EspressoSystems · ggutoski · Nov 7, 2023 · Oct 19, 2023 · Oct 23, 2023 · Oct 24, 2023
@@ -14,13 +14,20 @@ use serde::{Deserialize, Serialize};
 /// VID: Verifiable Information Dispersal
 pub trait VidScheme {
     /// Payload commitment.
-    type Commit: Clone + Debug + Eq + PartialEq + Sync; // TODO https://github.com/EspressoSystems/jellyfish/issues/253
+    type Commit: Clone + Debug + Eq + PartialEq + Hash + Sync; // TODO https://github.com/EspressoSystems/jellyfish/issues/253
 
     /// Share-specific data sent to a storage node.
-    type Share: Clone + Debug + Eq + Sync; // TODO https://github.com/EspressoSystems/jellyfish/issues/253
+    type Share: Clone + Debug + Eq + PartialEq + Hash + Sync; // TODO https://github.com/EspressoSystems/jellyfish/issues/253
 
     /// Common data sent to all storage nodes.
-    type Common: CanonicalSerialize + CanonicalDeserialize + Clone + Eq + PartialEq + Sync; // TODO https://github.com/EspressoSystems/jellyfish/issues/253
+    type Common: CanonicalSerialize
+        + CanonicalDeserialize
+        + Clone
+        + Debug
+        + Eq
+        + PartialEq
+        + Hash
+        + Sync; // TODO https://github.com/EspressoSystems/jellyfish/issues/253
 
     /// Compute a payload commitment
     fn commit_only<B>(&self, payload: B) -> VidResult<Self::Commit>

@@ -7,12 +7,13 @@
 //! Implementations of [`PayloadProver`] for `Advz`.
 //!
 //! Two implementations:
-//! 1. `PROOF = `[`Proof`]: KZG batch proof for the data. Useful for small
-//!    sub-slices of `payload` such as an individual transaction within a block.
-//!    Not snark-friendly because it requires a pairing.
-//! 2. `PROOF = `[`CommitRecovery`]: Rebuild the KZG commitment. Useful for
-//!    larger sub-slices of `payload` such as a complete namespace.
-//!    Snark-friendly because it does not require a pairing.
+//! 1. `PROOF = `[`SmallRangeProof`]: Useful for small sub-slices of `payload`
+//!    such as an individual transaction within a block. Not snark-friendly
+//!    because it requires a pairing. Consists of metadata required to verify a
+//!    KZG batch proof.
+//! 2. `PROOF = `[`LargeRangeProof`]: Useful for large sub-slices of `payload`
+//!    such as a complete namespace. Snark-friendly because it does not require
+//!    a pairing. Consists of metadata required to rebuild a KZG commitment.
 
 use ark_poly::EvaluationDomain;
 
@@ -23,11 +24,37 @@ use super::{
 };
 use crate::{
     alloc::string::ToString,
-    vid::{payload_prover::PayloadProver, vid, VidError, VidScheme},
+    vid::{
+        payload_prover::{PayloadProver, Statement},
+        vid, VidError, VidScheme,
+    },
 };
 use ark_std::{format, ops::Range};
 
-impl<P, T, H, V> PayloadProver<Proof<P::Proof>> for GenericAdvz<P, T, H, V>
+/// A proof intended for use on small payload subslices.
+///
+/// KZG batch proofs and accompanying metadata.
+///
+/// TODO use batch proof instead of `Vec<P>` <https://github.com/EspressoSystems/jellyfish/issues/387>
+pub struct SmallRangeProof<P> {
+    proofs: Vec<P>,
+    prefix_bytes: Vec<u8>,
+    suffix_bytes: Vec<u8>,
+    chunk_range: Range<usize>,
+}
+
+/// A proof intended for use on large payload subslices.
+///
+/// Metadata needed to recover a KZG commitment.
+pub struct LargeRangeProof<F> {
+    prefix_elems: Vec<F>,
+    suffix_elems: Vec<F>,
+    prefix_bytes: Vec<u8>,
+    suffix_bytes: Vec<u8>,
+    chunk_range: Range<usize>,
+}
+
+impl<P, T, H, V> PayloadProver<SmallRangeProof<P::Proof>> for GenericAdvz<P, T, H, V>
 where
     // TODO ugly trait bounds https://github.com/EspressoSystems/jellyfish/issues/253
     P: UnivariatePCS<Point = <P as PolynomialCommitmentScheme>::Evaluation>,
@@ -40,7 +67,11 @@ where
     V::MembershipProof: Sync + Debug,
     V::Index: From<u64>,
 {
-    fn payload_proof<B>(&self, payload: B, range: Range<usize>) -> VidResult<Proof<P::Proof>>
+    fn payload_proof<B>(
+        &self,
+        payload: B,
+        range: Range<usize>,
+    ) -> VidResult<SmallRangeProof<P::Proof>>
     where
         B: AsRef<[u8]>,
     {
@@ -75,26 +106,20 @@ where
 
         let (proofs, _evals) = P::multi_open(&self.ck, &polynomial, &points).map_err(vid)?;
 
