Merge pull request #450 from filecoin-project/tapered-challenges

feat(storage-proofs): implement challenge tapering

Author: porcuquine

filecoin-proofs/examples/encoding.rs

@@ -30,7 +30,7 @@ use storage_proofs::drgraph::*;
 use storage_proofs::example_helper::prettyb;
 use storage_proofs::fr32::fr_into_bytes;
 use storage_proofs::hasher::{Hasher, PedersenHasher};
-use storage_proofs::layered_drgporep;
+use storage_proofs::layered_drgporep::{self, LayerChallenges};
 use storage_proofs::proof::ProofScheme;
 use storage_proofs::vde;
 use storage_proofs::zigzag_drgporep::*;
@@ -109,8 +109,7 @@ where
             },
             sloth_iter,
         },
-        layers: 1,
-        challenge_count: 1,
+        layer_challenges: LayerChallenges::new_fixed(1, 1),
     };
 
     info!(FCP_LOG, "running setup");

filecoin-proofs/examples/zigzag.rs

@@ -36,7 +36,7 @@ use storage_proofs::drgraph::*;
 use storage_proofs::example_helper::prettyb;
 use storage_proofs::fr32::fr_into_bytes;
 use storage_proofs::hasher::{Blake2sHasher, Hasher, PedersenHasher, Sha256Hasher};
-use storage_proofs::layered_drgporep;
+use storage_proofs::layered_drgporep::{self, LayerChallenges};
 use storage_proofs::porep::PoRep;
 use storage_proofs::proof::ProofScheme;
 use storage_proofs::zigzag_drgporep::*;
@@ -92,8 +92,7 @@ fn do_the_work<H: 'static>(
     m: usize,
     expansion_degree: usize,
     sloth_iter: usize,
-    challenge_count: usize,
-    layers: usize,
+    layer_challenges: LayerChallenges,
     partitions: usize,
     circuit: bool,
     groth: bool,
@@ -108,8 +107,8 @@ fn do_the_work<H: 'static>(
     info!(FCP_LOG, "m: {}", m; "target" => "config");
     info!(FCP_LOG, "expansion_degree: {}", expansion_degree; "target" => "config");
     info!(FCP_LOG, "sloth: {}", sloth_iter; "target" => "config");
-    info!(FCP_LOG, "challenge_count: {}", challenge_count; "target" => "config");
-    info!(FCP_LOG, "layers: {}", layers; "target" => "config");
+    info!(FCP_LOG, "layer_challenges: {:?}", layer_challenges; "target" => "config");
+    info!(FCP_LOG, "layers: {}", layer_challenges.layers(); "target" => "config");
     info!(FCP_LOG, "partitions: {}", partitions; "target" => "config");
     info!(FCP_LOG, "circuit: {:?}", circuit; "target" => "config");
     info!(FCP_LOG, "groth: {:?}", groth; "target" => "config");
@@ -133,8 +132,7 @@ fn do_the_work<H: 'static>(
             },
             sloth_iter,
         },
-        layers,
-        challenge_count,
+        layer_challenges: layer_challenges.clone(),
     };
 
     info!(FCP_LOG, "running setup");
@@ -153,7 +151,6 @@ fn do_the_work<H: 'static>(
     stop_profile();
     let pub_inputs = layered_drgporep::PublicInputs::<H::Domain> {
         replica_id,
-        challenge_count,
         tau: Some(tau.simplify().into()),
         comm_r_star: tau.comm_r_star,
         k: Some(0),
@@ -406,6 +403,8 @@ fn main() {
     let circuit = matches.is_present("circuit");
     let extract = matches.is_present("extract");
 
+    let challenges = LayerChallenges::new_fixed(layers, challenge_count);
+
     info!(FCP_LOG, "hasher: {}", hasher; "target" => "config");
     match hasher.as_ref() {
         "pedersen" => {
@@ -414,8 +413,7 @@ fn main() {
                 m,
                 expansion_degree,
                 sloth_iter,
-                challenge_count,
-                layers,
+                challenges,
                 partitions,
                 circuit,
                 groth,
@@ -429,8 +427,7 @@ fn main() {
                 m,
                 expansion_degree,
                 sloth_iter,
-                challenge_count,
-                layers,
+                challenges,
                 partitions,
                 circuit,
                 groth,
@@ -444,8 +441,7 @@ fn main() {
                 m,
                 expansion_degree,
                 sloth_iter,
-                challenge_count,
-                layers,
+                challenges,
                 partitions,
                 circuit,
                 groth,

