add unit test for transcript & precomputedfrs

bandersnatch/CMakeLists.txt

@@ -6,7 +6,7 @@ file(GLOB_RECURSE SRCS bandersnatch/*.cpp)
 file(GLOB_RECURSE HEADERS bandersnatch/*.h)
 
 add_library(bandersnatch ${SRCS} ${HEADERS})
-target_link_directories(bandersnatch PUBLIC bandersnatch)
+target_include_directories(bandersnatch PUBLIC .)
 target_link_libraries(bandersnatch PUBLIC blst)
 
 if (TESTS)

bandersnatch/bandersnatch/Element.cpp

@@ -50,7 +50,7 @@ Element& Element::mult(const Fr& fr)
     return *this;
 }
 
-Element Element::msm(Element::ElementListPtr points, Fr::FrListPtr scalars)
+Element Element::msm(const ElementListPtr& points, const Fr::FrListPtr& scalars)
 {
     if (points->size() != scalars->size()) {
         throw std::runtime_error("points and scalars have different sizes, " +
@@ -63,29 +63,21 @@ Element Element::msm(Element::ElementListPtr points, Fr::FrListPtr scalars)
     // By now we use Pippenger's algorithm to accelerate MSM (Multi-Scalar Multiplication).
     // It is implemented in blst lib.
     auto sz = blst_p1s_mult_pippenger_scratch_sizeof(points->size());
-    std::unique_ptr<limb_t[]> scratch{new limb_t[sz/sizeof(limb_t)]};
-
-    auto* affinePoints = new blst_p1_affine[n];
-    auto* baseScalars = new byte* [n];
+    limb_t scratch[sz/sizeof(limb_t)];
+    blst_p1_affine affinePoints[n];
+    blst_scalar baseScalars[n];
 
     for (auto i = 0; i < n; ++i)
     {
         blst_p1_to_affine(&affinePoints[i], &points->at(i).m_point);
-
-        blst_scalar tmp;
-        blst_scalar_from_fr(&tmp, &scalars->at(i).m_val);
-        baseScalars[i] = tmp.b;
+        blst_scalar_from_fr(&baseScalars[i], &scalars->at(i).m_val);
     }
 
-    Element ret;
-    blst_p1s_mult_pippenger(&ret.m_point, &affinePoints, n, baseScalars, 255, scratch.get());
+    const blst_p1_affine* pointsArg[2] = {affinePoints, nullptr};
+    const byte* scalarsArg[2] = {reinterpret_cast<byte*>(baseScalars), nullptr};
 
-    for (size_t i = 0; i < n; ++i)
-    {
-        delete[] baseScalars[i];
-    }
-    delete[] affinePoints;
-    delete[] baseScalars;
+    Element ret;
+    blst_p1s_mult_pippenger(&ret.m_point, pointsArg, n, scalarsArg, 255, scratch);
 
     return ret;
 }
@@ -100,6 +92,14 @@ bool Element::operator!=(const Element& other) const
     return !(*this == other);
 }
 
+Element Element::zero()
+{
+    // Identity/infinity of G1.
+    Element ret;
+    memset(&ret.m_point, 0, sizeof(ret.m_point));
+    return ret;
+}
+
 Element Element::add(const Element& a, const Element& b)
 {
     Element ret;

bandersnatch/bandersnatch/Element.h

@@ -26,10 +26,11 @@ class Element
     bool operator==(const Element& other) const;
     bool operator!=(const Element& other) const;
 
+    static Element zero();
     static Element add(const Element& a, const Element& b);
     static Element dbl(const Element& a);
     static Element mult(const Fr& fr, const Element& a);
-    static Element msm(Element::ElementListPtr points, Fr::FrListPtr scalars);
+    static Element msm(const Element::ElementListPtr& points, const Fr::FrListPtr& scalars);
 
     static Element generator();
 

bandersnatch/bandersnatch/Fr.cpp

@@ -73,7 +73,7 @@ Fr Fr::random()
 Fr Fr::fromUint64(uint64_t v)
 {
     uint64_t a[4] = {v};
-    return {a};
+    return Fr(a);
 }
 
 uint64_t Fr::toUint64() const

bandersnatch/bandersnatch/Fr.h

@@ -19,7 +19,7 @@ class Fr
     Fr& operator=(const Fr& other);
 
