logos-storage/gnark-plonky2-verifier
1
0
Fork 0
mirror of https://github.com/logos-storage/gnark-plonky2-verifier.git synced 2026-01-03 13:43:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rearranged files (#17)

Browse Source 
* removed unused file

* change field import

* change import of field package

* changed field import

* moved hash to poseidon and some changes to the field package

* changed file structure
This commit is contained in:
Kevin Jue 2023-05-19 19:49:14 -07:00 committed by GitHub
parent a415c95f6f
commit cf84b032e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
72 changed files with 2376 additions and 2228 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
benchmark.go
View File

@ -3,12 +3,13 @@ package main
import (
"flag"
"fmt"
. "gnark-plonky2-verifier/field"
. "gnark-plonky2-verifier/plonky2_verifier"
"gnark-plonky2-verifier/poseidon"
"os"
"time"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/utils"
"github.com/consensys/gnark-crypto/ecc"
"github.com/consensys/gnark/backend/groth16"
"github.com/consensys/gnark/frontend"
@ -16,25 +17,19 @@ import (
)
type BenchmarkPlonky2VerifierCircuit struct {
proofWithPis ProofWithPublicInputs
proofWithPis common.ProofWithPublicInputs
verifierChip *VerifierChip
verifierChip *verifier.VerifierChip
plonky2CircuitName string
}
func (circuit *BenchmarkPlonky2VerifierCircuit) Define(api frontend.API) error {
circuitDirname := "./plonky2_verifier/data/" + circuit.plonky2CircuitName + "/"
proofWithPis := DeserializeProofWithPublicInputs(circuitDirname + "proof_with_public_inputs.json")
commonCircuitData := DeserializeCommonCircuitData(circuitDirname + "common_circuit_data.json")
verifierOnlyCircuitData := DeserializeVerifierOnlyCircuitData(circuitDirname + "verifier_only_circuit_data.json")
circuitDirname := "./verifier/data/" + circuit.plonky2CircuitName + "/"
proofWithPis := utils.DeserializeProofWithPublicInputs(circuitDirname + "proof_with_public_inputs.json")
commonCircuitData := utils.DeserializeCommonCircuitData(circuitDirname + "common_circuit_data.json")
verifierOnlyCircuitData := utils.DeserializeVerifierOnlyCircuitData(circuitDirname + "verifier_only_circuit_data.json")
fieldAPI := NewFieldAPI(api)
qeAPI := NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
hashAPI := NewHashAPI(fieldAPI)
poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
friChip := NewFriChip(api, fieldAPI, qeAPI, hashAPI, poseidonChip, &commonCircuitData.FriParams)
plonkChip := NewPlonkChip(api, qeAPI, commonCircuitData)
circuit.verifierChip = NewVerifierChip(api, fieldAPI, qeAPI, poseidonChip, plonkChip, friChip)
circuit.verifierChip = verifier.NewVerifierChip(api, commonCircuitData)
circuit.verifierChip.Verify(proofWithPis, verifierOnlyCircuitData, commonCircuitData)
@ -45,7 +40,7 @@ func compileCircuit(plonky2Circuit string) frontend.CompiledConstraintSystem {
circuit := BenchmarkPlonky2VerifierCircuit{
plonky2CircuitName: plonky2Circuit,
}
proofWithPis := DeserializeProofWithPublicInputs("./plonky2_verifier/data/" + plonky2Circuit + "/proof_with_public_inputs.json")
proofWithPis := utils.DeserializeProofWithPublicInputs("./verifier/data/" + plonky2Circuit + "/proof_with_public_inputs.json")
circuit.proofWithPis = proofWithPis
r1cs, err := frontend.Compile(ecc.BN254.ScalarField(), r1cs.NewBuilder, &circuit)
@ -58,7 +53,7 @@ func compileCircuit(plonky2Circuit string) frontend.CompiledConstraintSystem {
}
func createProof(r1cs frontend.CompiledConstraintSystem, plonky2Circuit string) groth16.Proof {
proofWithPis := DeserializeProofWithPublicInputs("./plonky2_verifier/data/" + plonky2Circuit + "/proof_with_public_inputs.json")
proofWithPis := utils.DeserializeProofWithPublicInputs("./verifier/data/" + plonky2Circuit + "/proof_with_public_inputs.json")
// Witness
assignment := &BenchmarkPlonky2VerifierCircuit{