filecoin-proofs/src/api/internal.rs

@@ -21,7 +21,7 @@ use storage_proofs::drgraph::{new_seed, DefaultTreeHasher, Graph};
 use storage_proofs::fr32::{bytes_into_fr, fr_into_bytes, Fr32Ary};
 use storage_proofs::hasher::pedersen::{PedersenDomain, PedersenHasher};
 use storage_proofs::hasher::{Domain, Hasher};
-use storage_proofs::layered_drgporep;
+use storage_proofs::layered_drgporep::{self, LayerChallenges};
 use storage_proofs::merkle::MerkleTree;
 use storage_proofs::parameter_cache::CacheableParameters;
 use storage_proofs::parameter_cache::{
@@ -113,7 +113,7 @@ const DEGREE: usize = 1; // TODO: 5; FIXME: increasing degree introduces a test
 const EXPANSION_DEGREE: usize = 6;
 const SLOTH_ITER: usize = 0;
 const LAYERS: usize = 2; // TODO: 10;
-const CHALLENGE_COUNT: usize = 1;
+const CHALLENGES: LayerChallenges = LayerChallenges::new_fixed(LAYERS, 1);
 
 fn setup_params(sector_bytes: usize) -> layered_drgporep::SetupParams {
     assert!(
@@ -132,8 +132,7 @@ fn setup_params(sector_bytes: usize) -> layered_drgporep::SetupParams {
             },
             sloth_iter: SLOTH_ITER,
         },
-        layers: LAYERS,
-        challenge_count: CHALLENGE_COUNT,
+        layer_challenges: CHALLENGES,
     }
 }
 
@@ -387,7 +386,7 @@ pub fn seal<T: Into<PathBuf> + AsRef<Path>>(
         get_config(sector_config);
 
     let public_params = public_params(proof_sector_bytes);
-    let challenge_count = public_params.challenge_count;
+    let challenges = public_params.layer_challenges;
     if let Some(delay) = delay_seconds {
         delay_seal(delay);
     };
@@ -434,7 +433,6 @@ pub fn seal<T: Into<PathBuf> + AsRef<Path>>(
 
     let public_inputs = layered_drgporep::PublicInputs {
         replica_id,
-        challenge_count,
         tau: Some(public_tau),
         comm_r_star: tau.comm_r_star,
         k: None,
@@ -614,7 +612,7 @@ pub fn verify_seal(
     let (_fake, _delay_seconds, _sector_bytes, proof_sector_bytes, uses_official_circuit) =
         get_config(sector_config);
 
-    let challenge_count = CHALLENGE_COUNT;
+    let challenges = CHALLENGES;
     let prover_id = pad_safe_fr(prover_id_in);
     let sector_id = pad_safe_fr(sector_id_in);
     let replica_id = replica_id::<DefaultTreeHasher>(prover_id, sector_id);
@@ -638,7 +636,6 @@ pub fn verify_seal(
 
     let public_inputs = layered_drgporep::PublicInputs::<<DefaultTreeHasher as Hasher>::Domain> {
         replica_id,
-        challenge_count,
         tau: Some(Tau {
             comm_r: comm_r.into(),
             comm_d: comm_d.into(),

storage-proofs/src/challenge_derivation.rs

@@ -1,17 +1,20 @@
-use crate::crypto::blake2s::blake2s;
-use crate::hasher::Domain;
 use byteorder::{LittleEndian, WriteBytesExt};
 use num_bigint::BigUint;
 use num_traits::cast::ToPrimitive;
 
+use crate::crypto::blake2s::blake2s;
+use crate::hasher::Domain;
+use crate::layered_drgporep::LayerChallenges;
+
 pub fn derive_challenges<D: Domain>(
-    n: usize,
+    challenges: &LayerChallenges,
     layer: u8,
     leaves: usize,
     replica_id: &D,
     commitment: &D,
     k: u8,
 ) -> Vec<usize> {
+    let n = challenges.challenges_for_layer(layer as usize);
     (0..n)
         .map(|i| {
             let mut bytes = replica_id.into_bytes();
@@ -40,21 +43,29 @@ mod test {
     #[test]
     fn challenge_derivation() {
         let n = 200;
+        let layers = 100;
+
+        let challenges = LayerChallenges::new_fixed(layers, n);
         let leaves = 1 << 30;
         let mut rng = thread_rng();
         let replica_id: PedersenDomain = rng.gen();
         let commitment: PedersenDomain = rng.gen();
         let partitions = 5;
         let total_challenges = partitions * n;
-        let layers = 100;
 
         let mut layers_with_duplicates = 0;
 
         for layer in 0..layers {
             let mut histogram = HashMap::new();
             for k in 0..partitions {
-                let challenges =
-                    derive_challenges(n, layer, leaves, &replica_id, &commitment, k as u8);
+                let challenges = derive_challenges(
+                    &challenges,
+                    layer as u8,
+                    leaves,
+                    &replica_id,
+                    &commitment,
+                    k as u8,
+                );
 
                 for challenge in challenges {
                     let counter = histogram.entry(challenge).or_insert(0);
@@ -84,12 +95,26 @@ mod test {
         let partitions = 5;
         let layers = 100;
         let total_challenges = n * partitions;
+
         for layer in 0..layers {
-            let one_partition_challenges =
-                derive_challenges(total_challenges, layer, leaves, &replica_id, &commitment, 0);
+            let one_partition_challenges = derive_challenges(
+                &LayerChallenges::new_fixed(layers, total_challenges),
+                layer as u8,
+                leaves,
+                &replica_id,
+                &commitment,
+                0,
+            );
             let many_partition_challenges = (0..partitions)
                 .flat_map(|k| {
-                    derive_challenges(n, layer, leaves, &replica_id, &commitment, k as u8)
+                    derive_challenges(
+                        &LayerChallenges::new_fixed(layers, n),
+                        layer as u8,
+                        leaves,
+                        &replica_id,
+                        &commitment,
+                        k as u8,
+                    )
                 })
                 .collect::<Vec<_>>();
 

storage-proofs/src/circuit/zigzag.rs

@@ -223,10 +223,11 @@ impl<'a, H: 'static + Hasher>
         let comm_r = pub_in.tau.unwrap().comm_r.into();
         inputs.push(comm_r);
 
