From ae655d30e5ea90e6d8876a3626fbeb92642fd10e Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 17:01:24 +0100 Subject: [PATCH 01/18] Crypto_Dal/ZCash_srs: update --- src/lib_crypto_dal/zcash_srs.ml | 80 +++++++++++++++++++++------------ 1 file changed, 52 insertions(+), 28 deletions(-) diff --git a/src/lib_crypto_dal/zcash_srs.ml b/src/lib_crypto_dal/zcash_srs.ml index 3bcaeecdcdce..40350fa26e67 100644 --- a/src/lib_crypto_dal/zcash_srs.ml +++ b/src/lib_crypto_dal/zcash_srs.ml @@ -28,7 +28,7 @@ slot_size between 2¹⁵ and 2²⁰ page_size = 2¹² redundancy_factor between 2¹ and 2⁴ - nb_shards = 2¹¹ or 2¹² + nb_shards = 2⁶, 2¹¹ or 2¹² *) open Kzg.Bls @@ -306,6 +306,54 @@ let srs_g1 = "99bc7f49fb019ec2877739dda6c686cf7d9117f8dd3a6344d8f47f497478d2dd6a563b9cae5ea8faec74ad2653ea049d"; "807ef3a37c7e55a6d19513b63afd430a45ab6de37f3815d3f648a11146fdaf7b222ec8d1a004da6f9602e1022ab04f12"; "a838016299beaddc5093e14f2fd8c0705e7142133d4cb6bb9afe935b26ab8e79b4f75df70b5df4cd6300d885a54543ef"; + "b76fd879a14794ce73ba8904d360ba49f4eae39432238dd63e032feb36f9f5fef6c2ff844581e59fa43ecfdbd50ae73f"; + "af9e464f12ae8c12d1aeb0aa26f282bf4c11e47cae0268fe538f0ad13027b7dd9ca7b5921866a7e0b300b35e7e21f7e4"; + "8674a880e6a10ee96d6085d7bb282147a80126cd5f017309377e158893e8c79a0b404a2786c1bb34f7352b804082f3b4"; + "873eb5f46e319bd090482ecf1aa6c66805acac43bb1173ab95fe2855ef5ac337bf07f4fb231526014d30c65a71e7ca04"; + "97a6adacf3d2fddd967bb4fb86a640c7bfbcc9d0496eac9ee8cae0113dae27a13b67fe926c37da5ee40a8d3a32c3809b"; + "90cbce16bda37a64a8c07321bfe82a2912b7409b07de86d68978f5d82e98a43cef804d58eedf124dd3cbc375a6fbcd32"; + "ad75621c68c163d59a06ae0e66cc157f20252a75be03c2966d3393c66b9e3e3b4a842b5f597eef9f5b010c345bab9161"; + "abe802b6dcee4cfa10675442c03a24b38d8efadbb7d0d64fca739118d1c7d18c9272810328b9982800be4c3e95ee99ad"; + "91b49c2072794843caaa03156749c4e6010de2972b9eed92c8f08f74a0ad0cc1c5fe7e740b4bed23918f1fc0a2b63243"; + "a06f22d4ad4db567a0603cac64af2490e60c86bec8756354b99aa8234bbe71fe34049e956e448bb742a142d4c25970c8"; + "9188fcf4e3a6d6413d2bedab29b9b85a9fb7e0ef1c6cd42aaba4cf2f9007ec67d90dcd4c660b544ebe61e4682dc53241"; + "ab0fc95d352363dee3ea16163a705d5634561c167597710945b11b3f6c3034fba302aa35ae95443370f3310db8c77003"; + "aa66311cb561066dd11b9a7832499b4f6caea7d1344c8f7a9734f52c41ec3a0ec996bc4a0183e16ae6f932da3af6a851"; + "8bf2900b1dc59c081018e0892bc4b1a0d0e7c1bf23e37840d6d82e5e0acbfbcb7ad100e5bc4d0e8af814304421a4d31a"; + "a8d49dd52986d1029c90d5a0a4492b813adb7377ad93aea93297b81b09c947e85fadeaa8eadb7d2c5191ac20393b62f1"; + "a7372c7df0800ca59eec555492a309838879dd4ba835e3022ac293e7cc6e665684816f42ebbbb4ae65342d7e7ade460a"; + "953f5c8cc9690360f88cfa855e1b8ff2f214a663bb8a7c35cb7b819e2612d8210f1ae915820585743a30a821f174fc45"; + "83fd4abccdc38076732d17ada1e3b6320a7c2114238412b5dcaeb415869b6691cb8d806773142ee58c50ca9da8d15a7c"; + "97a6a9fa6d32ca8d5e4c1908382d847333fde3a58b2d6549b42486b115066e4e466665caecb81bc24595374fd7bf8845"; + "a88cddd23cef1c8333022cb24cfce602c7787c112c656d37e564d912267af2b93f8972e77134101c5d72e1478cf154a9"; + "af50fe8cb9f723d3986adb2476d229aedd14b1abefe15814d7b35e2c017667ca358e7b24c392a71ac59e145ac51d5de0"; + "8b11b18f4e6cf87bc84d4455d3b9073778b8d5708fec45731685c5864f85b904f3dbfff9a64ec922a4b1f97e717b6d30"; + "96b538f1a2a4196853d78cfd9ab2622ae731d76fa32bf8fbeea528c54ed7bf79dcd80df10a8ea49a987d2080236b583a"; + "b6d7461a13c62d1186422df7a178ff97fe0fa8ada4769c55535527cc8c0b2d8890be56df10d0e8dc147a1d23bf28d6e6"; + "943300543306e2f3248fb4e0a9cec8b774c6c326b5427e95b1874f565c37908922f57daa58a81100d60493c92ebf4dfc"; + "926d98f8a1b2f4ed2bed4732776cbeed3b525e052c8a873360446e796a3d2b1182b90b6dfc6709097287eadc05524539"; + "acfa46dc7a3b7f450171e3d3f7bb63309f757795b28acc77e6bf4cec81efe1b1c12c9d83d604d026a1f4d501ce79795b"; + "94b29a50dd48b50287a71051e3ab0d3991f2377844b3f42191c1786a6d9698b6e5986040493759856743bf6fbe9ae104"; + "abb3d59d9fc9c4bef262bf59a3ebad5119b72a84392377d2ddb50185ea4ea35c11d1c3bacad9b0b530afc809f1846c71"; + "a8cab93febb0806443d1d7a3954efe63675e74fb0d1472f088859eea2bd16d3b3552fd13c26ac91824af633ea18fce6c"; + "b30ffd219090fe6b68ee2066966ee868cb32ffaada8fe155c1fc36f3dfb4ed2bface1e10db0a48ccb7a50c8d36776cee"; + "ad1acfb6505d0b4124adf46d2fb2d3b28423d57db80313bf470e10d7c5307096c3a1b95467ab982c22c610e896bc9dc4"; + "93c0ffe8207eb2fe4ed15332825085317db4f0a2ffc5b43d2eb5d5689ea2a9952385eac82c225b4efc5e25b5a3f0a594"; + "9011ca17679e8c669b6b47641a1609e37884296e0c4537ac7f2e055a972237cfb1a0525b452085ac7eca6e41f6553f19"; + "958eafa9d108bf81f4836addb16b2eb5f21ce11183389fd5f3bf8e354a9e726fb8085197802fbb79cad6ca851e08dddb"; + "b51c5d8e473eec177117370fdeac1d732b9828d16caceb2f1682d78076c36d16b812fb5ef24896ac14b259b181545a4d"; + "a7354cc6bb2604cb86b83a83f04f49194b9ccac6e45f044bc73d24026c8e983dfad9c090383a6e760af22405b35ef48e"; + "a20050f986046d4dc806f1bca93aab60cdd736b749bf216b953fdf49c61cda9c31af10c4829b89c16e7a11b73c0b7ac2"; + "ab7e9d94e52bf837889d048e239ac66c2542788b7f65d687d6c76b1763f7b999f2cededd6c34ff6c0245b81c9b5e048b"; + "8463fc4ee7e03a3b1c02bac2ec2db8d2253fd6594057508658ca7625e3e268b85c4ce91ded5976b267de8a6b56ef1062"; + "a56d9e92b75a4e800af8c16b8baf769b17e43e003f133eb304253fe9f794dc9f8dffab98088a9eebbcc6bf079e641917"; + "8b738ecc278e50c167f2e0f13d76f93bafe64b3bdcd4bab0c7e0e00cfdcca39d8bfb2fc1e003ecfb156823e9df62c3ab"; + "859d36519d3db8a3d38dd495aef9992c9cc9cc78126cc64a544bef6200865bfa9972e95b046ed445f890f94909e0059c"; + "83d361e911b1c6a75bafc8a5096b652826d3eac61bce9a887ac9b5656ae80de9eec25725fdb9be551c1a70ba808b692d"; + "ac1f97fc3dde14823131320a40d2b16ba04f00deb4486598daf0c69d463bde5b09044626f7d068569528af279a0fc436"; + "b2637ed013e66ecc264199d41749f8d20c5a19263129bc6dd1cc5a194882844d1aded827ea948c4e9c278265afadd129"; + "97e0118f0b198a3cd48cfccbf7d628363cc94395f28359b375a5fcec007f0f7f9e39bcb00516f1e47a18a78d956d11fa"; + "8d137b709677b8943c5b677616115166c79a119d18f173d398736ce900a947a4152221000d486ece71c381a6de9b5de8"; |] |> read_srs_g1 @@ -314,45 +362,21 @@ let srs_g2 = ( 0, "93e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8" ); - ( 1, - "b16010f1b3d33aa5f3f608c385400979ed36dc3fab53d3626f519c74d7e1ebef62c9ad35796404ce2fc3ebb42167b5a1050ac27c3527072b81af0fa9a683e226da79275f2985c9e89a0db969b76e0b6be94fee874c48586737ad5588cf1e1041" - ); - ( 2, - "b219ec0d88dacb999acb30f8f0562398e4aedeb7a16954421f678dedceecb4d496384ace037bb3096445e57f4a6b4f160df5233d89fea67a3228ae82e2a69232c44fb12520d7e1cefd12e14a81e7acb842ce307731a7b2d3622f7ae30ce97cc8" - ); - ( 3, - "937fbfeb049c6fc4d190bcca935ecda06522671ac8790cbfb5bef12d192735b83204ae0143a9014059364222d7289c76041022f629fe71d50be8cbf782fa1644960bab018cbe3d051d41292aa625210054ea263fdf20fc1d7819cf1e0191dfd7" - ); - ( 4, - "a1f56029cec0e2d7dcf9b23bbb2b4921bf70cc4b4e72e0a756bfcc3e81aed765935957a0f658d0ad45e71dbad657d84c17d29edde8fc0617e2bc3e581b44ebeac3f9e762a0b191374aec291d2eebb9eebc7d31f70d8e161396ab591da421407b" - ); - ( 7, - "b12180e7081cbc50c0443bbba7b7074a8948f4bf34a3090495f84d7d9da41264d80d63e0ac5949e799472b04f4956f9c02ce3d76a9416701d4c886118ff59f67ee22699df3316f617d01fd522d9ef639a8f69f086d50fd579be6b279d20b345a" - ); - ( 9, - "b0a62478a61a48a23d81f4af54d78f96d56bb2a3e6fa4c4089fd08d905afa03888909951e0a6c64d79584603edde31c5133294361c98cdd2e6cf700bbb262c27d79a047e8ceb8d8ccb3e6595caafdf393c49a5998e015b6ca3050c4c6821a952" - ); - ( 14, - "857bb638011faebae371f3b5d563d9061baf79e0aca33bf7720f2ba6dcd10e27281cc70f0988b4a30fe2429dbca9cdef0803720ef7bff1ae0d22873e103b71216390173a7b134f280d634fc7104e52c5d7536035d7ebdbfb2b7e18e8a60c2039" - ); ( 19, "98e7d3f1fb528bd8f981a6f1ea9be1da47e9df70aa2dc53942765ada276f9dc690d5dd7b4c4da5518c381c938a32f55a119ccd181b36a36dc070d21bfbfc9fdb55318f96abe9608f7ca5c0cea47b263de3979f9ac154fb7d81ce56647236068b" ); - ( 28, - "a7ce111c4ec7a9784df10ea517b89bb0c211fd6104431927c80e9dd7863a659706a43db8aa5006233047a7a24f35902813cfcca1ce64ad7dcf34c83617de15a9c98740bfaa35b225221e417d56b1df38d08da2f51810b6a0479a9781db1f4ff4" - ); ( 38, "8fc5806597fe04f5f4576d6c2160d0fb798417cb3eac99c0ed02204de743ec312dd01c7926188096413a823e53ebaae2035770f1ff20eb73a3501faae76a792c787f1ea2a3508ee4e563327833a1a614a1ddba069d14761d89ffcf697ac2aaa3" ); - ( 57, - "a9b20578c4d6b71fa51f6e334ff956e57c49ff2c06d646d864ae7f1993c49969b59809123c086e5500badba648d4358102bf4e968bfa37b4c895c4ba5da022e9af19666cd99180c83ba85c283e108057a1d350aa8266f7cbc64b6232a1872c7b" - ); ( 76, "8bac994404aabe461b8d11ad37b8bdfe835f97e592346a0d0fbc10d6d62d80828c031c81997afdc562b5b4d53d2e912900c4d6a8d39683a21f30fb033037e011aa7cab5191c0e03f3564bf5adf14d5013c9049114cff7da25e8cb99a59fc1b05" ); ( 152, "ae550078b1c2aee47f16851ae1acaf02e3f650dbacb838ec1f6c864e35464d4211ff582af38c7284a648fb6515095c34059fb874525de5744b143eaebd448588dfa15b3b35a6870d965865ff48766303c4d597c284a75b1543da4d0cc987c481" ); + ( 304, + "a2610c7d6f621296df69e69d976c7a8449ad84f1d8932cfb6f9c6626c5db4b88d99ca188dfcc9b7b9ff8cc157db7c4b8131bd94b994218af933ffbe18bccc6e2a34b047271976f697807402275951470fc85921f3c6aedfa0cf5aef048a27b32" + ); ( 2058240, "90c0d222a6fbe54ace06027a9e75b7a9f2873d6b1729531e1f1ca5d102d16373bc00e82002047bf41170b05c499e1c110dedb1e3563661c0e0ffc382f833333c4f594273ddbaa895db73f6f97d4d7bbaaa2d7a43238827834ec473563a33d70e" ); -- GitLab From 2f8523413be2326df82a2677567809bfd22b8201 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 11:09:51 +0100 Subject: [PATCH 02/18] Crypto_Dal/Cryptobox: remove code duplication --- src/lib_crypto_dal/cryptobox.ml | 56 +++++++++++++-------------------- 1 file changed, 22 insertions(+), 34 deletions(-) diff --git a/src/lib_crypto_dal/cryptobox.ml b/src/lib_crypto_dal/cryptobox.ml index c695547c0b58..8dda03345082 100644 --- a/src/lib_crypto_dal/cryptobox.ml +++ b/src/lib_crypto_dal/cryptobox.ml @@ -495,6 +495,19 @@ module Inner = struct let hash = Hashtbl.hash end) + let select_srs_verifier test = + if test then (module Srs_verifier.Internal_for_tests : Srs_verifier.S) + else (module Srs_verifier) + + let get_srs initialisation_parameters = + match initialisation_parameters with + | Verifier {test} -> + let module Srs = (val select_srs_verifier test) in + (`Verifier, Srs.get_verifier_srs1 (), (module Srs : Srs_verifier.S)) + | Prover {test; srs} -> + let module Srs = (val select_srs_verifier test) in + (`Prover, srs, (module Srs)) + (* Error cases of this functions are not encapsulated into `tzresult` for modularity reasons. *) let make = @@ -523,22 +536,7 @@ module Inner = struct let page_length = page_length ~page_size in let page_length_domain, _, _ = FFT.select_fft_domain page_length in let* mode, srs_g1, srs_verifier = - match !initialisation_parameters with - | Verifier {test} -> - if test then - Ok - ( `Verifier, - Srs_verifier.Internal_for_tests.get_verifier_srs1 (), - (module Srs_verifier.Internal_for_tests : Srs_verifier.S) ) - else - Ok - ( `Verifier, - Srs_verifier.get_verifier_srs1 (), - (module Srs_verifier : Srs_verifier.S) ) - | Prover {test; srs} -> - if test then - Ok (`Prover, srs, (module Srs_verifier.Internal_for_tests)) - else Ok (`Prover, srs, (module Srs_verifier)) + Ok (get_srs !initialisation_parameters) in let* () = ensure_validity @@ -553,16 +551,11 @@ module Inner = struct let srs_g2 = match !initialisation_parameters with | Verifier {test} | Prover {test; _} -> - if test then - Srs_verifier.Internal_for_tests.get_verifier_srs2 - ~max_polynomial_length - ~page_length_domain - ~shard_length - else - Srs_verifier.get_verifier_srs2 - ~max_polynomial_length - ~page_length_domain - ~shard_length + let module Srs = (val select_srs_verifier test) in + Srs.get_verifier_srs2 + ~max_polynomial_length + ~page_length_domain + ~shard_length in let kate_amortized = Kate_amortized. @@ -1339,21 +1332,16 @@ module Internal_for_tests = struct let ensure_validity {redundancy_factor; slot_size; page_size; number_of_shards} = - let mode, srs_g1_length = - match !initialisation_parameters with - | Verifier {test = _} -> - (`Verifier, Srs_g1.size (Srs_verifier.get_verifier_srs1 ())) - | Prover {test = _; srs} -> (`Prover, Srs_g1.size srs) - in + let mode, srs_g1, srs_verifier = get_srs !initialisation_parameters in match ensure_validity - ~srs_verifier:(module Srs_verifier.Internal_for_tests) + ~srs_verifier ~mode ~slot_size ~page_size ~redundancy_factor ~number_of_shards - ~srs_g1_length + ~srs_g1_length:(Srs_g1.size srs_g1) with | Ok _ -> true | _ -> false -- GitLab From ae64e72b137fa529f3c4e4c3fb07877cece0d7d5 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 14:04:12 +0100 Subject: [PATCH 03/18] Crypto_Dal/Cryptobox: change cache handling in make --- src/lib_crypto_dal/cryptobox.ml | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/src/lib_crypto_dal/cryptobox.ml b/src/lib_crypto_dal/cryptobox.ml index 8dda03345082..56dc0eaf5c97 100644 --- a/src/lib_crypto_dal/cryptobox.ml +++ b/src/lib_crypto_dal/cryptobox.ml @@ -487,14 +487,6 @@ module Inner = struct let pages_per_slot {slot_size; page_size; _} = slot_size / page_size - module Cache = Hashtbl.Make (struct - type t = parameters - - let equal = ( = ) - - let hash = Hashtbl.hash - end) - let select_srs_verifier test = if test then (module Srs_verifier.Internal_for_tests : Srs_verifier.S) else (module Srs_verifier) @@ -508,24 +500,38 @@ module Inner = struct let module Srs = (val select_srs_verifier test) in (`Prover, srs, (module Srs)) + module Cache = Hashtbl.Make (struct + type t = parameters * initialisation_parameters + + let equal (param, init_param) (param', init_param') = + param = param' + && + match (init_param, init_param') with + | Verifier {test; _}, Verifier {test = test'; _} when test = test' -> true + | Prover {test; _}, Prover {test = test'; _} when test = test' -> true + | _ -> false + + let hash = Hashtbl.hash + end) + (* Error cases of this functions are not encapsulated