     // deserialize
-    Fr(const uint64_t a[4]);
+    explicit Fr(const uint64_t a[4]);
     Fr(const byte* msg, size_t nbits);
 
     static Fr zero();

bandersnatch/test/unittests/ElementTest.cpp

@@ -71,6 +71,27 @@ BOOST_AUTO_TEST_CASE(testMult)
     BOOST_ASSERT(g2 == exp);
 }
 
+BOOST_AUTO_TEST_CASE(testMsm)
+{
+    auto scalars = std::make_shared<std::vector<bandersnatch::Fr>>(256);
+    auto points = std::make_shared<std::vector<bandersnatch::Element>>(256);
+    auto exp = bandersnatch::Element::zero();
+    for (size_t i = 0; i < 256; ++i)
+    {
+        auto randomFr = bandersnatch::Fr::random();
+        auto randomPoint = bandersnatch::Element::generator().mult(randomFr);
+
+        // naive sum of multiple multiplication
+        exp.add(bandersnatch::Element::mult(randomFr, randomPoint));
+
+        scalars->at(i) = randomFr;
+        points->at(i) = randomPoint;
+    }
+
+    auto res = bandersnatch::Element::msm(points, scalars);
+    BOOST_ASSERT(res == exp);
+}
+
 BOOST_AUTO_TEST_CASE(testEqual)
 {
     uint8_t raw[96] = {

common/common/Common.h

@@ -3,8 +3,15 @@
 //
 #pragma once
 #include <cstddef>
+#include <cstdint>
+#include <memory>
 
 namespace verkle::common
 {
     constexpr size_t vectorLength = 256;
+
+    using byte = uint8_t;
+    using bytes = std::vector<byte>;
+    using bytesPtr = std::shared_ptr<std::vector<byte>>;
+
 }

ipa/CMakeLists.txt

@@ -5,7 +5,7 @@ file(GLOB_RECURSE HEADERS ipa/*.h)
 
 add_library(ipa ${SRCS} ${HEADERS})
 add_dependencies(ipa bandersnatch utilities common)
-target_include_directories(ipa PUBLIC ../bandersnatch ipa)
+target_include_directories(ipa PUBLIC .)
 target_link_libraries(ipa PUBLIC bandersnatch utilities common)
 
 if (TESTS)

ipa/ipa/IPAProof.cpp

@@ -4,8 +4,8 @@
 using namespace verkle::ipa;
 
 IPAProof IPAProof::create(
-        Transcript::Ptr transcript,
-        IPAConfig::Ptr config, 
+        const Transcript::Ptr& transcript,
+        const IPAConfig::Ptr& config,
         Element const& commitment, 
         Fr::FrListPtr& a,
         Fr const& evalPoint
@@ -46,14 +46,14 @@ IPAProof IPAProof::create(
 
         auto C_L_1 = commit(G_L, a_R);
         auto C_L = commit(
-            std::make_shared<std::vector<Element>>(std::initializer_list<auto>{C_L_1, q}),
-            std::make_shared<std::vector<Fr>>(std::initializer_list<auto>{Fr::one(), z_L})
+            std::make_shared<std::vector<Element>>(std::initializer_list<Element>{C_L_1, q}),
+            std::make_shared<std::vector<Fr>>(std::initializer_list<Fr>{Fr::one(), z_L})
             );
 
         auto C_R_1 = commit(G_R, a_L);
         auto C_R = commit(
-            std::make_shared<std::vector<Element>>(std::initializer_list<auto>{C_R_1, q}),
-            std::make_shared<std::vector<Fr>>(std::initializer_list<auto>{Fr::one(), z_R})
+            std::make_shared<std::vector<Element>>(std::initializer_list<Element>{C_R_1, q}),
+            std::make_shared<std::vector<Fr>>(std::initializer_list<Fr>{Fr::one(), z_R})
             );
 
