feat: ideal vole and traits#384
Open
themighty1 wants to merge 6 commits into
Open
Conversation
themighty1
force-pushed
the
feat/vole_core_crate
branch
from
e3f8e33 to
317b21d
Compare
Collaborator
Author
|
migrated to |
Mirrors Gf2_128, which has carried these derives since #382. Adds `#[repr(transparent)]` (required for zerocopy soundness) and the `FromBytes`, `IntoBytes`, `Immutable`, `KnownLayout` derives.
…2^k) backends (#388) Adds the field primitives needed by upcoming gate-by-gate ZK protocols: - Field::square, inner_product, double_inner_product (with chunked / rayon-aware default impls) - ExtensionField trait with MONOMIAL_BASIS and inner_product_subfield - gf2_64 alongside gf2_128 - x86-64 (PCLMULQDQ) and WASM-SIMD backends for both fields, dispatched via cfg_select
…it (#389) * feat(mpz-fields): inner products, ExtensionField, and accelerated GF(2^k) backends Adds the field primitives needed by upcoming gate-by-gate ZK protocols: - Field::square, inner_product, double_inner_product (with chunked / rayon-aware default impls) - ExtensionField trait with MONOMIAL_BASIS and inner_product_subfield - gf2_64 alongside gf2_128 - x86-64 (PCLMULQDQ) and WASM-SIMD backends for both fields, dispatched via cfg_select * feat: add mpz-circuits-new crate with Context trait and SHA-256 circuit A field-generic circuit-evaluation abstraction. The `Context` trait exposes `add` / `sub` / `mul` / `mul_const` / `constant` / `assert_const` / `assert_eq` over an associated `Wire` type, so the same circuit code drives plain-bit witness evaluation, ZK provers, and ZK verifiers without modification. Includes: - `Context` trait + `MaybeConst<Wire, Field>` return type for `mul_const` (skips communication when one operand is a known constant). - `WitnessCtx` impl: plain-field arithmetic, AND-gate outputs appended to a witness tape. - Hand-written SHA-256 compression circuit (`sha256::compress`) with the constant `AND_PER_BLOCK` and initial state `H0` exported. - Criterion bench for SHA-256 over the witness context.
* feat(mpz-fields): inner products, ExtensionField, and accelerated GF(2^k) backends Adds the field primitives needed by upcoming gate-by-gate ZK protocols: - Field::square, inner_product, double_inner_product (with chunked / rayon-aware default impls) - ExtensionField trait with MONOMIAL_BASIS and inner_product_subfield - gf2_64 alongside gf2_128 - x86-64 (PCLMULQDQ) and WASM-SIMD backends for both fields, dispatched via cfg_select * feat: add mpz-circuits-new crate with Context trait and SHA-256 circuit A field-generic circuit-evaluation abstraction. The `Context` trait exposes `add` / `sub` / `mul` / `mul_const` / `constant` / `assert_const` / `assert_eq` over an associated `Wire` type, so the same circuit code drives plain-bit witness evaluation, ZK provers, and ZK verifiers without modification. Includes: - `Context` trait + `MaybeConst<Wire, Field>` return type for `mul_const` (skips communication when one operand is a known constant). - `WitnessCtx` impl: plain-field arithmetic, AND-gate outputs appended to a witness tape. - Hand-written SHA-256 compression circuit (`sha256::compress`) with the constant `AND_PER_BLOCK` and initial state `H0` exported. - Criterion bench for SHA-256 over the witness context. * feat: add mpz-zk-core-new — QuickSilver gate-by-gate ZK protocol Implementation of the QuickSilver protocol (Yang–Heath–Wang–Katz '21, eprint 2021/076) Fig 5: a constant-round, gate-by-gate ZK proof system for boolean circuits with one field element of communication per AND gate. - Prover / Verifier types implementing `mpz_circuits_new::Context` over `Wire = Gf2_128` IT-MACs. - Pointer-bit convention: every MAC's LSB carries the authenticated bit, removing the need for a separate witness tape on the prover. - Per-AND-gate triple collection + Fig-5 step-7 batch consistency check using `Field::double_inner_product`. ~256-element segments, rayon-aware (`set_stream` per segment for deterministic parallel χ). - VOPE(1) mask packed from 128 sVOLE correlations via the monomial basis inner product. - Fiat–Shamir transcript bound to: caller-seeded prefix → masked witness → per-`assert` public bits → assertions hash → χ. - i.i.d. uniform χ from a ChaCha12 PRG (soundness 2/p^r ≈ 2^-127, tighter than the paper's t/p^r from χ^i powers). Tests: 10 unit tests (SHA-256 round-trip + 6 negative + 3 assert_eq) plus an end-to-end SHA-256 integration test against `sha2::compress256`. Bench harness covers 64 B → 128 KiB messages.
themighty1
force-pushed
the
feat/vole_core_crate
branch
from
d46f85d to
ece7f7a
Compare
sinui0
force-pushed
the
v2
branch
2 times, most recently
from
3bafd91 to
59aabd9
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
pregeneratemethod on each ideal — a departure from the OT-ideal shape — shifts correlation materialization out of the protocol's online path to minimize online-phase latency.