into `tzresult` for modularity reasons. *) let make = let open Result_syntax in let table = Cache.create 5 in - let with_cache parameters f = - match Cache.find_opt table parameters with + let with_cache (parameters, initialisation_parameters) f = + match Cache.find_opt table (parameters, initialisation_parameters) with | Some x -> return x | None -> let* x = f () in - Cache.replace table parameters x ; + Cache.replace table (parameters, initialisation_parameters) x ; return x in fun ({redundancy_factor; slot_size; page_size; number_of_shards} as parameters) -> (* The cryptobox is deterministically computed from the DAL parameters and this computation takes time (on the order of 10ms) so we cache it. *) - with_cache parameters @@ fun () -> + with_cache (parameters, !initialisation_parameters) @@ fun () -> let max_polynomial_length = slot_as_polynomial_length ~slot_size ~page_size in -- GitLab From 6c1d2844d2d3fee579a3b1781e34e10c30c71b87 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 17:16:41 +0100 Subject: [PATCH 04/18] Crypto_Dal/Cryptobox: change init logic in Internal_for_tests --- src/lib_crypto_dal/cryptobox.ml | 21 ++--- src/lib_crypto_dal/cryptobox.mli | 12 +-- src/lib_crypto_dal/test/test_dal_cryptobox.ml | 89 +++++++------------ .../lib_protocol/test/helpers/dal_helpers.ml | 3 +- .../lib_protocol/test/helpers/dal_helpers.ml | 3 +- .../lib_protocol/test/helpers/dal_helpers.ml | 3 +- tezt/lib_tezos/dal_common.ml | 5 +- tezt/manual_tests/dal.ml | 3 +- 8 files changed, 52 insertions(+), 87 deletions(-) diff --git a/src/lib_crypto_dal/cryptobox.ml b/src/lib_crypto_dal/cryptobox.ml index 56dc0eaf5c97..298e13b2ca10 100644 --- a/src/lib_crypto_dal/cryptobox.ml +++ b/src/lib_crypto_dal/cryptobox.ml @@ -1262,10 +1262,16 @@ include Inner module Verifier = Inner module Internal_for_tests = struct - let parameters_initialisation () = + let prover_parameters () = Prover {test = true; srs = Srs_verifier.Internal_for_tests.fake_srs ()} - let load_parameters parameters = initialisation_parameters := parameters + (* Since computing fake_srs is costly, we avoid to recompute it. *) + let init_prover_dal () = + match !initialisation_parameters with + | Prover {test; _} when test -> () + | _ -> initialisation_parameters := prover_parameters () + + let init_verifier_dal () = initialisation_parameters := Verifier {test = true} let make_dummy_shards (t : t) ~state = Random.set_state state ; @@ -1300,9 +1306,6 @@ module Internal_for_tests = struct let precomputation_equal = Kate_amortized.preprocess_equal - let reset_initialisation_parameters () = - initialisation_parameters := Verifier {test = false} - let dummy_commitment ~state () = Commitment_proof.random ~state () let dummy_page_proof ~state () = Commitment_proof.random ~state () @@ -1382,13 +1385,7 @@ module Config = struct if dal_config.activated then let* initialisation_parameters = match dal_config.use_mock_srs_for_testing with - | Some _parameters -> - return - (Prover - { - test = true; - srs = Srs_verifier.Internal_for_tests.fake_srs (); - }) + | Some _parameters -> return (Internal_for_tests.prover_parameters ()) | None -> let*? srs_g1_path, _ = find_srs_files () in let* srs = diff --git a/src/lib_crypto_dal/cryptobox.mli b/src/lib_crypto_dal/cryptobox.mli index ccf77c7f3a13..0fd6b9600dac 100644 --- a/src/lib_crypto_dal/cryptobox.mli +++ b/src/lib_crypto_dal/cryptobox.mli @@ -433,13 +433,11 @@ module Internal_for_tests : sig (** The initialisation parameters can be too large for testing purposes. This function creates an unsafe initialisation parameters using default parameters designed to handle test cases. *) - val parameters_initialisation : unit -> initialisation_parameters + val init_prover_dal : unit -> unit - (** Same as {!val:load_parameters} except it erase parameters if - they were already loaded. This is used to circumvent limitation - from test frameworks where tests with various parameters could be - run using the same binary. *) - val load_parameters : initialisation_parameters -> unit + (** This function creates an unsafe initialisation parameters for the + verifier using default parameters designed to handle test cases. *) + val init_verifier_dal : unit -> unit (** Returns a randomized valid sequence of shards using the random state [state] for the given parameters. *) @@ -504,8 +502,6 @@ module Internal_for_tests : sig val precomputation_equal : shards_proofs_precomputation -> shards_proofs_precomputation -> bool - val reset_initialisation_parameters : unit -> unit - val encoded_share_size : t -> int (** [ensure_validity parameters] returns true if the [parameters] are valid. diff --git a/src/lib_crypto_dal/test/test_dal_cryptobox.ml b/src/lib_crypto_dal/test/test_dal_cryptobox.ml index 239273ae0f64..da466e0f0831 100644 --- a/src/lib_crypto_dal/test/test_dal_cryptobox.ml +++ b/src/lib_crypto_dal/test/test_dal_cryptobox.ml @@ -73,17 +73,6 @@ module Test = struct their length must be greater than the number of shards. *) let max_page_size_log2 = max_slot_size_log2 - size_offset_log2 - (* The set of parameters maximizing the SRS length, and which - is in the codomain of [generate_parameters]. *) - let parameters = - lazy Cryptobox.Internal_for_tests.(parameters_initialisation ()) - - (* Initializes the DAL parameters *) - let init () = - Cryptobox.Internal_for_tests.load_parameters (Lazy.force parameters) - - let reset = Cryptobox.Internal_for_tests.reset_initialisation_parameters - type parameters = { slot_size : int; page_size : int; @@ -180,7 +169,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -223,7 +212,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -266,7 +255,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -301,7 +290,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -338,7 +327,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let state = QCheck_base_runner.random_state () in @@ -359,7 +348,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -379,7 +368,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -393,7 +382,9 @@ module Test = struct (page_index * params.page_size) params.page_size in - reset () ; + (* Testing the initialisation logic, even if the prover’s would be + enough to verify *) + Cryptobox.Internal_for_tests.init_verifier_dal () ; let* t = make params in Cryptobox.verify_page t commitment ~page_index page page_proof) |> function @@ -410,7 +401,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -427,8 +418,6 @@ module Test = struct (page_index * params.page_size) params.page_size in - reset () ; - let* t = make params in Cryptobox.verify_page t commitment ~page_index page altered_proof) |> function | Error `Invalid_page -> true @@ -444,7 +433,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -465,7 +454,9 @@ module Test = struct (the queried index is out of bounds) doesn't happen. *) assert false | Some shard -> - reset () ; + (* Testing the initialisation logic, even if the prover’s would be + enough to verify *) + Cryptobox.Internal_for_tests.init_verifier_dal () ; let* t = make params in Cryptobox.verify_shard t @@ -480,7 +471,7 @@ module Test = struct (* The following parameters used to be accepted by the [ensure_validity] function, while they were actually unsupported (they indeed break an invariant and trigger a runtime exception). *) - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; let params = { slot_size = 512; @@ -502,7 +493,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -527,8 +518,6 @@ module Test = struct Cryptobox.Internal_for_tests.alter_shard_proof shard_proofs.(shard_index) in - reset () ; - let* t = make params in Cryptobox.verify_shard t commitment shard altered_proof) |> function | Error `Invalid_shard -> true @@ -545,13 +534,15 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in let* commitment = Cryptobox.commit t polynomial in let* commitment_proof = Cryptobox.prove_commitment t polynomial in - reset () ; + (* Testing the initialisation logic, even if the prover’s would be + enough to verify *) + Cryptobox.Internal_for_tests.init_verifier_dal () ; let* t = make params in return (Cryptobox.verify_commitment t commitment commitment_proof)) |> function @@ -567,7 +558,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -576,8 +567,6 @@ module Test = struct let altered_proof = Cryptobox.Internal_for_tests.alter_commitment_proof commitment_proof in - reset () ; - let* t = make params in return (Cryptobox.verify_commitment t commitment altered_proof)) |> function | Ok false -> true @@ -607,7 +596,7 @@ module Test = struct ~count:1 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = Result.map_error @@ -647,7 +636,7 @@ module Test = struct ~count:1 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = Result.map_error @@ -682,7 +671,6 @@ module Test = struct let config : Cryptobox.Config.t = {activated = true; use_mock_srs_for_testing = None; bootstrap_peers = []} in - Cryptobox.Internal_for_tests.reset_initialisation_parameters () ; let find_srs_files () : (string * string) Error_monad.tzresult = Ok (path "srs_zcash_g1_5", path "srs_zcash_g2_5") in @@ -696,7 +684,6 @@ module Test = struct let config : Cryptobox.Config.t = {activated = true; use_mock_srs_for_testing = None; bootstrap_peers = []} in - Cryptobox.Internal_for_tests.reset_initialisation_parameters () ; let find_srs_files () : (string * string) Error_monad.tzresult = Ok (path "srs_zcash_g1_5", path "srs_zcash_g2_5") in @@ -716,7 +703,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = Cryptobox.make (get_cryptobox_parameters params) in let slot = @@ -743,7 +730,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = Cryptobox.make (get_cryptobox_parameters params) in let state = QCheck_base_runner.random_state () in @@ -761,8 +748,6 @@ module Test = struct let page_index = randrange (Cryptobox.Internal_for_tests.number_of_pages t) in - reset () ; - let* t = make params in Cryptobox.verify_page t commitment ~page_index page page_proof) |> function | Error `Page_length_mismatch -> true @@ -777,7 +762,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let state = QCheck_base_runner.random_state () in @@ -797,8 +782,6 @@ module Test = struct let shard_proof = Cryptobox.Internal_for_tests.dummy_shard_proof ~state () in - reset () ; - let* t = make params in Cryptobox.verify_shard t commitment shard shard_proof) |> function | Error `Shard_length_mismatch -> true @@ -813,7 +796,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let* polynomial = Cryptobox.polynomial_from_slot t params.slot in @@ -836,7 +819,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = Cryptobox.make (get_cryptobox_parameters params) in let state = QCheck_base_runner.random_state () in @@ -856,8 +839,6 @@ module Test = struct ~min:0 ~max:(Cryptobox.Internal_for_tests.number_of_pages t) in - reset () ; - let* t = make params in Cryptobox.verify_page t commitment ~page_index page page_proof) |> function | Error `Page_index_out_of_range -> true @@ -872,7 +853,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = Cryptobox.make (get_cryptobox_parameters params) in let state = QCheck_base_runner.random_state () in @@ -889,8 +870,6 @@ module Test = struct ~index:shard_index ~length:(Cryptobox.Internal_for_tests.shard_length t) in - reset () ; - let* t = make params in Cryptobox.verify_shard t commitment shard shard_proof) |> function | Error (`Shard_index_out_of_range _) -> true @@ -905,7 +884,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in let state = QCheck_base_runner.random_state () in @@ -927,7 +906,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; let deg = ref 0 in let size_srs_g1 = ref 0 in assert (ensure_validity params) ; @@ -956,7 +935,7 @@ module Test = struct ~count:30 generate_parameters (fun params -> - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; assert (ensure_validity params) ; (let* t = make params in (* This encoding has not a fixed size since it depends on the DAL @@ -988,7 +967,7 @@ module Test = struct This test should be adapted with the new constraints on the DAL parameters. *) let _test_collision_page_size () = let slot_size = 1 lsl 6 in - init () ; + Cryptobox.Internal_for_tests.init_prover_dal () ; let open Error_monad.Result_syntax in (let* t1 = Cryptobox.make diff --git a/src/proto_017_PtNairob/lib_protocol/test/helpers/dal_helpers.ml b/src/proto_017_PtNairob/lib_protocol/test/helpers/dal_helpers.ml index b0ecc73bde27..bfda6f74de2a 100644 --- a/src/proto_017_PtNairob/lib_protocol/test/helpers/dal_helpers.ml +++ b/src/proto_017_PtNairob/lib_protocol/test/helpers/dal_helpers.ml @@ -48,8 +48,7 @@ let () = let mk_cryptobox dal_params = let open Result_syntax in - let parameters = Cryptobox.Internal_for_tests.parameters_initialisation () in - let () = Cryptobox.Internal_for_tests.load_parameters parameters in + let () = Cryptobox.Internal_for_tests.init_prover_dal () in match Cryptobox.make dal_params with | Ok dal -> return dal | Error (`Fail s) -> fail [Test_failure s] diff --git a/src/proto_018_Proxford/lib_protocol/test/helpers/dal_helpers.ml b/src/proto_018_Proxford/lib_protocol/test/helpers/dal_helpers.ml index 9e200c9208f3..0c4a75cda56d 100644 --- a/src/proto_018_Proxford/lib_protocol/test/helpers/dal_helpers.ml +++ b/src/proto_018_Proxford/lib_protocol/test/helpers/dal_helpers.ml @@ -48,8 +48,7 @@ let () = let mk_cryptobox dal_params = let open Result_syntax in - let parameters = Cryptobox.Internal_for_tests.parameters_initialisation () in - let () = Cryptobox.Internal_for_tests.load_parameters parameters in + let () = Cryptobox.Internal_for_tests.init_prover_dal () in match Cryptobox.make dal_params with | Ok dal -> return dal | Error (`Fail s) -> fail [Test_failure s] diff --git a/src/proto_alpha/lib_protocol/test/helpers/dal_helpers.ml b/src/proto_alpha/lib_protocol/test/helpers/dal_helpers.ml index 9e200c9208f3..0c4a75cda56d 100644 --- a/src/proto_alpha/lib_protocol/test/helpers/dal_helpers.ml +++ b/src/proto_alpha/lib_protocol/test/helpers/dal_helpers.ml @@ -48,8 +48,7 @@ let () = let mk_cryptobox dal_params = let open Result_syntax in - let parameters = Cryptobox.Internal_for_tests.parameters_initialisation () in - let () = Cryptobox.Internal_for_tests.load_parameters parameters in + let () = Cryptobox.Internal_for_tests.init_prover_dal () in match Cryptobox.make dal_params with | Ok dal -> return dal | Error (`Fail s) -> fail [Test_failure s] diff --git a/tezt/lib_tezos/dal_common.ml b/tezt/lib_tezos/dal_common.ml index 5e684d33fc6f..3cca957cfd68 100644 --- a/tezt/lib_tezos/dal_common.ml +++ b/tezt/lib_tezos/dal_common.ml @@ -458,10 +458,7 @@ module Helpers = struct ?