Skip to content

refactor: replace rolling-hash transcript with spongefish NARG protocol #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
shreyas-londhe wants to merge 3 commits into
base: main
Choose a base branch
from
Open

refactor: replace rolling-hash transcript with spongefish NARG protocol #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2a45e4c
refactor: migrate Fiat-Shamir transcript to spongefish NARG protocol
shreyas-londhe Mar 6, 2026
fafce85
refactor: replace rolling-hash transcript with spongefish NARG protocol
shreyas-londhe Apr 6, 2026
16364e8
test: update tests, benches, and examples for spongefish NARG API
shreyas-londhe Apr 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
354 changes: 328 additions & 26 deletions Cargo.lock
View file
Open in desktop

Large diffs are not rendered by default.

6 changes: 2 additions & 4 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,9 @@ arkworks = [
"dep:ark-ff",
"dep:ark-serialize",
"dep:ark-std",
"dep:blake2",
"dep:digest",
"dep:bincode",
"dep:serde",
"dep:spongefish",
]
parallel = ["dep:rayon", "ark-ec?/parallel", "ark-ff?/parallel"]
cache = ["arkworks", "parallel"]
Expand All @@ -63,10 +62,9 @@ ark-ec = { version = "0.5", optional = true }
ark-ff = { version = "0.5", optional = true }
ark-serialize = { version = "0.5", optional = true }
ark-std = { version = "0.5", optional = true }
blake2 = { version = "0.10", optional = true }
digest = { version = "0.10", optional = true }
bincode = { version = "1.3", optional = true }
serde = { version = "1.0", optional = true, features = ["derive"] }
spongefish = { git = "https://github.com/arkworks-rs/spongefish", tag = "v0.5.1", optional = true, features = ["ark-ec", "sha3"] }
rayon = { version = "1.10", optional = true }

[dev-dependencies]
Expand Down
68 changes: 37 additions & 31 deletions benches/arkworks_proof.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

use criterion::{black_box, criterion_group, criterion_main, Criterion};
use dory_pcs::backends::arkworks::{
ArkFr, ArkworksPolynomial, Blake2bTranscript, G1Routines, G2Routines, BN254,
dory_prover, dory_verifier, ArkFr, ArkworksPolynomial, G1Routines, G2Routines, BN254,
};
use dory_pcs::mode::Transparent;
use dory_pcs::primitives::arithmetic::Field;
Expand All @@ -33,16 +33,14 @@ fn setup_benchmark_data() -> (

let (prover_setup, verifier_setup) = setup::<BN254>(max_log_n);

// Initialize cache with setup generators for optimized pairings
#[cfg(feature = "cache")]
{
if !dory_pcs::backends::arkworks::is_cached() {
init_cache(&prover_setup.g1_vec, &prover_setup.g2_vec);
}
}

// Create polynomial with 2^26 coefficients (nu=13, sigma=13)
let poly_size = 1 << 26; // 67,108,864 coefficients
let poly_size = 1 << 26;
let num_vars = 26;
let coefficients: Vec<ArkFr> = (0..poly_size).map(|_| ArkFr::random()).collect();
let poly = ArkworksPolynomial::new(coefficients);
Expand Down Expand Up @@ -74,22 +72,26 @@ fn bench_prove(c: &mut Criterion) {
let nu = 13;
let sigma = 13;

let (_, tier_1, commit_blind) = poly
let (tier_2, tier_1, commit_blind) = poly
.commit::<BN254, Transparent, G1Routines>(nu, sigma, &prover_setup)
.unwrap();

let evaluation = poly.evaluate(&point);

c.bench_function("prove_2^26_coefficients", |b| {
b.iter(|| {
let mut transcript = Blake2bTranscript::new(b"dory-bench");
let mut prover = dory_prover(nu, sigma, false);
prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
black_box(&poly),
black_box(&point),
black_box(&tier_2),
black_box(&evaluation),
black_box(tier_1.clone()),
black_box(commit_blind),
black_box(nu),
black_box(sigma),
black_box(&prover_setup),
black_box(&mut transcript),
black_box(&mut prover),
)
.unwrap()
})
Expand All @@ -105,33 +107,38 @@ fn bench_verify(c: &mut Criterion) {
.commit::<BN254, Transparent, G1Routines>(nu, sigma, &prover_setup)
.unwrap();

let mut prover_transcript = Blake2bTranscript::new(b"dory-bench");
let (proof, _) = prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
let evaluation = poly.evaluate(&point);

let mut prover = dory_prover(nu, sigma, false);
prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
&poly,
&point,
&tier_2,
&evaluation,
tier_1,
commit_blind,
nu,
sigma,
&prover_setup,
&mut prover_transcript,
&mut prover,
)
.unwrap();

let evaluation = poly.evaluate(&point);
let proof_bytes = prover.narg_string().to_vec();

c.bench_function("verify_2^26_coefficients", |b| {
b.iter(|| {
let mut transcript = Blake2bTranscript::new(b"dory-bench");
verify::<_, BN254, G1Routines, G2Routines, _>(
let mut verifier = dory_verifier(nu, sigma, false, &proof_bytes);
verify::<_, BN254, G1Routines, G2Routines, _, Transparent>(
black_box(tier_2),
black_box(evaluation),
black_box(&point),
black_box(&proof),
black_box(nu),
black_box(sigma),
black_box(verifier_setup.clone()),
black_box(&mut transcript),
black_box(&mut verifier),
)
.unwrap()
.unwrap();
verifier.check_eof().unwrap();
})
});
}
Expand All @@ -140,7 +147,6 @@ fn bench_end_to_end(c: &mut Criterion) {
let max_log_n = 26;
let (prover_setup, verifier_setup) = setup::<BN254>(max_log_n);

