diff --git a/src/plonk/mod.rs b/src/plonk/mod.rs index b6f9eebcd..5e052a558 100644 --- a/src/plonk/mod.rs +++ b/src/plonk/mod.rs @@ -133,192 +133,203 @@ pub fn prove_by_steps, T: Transcript>( circuit: C, hints: &Vec<(usize, TranspilationVariant)>, setup: &SetupPolynomials, - setup_precomputations: Option<&SetupPolynomialsPrecomputations>, + // setup_precomputations will be computed inside this function + _setup_precomputations: Option< + &SetupPolynomialsPrecomputations, + >, csr_mon_basis: &Crs, ) -> Result, SynthesisError> { use crate::plonk::better_cs::cs::Circuit; use crate::plonk::better_cs::utils::{commit_point_as_xy}; use crate::plonk::better_cs::prover::prove_steps::{FirstVerifierMessage, SecondVerifierMessage, ThirdVerifierMessage, FourthVerifierMessage}; - use std::time::Instant; + crossbeam::scope(|scope| { + let precomputations_handle = scope.spawn(move |_| make_precomputations(setup)); - let adapted_curcuit = AdaptorCircuit::::new(circuit, &hints); + use std::time::Instant; - let mut assembly = self::better_cs::prover::ProverAssembly::new_with_size_hints(setup.num_inputs, setup.n); + let adapted_curcuit = AdaptorCircuit::::new(circuit, &hints); - let subtime = Instant::now(); + let mut assembly = self::better_cs::prover::ProverAssembly::new_with_size_hints(setup.num_inputs, setup.n); - adapted_curcuit.synthesize(&mut assembly)?; - assembly.finalize(); + let subtime = Instant::now(); - println!("Synthesis taken {:?}", subtime.elapsed()); + adapted_curcuit.synthesize(&mut assembly)?; + assembly.finalize(); - let worker = Worker::new(); + println!("Synthesis taken {:?}", subtime.elapsed()); - let now = Instant::now(); + let worker = Worker::new(); - let mut transcript = T::new(); + let now = Instant::now(); - let mut precomputed_omegas = crate::plonk::better_cs::prover::prove_steps::PrecomputedOmegas::< E::Fr, BitReversedOmegas >::None; - let mut precomputed_omegas_inv = crate::plonk::better_cs::prover::prove_steps::PrecomputedOmegas::< E::Fr, OmegasInvBitreversed >::None; + let mut transcript = T::new(); - let mut proof = Proof::::empty(); + let mut precomputed_omegas = crate::plonk::better_cs::prover::prove_steps::PrecomputedOmegas::>::None; + let mut precomputed_omegas_inv = crate::plonk::better_cs::prover::prove_steps::PrecomputedOmegas::>::None; - let subtime = Instant::now(); + let mut proof = Proof::::empty(); - let (first_state, first_message) = assembly.first_step_with_monomial_form_key( - &worker, - csr_mon_basis, - &mut precomputed_omegas_inv - )?; + let subtime = Instant::now(); - println!("First step (witness commitment) taken {:?}", subtime.elapsed()); + let (first_state, first_message) = assembly.first_step_with_monomial_form_key( + &worker, + csr_mon_basis, + &mut precomputed_omegas_inv + )?; - proof.n = first_message.n; - proof.num_inputs = first_message.num_inputs; - proof.input_values = first_message.input_values; - proof.wire_commitments = first_message.wire_commitments; + println!("First step (witness commitment) taken {:?}", subtime.elapsed()); - for inp in proof.input_values.iter() { - transcript.commit_field_element(inp); - } + proof.n = first_message.n; + proof.num_inputs = first_message.num_inputs; + proof.input_values = first_message.input_values; + proof.wire_commitments = first_message.wire_commitments; - for c in proof.wire_commitments.iter() { - commit_point_as_xy::(&mut transcript, &c); - } + for inp in proof.input_values.iter() { + transcript.commit_field_element(inp); + } - let beta = transcript.get_challenge(); - let gamma = transcript.get_challenge(); + for c in proof.wire_commitments.iter() { + commit_point_as_xy::(&mut