5
field/field.go → field/goldilocks.go
View File

@ -7,13 +7,8 @@ import (
"github.com/consensys/gnark/std/math/emulated"
)
const D = 2
type EmulatedField = emulated.Goldilocks
type F = emulated.Element[EmulatedField]
type QuadraticExtension = [2]F
type QEAlgebra = [D]QuadraticExtension
type Hash = [4]F
var TEST_CURVE = ecc.BN254

5
field/quadratic_extension.go
View File

@ -8,6 +8,11 @@ import (
"github.com/consensys/gnark/frontend"
)
const D = 2
type QuadraticExtension = [2]F
type QEAlgebra = [D]QuadraticExtension
type QuadraticExtensionAPI struct {
fieldAPI frontend.API

8
plonky2_verifier/quadratic_extension_test.go → field/quadratic_extension_test.go
View File

@ -1,8 +1,6 @@
package plonky2_verifier
package field
import (
"gnark-plonky2-verifier/field"
. "gnark-plonky2-verifier/field"
"testing"
"github.com/consensys/gnark/frontend"
@ -21,7 +19,7 @@ type TestQuadraticExtensionMulCircuit struct {
}
func (c *TestQuadraticExtensionMulCircuit) Define(api frontend.API) error {
fieldAPI := field.NewFieldAPI(api)
fieldAPI := NewFieldAPI(api)
degreeBits := 3
c.qeAPI = NewQuadraticExtensionAPI(fieldAPI, uint64(degreeBits))
@ -55,7 +53,7 @@ type TestQuadraticExtensionDivCircuit struct {
}
func (c *TestQuadraticExtensionDivCircuit) Define(api frontend.API) error {
fieldAPI := field.NewFieldAPI(api)
fieldAPI := NewFieldAPI(api)
degreeBits := 3
c.qeAPI = NewQuadraticExtensionAPI(fieldAPI, uint64(degreeBits))

2
go.mod
View File

@ -1,4 +1,4 @@
module gnark-plonky2-verifier
module github.com/succinctlabs/gnark-plonky2-verifier
go 1.19

