrw_hint_varare specify in each table proofwhile both are describe the same thing in different place, which make thing hard to control and make room for malicious prover to crack based on inconsistency.
In this PR, we unify num_instance in one central place, and do a strictly check of it's consistency.
This also addressed feature in #648