diff --git a/Makefile b/Makefile deleted file mode 100644 index a41555c..0000000 --- a/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -.PHONY: execute prove prove_ultra_honk verify write_vk_ultra_honk verify_ultra_honk write_vk verify zk zk_ultra_honk - -execute: - nargo execute plume --silence-warnings - -prove_ultra_honk: - bb prove_ultra_honk -b ./target/use.json -w ./target/plume.gz -o ./target/proof - -prove: - bb prove -b ./target/use.json -w ./target/plume.gz -o ./target/proof - -write_vk_ultra_honk: - bb write_vk_ultra_honk -b ./target/use.json -o ./target/vk - -verify_ultra_honk: - bb verify_ultra_honk -k ./target/vk -p ./target/proof - -write_vk: - bb write_vk -b ./target/use.json -o ./target/vk - -verify: - bb verify -k ./target/vk -p ./target/proof - - -zk_ultra_honk: - make execute - make prove_ultra_honk - make verify_ultra_honk - -zk: - make execute - make prove - make verify \ No newline at end of file diff --git a/README.md b/README.md index 242a176..ed77199 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ -# Plume in Noir +# PLUME in Noir [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT) [![Noir CI 🌌](https://github.com/distributed-lab/noir-plume/actions/workflows/noir.yml/badge.svg)](https://github.com/distributed-lab/noir-plume/actions/workflows/noir.yml) Plume is needed to confirm your identity without disclosing your private data, i.e. [zero-knowledge proof](https://en.wikipedia.org/wiki/Zero-knowledge_proof). Plume has another feature: you can send a message from a private group using special group message. For more details visit . -## How to use? +## Eager to try? 😎 ### Add dependency to your project's `Nargo.toml` @@ -33,60 +33,18 @@ use plume::plume_v2; plume_v2(msg, c, s, pk, nullifier); ``` -### Example +### Examples -See the example in `crates/use`. For proving data generation, check out our `SageMath` [implementation](./etc). +Check out how to generate proofs with PLUME in either `crates/use_v1` or `crates/use_v2`. +For proving data generation, see our `SageMath` [implementation](./etc). -## Benchmark +## Benchmark 📊 We have provided information regarding different computational statistics such as constraints amount and time for various activities, see [Benchmark.md](./BENCHMARK.md) -## Miscellaneous +## There is more? 🤯 -### Message Lenght Restriction - -Due to `Noir` specifics and generics limitations, message length is hardcoded to be constant value `32`. -In case you need to change it, see [constants.nr](./crates/plume/src/constants.nr). - -### Cryptography - -In order to bring in `PLUME` to `Noir`, we needed to implement `secp256k1_XMD:SHA-256_SSWU_RO_` hash-to-curve algorithm. +In order to bring in `PLUME` to `Noir`, we needed to implement `secp256k1_XMD:SHA-256_SSWU_RO_` hash-to-curve algorithm, ergo now it is available in `Noir` ecosystem! Based on [this description](https://datatracker.ietf.org/doc/id/draft-irtf-cfrg-hash-to-curve-06.html). -Testes using [this data](https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-13.html#appendix-J.8.1). - -#### The algorithm - -```bash -hash_to_curve(msg) - -Input: msg, an arbitrary-length byte string. -Output: P, a point in the secp256k1 curve. - -Steps: -1. u = hash_to_field(msg) -2. Q0 = map_to_curve(u[0]) -3. Q1 = map_to_curve(u[1]) -4. P = iso_map(Q0) + iso_map(Q1) -5. return P -``` - -##### hash_to_field - -Implemented in [hash_to_field.nr](crates/plume/src/hash_to_field.nr). -Follows the algorithm described [here](https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-13.html#hashtofield). - -##### map_to_curve - -Implemented in [map_to_curve.nr](crates/plume/src/map_to_curve.nr). -Follows the algorithm described [here](https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-13.html#simple-swu). - -##### iso_map - -Implemented in [iso_map.nr](crates/plume/src/iso_map.nr). -Follows the algorithm described [here](https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-13.html#appx-iso-secp256k1). - -##### Elliptic Curve operations - -Implemented in [ec_ops.nr](crates/plume/src/ec_ops.nr). -Follows the algorithm described [here](https://www.rareskills.io/post/elliptic-curve-addition). +Tested using [this data](https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-13.html#appendix-J.8.1). diff --git a/bench.sh b/bench.sh new file mode 100755 index 0000000..9867b1b --- /dev/null +++ b/bench.sh @@ -0,0 +1,91 @@ +#!