185
plonky2_verifier/fri_test.go
View File

@ -1,185 +0,0 @@
package plonky2_verifier
import (
. "gnark-plonky2-verifier/field"
"gnark-plonky2-verifier/poseidon"
"testing"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
)
type TestFriCircuit struct {
proofWithPIsFilename string `gnark:"-"`
commonCircuitDataFilename string `gnark:"-"`
verifierOnlyCircuitDataFilename string `gnark:"-"`
plonkZeta QuadraticExtension
friAlpha QuadraticExtension
friBetas []QuadraticExtension
friPOWResponse F
friQueryIndices []F
}
func (circuit *TestFriCircuit) Define(api frontend.API) error {
proofWithPis := DeserializeProofWithPublicInputs(circuit.proofWithPIsFilename)
commonCircuitData := DeserializeCommonCircuitData(circuit.commonCircuitDataFilename)
verifierOnlyCircuitData := DeserializeVerifierOnlyCircuitData(circuit.verifierOnlyCircuitDataFilename)
fieldAPI := NewFieldAPI(api)
qeAPI := NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
hashAPI := NewHashAPI(fieldAPI)
poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
friChip := NewFriChip(api, fieldAPI, qeAPI, hashAPI, poseidonChip, &commonCircuitData.FriParams)
friChallenges := FriChallenges{
FriAlpha: circuit.friAlpha,
FriBetas: circuit.friBetas,
FriPowResponse: circuit.friPOWResponse,
FriQueryIndices: circuit.friQueryIndices,
}
initialMerkleCaps := []MerkleCap{
verifierOnlyCircuitData.ConstantSigmasCap,
proofWithPis.Proof.WiresCap,
proofWithPis.Proof.PlonkZsPartialProductsCap,
proofWithPis.Proof.QuotientPolysCap,
}
friChip.VerifyFriProof(
commonCircuitData.GetFriInstance(qeAPI, circuit.plonkZeta, commonCircuitData.DegreeBits),
proofWithPis.Proof.Openings.ToFriOpenings(),
&friChallenges,
initialMerkleCaps,
&proofWithPis.Proof.OpeningProof,
)
return nil
}
func TestFibonacciFriProof(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestFriCircuit{
proofWithPIsFilename: "./data/fibonacci/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/fibonacci/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/fibonacci/verifier_only_circuit_data.json",
plonkZeta: QuadraticExtension{
NewFieldElementFromString("14887793628029982930"),
NewFieldElementFromString("1136137158284059037"),
},
friAlpha: QuadraticExtension{
NewFieldElementFromString("14641715242626918707"),
NewFieldElementFromString("10574243340537902930"),
},
friBetas: []QuadraticExtension{},
friPOWResponse: NewFieldElement(82451580476419),
friQueryIndices: []F{
NewFieldElement(6790812084677375942),
NewFieldElement(12394212020331474798),
NewFieldElement(16457600747000998582),
NewFieldElement(1543271328932331916),
NewFieldElement(12115726870906958644),
NewFieldElement(6775897107605342797),
NewFieldElement(15989401564746021030),
NewFieldElement(10691676456016926845),
NewFieldElement(1632499470630032007),
NewFieldElement(1317292355445098328),
NewFieldElement(18391440812534384252),
NewFieldElement(17321705613231354333),
NewFieldElement(6176487551308859603),
NewFieldElement(7119835651572002873),
NewFieldElement(3903019169623116693),
NewFieldElement(4886491111111487546),
NewFieldElement(4087641893164620518),
NewFieldElement(13801643080324181364),
NewFieldElement(16993775312274189321),
NewFieldElement(9268202926222765679),
NewFieldElement(10683001302406181735),
NewFieldElement(13359465725531647963),
NewFieldElement(4523327590105620849),
NewFieldElement(4883588003760409588),
NewFieldElement(187699146998097671),
NewFieldElement(14489263557623716717),
NewFieldElement(11748359318238148146),
NewFieldElement(13636347200053048758),
},
}
witness := TestFriCircuit{}
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}
func TestDummyFriProof(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestFriCircuit{
proofWithPIsFilename: "./data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
plonkZeta: QuadraticExtension{
NewFieldElementFromString("17377750363769967882"),
NewFieldElementFromString("11921191651424768462"),
},
friAlpha: QuadraticExtension{
NewFieldElementFromString("16721004555774385479"),
NewFieldElementFromString("10688151135543754663"),
},
friBetas: []QuadraticExtension{
{
NewFieldElementFromString("3312441922957827805"),
NewFieldElementFromString("15128092514958289671"),
},
{
NewFieldElementFromString("13630530769060141802"),
NewFieldElementFromString("14559883974933163008"),
},
{
NewFieldElementFromString("16146508250083930687"),
NewFieldElementFromString("5176346568444408396"),
},
},
friPOWResponse: NewFieldElement(4389),
friQueryIndices: []F{
NewFieldElementFromString("16334967868590615051"),
NewFieldElementFromString("2911473540496037915"),
NewFieldElementFromString("14887216056886344225"),
NewFieldElementFromString("7808811227805914295"),
NewFieldElementFromString("2018594961417375749"),
NewFieldElementFromString("3733368398777208435"),
NewFieldElementFromString("2623035669037055104"),
NewFieldElementFromString("299243030573481514"),
NewFieldElementFromString("7189789717962704433"),
NewFieldElementFromString("14566344026886816268"),
NewFieldElementFromString("12555390069003437453"),
NewFieldElementFromString("17225508403199418233"),
NewFieldElementFromString("5088797913879903292"),
NewFieldElementFromString("9715691392773433023"),
NewFieldElementFromString("7565836764713256165"),
NewFieldElementFromString("1500143546029322929"),
NewFieldElementFromString("1245802417104422080"),
NewFieldElementFromString("6831959786661245110"),
NewFieldElementFromString("17271054758535453780"),
NewFieldElementFromString("6225460404576395409"),
NewFieldElementFromString("15932661092896277351"),
NewFieldElementFromString("12452534049198240575"),
NewFieldElementFromString("4225199666055520177"),
NewFieldElementFromString("13235091290587791090"),
NewFieldElementFromString("2562357622728700774"),
NewFieldElementFromString("17676678042980201498"),
NewFieldElementFromString("5837067135702409874"),
NewFieldElementFromString("11238419549114325157"),
},
}
witness := TestFriCircuit{}
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}

