Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ntt for babybear and goldilocks #144

Merged
merged 4 commits into from
Aug 28, 2024
Merged

Add ntt for babybear and goldilocks #144

merged 4 commits into from
Aug 28, 2024

Conversation

xiangxiecrypto
Copy link
Member

The impl. of ntt uses concrete-ntt.

serendipity-crypto
serendipity-crypto requested changes Aug 27, 2024
View reviewed changes
algebra/src/goldilocks/goldilocks_ntt.rs Outdated
Comment on lines 13 to 23
impl From<usize> for Goldilocks {
#[inline]
fn from(value: usize) -> Self {
let modulus = Goldilocks::MODULUS_VALUE as usize;
if value < modulus {
Self(value as u64)
} else {
Self((value % modulus) as u64)
}
}
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is here value - modulus is enough for case value >= modulus?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, it is sufficient. I did not mean to optimize this.

algebra/src/baby_bear/babybear_ntt.rs
Comment on lines +8 to +10

use crate::{transformation::prime32::ConcreteTable, Field, NTTField};

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Use ConcreteTable make this implementation is not correctly when feature concrete-ntt is disabled.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do not have a non-concrete version yet. That is why I do not use a feature here, which means we have to always use concrete for these two fields.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, we have.
image

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can disable the default feature to disable concrete-ntt.

algebra/src/baby_bear/babybear_ntt.rs
Comment on lines +66 to +95
fn try_primitive_root(degree: Self::Degree) -> Result<Self, crate::AlgebraError> {
let modulus_sub_one = BabyBear::MODULUS_VALUE - 1;
let quotient = modulus_sub_one / degree;
if modulus_sub_one != quotient * degree {
return Err(crate::AlgebraError::NoPrimitiveRoot {
degree: degree.to_string(),
modulus: BabyBear::MODULUS_VALUE.to_string(),
});
}

let mut rng = thread_rng();
let distr = distributions::Uniform::new_inclusive(2, modulus_sub_one);

let mut w = Self::zero();

if (0..100).any(|_| {
w = pow(
Self::new(rand::Rng::sample(&mut rng, distr)),
quotient as usize,
);
Self::is_primitive_root(w, degree)
}) {
Ok(w)
} else {
Err(crate::AlgebraError::NoPrimitiveRoot {
degree: degree.to_string(),
modulus: BabyBear::MODULUS_VALUE.to_string(),
})
}
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is not necessary now. We just use unreachable!() in it.

algebra/src/baby_bear/babybear_ntt.rs
Comment on lines +97 to +111
fn try_minimal_primitive_root(degree: Self::Degree) -> Result<Self, crate::AlgebraError> {
let mut root = Self::try_primitive_root(degree)?;

let generator_sq = (root * root).to_root();
let mut current_generator = root;

for _ in 0..degree {
if current_generator < root {
root = current_generator;
}
current_generator.mul_root_assign(generator_sq);
}

Ok(root)
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is not necessary now. We just use unreachable!() in it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it is used in zk, right?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, if zk use it, the wrong result will be returned.

Copy link
Collaborator

@serendipity-crypto serendipity-crypto Aug 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not the right way to get the root for user. Concrete generate root with a different way.

algebra/src/goldilocks/goldilocks_ntt.rs
Comment on lines +72 to +101
fn try_primitive_root(degree: Self::Degree) -> Result<Self, crate::AlgebraError> {
let modulus_sub_one = Goldilocks::MODULUS_VALUE - 1;
let quotient = modulus_sub_one / degree;
if modulus_sub_one != quotient * degree {
return Err(crate::AlgebraError::NoPrimitiveRoot {
degree: degree.to_string(),
modulus: Goldilocks::MODULUS_VALUE.to_string(),
});
}

let mut rng = thread_rng();
let distr = distributions::Uniform::new_inclusive(2, modulus_sub_one);

let mut w = Self::zero();

if (0..100).any(|_| {
w = pow(
Self::new(rand::Rng::sample(&mut rng, distr)),
quotient as usize,
);
Self::is_primitive_root(w, degree)
}) {
Ok(w)
} else {
Err(crate::AlgebraError::NoPrimitiveRoot {
degree: degree.to_string(),
modulus: Goldilocks::MODULUS_VALUE.to_string(),
})
}
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is not necessary now. We just use unreachable!() in it.

algebra/src/goldilocks/goldilocks_ntt.rs
Comment on lines +103 to +117
fn try_minimal_primitive_root(degree: Self::Degree) -> Result<Self, crate::AlgebraError> {
let mut root = Self::try_primitive_root(degree)?;

let generator_sq = (root * root).to_root();
let mut current_generator = root;

for _ in 0..degree {
if current_generator < root {
root = current_generator;
}
current_generator.mul_root_assign(generator_sq);
}

Ok(root)
}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is not necessary now. We just use unreachable!() in it.

algebra/src/goldilocks/goldilocks_ntt.rs
Comment on lines +8 to +10

use crate::{transformation::prime64::ConcreteTable, Field, NTTField};

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a way to perform when concrete-ntt is not enable

serendipity-crypto
serendipity-crypto approved these changes Aug 28, 2024
View reviewed changes
Copy link
Collaborator

@serendipity-crypto serendipity-crypto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The approach is not exactly what I had envisioned, and it seems less than ideal. Nevertheless, it will suffice for the time being. We can always refine it later on.

@xiangxiecrypto xiangxiecrypto merged commit 315bb52 into main Aug 28, 2024
8 checks passed
@serendipity-crypto serendipity-crypto deleted the ntt_field branch December 6, 2024 06:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@serendipity-crypto serendipity-crypto serendipity-crypto approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@xiangxiecrypto @serendipity-crypto