transcript, &c); + } - let first_verifier_message = FirstVerifierMessage:: { - beta, - gamma, + let beta = transcript.get_challenge(); + let gamma = transcript.get_challenge(); - _marker: std::marker::PhantomData - }; + let first_verifier_message = FirstVerifierMessage:: { + beta, + gamma, - let subtime = Instant::now(); + _marker: std::marker::PhantomData + }; - let (second_state, second_message) = self::better_cs::prover::ProverAssembly::second_step_from_first_step( - first_state, - first_verifier_message, - &setup, - csr_mon_basis, - &setup_precomputations, - &mut precomputed_omegas_inv, - &worker - )?; + let setup_precomputations = precomputations_handle + .join() + .expect("setup_precomputations computing thread failed")?; - println!("Second step (grand product commitment) taken {:?}", subtime.elapsed()); + let subtime = Instant::now(); - proof.grand_product_commitment = second_message.z_commitment; - commit_point_as_xy::(&mut transcript, &proof.grand_product_commitment); + let (second_state, second_message) = self::better_cs::prover::ProverAssembly::second_step_from_first_step( + first_state, + first_verifier_message, + &setup, + csr_mon_basis, + &Some(&setup_precomputations), + &mut precomputed_omegas_inv, + &worker + )?; - let alpha = transcript.get_challenge(); + println!("Second step (grand product commitment) taken {:?}", subtime.elapsed()); - let second_verifier_message = SecondVerifierMessage:: { - alpha, - beta, - gamma, + proof.grand_product_commitment = second_message.z_commitment; + commit_point_as_xy::(&mut transcript, &proof.grand_product_commitment); - _marker: std::marker::PhantomData - }; + let alpha = transcript.get_challenge(); - let subtime = Instant::now(); + let second_verifier_message = SecondVerifierMessage:: { + alpha, + beta, + gamma, - let (third_state, third_message) = self::better_cs::prover::ProverAssembly::third_step_from_second_step( - second_state, - second_verifier_message, - &setup, - csr_mon_basis, - &setup_precomputations, - &mut precomputed_omegas, - &mut precomputed_omegas_inv, - &worker - )?; + _marker: std::marker::PhantomData + }; - println!("Third step (quotient calculation and commitment) taken {:?}", subtime.elapsed()); + let subtime = Instant::now(); - proof.quotient_poly_commitments = third_message.quotient_poly_commitments; + let (third_state, third_message) = self::better_cs::prover::ProverAssembly::third_step_from_second_step( + second_state, + second_verifier_message, + &setup, + csr_mon_basis, + &Some(&setup_precomputations), + &mut precomputed_omegas, + &mut precomputed_omegas_inv, + &worker + )?; - for c in proof.quotient_poly_commitments.iter() { - commit_point_as_xy::(&mut transcript, &c); - } + println!("Third step (quotient calculation and commitment) taken {:?}", subtime.elapsed()); - let z = transcript.get_challenge(); + proof.quotient_poly_commitments = third_message.quotient_poly_commitments; - let third_verifier_message = ThirdVerifierMessage:: { - alpha, - beta, - gamma, - z, + for c in proof.quotient_poly_commitments.iter() { + commit_point_as_xy::(&mut transcript, &c); + } - _marker: std::marker::PhantomData - }; + let z = transcript.get_challenge(); - let subtime = Instant::now(); + let third_verifier_message = ThirdVerifierMessage:: { + alpha, + beta, + gamma, + z, - let (fourth_state, fourth_message) = self::better_cs::prover::ProverAssembly::fourth_step_from_third_step( - third_state, - third_verifier_message, - &setup, - &worker - )?; + _marker: std::marker::PhantomData + }; - println!("Fourth step (openings at z) taken {:?