805
plonky2_verifier/gate_test.go
View File

@ -1,805 +0,0 @@
package plonky2_verifier
import (
"errors"
. "gnark-plonky2-verifier/field"
"testing"
"github.com/consensys/gnark-crypto/field/goldilocks"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
)
// From recursive_step circuit
var localConstants = []QuadraticExtension{
{NewFieldElement(1164933405384298079), NewFieldElement(7438400583921661370)},
{NewFieldElement(13151230530771189075), NewFieldElement(13023721207846057894)},
{NewFieldElement(3881971040049882570), NewFieldElement(16581297326342691797)},
{NewFieldElement(5184944824742294361), NewFieldElement(4925002013441838394)},
{NewFieldElement(13156856690013129271), NewFieldElement(11795766134230417198)},
}
var localWires = []QuadraticExtension{
{NewFieldElement(10289971018233574142), NewFieldElement(4567684908222573778)},
{NewFieldElement(11564178579868812087), NewFieldElement(4510091545046358953)},
{NewFieldElement(2427374067806073277), NewFieldElement(6911441533263492425)},
{NewFieldElement(7693977127287585254), NewFieldElement(9885192257977663560)},
{NewFieldElement(4829743769894031521), NewFieldElement(1070322096310857911)},
{NewFieldElement(841614584488095356), NewFieldElement(3266720090708573245)},
{NewFieldElement(9335841732020668562), NewFieldElement(7959135654284183511)},
{NewFieldElement(16824107175117300959), NewFieldElement(14823581113270528881)},
{NewFieldElement(4989727169526686805), NewFieldElement(6246956987038299573)},
{NewFieldElement(17410065909497815114), NewFieldElement(226319705525892670)},
{NewFieldElement(4568933895769710275), NewFieldElement(6430695446169305195)},
{NewFieldElement(8067075753959020505), NewFieldElement(6018662820882606998)},
{NewFieldElement(9927277077277524164), NewFieldElement(12530942893897967446)},
{NewFieldElement(404931240594605346), NewFieldElement(13956134990453188947)},
{NewFieldElement(12279755093013597997), NewFieldElement(13891866662848929655)},
{NewFieldElement(3995291408937855383), NewFieldElement(7649506537726031013)},
{NewFieldElement(1975344541433284175), NewFieldElement(11787783246524974192)},
{NewFieldElement(9352725388265956899), NewFieldElement(1878641993746760905)},
{NewFieldElement(4386025806925594020), NewFieldElement(7199468962263347888)},
{NewFieldElement(457758515510439949), NewFieldElement(8295940174808817473)},
{NewFieldElement(3721711968672629644), NewFieldElement(13268744315779792869)},
{NewFieldElement(14873968601320376905), NewFieldElement(14469960382794471278)},
{NewFieldElement(16643239035786323413), NewFieldElement(14266572255541493756)},
{NewFieldElement(9756649839930289884), NewFieldElement(14084246204123262540)},
{NewFieldElement(805087434192149117), NewFieldElement(5551650411462295908)},
{NewFieldElement(3121050229008788536), NewFieldElement(315617444959225213)},
{NewFieldElement(18164560008695666572), NewFieldElement(6915918288299894752)},
{NewFieldElement(17656666988744688487), NewFieldElement(9787463123892858839)},
{NewFieldElement(9992120570629943241), NewFieldElement(18182369503102252267)},
{NewFieldElement(15220763248754170044), NewFieldElement(1854765527825350374)},
{NewFieldElement(15616805521198580886), NewFieldElement(8948185005335797211)},
{NewFieldElement(5104021995850318050), NewFieldElement(10884053699840350390)},
{NewFieldElement(14387430073456386871), NewFieldElement(3987323970221931246)},
{NewFieldElement(9295222033249226038), NewFieldElement(14533816739722288989)},
{NewFieldElement(3054662272834320691), NewFieldElement(5799349468053737645)},
{NewFieldElement(15410493100888282738), NewFieldElement(9030544573372043855)},
{NewFieldElement(11448080360124361095), NewFieldElement(13429854637967689056)},
{NewFieldElement(4779070979822400436), NewFieldElement(5404234368643419051)},
{NewFieldElement(11659320767511898018), NewFieldElement(13702970547443564662)},
{NewFieldElement(16340059712300851313), NewFieldElement(20171293486753699)},
{NewFieldElement(1475826372470535678), NewFieldElement(1253469117109386509)},
{NewFieldElement(7562163184139742598), NewFieldElement(14347739950500988111)},