(on_error = fun msg -> Test.fail "Dal_common.make: Unexpected error: %s" msg) parameters = - let initialisation_parameters = - Cryptobox.Internal_for_tests.parameters_initialisation () - in - Cryptobox.Internal_for_tests.load_parameters initialisation_parameters ; + Cryptobox.Internal_for_tests.init_prover_dal () ; match Cryptobox.make parameters with | Ok cryptobox -> cryptobox | Error (`Fail msg) -> on_error msg diff --git a/tezt/manual_tests/dal.ml b/tezt/manual_tests/dal.ml index 6017df98f766..88acec2dca18 100644 --- a/tezt/manual_tests/dal.ml +++ b/tezt/manual_tests/dal.ml @@ -63,8 +63,7 @@ let dal_parameters () = in match Internal_for_tests.ensure_validity_without_srs parameters with | Ok _ -> - Internal_for_tests.parameters_initialisation () - |> Internal_for_tests.load_parameters ; + Internal_for_tests.init_prover_dal () ; let _ = make parameters in unit | Error (`Fail s) -> -- GitLab From c8d86405e4cf1a563251bde0f84e0f6451893193 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 17:58:18 +0100 Subject: [PATCH 05/18] Crypto_Dal: add parameters_check.ml --- src/lib_crypto_dal/cryptobox.ml | 80 ++++++++++++-------------- src/lib_crypto_dal/parameters_check.ml | 58 +++++++++++++++++++ src/lib_crypto_dal/srs_verifier.ml | 29 +--------- 3 files changed, 98 insertions(+), 69 deletions(-) create mode 100644 src/lib_crypto_dal/parameters_check.ml diff --git a/src/lib_crypto_dal/cryptobox.ml b/src/lib_crypto_dal/cryptobox.ml index 298e13b2ca10..197e33c43ad9 100644 --- a/src/lib_crypto_dal/cryptobox.ml +++ b/src/lib_crypto_dal/cryptobox.ml @@ -54,12 +54,6 @@ type initialisation_parameters = (* Initialisation parameters are supposed to be instantiated once. *) let initialisation_parameters = ref @@ Verifier {test = false} -let scalar_bytes_amount = Srs_verifier.scalar_bytes_amount - -let page_length = Srs_verifier.page_length - -let slot_as_polynomial_length = Srs_verifier.slot_as_polynomial_length - (* This function is expected to be called once. *) let load_parameters parameters = let open Result_syntax in @@ -284,6 +278,13 @@ module Inner = struct %d" number_of_shards) in + let max_polynomial_length, erasure_encoded_polynomial_length, shard_length = + Parameters_check.compute_lengths + ~redundancy_factor + ~slot_size + ~page_size + ~number_of_shards + in let* () = assert_result (is_power_of_two slot_size) @@ -314,12 +315,6 @@ module Inner = struct 2. Given: %d" redundancy_factor) in - let max_polynomial_length = - slot_as_polynomial_length ~slot_size ~page_size - in - let erasure_encoded_polynomial_length = - redundancy_factor * max_polynomial_length - in (* At this point [erasure_encoded_polynomial_length] is a power of 2, and [erasure_encoded_polynomial_length > max_polynomial_length]. *) let* () = assert_result @@ -372,7 +367,6 @@ module Inner = struct (erasure_encoded_polynomial_length / 2) number_of_shards) in - let shard_length = erasure_encoded_polynomial_length / number_of_shards in let* () = assert_result (shard_length < max_polynomial_length) @@ -432,14 +426,13 @@ module Inner = struct ~redundancy_factor ~number_of_shards in - let max_polynomial_length = - slot_as_polynomial_length ~slot_size ~page_size - in - let shard_length = - let erasure_encoded_polynomial_length = - redundancy_factor * max_polynomial_length - in - erasure_encoded_polynomial_length / number_of_shards + let max_polynomial_length, _erasure_encoded_polynomial_length, shard_length + = + Parameters_check.compute_lengths + ~redundancy_factor + ~slot_size + ~page_size + ~number_of_shards in let min_g1 = match mode with @@ -458,7 +451,7 @@ module Inner = struct min_g1 srs_g1_length) in - let page_length_domain = Srs_verifier.domain_length ~size:page_size in + let page_length_domain = Parameters_check.domain_length ~size:page_size in let module Srs_verifier = (val srs_verifier : Srs_verifier.S) in let offset_monomial_degree = Srs_verifier.max_srs_size - max_polynomial_length @@ -532,14 +525,15 @@ module Inner = struct (* The cryptobox is deterministically computed from the DAL parameters and this computation takes time (on the order of 10ms) so we cache it. *) with_cache (parameters, !initialisation_parameters) @@ fun () -> - let max_polynomial_length = - slot_as_polynomial_length ~slot_size ~page_size - in - let erasure_encoded_polynomial_length = - redundancy_factor * max_polynomial_length + let max_polynomial_length, erasure_encoded_polynomial_length, shard_length + = + Parameters_check.compute_lengths + ~redundancy_factor + ~slot_size + ~page_size + ~number_of_shards in - let shard_length = erasure_encoded_polynomial_length / number_of_shards in - let page_length = page_length ~page_size in + let page_length = Parameters_check.page_length ~page_size in let page_length_domain, _, _ = FFT.select_fft_domain page_length in let* mode, srs_g1, srs_verifier = Ok (get_srs !initialisation_parameters) @@ -584,7 +578,7 @@ module Inner = struct pages_per_slot = pages_per_slot parameters; page_length; page_length_domain; - remaining_bytes = page_size mod scalar_bytes_amount; + remaining_bytes = page_size mod Parameters_check.scalar_bytes_amount; srs_g2; mode; kate_amortized; @@ -639,11 +633,11 @@ module Inner = struct 1. a serialization phase where pages are converted to sequences of scalar elements, which is injective: if two outputs for two slots are equal, then the slots are equal since we’re just - splitting a page into chunks of [scalar_bytes_amount] bytes and + splitting a page into chunks of [Parameters_check.scalar_bytes_amount] bytes and a last one of [t.remaining_bytes] bytes. Parse the byte sequence slot = page_0 ... page_{t.pages_per_slot-1} - page by page by chunks of [scalar_bytes_amount], or [t.remaining_bytes] + page by page by chunks of [Parameters_check.scalar_bytes_amount], or [t.remaining_bytes] for the last page chunk. to obtain the vector of length [polynomial_length = t.page_length * t.pages_per_slot] @@ -677,9 +671,9 @@ module Inner = struct the buffer [slot] bounds. *) if !offset >= t.slot_size then () else - let dst = Bytes.create scalar_bytes_amount in - Bytes.blit slot !offset dst 0 scalar_bytes_amount ; - offset := !offset + scalar_bytes_amount ; + let dst = Bytes.create Parameters_check.scalar_bytes_amount in + Bytes.blit slot !offset dst 0 Parameters_check.scalar_bytes_amount ; + offset := !offset + Parameters_check.scalar_bytes_amount ; (* Apply the permutation. *) coefficients.((elt * t.pages_per_slot) + page) <- Scalar.of_bytes_exn dst @@ -716,8 +710,8 @@ module Inner = struct for elt = 0 to t.page_length - 2 do let idx = (elt * t.pages_per_slot) + page in let coeff = Scalar.to_bytes (Evals.get evaluations idx) in - Bytes.blit coeff 0 slot !offset scalar_bytes_amount ; - offset := !offset + scalar_bytes_amount + Bytes.blit coeff 0 slot !offset Parameters_check.scalar_bytes_amount ; + offset := !offset + Parameters_check.scalar_bytes_amount done ; let idx = ((t.page_length - 1) * t.pages_per_slot) + page in let coeff = Scalar.to_bytes (Evals.get evaluations idx) in @@ -1219,16 +1213,16 @@ module Inner = struct let evaluations = Array.init t.page_length_domain (function | i when i < t.page_length - 1 -> - (* Parse the [page] by chunks of [scalar_bytes_amount] bytes. + (* Parse the [page] by chunks of [Parameters_check.scalar_bytes_amount] bytes. These chunks are interpreted as [Scalar.t] elements and stored in [evaluations]. *) - let dst = Bytes.create scalar_bytes_amount in + let dst = Bytes.create Parameters_check.scalar_bytes_amount in Bytes.blit page - (i * scalar_bytes_amount) + (i * Parameters_check.scalar_bytes_amount) dst 0 - scalar_bytes_amount ; + Parameters_check.scalar_bytes_amount ; Scalar.of_bytes_exn dst | i when i = t.page_length - 1 -> (* Store the remaining bytes in the last nonzero coefficient @@ -1236,7 +1230,7 @@ module Inner = struct let dst = Bytes.create t.remaining_bytes in Bytes.blit page - (i * scalar_bytes_amount) + (i * Parameters_check.scalar_bytes_amount) dst 0 t.remaining_bytes ; @@ -1355,7 +1349,7 @@ module Internal_for_tests = struct | Ok _ -> true | _ -> false - let slot_as_polynomial_length = slot_as_polynomial_length + let slot_as_polynomial_length = Parameters_check.slot_as_polynomial_length end module Config = struct diff --git a/src/lib_crypto_dal/parameters_check.ml b/src/lib_crypto_dal/parameters_check.ml new file mode 100644 index 000000000000..87df0dcd26a4 --- /dev/null +++ b/src/lib_crypto_dal/parameters_check.ml @@ -0,0 +1,58 @@ +(*****************************************************************************) +(* *) +(* Open Source License *) +(* Copyright (c) 2024 Nomadic Labs *) +(* *) +(* Permission is hereby granted, free of charge, to any person obtaining a *) +(* copy of this software and associated documentation files (the "Software"),*) +(* to deal in the Software without restriction, including without limitation *) +(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *) +(* and/or sell copies of the Software, and to permit persons to whom the *) +(* Software is furnished to do so, subject to the following conditions: *) +(* *) +(* The above copyright notice and this permission notice shall be included *) +(* in all copies or substantial portions of the Software. *) +(* *) +(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*) +(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *) +(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *) +(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*) +(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *) +(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *) +(* DEALINGS IN THE SOFTWARE. *) +(* *) +(*****************************************************************************) + +open Error_monad +open Kzg.Bls + +(* Number of bytes fitting in a Scalar.t. Since scalars are integer modulo + r~2^255, we restrict ourselves to 248-bit integers (31 bytes). *) +let scalar_bytes_amount = Scalar.size_in_bytes - 1 + +(* The page size is a power of two and thus not a multiple of [scalar_bytes_amount], + hence the + 1 to account for the remainder of the division. *) +let page_length ~page_size = Int.div page_size scalar_bytes_amount + 1 + +(* for a given [size] (in bytes), return the length of the corresponding + domain *) +let domain_length ~size = + let length = page_length ~page_size:size in + let length_domain, _, _ = Kzg.Utils.FFT.select_fft_domain length in + length_domain + +(* [slot_as_polynomial_length ~slot_size ~page_size] returns the length of the + polynomial of maximal degree representing a slot of size [slot_size] with + [slot_size / page_size] pages (page_size must divides slot_size). The + returned length thus depends on the number of pages. *) +let slot_as_polynomial_length ~slot_size ~page_size = + let page_length_domain = domain_length ~size:page_size in + slot_size / page_size * page_length_domain + +let compute_lengths ~redundancy_factor ~slot_size ~page_size ~number_of_shards = + let max_polynomial_length = slot_as_polynomial_length ~slot_size ~page_size in + let erasure_encoded_polynomial_length = + redundancy_factor * max_polynomial_length + in + let shard_length = erasure_encoded_polynomial_length / number_of_shards in + (max_polynomial_length, erasure_encoded_polynomial_length, shard_length) diff --git a/src/lib_crypto_dal/srs_verifier.ml b/src/lib_crypto_dal/srs_verifier.ml index 5842ab70a7df..f013361d2af9 100644 --- a/src/lib_crypto_dal/srs_verifier.ml +++ b/src/lib_crypto_dal/srs_verifier.ml @@ -31,29 +31,6 @@ type srs_verifier = {shards : G2.t; pages : G2.t; commitment : G2.t} let max_verifier_srs_size = Srs_g1.size srs_g1 -(* Number of bytes fitting in a Scalar.t. Since scalars are integer modulo - r~2^255, we restrict ourselves to 248-bit integers (31 bytes). *) -let scalar_bytes_amount = Scalar.size_in_bytes - 1 - -(* The page size is a power of two and thus not a multiple of [scalar_bytes_amount], - hence the + 1 to account for the remainder of the division. *) -let page_length ~page_size = Int.div page_size scalar_bytes_amount + 1 - -(* for a given [size] (in bytes), return the length of the corresponding - domain *) -let domain_length ~size = - let length = page_length ~page_size:size in - let length_domain, _, _ = Kzg.Utils.FFT.select_fft_domain length in - length_domain - -(* [slot_as_polynomial_length ~slot_size ~page_size] returns the length of the - polynomial of maximal degree representing a slot of size [slot_size] with - [slot_size / page_size] pages (page_size must divides slot_size). The - returned length thus depends on the number of pages. *) -let slot_as_polynomial_length ~slot_size ~page_size = - let page_length_domain = domain_length ~size:page_size in - slot_size / page_size * page_length_domain - let get_verifier_srs2 max_srs_size get_srs2 ~max_polynomial_length ~page_length_domain ~shard_length = let shards = get_srs2 shard_length in @@ -227,7 +204,7 @@ module Print = struct let page_srs = let values = List.init p.page_range (fun i -> - domain_length ~size:(1 lsl (i + p.page_offset))) + Parameters_check.domain_length ~size:(1 lsl (i + p.page_offset))) in values in @@ -240,7 +217,7 @@ module Print = struct let page_size = page_size + p.page_offset in let res = max_srs_size - - slot_as_polynomial_length + - Parameters_check.slot_as_polynomial_length ~page_size:(1 lsl page_size) ~slot_size:(1 lsl slot_size) in @@ -264,7 +241,7 @@ module Print = struct List.init p.shard_range (fun nb_shards -> let nb_shards = nb_shards + shard_offset in redundancy - * slot_as_polynomial_length + * Parameters_check.slot_as_polynomial_length ~page_size:(1 lsl page_size) ~slot_size:(1 lsl slot_size) / (1 lsl nb_shards))))) -- GitLab From d1295425584591d5d4a4fecc39d36645b4a76b3c Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 18:27:12 +0100 Subject: [PATCH 06/18] Crypto_Dal/Cryptobox: move ensure_validity_without_srs in parameters_check.ml --- src/lib_crypto_dal/cryptobox.ml | 154 +------------------------ src/lib_crypto_dal/parameters_check.ml | 143 +++++++++++++++++++++++ 2 files changed, 145 insertions(+), 152 deletions(-) diff --git a/src/lib_crypto_dal/cryptobox.ml b/src/lib_crypto_dal/cryptobox.ml index 197e33c43ad9..ff47356aea34 100644 --- a/src/lib_crypto_dal/cryptobox.ml +++ b/src/lib_crypto_dal/cryptobox.ml @@ -263,156 +263,6 @@ module Inner = struct kate_amortized : Kate_amortized.public_parameters; } - let is_power_of_two = Kzg.Utils.is_power_of_two - - let ensure_validity_without_srs ~slot_size ~page_size ~redundancy_factor - ~number_of_shards = - let open Result_syntax in - let assert_result condition error_message = - if not condition then fail (`Fail (error_message ())) else return_unit - in - let* () = - assert_result (number_of_shards > 0) (fun () -> - Format.asprintf - "The number of shards must be a strictly positive integer. Given: \ - %d" - number_of_shards) - in - let max_polynomial_length, erasure_encoded_polynomial_length, shard_length = - Parameters_check.compute_lengths - ~redundancy_factor - ~slot_size - ~page_size - ~number_of_shards - in - let* () = - assert_result - (is_power_of_two slot_size) - (* According to the specification the length of a slot are in MiB *) - (fun () -> - Format.asprintf - "Slot size is expected to be a power of 2. Given: %d" - slot_size) - in - let* () = - assert_result - (is_power_of_two page_size) - (* According to the specification the lengths of a page are in MiB *) - (fun () -> - Format.asprintf - "Page size is expected to be a power of 2. Given: %d" - page_size) - in - let* () = - assert_result - (is_power_of_two redundancy_factor && redundancy_factor >= 2) - (* The redundancy factor should be a power of 2 so that n is a power of 2 - for proper FFT sizing. The variable [polynomial_length] is assumed to be a power of 2 - as the output of [slot_as_polynomial_length]. *) - (fun () -> - Format.asprintf - "Redundancy factor is expected to be a power of 2 and greater than \ - 2. Given: %d" - redundancy_factor) - in - (* At this point [erasure_encoded_polynomial_length] is a power of 2, and [erasure_encoded_polynomial_length > max_polynomial_length]. *) - let* () = - assert_result - (page_size >= 32 && page_size < slot_size) - (* The size of a page must be greater than 31 bytes (32 > 31 is the next - power of two), the size in bytes of a scalar element, and strictly less - than the slot size. *) - (fun () -> - Format.asprintf - "Page size is expected to be greater than '32' and strictly less \ - than the slot_size '%d'. Got: %d" - slot_size - page_size) - in - let max_two_adicity_log = 32 in - let two_adicity_log = - snd Z.(remove (of_int erasure_encoded_polynomial_length) (of_int 2)) - in - let* () = - assert_result - (two_adicity_log <= max_two_adicity_log) - (* The 2-adicity of [erasure_encoded_polynomial_length] must be at most 2^32, - the size of the biggest subgroup of 2^i roots of unity in the multiplicative group of Fr, - because the FFTs operate on such groups. *) - (fun () -> - Format.asprintf - "Slot size (%d) and/or redundancy factor (%d) is/are too high: \ - expected 2-adicity of erasure_encoded_polynomial_length (%d) to \ - be at most 2^%d, got: 2^%d" - slot_size - redundancy_factor - erasure_encoded_polynomial_length - max_two_adicity_log - two_adicity_log) - in - let* () = - assert_result - (erasure_encoded_polynomial_length mod number_of_shards == 0 - && number_of_shards < erasure_encoded_polynomial_length) - (* The number of shards must divide n, so [number_of_shards <= erasure_encoded_polynomial_length]. - Moreover, the inequality is strict because if [number_of_shards = erasure_encoded_polynomial_length], - the domains for the FFT contain only one element and we cannot build - FFT domains with only one element. Given that [erasure_encoded_polynomial_length] is a power of two, - it follows that the maximum number of shards is [erasure_encoded_polynomial_length/2]. *) - (fun () -> - Format.asprintf - "The number of shards must divide, and not be equal to %d. For the \ - given parameter, the maximum number of shards is %d. Got: %d." - erasure_encoded_polynomial_length - (erasure_encoded_polynomial_length / 2) - number_of_shards) - in - let* () = - assert_result - (shard_length < max_polynomial_length) - (* Since shard_length = n / number_of_shards, we obtain - (all quantities are positive integers): - shard_length < k - => n / number_of_shards < k - => n / k < number_of_shards - => redundancy_factor < number_of_shards - since number_of_shards is a power of 2 the minimum value for - number_of_shards is 2 * redundancy_factor. *) - (fun () -> - Format.asprintf - "For the given parameters, the minimum number of shards is %d. Got \ - %d." - (redundancy_factor * 2) - number_of_shards) - in - let domain_length = 2 * max_polynomial_length / shard_length in - let* () = - assert_result - (domain_length <> 0 && domain_length land (domain_length - 1) = 0) - (* The computation of shard proofs further require the [domain_length] to - be a power of two for correct FFT sizing, even though we could relax - the constraint to a product of primes dividing the order of the group - G1 thanks to the Prime Factorization Algorithm, as we currently do with - the FFTs on scalar elements, if the need arises. *) - (fun () -> - (* [domain_length = 2 * max_polynomial_length / shard_length - = 2 * max_polynomial_length / (redundancy_factor * max_polynomial_length / number_of_shards) - = 2 * number_of_shards / redundancy_factor] *) - Format.asprintf - "The ratio (2 * number of shards / redundancy factor) must be a \ - power of two. Got 2 * %d / %d = %d" - number_of_shards - redundancy_factor - domain_length) - in - assert_result - (max_polynomial_length mod shard_length = 0) - (fun () -> - Format.asprintf - "The length of a shard must divide %d. Got %d" - max_polynomial_length - shard_length) - let ensure_validity ~srs_verifier ~mode ~slot_size ~page_size ~redundancy_factor ~number_of_shards ~srs_g1_length = let open Result_syntax in @@ -420,7 +270,7 @@ module Inner = struct if not condition then fail (`Fail (error_message ())) else return_unit in let* () = - ensure_validity_without_srs + Parameters_check.ensure_validity_without_srs ~slot_size ~page_size ~redundancy_factor @@ -1327,7 +1177,7 @@ module Internal_for_tests = struct let ensure_validity_without_srs {redundancy_factor; slot_size; page_size; number_of_shards; _} = - ensure_validity_without_srs + Parameters_check.ensure_validity_without_srs ~redundancy_factor ~slot_size ~page_size diff --git a/src/lib_crypto_dal/parameters_check.ml b/src/lib_crypto_dal/parameters_check.ml index 87df0dcd26a4..c8e3d96aed78 100644 --- a/src/lib_crypto_dal/parameters_check.ml +++ b/src/lib_crypto_dal/parameters_check.ml @@ -56,3 +56,146 @@ let compute_lengths ~redundancy_factor ~slot_size ~page_size ~number_of_shards = in let shard_length = erasure_encoded_polynomial_length / number_of_shards in (max_polynomial_length, erasure_encoded_polynomial_length, shard_length) + +let ensure_validity_without_srs ~slot_size ~page_size ~redundancy_factor + ~number_of_shards = + let open Result_syntax in + let assert_result condition error_message = + if not condition then fail (`Fail (error_message ())) else return_unit + in + let* () = + assert_result (number_of_shards > 0) (fun () -> + Format.asprintf + "The number of shards must be a strictly positive integer. Given: %d" + number_of_shards) + in + let max_polynomial_length, erasure_encoded_polynomial_length, shard_length = + compute_lengths ~redundancy_factor ~slot_size ~page_size ~number_of_shards + in + let* () = + assert_result + (Kzg.Utils.is_power_of_two slot_size) + (* According to the specification the length of a slot are in MiB *) + (fun () -> + Format.asprintf + "Slot size is expected to be a power of 2. Given: %d" + slot_size) + in + let* () = + assert_result + (Kzg.Utils.is_power_of_two page_size) + (* According to the specification the lengths of a page are in MiB *) + (fun () -> + Format.asprintf + "Page size is expected to be a power of 2. Given: %d" + page_size) + in + let* () = + assert_result + (Kzg.Utils.is_power_of_two redundancy_factor && redundancy_factor >= 2) + (* The redundancy factor should be a power of 2 so that n is a power of 2 + for proper FFT sizing. The variable [polynomial_length] is assumed to be a power of 2 + as the output of [slot_as_polynomial_length]. *) + (fun () -> + Format.asprintf + "Redundancy factor is expected to be a power of 2 and greater than \ + 2. Given: %d" + redundancy_factor) + in + (* At this point [erasure_encoded_polynomial_length] is a power of 2, and [erasure_encoded_polynomial_length > max_polynomial_length]. *) + let* () = + assert_result + (page_size >= 32 && page_size < slot_size) + (* The size of a page must be greater than 31 bytes (32 > 31 is the next + power of two), the size in bytes of a scalar element, and strictly less + than the slot size. *) + (fun () -> + Format.asprintf + "Page size is expected to be greater than '32' and strictly less \ + than the slot_size '%d'. Got: %d" + slot_size + page_size) + in + let max_two_adicity_log = 32 in + let two_adicity_log = + snd Z.(remove (of_int erasure_encoded_polynomial_length) (of_int 2)) + in + let* () = + assert_result + (two_adicity_log <= max_two_adicity_log) + (* The 2-adicity of [erasure_encoded_polynomial_length] must be at most 2^32, + the size of the biggest subgroup of 2^i roots of unity in the multiplicative group of Fr, + because the FFTs operate on such groups. *) + (fun () -> + Format.asprintf + "Slot size (%d) and/or redundancy factor (%d) is/are too high: \ + expected 2-adicity of erasure_encoded_polynomial_length (%d) to be \ + at most 2^%d, got: 2^%d" + slot_size + redundancy_factor + erasure_encoded_polynomial_length + max_two_adicity_log + two_adicity_log) + in + let* () = + assert_result + (erasure_encoded_polynomial_length mod number_of_shards == 0 + && number_of_shards < erasure_encoded_polynomial_length) + (* The number of shards must divide n, so [number_of_shards <= erasure_encoded_polynomial_length]. + Moreover, the inequality is strict because if [number_of_shards = erasure_encoded_polynomial_length], + the domains for the FFT contain only one element and we cannot build + FFT domains with only one element. Given that [erasure_encoded_polynomial_length] is a power of two, + it follows that the maximum number of shards is [erasure_encoded_polynomial_length/2]. *) + (fun () -> + Format.asprintf + "The number of shards must divide, and not be equal to %d. For the \ + given parameter, the maximum number of shards is %d. Got: %d." + erasure_encoded_polynomial_length + (erasure_encoded_polynomial_length / 2) + number_of_shards) + in + let* () = + assert_result + (shard_length < max_polynomial_length) + (* Since shard_length = n / number_of_shards, we obtain + (all quantities are positive integers): + shard_length < k + => n / number_of_shards < k + => n / k < number_of_shards + => redundancy_factor < number_of_shards + since number_of_shards is a power of 2 the minimum value for + number_of_shards is 2 * redundancy_factor. *) + (fun () -> + Format.asprintf + "For the given parameters, the minimum number of shards is %d. Got \ + %d." + (redundancy_factor * 2) + number_of_shards) + in + let domain_length = 2 * max_polynomial_length / shard_length in + let* () = + assert_result + (domain_length <> 0 && domain_length land (domain_length - 1) = 0) + (* The computation of shard proofs further require the [domain_length] to + be a power of two for correct FFT sizing, even though we could relax + the constraint to a product of primes dividing the order of the group + G1 thanks to the Prime Factorization Algorithm, as we currently do with + the FFTs on scalar elements, if the need arises. *) + (fun () -> + (* [domain_length = 2 * max_polynomial_length / shard_length + = 2 * max_polynomial_length / (redundancy_factor * max_polynomial_length / number_of_shards) + = 2 * number_of_shards / redundancy_factor] *) + Format.asprintf + "The ratio (2 * number of shards / redundancy factor) must be a \ + power of two. Got 2 * %d / %d = %d" + number_of_shards + redundancy_factor + domain_length) + in + assert_result + (max_polynomial_length mod shard_length = 0) + (fun () -> + Format.asprintf + "The length of a shard must divide %d. Got %d" + max_polynomial_length + shard_length) -- GitLab From e4a433f3c3da745deb8d11aca0afc82a857f5dc7 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 18:40:17 +0100 Subject: [PATCH 07/18] Crypto_Dal/Srs_verifier: add ensure_srs_validity --- src/lib_crypto_dal/cryptobox.ml | 94 ++++++++---------------------- src/lib_crypto_dal/srs_verifier.ml | 48 +++++++++++++++ 2 files changed, 73 insertions(+), 69 deletions(-) diff --git a/src/lib_crypto_dal/cryptobox.ml b/src/lib_crypto_dal/cryptobox.ml index ff47356aea34..80cb87beb28b 100644 --- a/src/lib_crypto_dal/cryptobox.ml +++ b/src/lib_crypto_dal/cryptobox.ml @@ -263,12 +263,9 @@ module Inner = struct kate_amortized : Kate_amortized.public_parameters; } - let ensure_validity ~srs_verifier ~mode ~slot_size ~page_size - ~redundancy_factor ~number_of_shards ~srs_g1_length = + let ensure_validity ~test ~mode ~slot_size ~page_size ~redundancy_factor + ~number_of_shards ~srs_g1_length = let open Result_syntax in - let assert_result condition error_message = - if not condition then fail (`Fail (error_message ())) else return_unit - in let* () = Parameters_check.ensure_validity_without_srs ~slot_size @@ -276,48 +273,14 @@ module Inner = struct ~redundancy_factor ~number_of_shards in - let max_polynomial_length, _erasure_encoded_polynomial_length, shard_length - = - Parameters_check.compute_lengths - ~redundancy_factor - ~slot_size - ~page_size - ~number_of_shards - in - let min_g1 = - match mode with - | `Prover -> max_polynomial_length - | `Verifier -> shard_length - in - let* () = - assert_result - (min_g1 <= srs_g1_length) - (* The committed polynomials have degree t.max_polynomial_length - 1 at most, - so t.max_polynomial_length coefficients. *) - (fun () -> - Format.asprintf - "SRS on G1 size is too small. Expected more than %d. Got %d. Hint: \ - you can reduce the size of a slot." - min_g1 - srs_g1_length) - in - let page_length_domain = Parameters_check.domain_length ~size:page_size in - let module Srs_verifier = (val srs_verifier : Srs_verifier.S) in - let offset_monomial_degree = - Srs_verifier.max_srs_size - max_polynomial_length - in - assert_result - Srs_verifier.