// Initialize cache once
#[cfg(feature = "cache")]
{
if !dory_pcs::backends::arkworks::is_cached() {
Expand All @@ -152,47 +158,47 @@ fn bench_end_to_end(c: &mut Criterion) {
b.iter(|| {
let nu = 13;
let sigma = 13;
let poly_size = 1 << 26; // 67,108,864 coefficients
let poly_size = 1 << 26;
let num_vars = 26;

// Create polynomial
let coefficients: Vec<ArkFr> = (0..poly_size).map(|_| ArkFr::random()).collect();
let poly = ArkworksPolynomial::new(coefficients);

// Commit
let (tier_2, tier_1, commit_blind) = poly
.commit::<BN254, Transparent, G1Routines>(nu, sigma, &prover_setup)
.unwrap();

// Evaluate
let point: Vec<ArkFr> = (0..num_vars).map(|_| ArkFr::random()).collect();
let evaluation = poly.evaluate(&point);

// Prove
let mut prover_transcript = Blake2bTranscript::new(b"dory-bench");
let (proof, _) = prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
let mut prover = dory_prover(nu, sigma, false);
prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
&poly,
&point,
&tier_2,
&evaluation,
tier_1,
commit_blind,
nu,
sigma,
&prover_setup,
&mut prover_transcript,
&mut prover,
)
.unwrap();
let proof_bytes = prover.narg_string().to_vec();

// Verify
let mut verifier_transcript = Blake2bTranscript::new(b"dory-bench");
verify::<_, BN254, G1Routines, G2Routines, _>(
let mut verifier = dory_verifier(nu, sigma, false, &proof_bytes);
verify::<_, BN254, G1Routines, G2Routines, _, Transparent>(
tier_2,
evaluation,
&point,
&proof,
nu,
sigma,
verifier_setup.clone(),
&mut verifier_transcript,
&mut verifier,
)
.unwrap();
verifier.check_eof().unwrap();
})
});
}
Expand Down
21 changes: 13 additions & 8 deletions examples/basic_e2e.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
//! Matrix dimensions: 16x16 (nu=4, sigma=4, total 256 coefficients)

use dory_pcs::backends::arkworks::{
ArkFr, ArkworksPolynomial, Blake2bTranscript, G1Routines, G2Routines, BN254,
dory_prover, dory_verifier, ArkFr, ArkworksPolynomial, G1Routines, G2Routines, BN254,
};
use dory_pcs::primitives::arithmetic::Field;
use dory_pcs::primitives::poly::Polynomial;
Expand All @@ -31,27 +31,32 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
let point: Vec<ArkFr> = (0..num_vars).map(|_| ArkFr::random()).collect();
let evaluation = poly.evaluate(&point);

let mut prover_transcript = Blake2bTranscript::new(b"dory-basic-example");
let (proof, _) = prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
let mut prover = dory_prover(nu, sigma, false);
prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
&poly,
&point,
&tier_2,
&evaluation,
tier_1,
commit_blind,
nu,
sigma,
&prover_setup,
&mut prover_transcript,
&mut prover,
)?;
let proof_bytes = prover.narg_string().to_vec();

let mut verifier_transcript = Blake2bTranscript::new(b"dory-basic-example");
verify::<_, BN254, G1Routines, G2Routines, _>(
let mut verifier = dory_verifier(nu, sigma, false, &proof_bytes);
verify::<_, BN254, G1Routines, G2Routines, _, Transparent>(
tier_2,
evaluation,
&point,
&proof,
nu,
sigma,
verifier_setup,
&mut verifier_transcript,
&mut verifier,
)?;
verifier.check_eof().map_err(|e| format!("{e:?}"))?;