{NewFieldElement(15976520527988523610), NewFieldElement(17889280665602982933)},
{NewFieldElement(8598539842276402160), NewFieldElement(2411306720494404310)},
{NewFieldElement(15713704960139943242), NewFieldElement(16396602336341678687)},
{NewFieldElement(7189190822731370344), NewFieldElement(5963822095937242833)},
{NewFieldElement(5977752474999875040), NewFieldElement(5328103649776423975)},
{NewFieldElement(12531991299101111394), NewFieldElement(3159886804356965397)},
{NewFieldElement(16883082502877021850), NewFieldElement(4442238822519720348)},
{NewFieldElement(4348679245531311390), NewFieldElement(6663472094175428592)},
{NewFieldElement(7628612474113215133), NewFieldElement(9324555027165483004)},
{NewFieldElement(1900695998785588032), NewFieldElement(12588745891116448183)},
{NewFieldElement(2202928383842031597), NewFieldElement(2024867731300461655)},
{NewFieldElement(9288136643086730543), NewFieldElement(4131544415785473139)},
{NewFieldElement(14704106408467038509), NewFieldElement(8573856691828273)},
{NewFieldElement(10154176515490297025), NewFieldElement(9220235036944332858)},
{NewFieldElement(11339644645342271702), NewFieldElement(2591119884720569491)},
{NewFieldElement(12952838693708363443), NewFieldElement(7634778748701478612)},
{NewFieldElement(4151157005304656172), NewFieldElement(16778323503511515227)},
{NewFieldElement(6326750425597671757), NewFieldElement(2556963653256638700)},
{NewFieldElement(10167058989235599247), NewFieldElement(8755493046703376087)},
{NewFieldElement(9610925836484089978), NewFieldElement(15994816336634155710)},
{NewFieldElement(4153283843312210367), NewFieldElement(14936117891656525941)},
{NewFieldElement(2708678512120193106), NewFieldElement(13963185898630435716)},
{NewFieldElement(6555777227864205496), NewFieldElement(796547906377203466)},
{NewFieldElement(9137905566620576524), NewFieldElement(5424975077133394401)},
{NewFieldElement(10344710254569827655), NewFieldElement(5782463375043965385)},
{NewFieldElement(5971898539021849982), NewFieldElement(8119512366912747083)},
{NewFieldElement(10858355567899666102), NewFieldElement(18000616751093068478)},
{NewFieldElement(16920330711313364238), NewFieldElement(8697067496869918100)},
{NewFieldElement(7000103501288736536), NewFieldElement(10889037926963847627)},
{NewFieldElement(2293930382336564785), NewFieldElement(1991911172589808532)},
{NewFieldElement(16325792322333215740), NewFieldElement(10408910622457883954)},
{NewFieldElement(7503118294246863546), NewFieldElement(3698311130768729720)},
{NewFieldElement(8086040183115185263), NewFieldElement(5047183760990874466)},
{NewFieldElement(9862182807054696027), NewFieldElement(1177341139111149965)},
{NewFieldElement(16001172854107018622), NewFieldElement(10666261425617835543)},
{NewFieldElement(5580184714347609844), NewFieldElement(12694115766192868759)},
{NewFieldElement(18281558831138544975), NewFieldElement(3361626347282823513)},
{NewFieldElement(3031997905089686532), NewFieldElement(15324883672435732043)},
{NewFieldElement(450952121891526527), NewFieldElement(3760645720813651878)},
{NewFieldElement(12802993704800176346), NewFieldElement(5762382859373230998)},
{NewFieldElement(3276893202573968613), NewFieldElement(1800240087286854287)},
{NewFieldElement(5921423446901282771), NewFieldElement(1701259673949139858)},
{NewFieldElement(9599792256793291230), NewFieldElement(14953029539933413769)},
{NewFieldElement(6924230983683680937), NewFieldElement(11341266871925411757)},
{NewFieldElement(7369845262101528427), NewFieldElement(14511942995651504957)},
{NewFieldElement(3575537879709813183), NewFieldElement(8500642062708926725)},
{NewFieldElement(4175897998808440429), NewFieldElement(3374384071922541929)},
{NewFieldElement(12757283027846003446), NewFieldElement(17905830097386863938)},
{NewFieldElement(6320876143845688240), NewFieldElement(11931531275984972701)},
{NewFieldElement(18217933064159243751), NewFieldElement(10071176713368801471)},
{NewFieldElement(4777714881679002884), NewFieldElement(11864655235286620829)},
{NewFieldElement(5051586433049660820), NewFieldElement(9706334979530647226)},
{NewFieldElement(10142518025690185130), NewFieldElement(11625111857426302867)},