( - is_in_srs2 shard_length - && is_in_srs2 page_length_domain - && is_in_srs2 offset_monomial_degree) - (fun () -> - Format.asprintf - "SRS on shourd contain points of indices shard_length = %d, \ - page_length_domain = %d & offset_monomial_degree = %d." - shard_length - page_length_domain - offset_monomial_degree) + Srs_verifier.ensure_srs_validity + ~test + ~mode + ~slot_size + ~page_size + ~redundancy_factor + ~number_of_shards + ~srs_g1_length type parameters = Dal_config.parameters = { redundancy_factor : int; @@ -330,18 +293,15 @@ module Inner = struct let pages_per_slot {slot_size; page_size; _} = slot_size / page_size - let select_srs_verifier test = - if test then (module Srs_verifier.Internal_for_tests : Srs_verifier.S) - else (module Srs_verifier) - let get_srs initialisation_parameters = match initialisation_parameters with | Verifier {test} -> - let module Srs = (val select_srs_verifier test) in - (`Verifier, Srs.get_verifier_srs1 (), (module Srs : Srs_verifier.S)) - | Prover {test; srs} -> - let module Srs = (val select_srs_verifier test) in - (`Prover, srs, (module Srs)) + let srs = + if test then Srs_verifier.Internal_for_tests.get_verifier_srs1 () + else Srs_verifier.get_verifier_srs1 () + in + (`Verifier, srs, test) + | Prover {test; srs} -> (`Prover, srs, test) module Cache = Hashtbl.Make (struct type t = parameters * initialisation_parameters @@ -385,12 +345,10 @@ module Inner = struct in let page_length = Parameters_check.page_length ~page_size in let page_length_domain, _, _ = FFT.select_fft_domain page_length in - let* mode, srs_g1, srs_verifier = - Ok (get_srs !initialisation_parameters) - in + let mode, srs_g1, test = get_srs !initialisation_parameters in let* () = ensure_validity - ~srs_verifier + ~test ~mode ~slot_size ~page_size @@ -399,13 +357,11 @@ module Inner = struct ~srs_g1_length:(Srs_g1.size srs_g1) in let srs_g2 = - match !initialisation_parameters with - | Verifier {test} | Prover {test; _} -> - let module Srs = (val select_srs_verifier test) in - Srs.get_verifier_srs2 - ~max_polynomial_length - ~page_length_domain - ~shard_length + (if test then Srs_verifier.Internal_for_tests.get_verifier_srs2 + else Srs_verifier.get_verifier_srs2) + ~max_polynomial_length + ~page_length_domain + ~shard_length in let kate_amortized = Kate_amortized. @@ -1185,10 +1141,10 @@ module Internal_for_tests = struct let ensure_validity {redundancy_factor; slot_size; page_size; number_of_shards} = - let mode, srs_g1, srs_verifier = get_srs !initialisation_parameters in + let mode, srs_g1, test = get_srs !initialisation_parameters in match ensure_validity - ~srs_verifier + ~test ~mode ~slot_size ~page_size diff --git a/src/lib_crypto_dal/srs_verifier.ml b/src/lib_crypto_dal/srs_verifier.ml index f013361d2af9..1407d1487ce2 100644 --- a/src/lib_crypto_dal/srs_verifier.ml +++ b/src/lib_crypto_dal/srs_verifier.ml @@ -87,6 +87,54 @@ module type S = sig val get_srs1 : int -> G1.t end +let ensure_srs_validity ~test ~mode ~slot_size ~page_size ~redundancy_factor + ~number_of_shards ~srs_g1_length = + let open Result_syntax in + let assert_result condition error_message = + if not condition then fail (`Fail (error_message ())) else return_unit + in + let max_polynomial_length, _erasure_encoded_polynomial_length, shard_length = + Parameters_check.compute_lengths + ~redundancy_factor + ~slot_size + ~page_size + ~number_of_shards + in + let min_g1 = + match mode with + | `Prover -> max_polynomial_length + | `Verifier -> shard_length + in + let* () = + assert_result + (min_g1 <= srs_g1_length) + (* The committed polynomials have degree t.max_polynomial_length - 1 at most, + so t.max_polynomial_length coefficients. *) + (fun () -> + Format.asprintf + "SRS on G1 size is too small. Expected more than %d. Got %d. Hint: \ + you can reduce the size of a slot." + min_g1 + srs_g1_length) + in + let page_length_domain = Parameters_check.domain_length ~size:page_size in + let max_srs_size, is_in_srs2 = + if test then Internal_for_tests.(max_srs_size, is_in_srs2) + else (max_srs_size, is_in_srs2) + in + let offset_monomial_degree = max_srs_size - max_polynomial_length in + assert_result + (is_in_srs2 shard_length + && is_in_srs2 page_length_domain + && is_in_srs2 offset_monomial_degree) + (fun () -> + Format.asprintf + "SRS on shourd contain points of indices shard_length = %d, \ + page_length_domain = %d & offset_monomial_degree = %d." + shard_length + page_length_domain + offset_monomial_degree) + module Print = struct (* This code is duplicated in cryptobox.ml *) module Read = struct -- GitLab From 53241471a5bcdf059a91355fe055eb6cc82cc111 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 19:32:38 +0100 Subject: [PATCH 08/18] Crypto_Dal/Cryptobox: move SRS reading in Srs_verifier --- src/lib_crypto_dal/cryptobox.ml | 43 +++---------- src/lib_crypto_dal/srs_verifier.ml | 97 +++++++++--------------------- 2 files changed, 37 insertions(+), 103 deletions(-) diff --git a/src/lib_crypto_dal/cryptobox.ml b/src/lib_crypto_dal/cryptobox.ml index 80cb87beb28b..9f7d231f71d7 100644 --- a/src/lib_crypto_dal/cryptobox.ml +++ b/src/lib_crypto_dal/cryptobox.ml @@ -63,41 +63,14 @@ let load_parameters parameters = (* FIXME https://gitlab.com/tezos/tezos/-/issues/3400 An integrity check is run to ensure the validity of the files. *) -(* This code is duplicated in Srs_verifier *) -let initialisation_parameters_from_files ~srs_g1_path ~srs_size:len = - let open Lwt_result_syntax in - let to_bigstring ~path = - let open Lwt_syntax in - let* fd = Lwt_unix.openfile path [Unix.O_RDONLY] 0o440 in - Lwt.finalize - (fun () -> - return - (match - Lwt_bytes.map_file - ~fd:(Lwt_unix.unix_file_descr fd) - ~shared:false - () - with - | exception Unix.Unix_error (error_code, function_name, _) -> - Error - [ - Failed_to_load_trusted_setup - (Format.sprintf - "%s: Unix.Unix_error: %s" - function_name - (Unix.error_message error_code)); - ] - | exception e -> - Error [Failed_to_load_trusted_setup (Printexc.to_string e)] - | res -> Ok res)) - (fun () -> Lwt_unix.close fd) - in - let* srs_g1_bigstring = to_bigstring ~path:srs_g1_path in - match - let open Result_syntax in - let* srs_g1 = Srs_g1.of_bigstring srs_g1_bigstring ~len in - return srs_g1 - with +(* TODO catch Failed_to_load_trusted_setup *) +let initialisation_parameters_from_files ~srs_g1_path ~srs_size = + let open Lwt_syntax in + let* srs_g1 = Srs_verifier.read_srs_g1 ~len:srs_size ~path:srs_g1_path () in + let open Result_syntax in + Lwt.return + @@ + match srs_g1 with | Error (`End_of_file s) -> tzfail (Failed_to_load_trusted_setup ("EOF: " ^ s)) | Error (`Invalid_point p) -> diff --git a/src/lib_crypto_dal/srs_verifier.ml b/src/lib_crypto_dal/srs_verifier.ml index 1407d1487ce2..50266b1ad95d 100644 --- a/src/lib_crypto_dal/srs_verifier.ml +++ b/src/lib_crypto_dal/srs_verifier.ml @@ -135,76 +135,37 @@ let ensure_srs_validity ~test ~mode ~slot_size ~page_size ~redundancy_factor page_length_domain offset_monomial_degree) -module Print = struct - (* This code is duplicated in cryptobox.ml *) - module Read = struct - type error += Failed_to_load_trusted_setup of string - - let () = - register_error_kind - `Permanent - ~id:"dal.node.SRS_loading_failed" - ~title:"Trusted setup loading failed" - ~description:"Trusted setup failed to load" - ~pp:(fun ppf msg -> - Format.fprintf ppf "Trusted setup failed to load: %s" msg) - Data_encoding.(obj1 (req "msg" string)) - (function - | Failed_to_load_trusted_setup parameter -> Some parameter | _ -> None) - (fun parameter -> Failed_to_load_trusted_setup parameter) - [@@coverage off] - - let read_srs ?len ~srs_path srs_of_bigstring = - let open Lwt_result_syntax in - let to_bigstring ~path = - let open Lwt_syntax in - let* fd = Lwt_unix.openfile path [Unix.O_RDONLY] 0o440 in - Lwt.finalize - (fun () -> - return - (match - Lwt_bytes.map_file - ~fd:(Lwt_unix.unix_file_descr fd) - ~shared:false - () - with - | exception Unix.Unix_error (error_code, function_name, _) -> - Error - [ - Failed_to_load_trusted_setup - (Format.sprintf - "%s: Unix.Unix_error: %s" - function_name - (Unix.error_message error_code)); - ] - | exception e -> - Error [Failed_to_load_trusted_setup (Printexc.to_string e)] - | res -> Ok res)) - (fun () -> Lwt_unix.close fd) - in - let* srs_bigstring = to_bigstring ~path:srs_path in - match srs_of_bigstring ?len srs_bigstring with - | Error (`End_of_file s) -> - tzfail (Failed_to_load_trusted_setup ("EOF: " ^ s)) - | Error (`Invalid_point p) -> - tzfail - (Failed_to_load_trusted_setup (Printf.sprintf "Invalid point %i" p)) - | Ok srs -> return srs - - (* FIXME https://gitlab.com/tezos/tezos/-/issues/3400 +exception Failed_to_load_trusted_setup of string - An integrity check is run to ensure the validity of the files. *) - let initialisation_parameters_from_file ?srs_size_log2 ~zcash_g1_path () = - let len = Option.map (fun i -> 1 lsl i) srs_size_log2 in - read_srs ?len ~srs_path:zcash_g1_path Srs_g1.of_bigstring +let read_srs ?len ~path srs_of_bigstring = + let open Lwt_syntax in + let to_bigstring ~path = + let* fd = Lwt_unix.openfile path [Unix.O_RDONLY] 0o440 in + Lwt.finalize + (fun () -> + match + Lwt_bytes.map_file ~fd:(Lwt_unix.unix_file_descr fd) ~shared:false () + with + | exception Unix.Unix_error (error_code, function_name, _) -> + raise + (Failed_to_load_trusted_setup + (Format.sprintf + "%s: Unix.Unix_error: %s" + function_name + (Unix.error_message error_code))) + | exception e -> + raise (Failed_to_load_trusted_setup (Printexc.to_string e)) + | res -> Lwt.return res) + (fun () -> Lwt_unix.close fd) + in + let* srs_g1_bigstring = to_bigstring ~path in + Lwt.return @@ srs_of_bigstring ?len srs_g1_bigstring - let read_srs_g1 ?len ~zcash_g1_path () = - read_srs ?len ~srs_path:zcash_g1_path Srs_g1.of_bigstring +let read_srs_g1 ?len ~path () = read_srs ?len ~path Srs_g1.of_bigstring - let read_srs_g2 ?len ~zcash_g2_path () = - read_srs ?len ~srs_path:zcash_g2_path Srs_g2.of_bigstring - end +let read_srs_g2 ?len ~path () = read_srs ?len ~path Srs_g2.of_bigstring +module Print = struct (* Bounds (in log₂) 1 <= redundancy<= 4 7 <= page size + (redundancy + 1) <= slot size <= 20 @@ -310,8 +271,8 @@ module Print = struct ~zcash_g2_path params = let open Lwt_result_syntax in let srs_g1_size, lengths = generate_poly_lengths ~max_srs_size params in - let* srs_g1 = Read.read_srs_g1 ~len:srs_g1_size ~zcash_g1_path () in - let* srs_g2 = Read.read_srs_g2 ~zcash_g2_path () in + let* srs_g1 = read_srs_g1 ~len:srs_g1_size ~path:zcash_g1_path () in + let* srs_g2 = read_srs_g2 ~path:zcash_g2_path () in let srs2 = List.map (fun i -> -- GitLab From 8e9c4c5e13e15d6f36b01ff94d38203c602f6ddc Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 19:48:19 +0100 Subject: [PATCH 09/18] Crypto_Dal/Srs_verifier: refactor Print --- src/lib_crypto_dal/srs_verifier.ml | 128 ++++++++++++++--------------- 1 file changed, 61 insertions(+), 67 deletions(-) diff --git a/src/lib_crypto_dal/srs_verifier.ml b/src/lib_crypto_dal/srs_verifier.ml index 50266b1ad95d..d131d6c710a3 100644 --- a/src/lib_crypto_dal/srs_verifier.ml +++ b/src/lib_crypto_dal/srs_verifier.ml @@ -171,90 +171,77 @@ module Print = struct 7 <= page size + (redundancy + 1) <= slot size <= 20 5 <= page size <= slot size - (redundancy + 1) <= 18 - 5 = 13 2 <= redundancy + 1 <= nb shards <= slot size - page size <= 15 - we call range the number of logs to go through - we call offset the index to start (included) *) type range = { - redundancy_range : int; - redundancy_offset : int; - slot_range : int; - slot_offset : int; - page_range : int; - page_offset : int; - shard_range : int; - shard_offset : int; + redundancy : int list; + slot : int list; + page : int list; + shards : int list; } - let small_params_for_tests = - { - redundancy_range = 4; - redundancy_offset = 1; - slot_range = 7; - slot_offset = 8; - page_range = 4; - page_offset = 5; - shard_range = 15; - shard_offset = 1; - } - let mainnet_params = { - redundancy_range = 4; - redundancy_offset = 1; - slot_range = 6; - slot_offset = 15; - page_range = 1; - page_offset = 12; - shard_range = 2; - shard_offset = 11; + redundancy = [1; 2; 3; 4]; + slot = [15; 16; 17; 18; 19; 20]; + page = [12]; + shards = [11; 12]; } + let additionnal_params = + {redundancy = [1; 2; 3; 4]; slot = [15]; page = [12]; shards = [6]} + + let concat_map4 {slot; redundancy; page; shards} func = + (* Ensure validity before computing actual value *) + let f ~slot ~redundancy ~page ~shards = + Parameters_check.ensure_validity_without_srs + ~slot_size:(1 lsl slot) + ~page_size:(1 lsl page) + ~redundancy_factor:(1 lsl redundancy) + ~number_of_shards:(1 lsl shards) + |> function + | Ok () -> func ~slot ~redundancy ~page ~shards + | _ -> 0 + in + List.concat_map + (fun slot -> + List.concat_map + (fun redundancy -> + List.concat_map + (fun page -> + List.map + (fun shards -> f ~slot ~redundancy ~page ~shards) + shards) + page) + redundancy) + slot + let generate_poly_lengths ~max_srs_size p = let page_srs = let values = - List.init p.page_range (fun i -> - Parameters_check.domain_length ~size:(1 lsl (i + p.page_offset))) + List.map + (fun page -> Parameters_check.domain_length ~size:(1 lsl page)) + p.page in values in let commitment_srs = - List.init p.slot_range (fun slot_size -> - let slot_size = slot_size + p.slot_offset in - List.init p.redundancy_range (fun redundancy -> - let redundancy = redundancy + p.redundancy_offset in - List.init p.page_range (fun page_size -> - let page_size = page_size + p.page_offset in - let res = - max_srs_size - - Parameters_check.slot_as_polynomial_length - ~page_size:(1 lsl page_size) - ~slot_size:(1 lsl slot_size) - in - Printf.printf - "\nslot : %d page : %d R : %d res : %d" - slot_size - page_size - redundancy - res ; - res))) - |> List.concat |> List.concat + concat_map4 p (fun ~slot ~redundancy:_ ~page ~shards:_ -> + max_srs_size + - Parameters_check.slot_as_polynomial_length + ~page_size:(1 lsl page) + ~slot_size:(1 lsl slot)) in let shard_srs = - List.init p.slot_range (fun slot_size -> - let slot_size = slot_size + p.slot_offset in - List.init p.redundancy_range (fun redundancy -> - let redundancy = redundancy + p.redundancy_offset in - List.init p.page_range (fun page_size -> - let page_size = page_size + p.page_offset in - let shard_offset = p.shard_offset in - List.init p.shard_range (fun nb_shards -> - let nb_shards = nb_shards + shard_offset in - redundancy - * Parameters_check.slot_as_polynomial_length - ~page_size:(1 lsl page_size) - ~slot_size:(1 lsl slot_size) - / (1 lsl nb_shards))))) - |> List.concat |> List.concat |> List.concat + concat_map4 p (fun ~slot ~redundancy ~page ~shards -> + let max_polynomial_length = + Parameters_check.slot_as_polynomial_length + ~page_size:(1 lsl page) + ~slot_size:(1 lsl slot) + in + let erasure_encoded_polynomial_length = + (1 lsl redundancy) * max_polynomial_length + in + erasure_encoded_polynomial_length / (1 lsl shards)) in let page_shards = List.sort_uniq (fun x y -> Int.compare y x) (page_srs @ shard_srs) @@ -262,6 +249,13 @@ module Print = struct let max_srs1_needed = List.hd page_shards in (max_srs1_needed, List.sort_uniq Int.compare (page_shards @ commitment_srs)) + let generate_all_poly_lengths ~max_srs_size = + List.fold_left + (fun (acc_size, acc_lengths) p -> + let size, lengths = generate_poly_lengths ~max_srs_size p in + (max acc_size size, List.sort_uniq Int.compare (acc_lengths @ lengths))) + (0, []) + (* run with let _ = Lwt_main.run @@ Srs_verifier.Print.(print_verifier_srs_from_file ~zcash_g1_path -- GitLab From bfcac43dff7f8f4231c33e529c0d29cedf7a0fcb Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 19:42:12 +0100 Subject: [PATCH 10/18] Crypto_Dal: rename srs_verifier.ml in srs.ml --- src/lib_crypto_dal/cryptobox.ml | 24 +++++++++++-------- .../{srs_verifier.ml => srs.ml} | 9 +++++-- 2 files changed, 21 insertions(+), 12 deletions(-) rename src/lib_crypto_dal/{srs_verifier.ml => srs.ml} (98%) diff --git a/src/lib_crypto_dal/cryptobox.ml b/src/lib_crypto_dal/cryptobox.ml index 9f7d231f71d7..60221976e1f0 100644 --- a/src/lib_crypto_dal/cryptobox.ml +++ b/src/lib_crypto_dal/cryptobox.ml @@ -25,7 +25,11 @@ open Error_monad include Cryptobox_intf -open Kzg.Bls +module Srs_g1 = Kzg.Bls.Srs_g1 +module Scalar = Kzg.Bls.Scalar +module Poly = Kzg.Bls.Poly +module Domain = Kzg.Bls.Domain +module Evals = Kzg.Bls.Evals module FFT = Kzg.Utils.FFT module Degree_check = Kzg.Degree_check module Kate_amortized = Kzg.Kate_amortized @@ -66,7 +70,7 @@ let load_parameters parameters = (* TODO catch Failed_to_load_trusted_setup *) let initialisation_parameters_from_files ~srs_g1_path ~srs_size = let open Lwt_syntax in - let* srs_g1 = Srs_verifier.read_srs_g1 ~len:srs_size ~path:srs_g1_path () in + let* srs_g1 = Srs.read_srs_g1 ~len:srs_size ~path:srs_g1_path () in let open Result_syntax in Lwt.return @@ @@ -231,7 +235,7 @@ module Inner = struct polynomial. *) remaining_bytes : int; (* These srs_g2_* parameters are used by the verifier to check the proofs *) - srs_g2 : Srs_verifier.srs_verifier; + srs_g2 : Srs.srs_verifier; mode : [`Verifier | `Prover]; kate_amortized : Kate_amortized.public_parameters; } @@ -246,7 +250,7 @@ module Inner = struct ~redundancy_factor ~number_of_shards in - Srs_verifier.ensure_srs_validity + Srs.ensure_srs_validity ~test ~mode ~slot_size @@ -270,8 +274,8 @@ module Inner = struct match initialisation_parameters with | Verifier {test} -> let srs = - if test then Srs_verifier.Internal_for_tests.get_verifier_srs1 () - else Srs_verifier.get_verifier_srs1 () + if test then Srs.Internal_for_tests.get_verifier_srs1 () + else Srs.get_verifier_srs1 () in (`Verifier, srs, test) | Prover {test; srs} -> (`Prover, srs, test) @@ -330,8 +334,8 @@ module Inner = struct ~srs_g1_length:(Srs_g1.size srs_g1) in let srs_g2 = - (if test then Srs_verifier.Internal_for_tests.get_verifier_srs2 - else Srs_verifier.get_verifier_srs2) + (if test then Srs.Internal_for_tests.get_verifier_srs2 + else Srs.get_verifier_srs2) ~max_polynomial_length ~page_length_domain ~shard_length @@ -863,7 +867,7 @@ module Inner = struct (* Verifies that the degree of the committed polynomial is < t.max_polynomial_length *) let verify_commitment (t : t) cm proof = - let srs_0 = G2.one in + let srs_0 = Kzg.Bls.G2.one in let srs_n_d = t.srs_g2.commitment in Degree_check.verify {srs_0; srs_n_d} cm proof @@ -1036,7 +1040,7 @@ module Verifier = Inner module Internal_for_tests = struct let prover_parameters () = - Prover {test = true; srs = Srs_verifier.Internal_for_tests.fake_srs ()} + Prover {test = true; srs = Srs.Internal_for_tests.fake_srs ()} (* Since computing fake_srs is costly, we avoid to recompute it. *) let init_prover_dal () = diff --git a/src/lib_crypto_dal/srs_verifier.ml b/src/lib_crypto_dal/srs.ml similarity index 98% rename from src/lib_crypto_dal/srs_verifier.ml rename to src/lib_crypto_dal/srs.ml index d131d6c710a3..24d1c9c932ce 100644 --- a/src/lib_crypto_dal/srs_verifier.ml +++ b/src/lib_crypto_dal/srs.ml @@ -284,11 +284,16 @@ module Print = struct (Srs_g1.get srs_g1 i |> G1.to_compressed_bytes |> Hex.of_bytes |> Hex.show)) in - Printf.printf + let oc = open_out "/home/anne-laure/Documents/tezos/out_bis" in + Printf.fprintf + oc "\n\nlet srs_g1 = [|\n %s\n|] |> read_srs_g1" (String.concat " ;\n " @@ srs1) ; - Printf.printf + Printf.fprintf + oc "\n\nlet srs_g2 = [\n %s\n] |> read_srs_g2" (String.concat " ;\n " @@ srs2) ; + close_out oc ; + assert (1 = 2) ; return_unit end -- GitLab From cd3feaed03d4ddddd47257e4225b2117d157b893 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 20:12:45 +0100 Subject: [PATCH 11/18] Crypto_Dal/Srs: add srs.mli --- src/lib_crypto_dal/srs.ml | 41 +++++----------------- src/lib_crypto_dal/srs.mli | 69 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+), 33 deletions(-) create mode 100644 src/lib_crypto_dal/srs.mli diff --git a/src/lib_crypto_dal/srs.ml b/src/lib_crypto_dal/srs.ml index 24d1c9c932ce..613f341712f8 100644 --- a/src/lib_crypto_dal/srs.ml +++ b/src/lib_crypto_dal/srs.ml @@ -48,8 +48,6 @@ module Internal_for_tests = struct let fake_srs ?(size = max_srs_size) () = Srs_g1.generate_insecure size fake_srs_seed - let get_srs1 i = G1.mul G1.one (Scalar.pow fake_srs_seed (Z.of_int i)) - let get_srs2 i = G2.mul G2.one (Scalar.pow fake_srs_seed (Z.of_int i)) let get_verifier_srs2 = get_verifier_srs2 max_srs_size get_srs2 @@ -61,8 +59,6 @@ end let max_srs_size = max_srs_g1_size -let get_srs1 = Srs_g1.get srs_g1 - let get_srs2 i = List.assoc i srs_g2 let get_verifier_srs1 () = srs_g1 @@ -71,22 +67,6 @@ let get_verifier_srs2 = get_verifier_srs2 max_srs_size get_srs2 let is_in_srs2 i = List.mem_assoc i srs_g2 -module type S = sig - val max_srs_size : int - - val is_in_srs2 : int -> bool - - val get_verifier_srs1 : unit -> Srs_g1.t - - val get_verifier_srs2 : - max_polynomial_length:int -> - page_length_domain:int -> - shard_length:int -> - srs_verifier - - val get_srs1 : int -> G1.t -end - let ensure_srs_validity ~test ~mode ~slot_size ~page_size ~redundancy_factor ~number_of_shards ~srs_g1_length = let open Result_syntax in @@ -179,7 +159,7 @@ module Print = struct shards : int list; } - let mainnet_params = + let _mainnet_params = { redundancy = [1; 2; 3; 4]; slot = [15; 16; 17; 18; 19; 20]; @@ -187,7 +167,7 @@ module Print = struct shards = [11; 12]; } - let additionnal_params = + let _additionnal_params = {redundancy = [1; 2; 3; 4]; slot = [15]; page = [12]; shards = [6]} let concat_map4 {slot; redundancy; page; shards} func = @@ -249,7 +229,7 @@ module Print = struct let max_srs1_needed = List.hd page_shards in (max_srs1_needed, List.sort_uniq Int.compare (page_shards @ commitment_srs)) - let generate_all_poly_lengths ~max_srs_size = + let _generate_all_poly_lengths ~max_srs_size = List.fold_left (fun (acc_size, acc_lengths) p -> let size, lengths = generate_poly_lengths ~max_srs_size p in @@ -258,11 +238,11 @@ module Print = struct (* run with let _ = Lwt_main.run - @@ Srs_verifier.Print.(print_verifier_srs_from_file ~zcash_g1_path + @@ Srs.Print.(print_verifier_srs_from_file ~zcash_g1_path ~zcash_g2_path mainnet_params) in *) - let print_verifier_srs_from_file ?(max_srs_size = max_srs_size) ~zcash_g1_path - ~zcash_g2_path params = + let _print_verifier_srs_from_file ?(max_srs_size = max_srs_size) + ~zcash_g1_path ~zcash_g2_path params = let open Lwt_result_syntax in let srs_g1_size, lengths = generate_poly_lengths ~max_srs_size params in let* srs_g1 = read_srs_g1 ~len:srs_g1_size ~path:zcash_g1_path () in @@ -284,16 +264,11 @@ module Print = struct (Srs_g1.get srs_g1 i |> G1.to_compressed_bytes |> Hex.of_bytes |> Hex.show)) in - let oc = open_out "/home/anne-laure/Documents/tezos/out_bis" in - Printf.fprintf - oc + Printf.printf "\n\nlet srs_g1 = [|\n %s\n|] |> read_srs_g1" (String.concat " ;\n " @@ srs1) ; - Printf.fprintf - oc + Printf.printf "\n\nlet srs_g2 = [\n %s\n] |> read_srs_g2" (String.concat " ;\n " @@ srs2) ; - close_out oc ; - assert (1 = 2) ; return_unit end diff --git a/src/lib_crypto_dal/srs.mli b/src/lib_crypto_dal/srs.mli new file mode 100644 index 000000000000..a3f643f692dc --- /dev/null +++ b/src/lib_crypto_dal/srs.mli @@ -0,0 +1,69 @@ +(*****************************************************************************) +(* *) +(* Open Source License *) +(* Copyright (c) 2024 Nomadic Labs *) +(* *) +(* Permission is hereby granted, free of charge, to any person obtaining a *) +(* copy of this software and associated documentation files (the "Software"),*) +(* to deal in the Software without restriction, including without limitation *) +(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *) +(* and/or sell copies of the Software, and to permit persons to whom the *) +(* Software is furnished to do so, subject to the following conditions: *) +(* *) +(* The above copyright notice and this permission notice shall be included *) +(* in all copies or substantial portions of the Software. *) +(* *) +(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*) +(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *) +(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *) +(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*) +(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *) +(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *) +(* DEALINGS IN THE SOFTWARE. *) +(* *) +(*****************************************************************************) + +type srs_verifier = { + shards : Kzg.Bls.G2.t; + pages : Kzg.Bls.G2.t; + commitment : Kzg.Bls.G2.t; +} + +val get_verifier_srs1 : unit -> Kzg.Bls.Srs_g1.t + +val get_verifier_srs2 : + max_polynomial_length:int -> + page_length_domain:int -> + shard_length:int -> + srs_verifier + +val ensure_srs_validity : + test:bool -> + mode:[< `Prover | `Verifier] -> + slot_size:int -> + page_size:int -> + redundancy_factor:int -> + number_of_shards:int -> + srs_g1_length:int -> + (unit, [> `Fail of string]) result + +exception Failed_to_load_trusted_setup of string + +val read_srs_g1 : + ?len:int -> + path:string -> + unit -> + (Kzg.Bls.Srs_g1.t, [> `End_of_file of string | `Invalid_point of int]) result + Lwt.t + +module Internal_for_tests : sig + val fake_srs : ?size:int -> unit -> Kzg.Bls.Srs_g1.t + + val get_verifier_srs1 : unit -> Kzg.Bls.Srs_g1.t + + val get_verifier_srs2 : + max_polynomial_length:int -> + page_length_domain:int -> + shard_length:int -> + srs_verifier +end -- GitLab From 61fd50f13f440fc9797fe24a4d9c4e718a3c78a5 