Multiproof optimisations

.gitignore

@@ -1,12 +1,13 @@
-target
-Cargo.lock
-.DS_Store
-.idea
-*.iml
-*.ipynb_checkpoints
-*.pyc
-*.sage.py
-params
-*.swp
-*.swo
-.vscode
+target
+Cargo.lock
+.DS_Store
+.idea
+*.iml
+*.ipynb_checkpoints
+*.pyc
+*.sage.py
+params
+*.swp
+*.swo
+.vscode
+figures/

CHANGELOG.md

@@ -1,86 +1,90 @@
-# CHANGELOG
-
-## Pending
-
-### Breaking changes
-
-### Features
-
-### Improvements
-
-### Bugfixes
-
-## v0.5.0
-
-- [\#120](https://github.com/arkworks-rs/crypto-primitives/pull/120) Add input size check to `bowe_hopwood::CRHGadget::evaluate`.
-
-### Breaking changes
-
-### Features
-
-- [\#107](https://github.com/arkworks-rs/crypto-primitives/pull/107) Impl `CanonicalSerialize` and `CanonicalDeserialize` for `ark_crypto_primitives::crh::pedersen::Parameters`
-
-### Improvements
-
-### Bugfixes
-
-## v0.4.0
-
-### Breaking changes
-
-- [\#56](https://github.com/arkworks-rs/crypto-primitives/pull/56) Compress the output of the Bowe-Hopwood-Pedersen CRH to a single field element, in line with the Zcash specification.
-- [\#60](https://github.com/arkworks-rs/crypto-primitives/pull/60) Merkle tree's `Config` requires a user-defined converter to turn leaf hash output to inner hash output.
-- [\#60](https://github.com/arkworks-rs/crypto-primitives/pull/60) Rename the CRH trait as `CRHScheme` and the CRHGadget trait to `CRHSchemeGadget`.
-- [\#60](https://github.com/arkworks-rs/crypto-primitives/pull/60) Use `ark-sponge` to instantiate Poseidon.
-- [\#76](https://github.com/arkworks-rs/crypto-primitives/pull/79) Fix Pedersen padding bug.
-- [\#77](https://github.com/arkworks-rs/crypto-primitives/pull/77) Implement SHA-256 CRH.
-- [\#86](https://github.com/arkworks-rs/crypto-primitives/pull/86)
-    - Moves `ark-sponge` here.
-    - Updates dependencies and version number to `0.4`.
-    - Adds feature flags to enable downstream users to select exactly those components that they're interested in.
-- [\#103](https://github.com/arkworks-rs/crypto-primitives/pull/103) Removes `cp-benches` and moves contents to `benches`
-- [\#104](https://github.com/arkworks-rs/crypto-primitives/pull/104) Updates `digest`, `blake2`, `sha2` to `0.10`. Changes API for `Blake2sWithParameterBlock`.
-
-### Features
-
-- [\#59](https://github.com/arkworks-rs/crypto-primitives/pull/59) Implement `TwoToOneCRHScheme` for Bowe-Hopwood CRH.
-- [\#60](https://github.com/arkworks-rs/crypto-primitives/pull/60) Merkle tree no longer requires CRH to input and output bytes. Leaf can be any raw input of CRH, such as field elements.
-- [\#67](https://github.com/arkworks-rs/crypto-primitives/pull/67) User can access or replace leaf index variable in `PathVar`.
-
-### Improvements
-
-### Bugfixes
-
-## v0.3.0
-
-### Breaking changes
-
-- [\#30](https://github.com/arkworks-rs/crypto-primitives/pull/30) Refactor the Merkle tree to separate the leaf hash and two-to-one hash.
-
-### Features
-
-- [\#38](https://github.com/arkworks-rs/crypto-primitives/pull/38) Add a signature verification trait `SigVerifyGadget`.
-- [\#44](https://github.com/arkworks-rs/crypto-primitives/pull/44) Add basic ElGamal encryption gadgets.
-- [\#48](https://github.com/arkworks-rs/crypto-primitives/pull/48) Add `CanonicalSerialize` and `CanonicalDeserialize` to `Path` and `CRH` outputs.
-
-### Improvements
-
-### Bugfixes
-
-## v0.2.0
-
-### Breaking changes
-
-### Features
-
-- [\#2](https://github.com/arkworks-rs/crypto-primitives/pull/2) Add the `SNARK` gadget traits.
-- [\#3](https://github.com/arkworks-rs/crypto-primitives/pull/3) Add unchecked allocation for `ProofVar` and `VerifyingKeyVar`.  
-- [\#4](https://github.com/arkworks-rs/crypto-primitives/pull/4) Add `verifier_size` to `SNARKGadget`.
-- [\#6](https://github.com/arkworks-rs/crypto-primitives/pull/6) Add `IntoIterator` for SNARK input gadgets.
-- [\#28](https://github.com/arkworks-rs/crypto-primitives/pull/28) Adds Poseidon CRH w/ constraints.
-
-### Improvements
-
-### Bugfixes
-
-## v0.1.0 (Initial release of arkworks/crypto-primitives)
+# CHANGELOG
+
+## Pending
+
+### Breaking changes
+
+- [\#](https://github.com/arkworks-rs/crypto-primitives/pull/X) Replace the prefix-encoded `MultiPath` Merkle multiproof with a CoSet-based `CoPath` representation and update `MerkleTree::generate_multi_proof` to return `CoPath`. This changes the proof encoding for batch openings and removes the old `MultiPath` type from the public API.
+
+### Features
+
+### Improvements
+
+- [\#](https://github.com/arkworks-rs/crypto-primitives/pull/X) Implement CoSet (minimal copath) pruning for Merkle multiproofs, reducing proof size and redundant hashing in batched openings.
+
+### Bugfixes
+
+## v0.5.0
+
+- [\#120](https://github.com/arkworks-rs/crypto-primitives/pull/120) Add input size check to `bowe_hopwood::CRHGadget::evaluate`.
+
+### Breaking changes
+
+### Features
+
+- [\#107](https://github.com/arkworks-rs/crypto-primitives/pull/107) Impl `CanonicalSerialize` and `CanonicalDeserialize` for `ark_crypto_primitives::crh::pedersen::Parameters`
+
+### Improvements
+
+### Bugfixes
+
+## v0.4.0
+
+### Breaking changes
+
+- [\#56](https://github.com/arkworks-rs/crypto-primitives/pull/56) Compress the output of the Bowe-Hopwood-Pedersen CRH to a single field element, in line with the Zcash specification.
+- [\#60](https://github.com/arkworks-rs/crypto-primitives/pull/60) Merkle tree's `Config` requires a user-defined converter to turn leaf hash output to inner hash output.
+- [\#60](https://github.com/arkworks-rs/crypto-primitives/pull/60) Rename the CRH trait as `CRHScheme` and the CRHGadget trait to `CRHSchemeGadget`.
+- [\#60](https://github.com/arkworks-rs/crypto-primitives/pull/60) Use `ark-sponge` to instantiate Poseidon.
+- [\#76](https://github.com/arkworks-rs/crypto-primitives/pull/79) Fix Pedersen padding bug.
+- [\#77](https://github.com/arkworks-rs/crypto-primitives/pull/77) Implement SHA-256 CRH.
+- [\#86](https://github.com/arkworks-rs/crypto-primitives/pull/86)
+    - Moves `ark-sponge` here.
+    - Updates dependencies and version number to `0.4`.
+    - Adds feature flags to enable downstream users to select exactly those components that they're interested in.
+- [\#103](https://github.com/arkworks-rs/crypto-primitives/pull/103) Removes `cp-benches` and moves contents to `benches`
+- [\#104](https://github.com/arkworks-rs/crypto-primitives/pull/104) Updates `digest`, `blake2`, `sha2` to `0.10`. Changes API for `Blake2sWithParameterBlock`.
+
+### Features
+
+- [\#59](https://github.com/arkworks-rs/crypto-primitives/pull/59) Implement `TwoToOneCRHScheme` for Bowe-Hopwood CRH.
+- [\#60](https://github.com/arkworks-rs/crypto-primitives/pull/60) Merkle tree no longer requires CRH to input and output bytes. Leaf can be any raw input of CRH, such as field elements.
+- [\#67](https://github.com/arkworks-rs/crypto-primitives/pull/67) User can access or replace leaf index variable in `PathVar`.
+
+### Improvements
+
+### Bugfixes
+
+## v0.3.0
+
+### Breaking changes
+
+- [\#30](https://github.com/arkworks-rs/crypto-primitives/pull/30) Refactor the Merkle tree to separate the leaf hash and two-to-one hash.
+
+### Features
+
+- [\#38](https://github.com/arkworks-rs/crypto-primitives/pull/38) Add a signature verification trait `SigVerifyGadget`.
+- [\#44](https://github.com/arkworks-rs/crypto-primitives/pull/44) Add basic ElGamal encryption gadgets.
+- [\#48](https://github.com/arkworks-rs/crypto-primitives/pull/48) Add `CanonicalSerialize` and `CanonicalDeserialize` to `Path` and `CRH` outputs.
+
+### Improvements
+
+### Bugfixes
+
+## v0.2.0
+
+### Breaking changes
+
+### Features
+
+- [\#2](https://github.com/arkworks-rs/crypto-primitives/pull/2) Add the `SNARK` gadget traits.
+- [\#3](https://github.com/arkworks-rs/crypto-primitives/pull/3) Add unchecked allocation for `ProofVar` and `VerifyingKeyVar`.  
+- [\#4](https://github.com/arkworks-rs/crypto-primitives/pull/4) Add `verifier_size` to `SNARKGadget`.
+- [\#6](https://github.com/arkworks-rs/crypto-primitives/pull/6) Add `IntoIterator` for SNARK input gadgets.
+- [\#28](https://github.com/arkworks-rs/crypto-primitives/pull/28) Adds Poseidon CRH w/ constraints.
+
+### Improvements
+
+### Bugfixes
+
+## v0.1.0 (Initial release of arkworks/crypto-primitives)