{NewFieldElement(12942439955200094763), NewFieldElement(12974281474830386034)},
{NewFieldElement(12714064210006754841), NewFieldElement(10541770037347437502)},
{NewFieldElement(10048643184275048639), NewFieldElement(3986690477062097502)},
{NewFieldElement(1705165528883143091), NewFieldElement(15274852618321664478)},
{NewFieldElement(7505339430009963451), NewFieldElement(15833594687115464439)},
{NewFieldElement(14969085142351848679), NewFieldElement(1313378114647584372)},
{NewFieldElement(13860248504174697653), NewFieldElement(11813005399232850289)},
{NewFieldElement(251943684565772115), NewFieldElement(7573719044708266257)},
{NewFieldElement(3106490314923518751), NewFieldElement(6708785325259176544)},
{NewFieldElement(16356137633407478618), NewFieldElement(10204772059332988569)},
{NewFieldElement(6854820980459043959), NewFieldElement(15547517301904265885)},
{NewFieldElement(11272546272005349344), NewFieldElement(13048057766361438654)},
{NewFieldElement(1292326010164513793), NewFieldElement(3884499312974286465)},
{NewFieldElement(13766861546348177296), NewFieldElement(16189793227494584882)},
{NewFieldElement(17409073821234659314), NewFieldElement(9981103842753464857)},
{NewFieldElement(9704863891305672730), NewFieldElement(6734589298170331622)},
{NewFieldElement(12730115352516859625), NewFieldElement(7184752625986384624)},
{NewFieldElement(11668345947294231238), NewFieldElement(16115042113565080691)},
{NewFieldElement(14062084624592649794), NewFieldElement(2756332865729973692)},
{NewFieldElement(3748768277402965633), NewFieldElement(16866814743891506413)},
{NewFieldElement(10432481590948249422), NewFieldElement(16082227217718892532)},
{NewFieldElement(491495918184990934), NewFieldElement(6356796615401236136)},
{NewFieldElement(17901902629808882123), NewFieldElement(13514738065473981771)},
{NewFieldElement(12660442011781098101), NewFieldElement(6869178288883388452)},
{NewFieldElement(4393627135520874514), NewFieldElement(18356603129965580261)},
{NewFieldElement(677707009508889751), NewFieldElement(12680875774839515608)},
{NewFieldElement(10378933644525583340), NewFieldElement(13309450528739048419)},
{NewFieldElement(17340442394158194152), NewFieldElement(2264038306172498436)},
{NewFieldElement(3370239755875426470), NewFieldElement(16608802578078035004)},
{NewFieldElement(10934853199725686361), NewFieldElement(16013313141655891901)},
{NewFieldElement(13594205540632772459), NewFieldElement(2004743885124905326)},
{NewFieldElement(2746704624744404227), NewFieldElement(16776409524391586509)},
{NewFieldElement(3958873682280414366), NewFieldElement(1600073271711289868)},
{NewFieldElement(2428249869256780385), NewFieldElement(4540186883415041033)},
{NewFieldElement(11471613891518396403), NewFieldElement(12378090703999608437)},
{NewFieldElement(2473054093631985558), NewFieldElement(6016173170699559864)},
{NewFieldElement(5753078745189531749), NewFieldElement(7917608537613216175)},
{NewFieldElement(8855440271433298214), NewFieldElement(16093723431433530090)},
{NewFieldElement(18386320557740714138), NewFieldElement(8240697133069742104)},
{NewFieldElement(15199992048380262587), NewFieldElement(2301519535136472331)},
{NewFieldElement(5102771513133979026), NewFieldElement(12570336536575987923)},
}
var publicInputsHash = Hash{ZERO_F, ZERO_F, ZERO_F, ZERO_F}
var publicInputGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(10289971018233574142), NewFieldElement(4567684908222573778)},
{NewFieldElement(11564178579868812087), NewFieldElement(4510091545046358953)},
{NewFieldElement(2427374067806073277), NewFieldElement(6911441533263492425)},
{NewFieldElement(7693977127287585254), NewFieldElement(9885192257977663560)},
}
// BaseSumGate { num_limbs: 63 }), (Base: 2)
var baseSumGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(11424008506420489027), NewFieldElement(2915141729320103909)},
{NewFieldElement(990850510351998129), NewFieldElement(10775195787959069600)},
{NewFieldElement(6614688617813304624), NewFieldElement(11090441606706959264)},
{NewFieldElement(17750388994193092499), NewFieldElement(9822716613211085052)},
