generated from martinthomson/internet-draft-template
-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a tool for plotting Prio3 robustness bounds
- Loading branch information
Showing
1 changed file
with
99 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,99 @@ | ||
| # prio3_multiproof_robustness.py - Plot robustness bounds for various parameters. | ||
| # Use `sage -python prio3_multiproof_robustness.py` | ||
| import matplotlib.pyplot as plt | ||
| import math | ||
|
|
||
| FIELD128_MODULUS = 2**66 * 4611686018427387897 + 1 # Field128.MODULUS | ||
| FIELD64_MODULUS = 2**32 * 4294967295 + 1 # Field64.MODULUS | ||
|
|
||
| BATCH_SIZE = 1000000000 | ||
|
|
||
|
|
||
| def soundness(gadget_calls, gadget_degree, field_size): | ||
| ''' | ||
| ia.cr/2019/188, Theorem 4.3 | ||
| gadget_calls - number of times the gadget is called | ||
| gadget_degree - arithmetic degree of the gadget | ||
| field_size - size of the field | ||
| ''' | ||
| return gadget_calls * gadget_degree / (field_size - gadget_calls) | ||
|
|
||
|
|
||
| def robustness(epsilon, ro_queries, prep_queries, num_proofs): | ||
| ''' | ||
| ia.cr/2023/130, Theorem 1 (ignoring negligible terms) | ||
| epsilon - soundness of the base FLP | ||
| ro_queries - random oracle queries, a proxy for the amount of precomputation | ||
| done by the adversary | ||
| prep_queries - number of online attempts, a proxy for the batch size | ||
| num_proofs - number of FLPs | ||
| ''' | ||
| return (ro_queries + prep_queries) * epsilon**num_proofs | ||
|
|
||
|
|
||
| def sum_vec(field_size, num_proofs, lengths): | ||
| ''' | ||
| Prio3SumVec (draft-irtf-cfrg-vdaf-08, Section 7.4.3): Probability of | ||
| accepting one report in a batch of BATCH_SIZE. Assuming the asymptotically | ||
| optimal chunk length. | ||
| ''' | ||
|
|
||
| # Table 11 | ||
| def gadget_calls(length, bits, chunk_length): | ||
| return (length * bits + chunk_length - 1) // chunk_length | ||
|
|
||
| return [ | ||
| robustness( | ||
| soundness( | ||
| gadget_calls(length, 1, max(1, math.sqrt(length))), | ||
| 2, | ||
| field_size, | ||
| ), | ||
| 2**80, # ro_queries | ||
| BATCH_SIZE, # prep_queries | ||
| num_proofs, # num_proofs | ||
| ) for length in lengths | ||
| ] | ||
|
|
||
| lengths = range(0, 1000000, 100) | ||
| plt.plot( | ||
| lengths, | ||
| sum_vec(FIELD128_MODULUS, 1, lengths), | ||
| label='Field128/1', | ||
| ) | ||
| plt.plot( | ||
| lengths, | ||
| sum_vec(FIELD64_MODULUS, 1, lengths), | ||
| label='Field64/1', | ||
| ) | ||
| plt.plot( | ||
| lengths, | ||
| sum_vec(FIELD64_MODULUS, 2, lengths), | ||
| label='Field64/2', | ||
| ) | ||
| plt.plot( | ||
| lengths, | ||
| sum_vec(FIELD64_MODULUS, 3, lengths), | ||
| label='Field64/3', | ||
| ) | ||
| plt.plot( | ||
| lengths, | ||
| sum_vec(FIELD64_MODULUS, 4, lengths), | ||
| label='Field64/4', | ||
| ) | ||
|
|
||
| plt.xscale('log', base=10) | ||
| plt.yscale('log', base=2) | ||
| plt.xlabel('Length') | ||
| plt.ylabel('Prob(1 in {} accepted reports being invalid)'.format(BATCH_SIZE)) | ||
| plt.title('Prio3SumvVec (field/number of proofs)') | ||
| plt.legend() | ||
| plt.grid() | ||
| plt.show() |