         L->at(i) = C_L;
@@ -82,8 +82,8 @@ IPAProof IPAProof::create(
 }
 
 bool IPAProof::check (
-        Transcript::Ptr transcript, 
-        IPAConfig::Ptr config, 
+        const Transcript::Ptr& transcript,
+        const IPAConfig::Ptr& config,
         Element& commitment,
         Fr const& evalPoint,
         Fr const& result
@@ -104,10 +104,72 @@ bool IPAProof::check (
 
     auto w = transcript->generateChallenge(SeperateLabel::LABEL_RESCALING);
 
+    // Rescaling of q.
     auto q = config->m_Q.mult(w);
 
     commitment.add(q.mult(result));
 
-    auto 
+    auto challenges = generateChallenges(transcript);
+    auto invChallenges = std::make_shared<std::vector<Fr>>(challenges->size());
+    for (size_t i = 0; i < challenges->size(); ++i)
+    {
+        invChallenges->at(i) = challenges->at(i).inv();
+    }
+
+    // Compute expected commitment
+    auto elements = std::make_shared<std::vector<Element>>(3);
+    auto frs = std::make_shared<std::vector<Fr>>(3);
+    for (size_t i = 0; i < challenges->size(); ++i)
+    {
+        auto x = challenges->at(i);
+        auto L = m_left->at(i);
+        auto R = m_right->at(i);
+
+        elements->clear();
+        elements->insert(elements->end(), {commitment, L, R});
+
+        frs->clear();
+        frs->insert(frs->end(), {Fr::one(), x, invChallenges->at(i)});
+    }
+
+    auto g = config->m_srs;
+
+    // We compute the folding-scalars for g and b.
+    auto foldingScalars = std::make_shared<std::vector<Fr>>(g->size());
+    for (size_t i = 0; i < foldingScalars->size(); ++i)
+    {
+        auto scalar = Fr::one();
+
+        for (size_t challengeIdx = 0; challengeIdx < challenges->size(); ++challengeIdx)
+        {
+            if ((i & (1<<(7-challengeIdx))) > 0)
+            {
+                scalar *= invChallenges->at(challengeIdx);
+            }
+        }
 
+        foldingScalars->at(i) = scalar;
+    }
+
+    auto g0 = Element::msm(g, foldingScalars);
+    auto b0 = innerProduct(b, foldingScalars);
+
+    auto part1 = g0.mult(m_a);
+    auto part2 = q.mult(b0*m_a);
+    auto expected = part1.add(part2);
+
+    return expected == commitment;
+}
+
+
+Fr::FrListPtr IPAProof::generateChallenges(Transcript::Ptr const& transcript) const
+{
+    auto out = std::make_shared<std::vector<Fr>>(m_left->size());
+    for (size_t i = 0; i < m_left->size(); ++i)
+    {
+        transcript->appendPoint(m_left->at(i), SeperateLabel::LABEL_LEFT);
+        transcript->appendPoint(m_right->at(i), SeperateLabel::LABEL_RIGHT);
+        out->at(i) = transcript->generateChallenge(SeperateLabel::LABEL_X);
+    }
+    return out;
 }

ipa/ipa/IPAProof.h

@@ -9,25 +9,29 @@ using verkle::bandersnatch::Element;
 
 namespace verkle::ipa
 {
-struct  IPAProof
+class IPAProof
 {
-    Element::ElementListPtr m_left;
-    Element::ElementListPtr m_right;
-    Fr m_a;
-
+public:
     static IPAProof create(
-        Transcript::Ptr transcript, 
-        IPAConfig::Ptr config, 
+        const Transcript::Ptr& transcript,
+        const IPAConfig::Ptr& config,
         Element const& commitment, 
         Fr::FrListPtr& a,
         Fr const& evalPoint
     );
     bool check(
-        Transcript::Ptr transcript, 
-        IPAConfig::Ptr config, 
+        const Transcript::Ptr& transcript,
+        const IPAConfig::Ptr& config,
         Element& commitment,
         Fr const& evalPoint,
         Fr const& result
     ) const;
+
+private:
+    Element::ElementListPtr m_left;
+    Element::ElementListPtr m_right;
+    Fr m_a;
+
+    Fr::FrListPtr generateChallenges(Transcript::Ptr const& transcript) const;
 };
 }