{NewFieldElement(15668686535963465292), NewFieldElement(5860790519230132950)},
{NewFieldElement(9301693563861638036), NewFieldElement(5759072521542705927)},
{NewFieldElement(1463677617048504116), NewFieldElement(657088188145156737)},
{NewFieldElement(11221326157331101168), NewFieldElement(3258353713560294154)},
{NewFieldElement(6298170343528505052), NewFieldElement(1515404430931450244)},
{NewFieldElement(10609142393996097059), NewFieldElement(5676353771077187085)},
{NewFieldElement(15377741222281320), NewFieldElement(17210062473996670458)},
{NewFieldElement(16623098697475668629), NewFieldElement(16010660943931470875)},
{NewFieldElement(13742463434921610007), NewFieldElement(11069510319782271171)},
{NewFieldElement(14872905802739821087), NewFieldElement(16577474870939262513)},
{NewFieldElement(15699671366929256655), NewFieldElement(15598194197245819873)},
{NewFieldElement(10679123900573339697), NewFieldElement(10228522398312889861)},
{NewFieldElement(8872281223292031801), NewFieldElement(1329834573379055460)},
{NewFieldElement(2535224613123191755), NewFieldElement(12786291812393663221)},
{NewFieldElement(17788228910394641125), NewFieldElement(5545904820430114370)},
{NewFieldElement(10489817294122939391), NewFieldElement(14636352222428121923)},
{NewFieldElement(10852238020744398528), NewFieldElement(2312796082809010853)},
{NewFieldElement(5067875522341132442), NewFieldElement(2107737958122288286)},
{NewFieldElement(17283146688878926257), NewFieldElement(8456549639899437925)},
{NewFieldElement(10637171512256553781), NewFieldElement(6390530901963054085)},
{NewFieldElement(7586090218847390134), NewFieldElement(13687926314033375459)},
{NewFieldElement(9523662200490053374), NewFieldElement(13361040406642218763)},
{NewFieldElement(634822311162237689), NewFieldElement(9630483174624222223)},
{NewFieldElement(15242934013445465604), NewFieldElement(1135488709061427932)},
{NewFieldElement(10311174951052257420), NewFieldElement(524968500387403585)},
{NewFieldElement(6646751050961926593), NewFieldElement(8684017064299024213)},
{NewFieldElement(16629184374162391253), NewFieldElement(13745216788879851113)},
{NewFieldElement(15725765914323741961), NewFieldElement(4607182206571650287)},
{NewFieldElement(4905637093691966606), NewFieldElement(218562275165442331)},
{NewFieldElement(15526612325511973871), NewFieldElement(5770955229659050735)},
{NewFieldElement(9591223869277908917), NewFieldElement(1518900007157334701)},
{NewFieldElement(14713177841944866109), NewFieldElement(16661134545564989407)},
{NewFieldElement(4236602876840371235), NewFieldElement(12185730046300426061)},
{NewFieldElement(14844502873470690827), NewFieldElement(5567680392033564858)},
{NewFieldElement(5550472614893629959), NewFieldElement(17955875404530787722)},
{NewFieldElement(9965647340229188622), NewFieldElement(12067752288619191155)},
{NewFieldElement(15624184226617424434), NewFieldElement(13522086059807517857)},
{NewFieldElement(6001948917737119729), NewFieldElement(10555349705067997421)},
{NewFieldElement(7967852853408273634), NewFieldElement(16393445105337145265)},
{NewFieldElement(13601491066758079307), NewFieldElement(11390709918813075818)},
{NewFieldElement(5704706916270196865), NewFieldElement(17007264058732032659)},
{NewFieldElement(18354610167186324196), NewFieldElement(16917152819910011122)},
{NewFieldElement(6026824824087688959), NewFieldElement(11547555659280958524)},
{NewFieldElement(15645938871784252821), NewFieldElement(12381341093764170444)},
{NewFieldElement(1202470274460413029), NewFieldElement(3583599940021118482)},
{NewFieldElement(5248479930891455774), NewFieldElement(2393692482194449448)},
{NewFieldElement(13386434971986911647), NewFieldElement(12326376082602154018)},
{NewFieldElement(11327299405009394635), NewFieldElement(7538844592867989882)},
{NewFieldElement(7984839537656677309), NewFieldElement(6441274039505923023)},
{NewFieldElement(3942932013374375924), NewFieldElement(6548354659360045418)},
{NewFieldElement(10139699962065730425), NewFieldElement(16908585391181627242)},
{NewFieldElement(18094104343668325187), NewFieldElement(8370083050741645827)},