-        Ok(Proof {
+        Ok(SmallRangeProof {
             proofs,
             prefix_bytes: payload[range_elem_byte.start..range.start].to_vec(),
             suffix_bytes: payload[range.end..range_elem_byte.end].to_vec(),
             chunk_range: range,
         })
     }
 
-    fn payload_verify<B>(
+    fn payload_verify(
         &self,
-        chunk: B,
-        commit: &Self::Commit,
-        common: &Self::Common,
-        proof: &Proof<P::Proof>,
-    ) -> VidResult<Result<(), ()>>
-    where
-        B: AsRef<[u8]>,
-    {
-        let chunk = chunk.as_ref();
-        check_chunk_proof_consistency(chunk, proof.chunk_range.len())?;
+        stmt: Statement<Self>,
+        proof: &SmallRangeProof<P::Proof>,
+    ) -> VidResult<Result<(), ()>> {
+        Self::check_stmt_proof_consistency(&stmt, &proof.chunk_range)?;
 
         // index conversion
         let range_elem = self.range_byte_to_elem(&proof.chunk_range);
@@ -103,14 +128,14 @@ where
         let offset_elem = range_elem.start - self.index_byte_to_elem(start_namespace_byte);
 
         check_range_poly(&range_poly)?;
-        Self::check_common_commit_consistency(common, commit)?;
+        Self::check_common_commit_consistency(stmt.common, stmt.commit)?;
 
         // prepare list of data elems
         let data_elems: Vec<_> = bytes_to_field::<_, P::Evaluation>(
             proof
                 .prefix_bytes
                 .iter()
-                .chain(chunk)
+                .chain(stmt.payload_subslice)
                 .chain(proof.suffix_bytes.iter()),
         )
         .collect();
@@ -135,7 +160,7 @@ where
             )));
         }
         assert_eq!(data_elems.len(), points.len()); // sanity
-        let poly_commit = &common.poly_commits[range_poly.start];
+        let poly_commit = &stmt.common.poly_commits[range_poly.start];
         for (point, (elem, pf)) in points
             .iter()
             .zip(data_elems.iter().zip(proof.proofs.iter()))
@@ -148,17 +173,7 @@ where
     }
 }
 
-/// KZG batch proofs and accompanying metadata.
-///
-/// TODO use batch proof instead of `Vec<P>` <https://github.com/EspressoSystems/jellyfish/issues/387>
-pub struct Proof<P> {
-    proofs: Vec<P>,
-    prefix_bytes: Vec<u8>,
-    suffix_bytes: Vec<u8>,
-    chunk_range: Range<usize>,
-}
-
-impl<P, T, H, V> PayloadProver<CommitRecovery<P::Evaluation>> for GenericAdvz<P, T, H, V>
+impl<P, T, H, V> PayloadProver<LargeRangeProof<P::Evaluation>> for GenericAdvz<P, T, H, V>
 where
     // TODO ugly trait bounds https://github.com/EspressoSystems/jellyfish/issues/253
     P: UnivariatePCS<Point = <P as PolynomialCommitmentScheme>::Evaluation>,
@@ -175,7 +190,7 @@ where
         &self,
         payload: B,
         range: Range<usize>,
-    ) -> VidResult<CommitRecovery<P::Evaluation>>
+    ) -> VidResult<LargeRangeProof<P::Evaluation>>
     where
         B: AsRef<[u8]>,
     {
@@ -198,7 +213,7 @@ where
         let prefix: Vec<_> = elems_iter.by_ref().take(offset_elem).collect();
         let suffix: Vec<_> = elems_iter.skip(range_elem.len()).collect();
 
-        Ok(CommitRecovery {
+        Ok(LargeRangeProof {
             prefix_elems: prefix,
             suffix_elems: suffix,
             prefix_bytes: payload[range_elem_byte.start..range.start].to_vec(),
@@ -207,24 +222,18 @@ where
         })
     }
 
-    fn payload_verify<B>(
+    fn payload_verify(
         &self,
-        chunk: B,
-        commit: &Self::Commit,
-        common: &Self::Common,
-        proof: &CommitRecovery<P::Evaluation>,
-    ) -> VidResult<Result<(), ()>>
-    where
-        B: AsRef<[u8]>,
-    {
-        let chunk = chunk.as_ref();
-        check_chunk_proof_consistency(chunk, proof.chunk_range.len())?;
+        stmt: Statement<Self>,
+        proof: &LargeRangeProof<P::Evaluation>,
+    ) -> VidResult<Result<(), ()>> {
+        Self::check_stmt_proof_consistency(&stmt, &proof.chunk_range)?;
 
