Update method that counts the number of hashes in merkle tree verification

Author: alexander-zw

libiop/bcs/bcs_common.tcc

@@ -711,7 +711,7 @@ void print_detailed_transcript_data(
 
     const size_t digest_len_bytes = 2 * (params.security_parameter / 8);
     const size_t field_size = (libff::log_of_field_size_helper<FieldT>(FieldT::zero()) + 7) / 8;
-    std::vector<size_t> two_to_one_hashes_by_round;
+    std::vector<size_t> internal_hash_complexity_by_round;
     std::vector<size_t> leaf_hashes_by_round;
     std::vector<size_t> zk_hashes_by_round;
     std::vector<size_t> IOP_size_by_round;
@@ -743,10 +743,9 @@ void print_detailed_transcript_data(
                 query_positions.emplace_back(MT_position);
             }
         }
-        size_t num_two_to_one_hashes_in_round =
-            MT.count_hashes_to_verify_set_membership_proof(
-            query_positions);
-        two_to_one_hashes_by_round.emplace_back(num_two_to_one_hashes_in_round);
+        size_t internal_hash_complexity_in_round =
+            MT.count_internal_hash_complexity_to_verify_set_membership(query_positions);
+        internal_hash_complexity_by_round.emplace_back(internal_hash_complexity_in_round);
         const size_t num_values_per_leaf = transcript.query_responses_[round][0].size();
         const size_t num_leaves = transcript.query_responses_[round].size();
         leaf_hashes_by_round.emplace_back(num_values_per_leaf * num_leaves);
@@ -790,14 +789,14 @@ void print_detailed_transcript_data(
 
     printf("\n");
     printf("total prover messages size: %lu\n", total_prover_message_size);
-    const size_t total_two_to_one_hashes = std::accumulate(
-        two_to_one_hashes_by_round.begin(), two_to_one_hashes_by_round.end(), 0);
+    const size_t total_internal_hash_complexity = std::accumulate(
+        internal_hash_complexity_by_round.begin(), internal_hash_complexity_by_round.end(), 0);
     const size_t total_leaves_hashed = std::accumulate(
         leaf_hashes_by_round.begin(), leaf_hashes_by_round.end(), 0);
     const size_t total_zk_hashes = std::accumulate(
         zk_hashes_by_round.begin(), zk_hashes_by_round.end(), 0);
-    const size_t total_hashes = total_two_to_one_hashes + total_leaves_hashed + total_zk_hashes;
-    printf("total two to one hashes: %lu\n", total_two_to_one_hashes);
+    const size_t total_hashes = total_internal_hash_complexity + total_leaves_hashed + total_zk_hashes;
+    printf("total internal hash complexity: %lu\n", total_internal_hash_complexity);
     printf("total leaves hashed: %lu\n", total_leaves_hashed);
     printf("total hashes: %lu\n", total_hashes);
     printf("\n");
@@ -810,7 +809,7 @@ void print_detailed_transcript_data(
         printf("MT_depth %lu\n", MT_depths[round]);
         printf("IOP size: %lu bytes\n", IOP_size_by_round[round]);
         printf("BCS size: %lu bytes\n", BCS_size_by_round[round]);
-        printf("number of two to one hashes: %lu\n", two_to_one_hashes_by_round[round]);
+        printf("internal hash complexity: %lu\n", internal_hash_complexity_by_round[round]);
         printf("number of leaves hashed: %lu\n", leaf_hashes_by_round[round]);
         if (make_zk[round])
         {

libiop/bcs/merkle_tree.hpp

@@ -136,8 +136,10 @@ class merkle_tree {
         const std::vector<std::vector<FieldT>> &leaf_contents,
         const merkle_tree_set_membership_proof<hash_digest_type> &proof);
 