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Wed, 7 Feb 2024 20:25:37 +0100 Subject: [PATCH 12/18] Crypto_Dal/Parameters_check: add paramters_check.mli --- src/lib_crypto_dal/parameters_check.mli | 46 +++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 src/lib_crypto_dal/parameters_check.mli diff --git a/src/lib_crypto_dal/parameters_check.mli b/src/lib_crypto_dal/parameters_check.mli new file mode 100644 index 000000000000..d95d8e9a9133 --- /dev/null +++ b/src/lib_crypto_dal/parameters_check.mli @@ -0,0 +1,46 @@ +(*****************************************************************************) +(* *) +(* Open Source License *) +(* Copyright (c) 2024 Nomadic Labs *) +(* *) +(* Permission is hereby granted, free of charge, to any person obtaining a *) +(* copy of this software and associated documentation files (the "Software"),*) +(* to deal in the Software without restriction, including without limitation *) +(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *) +(* and/or sell copies of the Software, and to permit persons to whom the *) +(* Software is furnished to do so, subject to the following conditions: *) +(* *) +(* The above copyright notice and this permission notice shall be included *) +(* in all copies or substantial portions of the Software. *) +(* *) +(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*) +(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *) +(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *) +(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*) +(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *) +(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *) +(* DEALINGS IN THE SOFTWARE. *) +(* *) +(*****************************************************************************) + +val scalar_bytes_amount : int + +val page_length : page_size:int -> int + +val domain_length : size:int -> int + +val slot_as_polynomial_length : slot_size:int -> page_size:int -> int + +val compute_lengths : + redundancy_factor:int -> + slot_size:int -> + page_size:int -> + number_of_shards:int -> + int * int * int + +val ensure_validity_without_srs : + slot_size:int -> + page_size:int -> + redundancy_factor:int -> + number_of_shards:int -> + (unit, [> `Fail of string]) result -- GitLab From 3b50a400598cf4180d227594b8f2d50a74820e1f Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Thu, 8 Feb 2024 14:32:15 +0100 Subject: [PATCH 13/18] Crypto_Dal/Srs: fix typo --- src/lib_crypto_dal/srs.ml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib_crypto_dal/srs.ml b/src/lib_crypto_dal/srs.ml index 613f341712f8..28f36aa318a2 100644 --- a/src/lib_crypto_dal/srs.ml +++ b/src/lib_crypto_dal/srs.ml @@ -109,7 +109,7 @@ let ensure_srs_validity ~test ~mode ~slot_size ~page_size ~redundancy_factor && is_in_srs2 offset_monomial_degree) (fun () -> Format.asprintf - "SRS on shourd contain points of indices shard_length = %d, \ + "SRS on should contain points of indices shard_length = %d, \ page_length_domain = %d & offset_monomial_degree = %d." shard_length page_length_domain -- GitLab From c44b7332074d74aa2929242472fa32650e925236 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Thu, 8 Feb 2024 15:31:29 +0100 Subject: [PATCH 14/18] Crypto_Dal/Srs: remove srs_g1_length argument from ensure_srs_validity --- src/lib_crypto_dal/cryptobox.ml | 32 ++++++++++++++++---------------- src/lib_crypto_dal/srs.ml | 10 ++++++---- src/lib_crypto_dal/srs.mli | 1 - 3 files changed, 22 insertions(+), 21 deletions(-) diff --git a/src/lib_crypto_dal/cryptobox.ml b/src/lib_crypto_dal/cryptobox.ml index 60221976e1f0..217641567ebd 100644 --- a/src/lib_crypto_dal/cryptobox.ml +++ b/src/lib_crypto_dal/cryptobox.ml @@ -241,7 +241,7 @@ module Inner = struct } let ensure_validity ~test ~mode ~slot_size ~page_size ~redundancy_factor - ~number_of_shards ~srs_g1_length = + ~number_of_shards = let open Result_syntax in let* () = Parameters_check.ensure_validity_without_srs @@ -257,7 +257,6 @@ module Inner = struct ~page_size ~redundancy_factor ~number_of_shards - ~srs_g1_length type parameters = Dal_config.parameters = { redundancy_factor : int; @@ -270,16 +269,6 @@ module Inner = struct let pages_per_slot {slot_size; page_size; _} = slot_size / page_size - let get_srs initialisation_parameters = - match initialisation_parameters with - | Verifier {test} -> - let srs = - if test then Srs.Internal_for_tests.get_verifier_srs1 () - else Srs.get_verifier_srs1 () - in - (`Verifier, srs, test) - | Prover {test; srs} -> (`Prover, srs, test) - module Cache = Hashtbl.Make (struct type t = parameters * initialisation_parameters @@ -322,7 +311,16 @@ module Inner = struct in let page_length = Parameters_check.page_length ~page_size in let page_length_domain, _, _ = FFT.select_fft_domain page_length in - let mode, srs_g1, test = get_srs !initialisation_parameters in + let mode, srs_g1, test = + match !initialisation_parameters with + | Verifier {test} -> + let srs = + if test then Srs.Internal_for_tests.get_verifier_srs1 () + else Srs.get_verifier_srs1 () + in + (`Verifier, srs, test) + | Prover {test; srs} -> (`Prover, srs, test) + in let* () = ensure_validity ~test @@ -331,7 +329,6 @@ module Inner = struct ~page_size ~redundancy_factor ~number_of_shards - ~srs_g1_length:(Srs_g1.size srs_g1) in let srs_g2 = (if test then Srs.Internal_for_tests.get_verifier_srs2 @@ -1118,7 +1115,11 @@ module Internal_for_tests = struct let ensure_validity {redundancy_factor; slot_size; page_size; number_of_shards} = - let mode, srs_g1, test = get_srs !initialisation_parameters in + let mode, test = + match !initialisation_parameters with + | Verifier {test} -> (`Verifier, test) + | Prover {test; _} -> (`Prover, test) + in match ensure_validity ~test @@ -1127,7 +1128,6 @@ module Internal_for_tests = struct ~page_size ~redundancy_factor ~number_of_shards - ~srs_g1_length:(Srs_g1.size srs_g1) with | Ok _ -> true | _ -> false diff --git a/src/lib_crypto_dal/srs.ml b/src/lib_crypto_dal/srs.ml index 28f36aa318a2..3fa3b5a43c8e 100644 --- a/src/lib_crypto_dal/srs.ml +++ b/src/lib_crypto_dal/srs.ml @@ -68,7 +68,7 @@ let get_verifier_srs2 = get_verifier_srs2 max_srs_size get_srs2 let is_in_srs2 i = List.mem_assoc i srs_g2 let ensure_srs_validity ~test ~mode ~slot_size ~page_size ~redundancy_factor - ~number_of_shards ~srs_g1_length = + ~number_of_shards = let open Result_syntax in let assert_result condition error_message = if not condition then fail (`Fail (error_message ())) else return_unit @@ -80,10 +80,12 @@ let ensure_srs_validity ~test ~mode ~slot_size ~page_size ~redundancy_factor ~page_size ~number_of_shards in - let min_g1 = + let min_g1, srs_g1_length = match mode with - | `Prover -> max_polynomial_length - | `Verifier -> shard_length + | `Prover when test -> + (max_polynomial_length, Internal_for_tests.max_srs_size) + | `Prover -> (max_polynomial_length, max_srs_size) + | `Verifier -> (shard_length, max_verifier_srs_size) in let* () = assert_result diff --git a/src/lib_crypto_dal/srs.mli b/src/lib_crypto_dal/srs.mli index a3f643f692dc..3e10d240edeb 100644 --- a/src/lib_crypto_dal/srs.mli +++ b/src/lib_crypto_dal/srs.mli @@ -44,7 +44,6 @@ val ensure_srs_validity : page_size:int -> redundancy_factor:int -> number_of_shards:int -> - srs_g1_length:int -> (unit, [> `Fail of string]) result exception Failed_to_load_trusted_setup of string -- GitLab From b0e75ab208200db8828e0131e8ab25a6fe4049d0 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Thu, 8 Feb 2024 15:46:26 +0100 Subject: [PATCH 15/18] Crypto_Dal/Srs: put comments in .mli --- src/lib_crypto_dal/srs.mli | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/lib_crypto_dal/srs.mli b/src/lib_crypto_dal/srs.mli index 3e10d240edeb..fbd9a498eff7 100644 --- a/src/lib_crypto_dal/srs.mli +++ b/src/lib_crypto_dal/srs.mli @@ -23,20 +23,26 @@ (* *) (*****************************************************************************) +(** SRS points needed by the verifier of the DAL *) type srs_verifier = { shards : Kzg.Bls.G2.t; pages : Kzg.Bls.G2.t; commitment : Kzg.Bls.G2.t; } +(** Returns ZCash SRS₁ resized for the verifier, according to mainnet parameters *) val get_verifier_srs1 : unit -> Kzg.Bls.Srs_g1.t +(** Return the ZCash SRS₂ points needed by the verifier, according to mainnet + parameters *) val get_verifier_srs2 : max_polynomial_length:int -> page_length_domain:int -> shard_length:int -> srs_verifier +(** Fails if and only if the SRS does not suits the parameters, ie SRS₁ would + be too short to commit or SRS₂ does not contain the needed points *) val ensure_srs_validity : test:bool -> mode:[< `Prover | `Verifier] -> @@ -48,6 +54,8 @@ val ensure_srs_validity : exception Failed_to_load_trusted_setup of string +(** Returns SRS₁ of size [len] (by default, 2²¹) read from the file given by + [path]. May raise [Failed_to_load_trusted_setup] exception *) val read_srs_g1 : ?len:int -> path:string -> @@ -55,11 +63,17 @@ val read_srs_g1 : (Kzg.Bls.Srs_g1.t, [> `End_of_file of string | `Invalid_point of int]) result Lwt.t +(** This module is used to handle a fake SRS in the DAL. This is more flexible + and easier to handle in the CI than loading ZCash SRS *) module Internal_for_tests : sig + (** Generates an unsafe SRS₁ from a known seed *) val fake_srs : ?size:int -> unit -> Kzg.Bls.Srs_g1.t + (** Same as [fake_srs] but the returned SRS₁ is of size 2⁸, which is enough + to suit the verifier needs in our tests *) val get_verifier_srs1 : unit -> Kzg.Bls.Srs_g1.t + (** Returns the fake SRS₂ points needed by the verifier *) val get_verifier_srs2 : max_polynomial_length:int -> page_length_domain:int -> -- GitLab From 7687f779cd2d40645e0291203c27e629534f0235 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Thu, 8 Feb 2024 15:46:51 +0100 Subject: [PATCH 16/18] Crypto_Dal/Parameters_check: put comments in .mli --- src/lib_crypto_dal/parameters_check.ml | 10 ---------- src/lib_crypto_dal/parameters_check.mli | 13 +++++++++++++ 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/lib_crypto_dal/parameters_check.ml b/src/lib_crypto_dal/parameters_check.ml index c8e3d96aed78..3eb4ba56fdc9 100644 --- a/src/lib_crypto_dal/parameters_check.ml +++ b/src/lib_crypto_dal/parameters_check.ml @@ -26,25 +26,15 @@ open Error_monad open Kzg.Bls -(* Number of bytes fitting in a Scalar.t. Since scalars are integer modulo - r~2^255, we restrict ourselves to 248-bit integers (31 bytes). *) let scalar_bytes_amount = Scalar.size_in_bytes - 1 -(* The page size is a power of two and thus not a multiple of [scalar_bytes_amount], - hence the + 1 to account for the remainder of the division. *) let page_length ~page_size = Int.div page_size scalar_bytes_amount + 1 -(* for a given [size] (in bytes), return the length of the corresponding - domain *) let domain_length ~size = let length = page_length ~page_size:size in let length_domain, _, _ = Kzg.Utils.FFT.select_fft_domain length in length_domain -(* [slot_as_polynomial_length ~slot_size ~page_size] returns the length of the - polynomial of maximal degree representing a slot of size [slot_size] with - [slot_size / page_size] pages (page_size must divides slot_size). The - returned length thus depends on the number of pages. *) let slot_as_polynomial_length ~slot_size ~page_size = let page_length_domain = domain_length ~size:page_size in slot_size / page_size * page_length_domain diff --git a/src/lib_crypto_dal/parameters_check.mli b/src/lib_crypto_dal/parameters_check.mli index d95d8e9a9133..56ccacfd7b47 100644 --- a/src/lib_crypto_dal/parameters_check.mli +++ b/src/lib_crypto_dal/parameters_check.mli @@ -23,14 +23,26 @@ (* *) (*****************************************************************************) +(** Number of bytes fitting in a Scalar.t. Since scalars are integer modulo + r~2^255, we restrict ourselves to 248-bit integers (31 bytes). *) val scalar_bytes_amount : int +(** The page size is a power of two and thus not a multiple of [scalar_bytes_amount], + hence the + 1 to account for the remainder of the division. *) val page_length : page_size:int -> int +(** for a given [size] (in bytes), return the length of the corresponding + domain *) val domain_length : size:int -> int +(** [slot_as_polynomial_length ~slot_size ~page_size] returns the length of the + polynomial of maximal degree representing a slot of size [slot_size] with + [slot_size / page_size] pages (page_size must divides slot_size). The + returned length thus depends on the number of pages. *) val slot_as_polynomial_length : slot_size:int -> page_size:int -> int +(** Returns [max_polynomial_length], [erasure_encoded_polynomial_length] & + [shard_length] for the given parameters *) val compute_lengths : redundancy_factor:int -> slot_size:int -> @@ -38,6 +50,7 @@ val compute_lengths : number_of_shards:int -> int * int * int +(** Fails if and only if the given parameters are not suitable for the DAL. *) val ensure_validity_without_srs : slot_size:int -> page_size:int -> -- GitLab From 2e7be35d53aeb3818772a540388b4789d24f809e Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Thu, 8 Feb 2024 16:30:21 +0100 Subject: [PATCH 17/18] Crypto_Dal/Srs: optimize fake_srs handling Co-authored-by: Co-authored-by: Anne-Laure --- src/lib_crypto_dal/cryptobox.ml | 7 ++----- src/lib_crypto_dal/srs.ml | 6 ++++-- src/lib_crypto_dal/srs.mli | 4 ++-- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/src/lib_crypto_dal/cryptobox.ml b/src/lib_crypto_dal/cryptobox.ml index 217641567ebd..ef36bf735cf5 100644 --- a/src/lib_crypto_dal/cryptobox.ml +++ b/src/lib_crypto_dal/cryptobox.ml @@ -1037,13 +1037,10 @@ module Verifier = Inner module Internal_for_tests = struct let prover_parameters () = - Prover {test = true; srs = Srs.Internal_for_tests.fake_srs ()} + Prover {test = true; srs = Lazy.force Srs.Internal_for_tests.fake_srs} (* Since computing fake_srs is costly, we avoid to recompute it. *) - let init_prover_dal () = - match !initialisation_parameters with - | Prover {test; _} when test -> () - | _ -> initialisation_parameters := prover_parameters () + let init_prover_dal () = initialisation_parameters := prover_parameters () let init_verifier_dal () = initialisation_parameters := Verifier {test = true} diff --git a/src/lib_crypto_dal/srs.ml b/src/lib_crypto_dal/srs.ml index 3fa3b5a43c8e..362157edc534 100644 --- a/src/lib_crypto_dal/srs.ml +++ b/src/lib_crypto_dal/srs.ml @@ -45,16 +45,18 @@ module Internal_for_tests = struct Scalar.of_string "20812168509434597367146703229805575690060615791308155437936410982393987532344" - let fake_srs ?