         // index conversion
         let range_poly = self.range_byte_to_poly(&proof.chunk_range);
 
         check_range_poly(&range_poly)?;
-        Self::check_common_commit_consistency(common, commit)?;
+        Self::check_common_commit_consistency(stmt.common, stmt.commit)?;
 
         // rebuild the poly commit, check against `common`
         let poly_commit = {
@@ -237,30 +246,21 @@ where
                         proof
                             .prefix_bytes
                             .iter()
-                            .chain(chunk)
+                            .chain(stmt.payload_subslice)
                             .chain(proof.suffix_bytes.iter()),
                     ))
                     .chain(proof.suffix_elems.iter().cloned()),
             );
             P::commit(&self.ck, &poly).map_err(vid)?
         };
-        if poly_commit != common.poly_commits[range_poly.start] {
+        if poly_commit != stmt.common.poly_commits[range_poly.start] {
             return Ok(Err(()));
         }
 
         Ok(Ok(()))
     }
 }
 
-/// Metadata needed to recover a KZG commitment.
-pub struct CommitRecovery<F> {
-    prefix_elems: Vec<F>,
-    suffix_elems: Vec<F>,
-    prefix_bytes: Vec<u8>,
-    suffix_bytes: Vec<u8>,
-    chunk_range: Range<usize>,
-}
-
 impl<P, T, H, V> GenericAdvz<P, T, H, V>
 where
     // TODO ugly trait bounds https://github.com/EspressoSystems/jellyfish/issues/253
@@ -311,6 +311,32 @@ where
         }
         Ok(())
     }
+
+    fn check_stmt_proof_consistency(
+        stmt: &Statement<Self>,
+        proof_range: &Range<usize>,
+    ) -> VidResult<()> {
+        if stmt.range.is_empty() {
+            return Err(VidError::Argument(format!(
+                "empty range ({},{})",
+                stmt.range.start, stmt.range.end
+            )));
+        }
+        if stmt.payload_subslice.len() != stmt.range.len() {
+            return Err(VidError::Argument(format!(
+                "payload_subslice length {} inconsistent with range length {}",
+                stmt.payload_subslice.len(),
+                stmt.range.len()
+            )));
+        }
+        if stmt.range != *proof_range {
+            return Err(VidError::Argument(format!(
+                "statement range ({},{}) differs from proof range ({},{})",
+                stmt.range.start, stmt.range.end, proof_range.start, proof_range.end,
+            )));
+        }
+        Ok(())
+    }
 }
 
 fn range_coarsen(range: &Range<usize>, denominator: usize) -> Range<usize> {
@@ -366,27 +392,12 @@ fn check_range_poly(range_poly: &Range<usize>) -> VidResult<()> {
     Ok(())
 }
 
-fn check_chunk_proof_consistency(chunk: &[u8], proof_chunk_len: usize) -> VidResult<()> {
-    if chunk.is_empty() {
-        return Err(VidError::Argument("empty chunk".to_string()));
-    }
-
-    if chunk.len() != proof_chunk_len {
-        return Err(VidError::Argument(format!(
-            "chunk length {} inconsistent with proof length {}",
-            chunk.len(),
-            proof_chunk_len
-        )));
-    }
-    Ok(())
-}
-
 #[cfg(test)]
 mod tests {
     use crate::vid::{
         advz::{
             bytes_to_field::elem_byte_capacity,
-            payload_prover::{CommitRecovery, Proof},
+            payload_prover::{LargeRangeProof, SmallRangeProof, Statement},
             tests::*,
             *,
         },
@@ -478,21 +489,24 @@ mod tests {
                     };
                     println!("poly {} {} case: {:?}", poly, cases.1, range);
 
-                    let data_proof: Proof<_> = advz.payload_proof(&payload, range.clone()).unwrap();
-                    advz.payload_verify(&payload[range.clone()], &d.commit, &d.common, &data_proof)
+                    let stmt = Statement {
+                        payload_subslice: &payload[range.clone()],
+                        range: range.clone(),
+                        commit: &d.commit,
+                        common: &d.common,
+                    };
+
+                    let small_range_proof: SmallRangeProof<_> =
+                        advz.payload_proof(&payload, range.clone()).unwrap();
+                    advz.payload_verify(stmt.clone(), &small_range_proof)
                         .unwrap()
                         .unwrap();
 
-                    let chunk_proof: CommitRecovery<_> =
+                    let large_range_proof: LargeRangeProof<_> =
                         advz.payload_proof(&payload, range.clone()).unwrap();
-                    advz.payload_verify(
-                        &payload[range.clone()],
-                        &d.commit,
-                        &d.common,
-                        &chunk_proof,
-                    )
-                    .unwrap()
-                    .unwrap();
+                    advz.payload_verify(stmt, &large_range_proof)
+                        .unwrap()
+                        .unwrap();
                 }
             }
         }