-    /* Returns number of two to one hashes */
-    size_t count_hashes_to_verify_set_membership_proof(
+    /** Returns a number that is proportional to the hashing runtime of verifying a set membership
+     *  proof. Each two-to-one hash is counted as 2 units, and each input of the cap hash is 1 unit.
+     *  Leaf hashes are not counted. */
+    size_t count_internal_hash_complexity_to_verify_set_membership(
         const std::vector<std::size_t> &positions) const;
 
     std::size_t num_leaves() const;

libiop/bcs/merkle_tree.tcc

@@ -548,35 +548,36 @@ bool merkle_tree<FieldT, hash_digest_type>::validate_set_membership_proof(
 }
 
 template<typename FieldT, typename hash_digest_type>
-size_t merkle_tree<FieldT, hash_digest_type>::count_hashes_to_verify_set_membership_proof(
+size_t merkle_tree<FieldT, hash_digest_type>::count_internal_hash_complexity_to_verify_set_membership(
     const std::vector<size_t> &positions) const
 {
     /** This goes layer by layer,
      *  and counts the number of hashes needed to be computed.
      *  Essentially when moving up a layer in the verifier,
      *  every unique parent is one hash that has to be computed.  */
-    size_t num_two_to_one_hashes =  0;
+    size_t num_two_to_one_hashes = 0;
     std::vector<size_t> cur_pos_set = positions;
     sort(cur_pos_set.begin(), cur_pos_set.end());
     assert(cur_pos_set[cur_pos_set.size() - 1] < this->num_leaves());
-    for (size_t cur_depth = this->depth(); cur_depth > 0; cur_depth--)
+
+    const size_t cap_depth = libff::log2(this->cap_size_);
+    for (size_t cur_depth = this->depth(); cur_depth > cap_depth; cur_depth--)
     {
         // contains positions in range [0, 2^{cur_depth - 1})
         std::vector<size_t> next_pos_set;
         for (size_t i = 0; i < cur_pos_set.size(); i++)
         {
             size_t parent_pos = cur_pos_set[i] / 2;
             // Check that parent pos isn't already in next pos set
-            if (next_pos_set.size() == 0
-                || next_pos_set[next_pos_set.size() - 1] != parent_pos)
+            if (next_pos_set.size() == 0 || next_pos_set[next_pos_set.size() - 1] != parent_pos)
             {
                 next_pos_set.emplace_back(parent_pos);
             }
         }
         num_two_to_one_hashes += next_pos_set.size();
         cur_pos_set = next_pos_set;
     }
-    return num_two_to_one_hashes;
+    return 2 * num_two_to_one_hashes + this->cap_size_;
 }
 
 template<typename FieldT, typename hash_digest_type>

libiop/tests/bcs/test_merkle_tree.cpp

@@ -295,6 +295,8 @@ TEST(MerkleTreeZKTest, RandomMultiTest) {
     run_random_multi_test(1ull << 16, digest_len_bytes, make_zk, security_parameter, 256, 100);
 }
 
+/** Verify that count_internal_hash_complexity_to_verify_set_membership is correct for a fixed tree
+ *  size and query set, for various cap sizes. */
 TEST(MerkleTreeHashCountTest, SimpleTest)
 {
     typedef libff::gf64 FieldT;
@@ -304,16 +306,24 @@ TEST(MerkleTreeHashCountTest, SimpleTest)
     const size_t hash_length = 32;
     const bool algebraic_hash = false;
 
-    merkle_tree<FieldT, binary_hash_digest> tree = new_MT<FieldT, binary_hash_digest>(
-        num_leaves,
-        hash_length,
-        make_zk,
-        security_parameter);
+    const std::vector<size_t> cap_sizes = {2, 4, 8};
+    const std::vector<size_t> expected_num_hashes = {12, 10, 8};
+
+    const std::vector<size_t> positions = {1, 3, 6, 7};
 
-    std::vector<size_t> positions = {1, 3, 6, 7};
-    size_t expected_num_hashes = 6;
-    size_t actual_num_hashes = tree.count_hashes_to_verify_set_membership_proof(positions);
-    ASSERT_EQ(expected_num_hashes, actual_num_hashes);
+    for (size_t i = 0; i < cap_sizes.size(); i++)
+    {
+        merkle_tree<FieldT, binary_hash_digest> tree = new_MT<FieldT, binary_hash_digest>(
+            num_leaves,
+            hash_length,
+            make_zk,
+            security_parameter,
+            cap_sizes[i]);
+
+        size_t actual_num_hashes = tree.count_internal_hash_complexity_to_verify_set_membership(
+            positions);
+        ASSERT_EQ(expected_num_hashes[i], actual_num_hashes);
+    }
 }
 
 }