Skip to content

fix: ensure witness size is power of two #338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
DeVikingMark wants to merge 8 commits into from
Closed

fix: ensure witness size is power of two #338

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
6220fea
Update crr1csproof.rs
DeVikingMark Dec 27, 2024
a2d2ab0
Update crr1csproof.rs
DeVikingMark Jan 20, 2025
19e94bb
Update crr1csproof.rs
DeVikingMark Jan 20, 2025
b88aa82
Update crr1csproof.rs
DeVikingMark Jan 23, 2025
c90da8b
Update eval.rs
DeVikingMark Feb 26, 2025
f46fc1a
Update crr1csproof.rs
DeVikingMark Feb 26, 2025
2aa99af
Update crr1csproof.rs
DeVikingMark Feb 28, 2025
bd2bda7
Merge branch 'main' into fix/witness-size-power-of-two
DeVikingMark Feb 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
94 changes: 94 additions & 0 deletions spartan/src/crr1csproof.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -256,6 +256,14 @@ impl<G: CurveGroup, PC: PolyCommitmentScheme<G>> CRR1CSProof<G, PC> {
transcript: &mut Transcript,
) -> (CRR1CSProof<G, PC>, Vec<G::ScalarField>, Vec<G::ScalarField>) {
let timer_prove = Timer::new("CRR1CSProof::prove");

// Check if witness size is a power of two
let witness_size = witness.W.assignment.len();
assert!(
witness_size.is_power_of_two(),
"Witness size must be a power of two"
);

<Transcript as ProofTranscript<G>>::append_protocol_name(
transcript,
CRR1CSProof::<G, PC>::protocol_name(),
Expand All @@ -275,6 +283,18 @@ impl<G: CurveGroup, PC: PolyCommitmentScheme<G>> CRR1CSProof<G, PC> {

// we currently require the number of |inputs| + 1 to be at most number of vars
assert!(input.len() < vars.len());

// Check if E vector size is power of two and matches witness size
assert!(
E.len().is_power_of_two(),
"Error vector size must be a power of two"
);
assert_eq!(
witness_size,
E.len(),
"Witness and error vector sizes must match"
);

<Transcript as ProofTranscript<G>>::append_scalars(transcript, b"input", input);
<Transcript as ProofTranscript<G>>::append_scalar(transcript, b"u", u);
comm_W.append_to_transcript(b"comm_W", transcript);
Expand Down Expand Up @@ -676,4 +696,78 @@ mod tests {
)
.is_ok());
}

#[test]
#[should_panic(expected = "Witness size must be a power of two")]
fn test_witness_size_not_power_of_two() {
let num_vars = 1024;
let num_cons = 1024;
let num_inputs = 10;
let (shape, instance, mut witness, gens) =
produce_synthetic_crr1cs::<G1Projective, Hyrax<G1Projective>>(num_cons, num_vars, num_inputs);

// Modify witness to have non-power-of-two size
witness.W.assignment = vec![Fr::zero(); 1023]; // Not a power of two

let mut prover_transcript = Transcript::new(b"example");

// This should panic because witness size is not power of two
let _ = CRR1CSProof::prove(
&shape,
&instance,
witness,
&gens.gens_r1cs_sat,
&mut prover_transcript,
);
}

#[test]
#[should_panic(expected = "Error vector size must be a power of two")]
fn test_error_vector_size_not_power_of_two() {
let num_vars = 1024;
let num_cons = 1024;
let num_inputs = 10;
let (shape, instance, mut witness, gens) =
produce_synthetic_crr1cs::<G1Projective, Hyrax<G1Projective>>(num_cons, num_vars, num_inputs);

// Modify error vector to have non-power-of-two size
witness.E = vec![Fr::zero(); 1023]; // Not a power of two

let mut prover_transcript = Transcript::new(b"example");

// This should panic because error vector size is not power of two
let _ = CRR1CSProof::prove(
&shape,
&instance,
witness,
&gens.gens_r1cs_sat,
&mut prover_transcript,
);
}

#[test]
fn test_valid_witness_and_error_sizes() {
let num_vars = 1024; // Power of two
let num_cons = 1024; // Power of two
let num_inputs = 10;
let (shape, instance, witness, gens) =
produce_synthetic_crr1cs::<G1Projective, Hyrax<G1Projective>>(num_cons, num_vars, num_inputs);

let mut prover_transcript = Transcript::new(b"example");

// This should not panic since both witness and error sizes are powers of two
let result = CRR1CSProof::prove(
&shape,
&instance,
witness,
&gens.gens_r1cs_sat,
&mut prover_transcript,
);

assert!(
result.0.claims_phase2.0 != Fr::zero()
|| result.0.claims_phase2.1 != Fr::zero()
|| result.0.claims_phase2.2 != Fr::zero()
);
}
}
3 changes: 1 addition & 2 deletions vm/src/eval.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,11 +236,10 @@
Ok(())
}

/// evaluate next instruction

Check warning on line 239 in vm/src/eval.rs

View workflow job for this annotation

GitHub Actions / check-fmt 

Diff in /home/runner/work/nexus-zkvm/nexus-zkvm/vm/src/eval.rs
pub fn eval_inst(vm: &mut NexusVM<impl Memory>) -> Result<()> {
if vm
.max_trace_len
.map_or(false, |max_trace_len| max_trace_len <= vm.trace_len)
.max_trace_len.is_some_and(|max_trace_len| max_trace_len <= vm.trace_len)
{
return Err(NexusVMError::MaxTraceLengthExceeded(vm.trace_len));
}
Expand Down
Loading