Ok(())
}
21 changes: 13 additions & 8 deletions examples/homomorphic.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
//! Demonstrates: Com(r1*P1 + r2*P2 + ... + rn*Pn) = r1*Com(P1) + r2*Com(P2) + ... + rn*Com(Pn)

use dory_pcs::backends::arkworks::{
ArkFr, ArkG1, ArkworksPolynomial, Blake2bTranscript, G1Routines, G2Routines, BN254,
dory_prover, dory_verifier, ArkFr, ArkG1, ArkworksPolynomial, G1Routines, G2Routines, BN254,
};
use dory_pcs::primitives::arithmetic::{Field, Group};
use dory_pcs::primitives::poly::Polynomial;
Expand Down Expand Up @@ -86,27 +86,32 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
}
assert_eq!(evaluation, expected_eval);

let mut prover_transcript = Blake2bTranscript::new(b"dory-homomorphic-example");
let (proof, _) = prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
let mut prover = dory_prover(nu, sigma, false);
prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
&combined_poly,
&point,
&combined_tier2,
&evaluation,
combined_tier1,
ArkFr::zero(),
nu,
sigma,
&prover_setup,
&mut prover_transcript,
&mut prover,
)?;
let proof_bytes = prover.narg_string().to_vec();

let mut verifier_transcript = Blake2bTranscript::new(b"dory-homomorphic-example");
verify::<_, BN254, G1Routines, G2Routines, _>(
let mut verifier = dory_verifier(nu, sigma, false, &proof_bytes);
verify::<_, BN254, G1Routines, G2Routines, _, Transparent>(
combined_tier2,
evaluation,
&point,
&proof,
nu,
sigma,
verifier_setup,
&mut verifier_transcript,
&mut verifier,
)?;
verifier.check_eof().map_err(|e| format!("{e:?}"))?;

Ok(())
}
27 changes: 17 additions & 10 deletions examples/homomorphic_mixed_sizes.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
//! dimensions (sizes 16 and 4, combined in a 4x4 layout).

use dory_pcs::backends::arkworks::{
ArkFr, ArkG1, ArkworksPolynomial, Blake2bTranscript, G1Routines, G2Routines, BN254,
dory_prover, dory_verifier, ArkFr, ArkG1, ArkworksPolynomial, G1Routines, G2Routines, BN254,
};
use dory_pcs::primitives::arithmetic::{Field, Group};
use dory_pcs::primitives::poly::Polynomial;
Expand Down Expand Up @@ -81,27 +81,34 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
expected = expected + coeff_scalars[1].mul(&eval2);
assert_eq!(evaluation, expected);

let mut prover_transcript = Blake2bTranscript::new(b"dory-homomorphic-mixed");
let (proof, _) = prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
let nu = 2;
let sigma = 2;
let mut prover = dory_prover(nu, sigma, false);
prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
&combined_poly,
&point,
&combined_tier2,
&evaluation,
combined_tier1,
ArkFr::zero(),
2,
2,
nu,
sigma,
&prover_setup,
&mut prover_transcript,
&mut prover,
)?;
let proof_bytes = prover.narg_string().to_vec();

let mut verifier_transcript = Blake2bTranscript::new(b"dory-homomorphic-mixed");
verify::<_, BN254, G1Routines, G2Routines, _>(
let mut verifier = dory_verifier(nu, sigma, false, &proof_bytes);
verify::<_, BN254, G1Routines, G2Routines, _, Transparent>(
combined_tier2,
evaluation,
&point,
&proof,
nu,
sigma,
verifier_setup,
&mut verifier_transcript,
&mut verifier,
)?;
verifier.check_eof().map_err(|e| format!("{e:?}"))?;

let padded_poly_commitment = padded_poly2
.commit::<BN254, Transparent, G1Routines>(2, 2, &prover_setup)
Expand Down
21 changes: 13 additions & 8 deletions examples/non_square.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
//! Matrix dimensions: 8x16 (nu=3, sigma=4, total 128 coefficients)

use dory_pcs::backends::arkworks::{
ArkFr, ArkworksPolynomial, Blake2bTranscript, G1Routines, G2Routines, BN254,
dory_prover, dory_verifier, ArkFr, ArkworksPolynomial, G1Routines, G2Routines, BN254,
};
use dory_pcs::primitives::arithmetic::Field;
use dory_pcs::primitives::poly::Polynomial;
Expand All @@ -30,27 +30,32 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
let point: Vec<ArkFr> = (0..num_vars).map(|_| ArkFr::random()).collect();
let evaluation = poly.evaluate(&point);

let mut prover_transcript = Blake2bTranscript::new(b"dory-non-square-example");
let (proof, _) = prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
let mut prover = dory_prover(nu, sigma, false);
prove::<_, BN254, G1Routines, G2Routines, _, _, Transparent>(
&poly,
&point,
&tier_2,
&evaluation,
tier_1,
commit_blind,
nu,
sigma,
&prover_setup,
&mut prover_transcript,
&mut prover,
)?;
let proof_bytes = prover.narg_string().to_vec();

let mut verifier_transcript = Blake2bTranscript::new(b"dory-non-square-example");
verify::<_, BN254, G1Routines, G2Routines, _>(
let mut verifier = dory_verifier(nu, sigma, false, &proof_bytes);
verify::<_, BN254, G1Routines, G2Routines, _, Transparent>(
tier_2,
evaluation,
&point,
&proof,
nu,
sigma,
verifier_setup,
&mut verifier_transcript,
&mut verifier,
)?;
verifier.check_eof().map_err(|e| format!("{e:?}"))?;

Ok(())
}
Loading
Loading