(size = max_srs_size) () = + let compute_fake_srs ?(size = max_srs_size) () = Srs_g1.generate_insecure size fake_srs_seed let get_srs2 i = G2.mul G2.one (Scalar.pow fake_srs_seed (Z.of_int i)) let get_verifier_srs2 = get_verifier_srs2 max_srs_size get_srs2 - let get_verifier_srs1 = fake_srs ~size:max_verifier_srs_size + let get_verifier_srs1 = compute_fake_srs ~size:max_verifier_srs_size let is_in_srs2 _ = true + + let fake_srs = Lazy.from_fun compute_fake_srs end let max_srs_size = max_srs_g1_size diff --git a/src/lib_crypto_dal/srs.mli b/src/lib_crypto_dal/srs.mli index fbd9a498eff7..956917360592 100644 --- a/src/lib_crypto_dal/srs.mli +++ b/src/lib_crypto_dal/srs.mli @@ -66,8 +66,8 @@ val read_srs_g1 : (** This module is used to handle a fake SRS in the DAL. This is more flexible and easier to handle in the CI than loading ZCash SRS *) module Internal_for_tests : sig - (** Generates an unsafe SRS₁ from a known seed *) - val fake_srs : ?size:int -> unit -> Kzg.Bls.Srs_g1.t + (** Generates an unsafe SRS₁ of size 2¹⁶ from a known seed *) + val fake_srs : Kzg.Bls.Srs_g1.t Lazy.t (** Same as [fake_srs] but the returned SRS₁ is of size 2⁸, which is enough to suit the verifier needs in our tests *) -- GitLab From c9a0a761105f387c9ea76d6b870789c42a1397c2 Mon Sep 17 00:00:00 2001 From: Anne-Laure Date: Thu, 8 Feb 2024 16:53:24 +0100 Subject: [PATCH 18/18] Crypto_Dal/Srs: reorganize the file to make print_verifier_srs_from_file available in .mli --- src/lib_crypto_dal/srs.ml | 328 ++++++++++++++++++------------------- src/lib_crypto_dal/srs.mli | 13 ++ 2 files changed, 175 insertions(+), 166 deletions(-) diff --git a/src/lib_crypto_dal/srs.ml b/src/lib_crypto_dal/srs.ml index 362157edc534..8731f8083fd9 100644 --- a/src/lib_crypto_dal/srs.ml +++ b/src/lib_crypto_dal/srs.ml @@ -27,17 +27,57 @@ open Error_monad open Kzg.Bls open Zcash_srs +exception Failed_to_load_trusted_setup of string + +let read_srs ?len ~path srs_of_bigstring = + let open Lwt_syntax in + let to_bigstring ~path = + let* fd = Lwt_unix.openfile path [Unix.O_RDONLY] 0o440 in + Lwt.finalize + (fun () -> + match + Lwt_bytes.map_file ~fd:(Lwt_unix.unix_file_descr fd) ~shared:false () + with + | exception Unix.Unix_error (error_code, function_name, _) -> + raise + (Failed_to_load_trusted_setup + (Format.sprintf + "%s: Unix.Unix_error: %s" + function_name + (Unix.error_message error_code))) + | exception e -> + raise (Failed_to_load_trusted_setup (Printexc.to_string e)) + | res -> Lwt.return res) + (fun () -> Lwt_unix.close fd) + in + let* srs_g1_bigstring = to_bigstring ~path in + Lwt.return @@ srs_of_bigstring ?len srs_g1_bigstring + +let read_srs_g1 ?len ~path () = read_srs ?len ~path Srs_g1.of_bigstring + +let read_srs_g2 ?len ~path () = read_srs ?len ~path Srs_g2.of_bigstring + type srs_verifier = {shards : G2.t; pages : G2.t; commitment : G2.t} let max_verifier_srs_size = Srs_g1.size srs_g1 -let get_verifier_srs2 max_srs_size get_srs2 ~max_polynomial_length +let get_verifier_srs2_aux max_srs_size get_srs2 ~max_polynomial_length ~page_length_domain ~shard_length = let shards = get_srs2 shard_length in let pages = get_srs2 page_length_domain in let commitment = get_srs2 (max_srs_size - max_polynomial_length) in {shards; pages; commitment} +let max_srs_size = max_srs_g1_size + +let get_srs2 i = List.assoc i srs_g2 + +let get_verifier_srs1 () = srs_g1 + +let get_verifier_srs2 = get_verifier_srs2_aux max_srs_size get_srs2 + +let is_in_srs2 i = List.mem_assoc i srs_g2 + module Internal_for_tests = struct let max_srs_size = 1 lsl 16 @@ -50,24 +90,138 @@ module Internal_for_tests = struct let get_srs2 i = G2.mul G2.one (Scalar.pow fake_srs_seed (Z.of_int i)) - let get_verifier_srs2 = get_verifier_srs2 max_srs_size get_srs2 + let get_verifier_srs2 = get_verifier_srs2_aux max_srs_size get_srs2 let get_verifier_srs1 = compute_fake_srs ~size:max_verifier_srs_size let is_in_srs2 _ = true let fake_srs = Lazy.from_fun compute_fake_srs -end -let max_srs_size = max_srs_g1_size + module Print = struct + (* Bounds (in log₂) + 1 <= redundancy<= 4 + 7 <= page size + (redundancy + 1) <= slot size <= 20 + 5 <= page size <= slot size - (redundancy + 1) <= 18 - 5 = 13 + 2 <= redundancy + 1 <= nb shards <= slot size - page size <= 15 + *) + type range = { + redundancy : int list; + slot : int list; + page : int list; + shards : int list; + } -let get_srs2 i = List.assoc i srs_g2 + let concat_map4 {slot; redundancy; page; shards} func = + (* Ensure validity before computing actual value *) + let f ~slot ~redundancy ~page ~shards = + Parameters_check.ensure_validity_without_srs + ~slot_size:(1 lsl slot) + ~page_size:(1 lsl page) + ~redundancy_factor:(1 lsl redundancy) + ~number_of_shards:(1 lsl shards) + |> function + | Ok () -> func ~slot ~redundancy ~page ~shards + | _ -> 0 + in + List.concat_map + (fun slot -> + List.concat_map + (fun redundancy -> + List.concat_map + (fun page -> + List.map + (fun shards -> f ~slot ~redundancy ~page ~shards) + shards) + page) + redundancy) + slot -let get_verifier_srs1 () = srs_g1 + let generate_poly_lengths ~max_srs_size p = + let page_srs = + let values = + List.map + (fun page -> Parameters_check.domain_length ~size:(1 lsl page)) + p.page + in + values + in + let commitment_srs = + concat_map4 p (fun ~slot ~redundancy:_ ~page ~shards:_ -> + max_srs_size + - Parameters_check.slot_as_polynomial_length + ~page_size:(1 lsl page) + ~slot_size:(1 lsl slot)) + in + let shard_srs = + concat_map4 p (fun ~slot ~redundancy ~page ~shards -> + let max_polynomial_length = + Parameters_check.slot_as_polynomial_length + ~page_size:(1 lsl page) + ~slot_size:(1 lsl slot) + in + let erasure_encoded_polynomial_length = + (1 lsl redundancy) * max_polynomial_length + in + erasure_encoded_polynomial_length / (1 lsl shards)) + in + let page_shards = + List.sort_uniq (fun x y -> Int.compare y x) (page_srs @ shard_srs) + in + let max_srs1_needed = List.hd page_shards in + ( max_srs1_needed, + List.sort_uniq Int.compare (page_shards @ commitment_srs) ) -let get_verifier_srs2 = get_verifier_srs2 max_srs_size get_srs2 + let _generate_all_poly_lengths ~max_srs_size = + List.fold_left + (fun (acc_size, acc_lengths) p -> + let size, lengths = generate_poly_lengths ~max_srs_size p in + (max acc_size size, List.sort_uniq Int.compare (acc_lengths @ lengths))) + (0, []) + end -let is_in_srs2 i = List.mem_assoc i srs_g2 + let print_verifier_srs_from_file ?(max_srs_size = max_srs_size) ~zcash_g1_path + ~zcash_g2_path () = + let params = + Print. + { + redundancy = [1; 2; 3; 4]; + slot = [15; 16; 17; 18; 19; 20]; + page = [12]; + shards = [11; 12]; + } + in + let open Lwt_result_syntax in + let srs_g1_size, lengths = + Print.generate_poly_lengths ~max_srs_size params + in + let* srs_g1 = read_srs_g1 ~len:srs_g1_size ~path:zcash_g1_path () in + let* srs_g2 = read_srs_g2 ~path:zcash_g2_path () in + let srs2 = + List.map + (fun i -> + let g2 = + Srs_g2.get srs_g2 i |> G2.to_compressed_bytes |> Hex.of_bytes + |> Hex.show + in + Printf.sprintf "(%d, \"%s\")" i g2) + lengths + in + let srs1 = + List.init srs_g1_size (fun i -> + Printf.sprintf + "\"%s\"" + (Srs_g1.get srs_g1 i |> G1.to_compressed_bytes |> Hex.of_bytes + |> Hex.show)) + in + Printf.printf + "\n\nlet srs_g1 = [|\n %s\n|] |> read_srs_g1" + (String.concat " ;\n " @@ srs1) ; + Printf.printf + "\n\nlet srs_g2 = [\n %s\n] |> read_srs_g2" + (String.concat " ;\n " @@ srs2) ; + return_unit +end let ensure_srs_validity ~test ~mode ~slot_size ~page_size ~redundancy_factor ~number_of_shards = @@ -118,161 +272,3 @@ let ensure_srs_validity ~test ~mode ~slot_size ~page_size ~redundancy_factor shard_length page_length_domain offset_monomial_degree) - -exception Failed_to_load_trusted_setup of string - -let read_srs ?len ~path srs_of_bigstring = - let open Lwt_syntax in - let to_bigstring ~path = - let* fd = Lwt_unix.openfile path [Unix.O_RDONLY] 0o440 in - Lwt.finalize - (fun () -> - match - Lwt_bytes.map_file ~fd:(Lwt_unix.unix_file_descr fd) ~shared:false () - with - | exception Unix.Unix_error (error_code, function_name, _) -> - raise - (Failed_to_load_trusted_setup - (Format.sprintf - "%s: Unix.Unix_error: %s" - function_name - (Unix.error_message error_code))) - | exception e -> - raise (Failed_to_load_trusted_setup (Printexc.to_string e)) - | res -> Lwt.return res) - (fun () -> Lwt_unix.close fd) - in - let* srs_g1_bigstring = to_bigstring ~path in - Lwt.return @@ srs_of_bigstring ?len srs_g1_bigstring - -let read_srs_g1 ?len ~path () = read_srs ?len ~path Srs_g1.of_bigstring - -let read_srs_g2 ?len ~path () = read_srs ?len ~path Srs_g2.of_bigstring - -module Print = struct - (* Bounds (in log₂) - 1 <= redundancy<= 4 - 7 <= page size + (redundancy + 1) <= slot size <= 20 - 5 <= page size <= slot size - (redundancy + 1) <= 18 - 5 = 13 - 2 <= redundancy + 1 <= nb shards <= slot size - page size <= 15 - *) - type range = { - redundancy : int list; - slot : int list; - page : int list; - shards : int list; - } - - let _mainnet_params = - { - redundancy = [1; 2; 3; 4]; - slot = [15; 16; 17; 18; 19; 20]; - page = [12]; - shards = [11; 12]; - } - - let _additionnal_params = - {redundancy = [1; 2; 3; 4]; slot = [15]; page = [12]; shards = [6]} - - let concat_map4 {slot; redundancy; page; shards} func = - (* Ensure validity before computing actual value *) - let f ~slot ~redundancy ~page ~shards = - Parameters_check.ensure_validity_without_srs - ~slot_size:(1 lsl slot) - ~page_size:(1 lsl page) - ~redundancy_factor:(1 lsl redundancy) - ~number_of_shards:(1 lsl shards) - |> function - | Ok () -> func ~slot ~redundancy ~page ~shards - | _ -> 0 - in - List.concat_map - (fun slot -> - List.concat_map - (fun redundancy -> - List.concat_map - (fun page -> - List.map - (fun shards -> f ~slot ~redundancy ~page ~shards) - shards) - page) - redundancy) - slot - - let generate_poly_lengths ~max_srs_size p = - let page_srs = - let values = - List.map - (fun page -> Parameters_check.domain_length ~size:(1 lsl page)) - p.page - in - values - in - let commitment_srs = - concat_map4 p (fun ~slot ~redundancy:_ ~page ~shards:_ -> - max_srs_size - - Parameters_check.slot_as_polynomial_length - ~page_size:(1 lsl page) - ~slot_size:(1 lsl slot)) - in - let shard_srs = - concat_map4 p (fun ~slot ~redundancy ~page ~shards -> - let max_polynomial_length = - Parameters_check.slot_as_polynomial_length - ~page_size:(1 lsl page) - ~slot_size:(1 lsl slot) - in - let erasure_encoded_polynomial_length = - (1 lsl redundancy) * max_polynomial_length - in - erasure_encoded_polynomial_length / (1 lsl shards)) - in - let page_shards = - List.sort_uniq (fun x y -> Int.compare y x) (page_srs @ shard_srs) - in - let max_srs1_needed = List.hd page_shards in - (max_srs1_needed, List.sort_uniq Int.compare (page_shards @ commitment_srs)) - - let _generate_all_poly_lengths ~max_srs_size = - List.fold_left - (fun (acc_size, acc_lengths) p -> - let size, lengths = generate_poly_lengths ~max_srs_size p in - (max acc_size size, List.sort_uniq Int.compare (acc_lengths @ lengths))) - (0, []) - - (* run with - let _ = Lwt_main.run - @@ Srs.Print.(print_verifier_srs_from_file ~zcash_g1_path - ~zcash_g2_path mainnet_params) in - *) - let _print_verifier_srs_from_file ?(max_srs_size = max_srs_size) - ~zcash_g1_path ~zcash_g2_path params = - let open Lwt_result_syntax in - let srs_g1_size, lengths = generate_poly_lengths ~max_srs_size params in - let* srs_g1 = read_srs_g1 ~len:srs_g1_size ~path:zcash_g1_path () in - let* srs_g2 = read_srs_g2 ~path:zcash_g2_path () in - let srs2 = - List.map - (fun i -> - let g2 = - Srs_g2.get srs_g2 i |> G2.to_compressed_bytes |> Hex.of_bytes - |> Hex.show - in - Printf.sprintf "(%d, \"%s\")" i g2) - lengths - in - let srs1 = - List.init srs_g1_size (fun i -> - Printf.sprintf - "\"%s\"" - (Srs_g1.get srs_g1 i |> G1.to_compressed_bytes |> Hex.of_bytes - |> Hex.show)) - in - Printf.printf - "\n\nlet srs_g1 = [|\n %s\n|] |> read_srs_g1" - (String.concat " ;\n " @@ srs1) ; - Printf.printf - "\n\nlet srs_g2 = [\n %s\n] |> read_srs_g2" - (String.concat " ;\n " @@ srs2) ; - return_unit -end diff --git a/src/lib_crypto_dal/srs.mli b/src/lib_crypto_dal/srs.mli index 956917360592..3571346715e9 100644 --- a/src/lib_crypto_dal/srs.mli +++ b/src/lib_crypto_dal/srs.mli @@ -79,4 +79,17 @@ module Internal_for_tests : sig page_length_domain:int -> shard_length:int -> srs_verifier + + (** Prints the minimal srs needed for mainnet params, in an OCaml-readable + format. Run with + [let _ = Lwt_main.run + @@ Srs.Internal_for_tests.( + print_verifier_srs_from_file ~zcash_g1_path ~zcash_g2_path) ()] + This function can be used to add points in srs_g1 & srs_g2 in Zcash_srs *) + val print_verifier_srs_from_file : + ?max_srs_size:int -> + zcash_g1_path:string -> + zcash_g2_path:string -> + unit -> + (unit, [> `End_of_file of string | `Invalid_point of int]) result Lwt.t end -- GitLab