}", subtime.elapsed()); + let subtime = Instant::now(); - proof.wire_values_at_z = fourth_message.wire_values_at_z; - proof.wire_values_at_z_omega = fourth_message.wire_values_at_z_omega; - proof.permutation_polynomials_at_z = fourth_message.permutation_polynomials_at_z; - proof.grand_product_at_z_omega = fourth_message.grand_product_at_z_omega; - proof.quotient_polynomial_at_z = fourth_message.quotient_polynomial_at_z; - proof.linearization_polynomial_at_z = fourth_message.linearization_polynomial_at_z; + let (fourth_state, fourth_message) = self::better_cs::prover::ProverAssembly::fourth_step_from_third_step( + third_state, + third_verifier_message, + &setup, + &worker + )?; - for el in proof.wire_values_at_z.iter() { - transcript.commit_field_element(el); - } + println!("Fourth step (openings at z) taken {:?}", subtime.elapsed()); - for el in proof.wire_values_at_z_omega.iter() { - transcript.commit_field_element(el); - } + proof.wire_values_at_z = fourth_message.wire_values_at_z; + proof.wire_values_at_z_omega = fourth_message.wire_values_at_z_omega; + proof.permutation_polynomials_at_z = fourth_message.permutation_polynomials_at_z; + proof.grand_product_at_z_omega = fourth_message.grand_product_at_z_omega; + proof.quotient_polynomial_at_z = fourth_message.quotient_polynomial_at_z; + proof.linearization_polynomial_at_z = fourth_message.linearization_polynomial_at_z; - for el in proof.permutation_polynomials_at_z.iter() { - transcript.commit_field_element(el); - } + for el in proof.wire_values_at_z.iter() { + transcript.commit_field_element(el); + } - transcript.commit_field_element(&proof.quotient_polynomial_at_z); - transcript.commit_field_element(&proof.linearization_polynomial_at_z); + for el in proof.wire_values_at_z_omega.iter() { + transcript.commit_field_element(el); + } - let v = transcript.get_challenge(); + for el in proof.permutation_polynomials_at_z.iter() { + transcript.commit_field_element(el); + } - let fourth_verifier_message = FourthVerifierMessage:: { - alpha, - beta, - gamma, - z, - v, + transcript.commit_field_element(&proof.quotient_polynomial_at_z); + transcript.commit_field_element(&proof.linearization_polynomial_at_z); - _marker: std::marker::PhantomData - }; + let v = transcript.get_challenge(); - let subtime = Instant::now(); + let fourth_verifier_message = FourthVerifierMessage:: { + alpha, + beta, + gamma, + z, + v, - let fifth_message = self::better_cs::prover::ProverAssembly::fifth_step_from_fourth_step( - fourth_state, - fourth_verifier_message, - &setup, - csr_mon_basis, - &worker - )?; + _marker: std::marker::PhantomData + }; - println!("Fifth step (proving opening at z) taken {:?}", subtime.elapsed()); + let subtime = Instant::now(); - proof.opening_at_z_proof = fifth_message.opening_proof_at_z; - proof.opening_at_z_omega_proof = fifth_message.opening_proof_at_z_omega; + let fifth_message = self::better_cs::prover::ProverAssembly::fifth_step_from_fourth_step( + fourth_state, + fourth_verifier_message, + &setup, + csr_mon_basis, + &worker + )?; - println!("Proving taken {:?}", now.elapsed()); + println!("Fifth step (proving opening at z) taken {:?}", subtime.elapsed()); - Ok(proof) + proof.opening_at_z_proof = fifth_message.opening_proof_at_z; + proof.opening_at_z_omega_proof = fifth_message.opening_proof_at_z_omega; + + println!("Proving taken {:?}", now.elapsed()); + + Ok(proof) + }).expect("crossbeam::scope (proving by steps) execution failed") } pub fn prove, T: Transcript>( @@ -419,4 +430,4 @@ pub fn verify>( verification_key: &VerificationKey ) -> Result { self::better_cs::verifier::verify::(&proof, &verification_key) -} \ No newline at end of file +}