crypto-primitives/benches/merkle_tree.rs

@@ -116,9 +116,7 @@ mod bytes_mt_benches {
         c.bench_function("Merkle Tree Verify Proof (Leaves as [u8])", move |b| {
             b.iter(|| {
                 for (proof, leaf) in zip(proofs.clone(), leaves.clone()) {
-                    proof
-                        .verify(&leaf_crh_params, &two_to_one_params, &root, leaf.as_slice())
-                        .unwrap();
+                    proof.verify(&leaf_crh_params, &two_to_one_params, &root, leaf.as_slice());
                 }
             })
         });
@@ -175,6 +173,7 @@ mod bytes_mt_benches {
         .unwrap();
 
         let root = tree.root();
+        let tree_height = tree.height();
 
         let multi_proof = tree
             .generate_multi_proof((0..leaves.len()).collect::<Vec<_>>())
@@ -184,7 +183,13 @@ mod bytes_mt_benches {
             "Merkle Tree Verify Multi Proof (Leaves as [u8])",
             move |b| {
                 b.iter(|| {
-                    multi_proof.verify(&leaf_crh_params, &two_to_one_params, &root, leaves.clone())
+                    multi_proof.verify(
+                        &leaf_crh_params,
+                        &two_to_one_params,
+                        &root,
+                        tree_height,
+                        leaves.clone(),
+                    )
                 })
             },
         );