-        for i in 0..pub_params.layers {
+        for i in 0..pub_params.layer_challenges.layers() {
             let drgporep_pub_inputs = drgporep::PublicInputs {
                 replica_id: pub_in.replica_id,
                 challenges: pub_in.challenges(
+                    &pub_params.layer_challenges,
                     pub_params.drg_porep_public_params.graph.size(),
                     i as u8,
                     k,
@@ -243,7 +244,7 @@ impl<'a, H: 'static + Hasher>
             drgporep_pub_params = <ZigZagDrgPoRep<H> as layered_drgporep::Layers>::transform(
                 &drgporep_pub_params,
                 i,
-                pub_params.layers,
+                pub_params.layer_challenges.layers(),
             );
         }
         inputs.push(pub_in.comm_r_star.into());
@@ -290,7 +291,7 @@ impl<'a, H: 'static + Hasher>
         let rng = &mut XorShiftRng::from_seed([0x3dbe6259, 0x8d313d76, 0x3237db17, 0xe5bc0654]);
         let replica_id = rng.gen();
 
-        let layers = (0..public_params.layers)
+        let layers = (0..public_params.layer_challenges.layers())
             .map(|_| {
                 let layer_public_inputs = drgporep::PublicInputs {
                     replica_id,
@@ -327,10 +328,11 @@ mod tests {
     use crate::drgraph::new_seed;
     use crate::fr32::fr_into_bytes;
     use crate::hasher::pedersen::*;
-    use crate::layered_drgporep;
+    use crate::layered_drgporep::{self, LayerChallenges};
     use crate::porep::PoRep;
     use crate::proof::ProofScheme;
     use crate::zigzag_graph::{ZigZag, ZigZagGraph};
+
     use pairing::Field;
     use rand::{Rng, SeedableRng, XorShiftRng};
     use sapling_crypto::jubjub::JubjubBls12;
@@ -341,8 +343,8 @@ mod tests {
         let nodes = 5;
         let degree = 1;
         let expansion_degree = 2;
-        let challenge_count = 1;
         let num_layers = 2;
+        let layer_challenges = LayerChallenges::new_fixed(num_layers, 1);
         let sloth_iter = 1;
 
         let n = nodes; // FIXME: Consolidate variable names.
@@ -368,8 +370,7 @@ mod tests {
                 },
                 sloth_iter,
             },
-            layers: num_layers,
-            challenge_count,
+            layer_challenges: layer_challenges.clone(),
         };
 
         let pp = ZigZagDrgPoRep::setup(&sp).unwrap();
@@ -382,7 +383,6 @@ mod tests {
 
         let pub_inputs = layered_drgporep::PublicInputs::<PedersenDomain> {
             replica_id: replica_id.into(),
-            challenge_count,
             tau: Some(tau.simplify().into()),
             comm_r_star: tau.comm_r_star.into(),
             k: None,
@@ -455,7 +455,7 @@ mod tests {
         let base_degree = 2;
         let expansion_degree = 2;
         let replica_id: Fr = rng.gen();
-        let challenge_count = 1;
+        let layer_challenges = LayerChallenges::new_fixed(num_layers, 1);
         let challenge = 1;
         let sloth_iter = 2;
 
@@ -478,8 +478,7 @@ mod tests {
                 ZigZagGraph::new_zigzag(n, base_degree, expansion_degree, new_seed()),
                 sloth_iter,
             ),
-            layers: num_layers,
-            challenge_count,
+            layer_challenges,
         };
 
         ZigZagCircuit::<Bls12, PedersenHasher>::synthesize(
@@ -506,8 +505,8 @@ mod tests {
         let nodes = 5;
         let degree = 2;
         let expansion_degree = 1;
-        let challenge_count = 2;
         let num_layers = 2;
+        let layer_challenges = LayerChallenges::new_fixed(num_layers, 2);
         let sloth_iter = 1;
         let partition_count = 1;
 
@@ -537,8 +536,7 @@ mod tests {
                     },
                     sloth_iter,
                 },
-                layers: num_layers,
-                challenge_count,
+                layer_challenges: layer_challenges.clone(),
             },
             partitions: Some(partition_count),
         };
@@ -555,7 +553,6 @@ mod tests {
 
         let public_inputs = layered_drgporep::PublicInputs::<PedersenDomain> {
             replica_id: replica_id.into(),
-            challenge_count,
             tau: Some(tau.simplify()),
             comm_r_star: tau.comm_r_star,
             k: None,