/bin/bash + +set -e # Exit immediately if a command exits with a non-zero status +export TIMEFORMAT="%R" + +VERSIONS=("v1" "v2") +PROOF_SYSTEMS=("ultra-plonk" "ultra-honk") + +# Initialize arrays to store timings +compilation_times=() +execution_times=() +proof_times=() +vk_times=() +verify_times=() +proof_system_names=() +version_names=() + +for VERSION in "${VERSIONS[@]}"; do + echo "Benchmarking PLUME $VERSION" + + echo "Compiling and executing the PLUME $VERSION circuit" + + # Compilation + compilation_time=$( { time nargo compile --force --silence-warnings --package use_$VERSION >/dev/null; } 2>&1 ) + compilation_times+=("$compilation_time") + + # Execution + execution_time=$( { time nargo execute --silence-warnings --package use_$VERSION use_$VERSION >/dev/null; } 2>&1 ) + execution_times+=("$execution_time") + + for PROOF_SYSTEM in "${PROOF_SYSTEMS[@]}"; do + echo "Proving, writing the verification key, and verifying the PLUME $VERSION circuit with $PROOF_SYSTEM" + + # Set command prefixes and suffixes based on the proof system + if [ "$PROOF_SYSTEM" == "ultra-plonk" ]; then + PROVE_CMD="bb prove" + VK_CMD="bb write_vk" + VERIFY_CMD="bb verify" + SUFFIX="_up" + PROOF_SYSTEM_NAME="Ultra-Plonk" + else + PROVE_CMD="bb prove_ultra_honk" + VK_CMD="bb write_vk_ultra_honk" + VERIFY_CMD="bb verify_ultra_honk" + SUFFIX="_uh" + PROOF_SYSTEM_NAME="Ultra-Honk" + fi + + # Define file paths + BASE_PATH="./target/use_$VERSION" + PROOF_PATH="./target/proof_${VERSION}${SUFFIX}" + VK_PATH="./target/vk_${VERSION}${SUFFIX}" + + # Proof Generation + proof_time=$( { time $PROVE_CMD -b "${BASE_PATH}.json" -w "${BASE_PATH}.gz" -o "$PROOF_PATH" >/dev/null; } 2>&1 ) + proof_times+=("$proof_time") + + # Verification Key Writing + vk_time=$( { time $VK_CMD -b "${BASE_PATH}.json" -o "$VK_PATH" >/dev/null; } 2>&1 ) + vk_times+=("$vk_time") + + # Verification + verify_time=$( { time $VERIFY_CMD -k "$VK_PATH" -p "$PROOF_PATH" >/dev/null; } 2>&1 ) + verify_times+=("$verify_time") + + proof_system_names+=("$PROOF_SYSTEM_NAME") + version_names+=("$VERSION") + done +done + +# Print the summary of timings +echo +echo "Benchmarking Summary:" + +array_index=0 +for (( i=0; i<${#VERSIONS[@]}; i++ )); do + VERSION="${VERSIONS[i]}" + echo "PLUME $VERSION:" + echo " Compilation time: ${compilation_times[i]} seconds" + echo " Execution time: ${execution_times[i]} seconds" + + for (( j=0; j<${#PROOF_SYSTEMS[@]}; j++ )); do + PROOF_SYSTEM_NAME="${proof_system_names[array_index]}" + echo " $PROOF_SYSTEM_NAME:" + echo " Proof generation time: ${proof_times[array_index]} seconds" + echo " Verification key writing time: ${vk_times[array_index]} seconds" + echo " Verification time: ${verify_times[array_index]} seconds" + ((array_index++)) + done + echo +done diff --git a/crates/use_v1/Prover.toml b/crates/use_v1/Prover.toml index a6a523e..ae55478 100644 --- a/crates/use_v1/Prover.toml +++ b/crates/use_v1/Prover.toml @@ -1,5 +1,5 @@ -c = ["53", "56", "241", "116", "247", "113", "134", "213", "193", "65", "151", "45", "21", "170", "18", "59", "83", "109", "226", "121", "204", "173", "236", "64", "86", "232", "242", "15", "37", "79", "226", "74"] -msg = ["74", "223", "32", "97", "177", "144", "197", "10", "58", "198", "201", "30", "96", "107", "23", "69", "13", "126", "108", "203", "33", "201", "101", "66", "77", "36", "65", "227", "36", "83", "187", "226"] -nullifier = [["88", "233", "237", "83", "167", "202", "118", "205", "248", "169", "110", "84", "82", "60", "243", "41", "186", "189", "121", "112", "11", "164", "13", "111", "47", "243", "131", "251", "46", "224", "116", "137"], ["213", "22", "193", "70", "149", "43", "149", "112", "12", "166", "64", "241", "242", "212", "208", "68", "219", "81", "135", "45", "243", "219", "210", "228", "72", "201", "68", "69", "29", "170", "234", "62"]] -pk = [["122", "186", "229", "218", "55", "150", "127", "92", "250", "27", "108", "44", "82", "215", "6", "183", "221", "50", "219", "205", "186", "5", "163", "196", "63", "106", "19", "156", "154", "244", "11", "59"], ["92", "161", "30", "116", "247", "146", "29", "73", "133", "16", "205", "120", "8", "179", "162", "43", "147", "97", "7", "224", "250", "135", "172", "135", "197", "131", "205", "59", "32", "113", "80", "126"]] -s = ["40", "27", "33", "89", "224", "169", "181", "143", "183", "9", "88", "211", "137", "93", "74", "178", "220", "18", "255", "20", "38", "254", "62", "187", "116", "253", "98", "243", "232", "163", "208", "23"] +c = ["216", "118", "145", "136", "91", "4", "222", "116", "104", "12", "106", "187", "190", "242", "23", "160", "145", "79", "64", "36", "137", "68", "67", "40", "36", "148", "218", "32", "143", "73", "204", "117"] +msg = ["78", "144", "86", "203", "136", "176", "142", "202", "13", "231", "136", "140", "230", "246", "201", "84", "37", "14", "86", "181", "47", "135", "224", "160", "104", "238", "248", "175", "110", "33", "167", "28"] +nullifier = [["148", "173", "27", "47", "88", "231", "178", "194", "118", "60", "241", "202", "54", "249", "171", "223", "125", "20", "188", "3", "146", "107", "75", "52", "46", "250", "78", "248", "107", "106", "215", "130"], ["13", "64", "28", "120", "252", "184", "118", "45", "251", "190", "134", "128", "88", "154", "188", "127", "222", "247", "124", "180", "52", "155", "36", "216", "160", "165", "157", "100", "139", "252", "148", "241"]] +pk = [["61", "255", "45", "182", "240", "139", "216", "171", "63", "196", "181", "37", "57", "74", "197", "53", "116", "27", "185", "236", "208", "115", "25", "185", "218", "227", "60", "193", "3", "246", "244", "93"], ["52", "22", "83", "206", "10", "220", "93", "188", "208", "32", "144", "236", "29", "103", "110", "222", "229", "48", "72", "213", "41", "234", "47", "10", "148", "104", "28", "215", "230", "20", "42", "118"]] +s = ["31", "240", "219", "166", "219", "231", "17", "13", "124", "15", "221", "231", "83", "171", "188", "50", "208", "0", "26", "38", "200", "138", "134", "86", "114", "207", "166", "21", "172", "173", "22", "12"] diff --git a/crates/use_v2/Prover.toml b/crates/use_v2/Prover.toml index eeb23f2..ea51f9b 100644 --- a/crates/use_v2/Prover.toml +++ b/crates/use_v2/Prover.toml @@ -1,5 +1,5 @@ -c = ["168", "116", "35", "227", "254", "249", "247", "14", "215", "165", "253", "2", "36", "152", "193", "128", "30", "107", "188", "237", "197", "68", "104", "158", "158", "156", "208", "146", "190", "131", "18", "210"] -msg = ["71", "62", "193", "198", "189", "18", "238", "214", "120", "50", "134", "210", "241", "249", "251", "22", "116", "126", "6", "32", "254", "247", "62", "236", "60", "225", "51", "255", "89", "134", "236", "180"] -nullifier = [["78", "91", "85", "215", "95", "183", "229", "168", "164", "18", "237", "152", "227", "223", "125", "177", "67", "17", "192", "55", "65", "182", "38", "246", "15", "42", "102", "30", "137", "240", "76", "181"], ["231", "226", "233", "230", "142", "221", "98", "228", "110", "112", "42", "93", "232", "186", "118", "81", "93", "98", "34", "102", "34", "69", "174", "111", "250", "195", "245", "116", "217", "145", "39", "137"]] -pk = [["13", "234", "84", "185", "203", "217", "7", "132", "174", "234", "190", "150", "56", "131", "166", "137", "163", "120", "187", "69", "156", "185", "37", "243", "197", "211", "203", "9", "213", "210", "127", "141"], ["165", "51", "20", "1", "6", "136", "42", "19", "55", "106", "239", "105", "87", "56", "235", "203", "119", "130", "202", "249", "73", "235", "208", "177", "109", "88", "214", "37", "246", "71", "40", "142"]] -s = ["164", "9", "146", "60", "252", "221", "204", "161", "50", "107", "197", "91", "94", "81", "106", "37", "174", "245", "190", "3", "88", "66", "2", "60", "91", "3", "7", "44", "203", "241", "49", "91"] +c = ["134", "240", "195", "22", "204", "198", "89", "57", "45", "204", "229", "224", "180", "36", "31", "83", "43", "157", "50", "199", "9", "72", "180", "141", "183", "98", "22", "88", "85", "111", "196", "95"] +msg = ["62", "9", "128", "210", "216", "31", "212", "145", "212", "204", "176", "89", "122", "123", "17", "11", "231", "171", "174", "211", "39", "82", "205", "229", "119", "125", "179", "74", "131", "66", "112", "69"] +nullifier = [["25", "148", "127", "98", "237", "6", "156", "138", "203", "120", "246", "140", "212", "59", "19", "136", "233", "162", "56", "144", "40", "31", "64", "159", "91", "62", "89", "88", "78", "190", "72", "252"], ["21", "32", "121", "57", "220", "94", "234", "215", "154", "206", "142", "118", "163", "161", "189", "61", "162", "175", "118", "173", "98", "67", "189", "118", "10", "158", "16", "128", "246", "63", "84", "222"]] +pk = [["22", "37", "199", "63", "92", "79", "168", "124", "56", "245", "179", "63", "36", "245", "105", "148", "254", "118", "69", "129", "135", "146", "226", "240", "104", "152", "215", "230", "190", "228", "63", "181"], ["43", "75", "38", "134", "210", "182", "69", "102", "199", "29", "243", "155", "87", "8", "16", "84", "188", "254", "2", "212", "227", "89", "252", "117", "195", "95", "242", "111", "193", "198", "165", "85"]] +s = ["240", "43", "180", "90", "190", "52", "21", "88", "231", "208", "113", "202", "39", "100", "104", "70", "13", "194", "197", "35", "241", "65", "143", "214", "4", "233", "73", "70", "198", "153", "201", "211"] diff --git a/etc/README.md b/etc/README.md index 5ee41a6..aa75d8f 100644 --- a/etc/README.md +++ b/etc/README.md @@ -8,16 +8,11 @@ To streamline demonstration of `PLUME` usage in `Noir`, we attach the below scri ### Generation of the `Prover.toml` data -Generates random 32-byte values of `r` and `sk`, random message-length dependent `msg` and computes other necessary information -for ZKP issuing. - -### Managing `PLUME` version - -Comments out the code in `/crates/use/src/main.nr` enabling either `v1` or `v2` version. +Generates random 32-byte values of `r` and `sk`, random message-length dependent `msg` and computes other necessary information for ZKP issuing. ### Managing message length -Changes `MSG_LEN` constant in `crates/plume/src/constants.nr`. +Changes `MSG_LEN` constant in either `crates/use_v1/src/main.nr` or `crates/use_v2/src/main.nr`. ## How to use? @@ -27,7 +22,7 @@ Install SageMath by following [these instructions](https://doc.sagemath.org/html ### Launch Sage -Select the version of plume you want to run: either "v1" or "v2", then the number of bytes for msg (non-negative number) and run `main.sage` supplying these as CLI arguments, for example: +Select the desired version of plume: either "v1" or "v2", then the number of bytes for msg (non-negative number) and run `main.sage` supplying these as CLI arguments, for example: ```bash sage main.sage v2 32 diff --git a/etc/main.sage b/etc/main.sage index a1975bf..9c5ed13 100644 --- a/etc/main.sage +++ b/etc/main.sage @@ -23,7 +23,7 @@ def format_double_array(pk): def update_prover_toml(is_v1: bool, msg_len: int): prover_toml_path = "../crates/use_v2/Prover.toml" if is_v1: - path = "../crates/use_v1/Prover.toml" + prover_toml_path = "../crates/use_v1/Prover.toml" data = toml.load(prover_toml_path) (msg, c, s, pk, nullifier) = plume_generate_test_case(is_v1, msg_len)