{NewFieldElement(12131340922292526267), NewFieldElement(17299488555769517106)},
{NewFieldElement(11470330746430670818), NewFieldElement(15960507373360402879)},
{NewFieldElement(386512699105836065), NewFieldElement(8986007306829996238)},
{NewFieldElement(1834598616243509000), NewFieldElement(14626792908408543748)},
{NewFieldElement(17890037858181404101), NewFieldElement(17018218424290394313)},
{NewFieldElement(11758664078194540174), NewFieldElement(16603941107284246147)},
{NewFieldElement(14022184733842887279), NewFieldElement(13741139908708752348)},
{NewFieldElement(4836630213324422487), NewFieldElement(222498232493222193)},
}
// ArithmeticGate { num_ops: 20 }
var arithmeticGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(12119614175182896132), NewFieldElement(9100747776469133669)},
{NewFieldElement(1435113994507051493), NewFieldElement(16937897191584383857)},
{NewFieldElement(51616472710099652), NewFieldElement(4146295929435411488)},
{NewFieldElement(92237181388579392), NewFieldElement(12824787281527009080)},
{NewFieldElement(11063958613047368831), NewFieldElement(516751095582253219)},
{NewFieldElement(8881502495740733965), NewFieldElement(5405782271334426100)},
{NewFieldElement(9646745645960524278), NewFieldElement(6323317609176095073)},
{NewFieldElement(10334354202446659881), NewFieldElement(17865166204439996809)},
{NewFieldElement(9511789862027881130), NewFieldElement(17897392861017078901)},
{NewFieldElement(4686618214331097217), NewFieldElement(7102232698145277151)},
{NewFieldElement(5140381642477065044), NewFieldElement(15554316144351441473)},
{NewFieldElement(14252043934312871974), NewFieldElement(1198292921407928539)},
{NewFieldElement(13289413398237564138), NewFieldElement(15704998539419457452)},
{NewFieldElement(4800979510155331538), NewFieldElement(14057404157182035427)},
{NewFieldElement(17908028924715246889), NewFieldElement(8716376706845369224)},
{NewFieldElement(3226678693544038862), NewFieldElement(5577680088492344738)},
{NewFieldElement(10987852156126930017), NewFieldElement(16323667584216755558)},
{NewFieldElement(5135981108938961064), NewFieldElement(6684115991562770960)},
{NewFieldElement(8519638889718596339), NewFieldElement(7662028578892995756)},
{NewFieldElement(7747323897933750795), NewFieldElement(6872730347313691927)},
}
// RandomAccessGate { bits: 4, num_copies: 4, num_extra_constants: 2, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>
var randomAccessGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(2891299230460455680), NewFieldElement(12638923114586787038)},
{NewFieldElement(10369791235277272383), NewFieldElement(11178254747952182382)},
{NewFieldElement(2609100974341658152), NewFieldElement(7141157629969452340)},
{NewFieldElement(10885639242129231953), NewFieldElement(10224819739496777877)},
{NewFieldElement(15486139493712450489), NewFieldElement(17924944477102802615)},
{NewFieldElement(5969758517166950176), NewFieldElement(4139464862931677318)},
{NewFieldElement(7251510967440451429), NewFieldElement(11634060506931912043)},
{NewFieldElement(581371472896562405), NewFieldElement(1340263685452848185)},
{NewFieldElement(11876289968532354241), NewFieldElement(39606365246086104)},
{NewFieldElement(17037991399414168046), NewFieldElement(9356315359108087151)},
{NewFieldElement(13506822543872334969), NewFieldElement(14166594210473057923)},
{NewFieldElement(530968584207084639), NewFieldElement(12346975065647187607)},
{NewFieldElement(8780439534301283756), NewFieldElement(14250307971393105395)},
{NewFieldElement(5955166439403627952), NewFieldElement(427818832806268253)},
{NewFieldElement(10383473532295208089), NewFieldElement(10834018170496866410)},
{NewFieldElement(17770159895239813531), NewFieldElement(3803908573438301448)},
{NewFieldElement(5230956285821863871), NewFieldElement(13187949446452303832)},
{NewFieldElement(4082775007574051589), NewFieldElement(17608951079871259588)},
{NewFieldElement(15832332042406144153), NewFieldElement(9112933169473505864)},
{NewFieldElement(17289713569232165217), NewFieldElement(764355564171754371)},
{NewFieldElement(11875388597093781742), NewFieldElement(17390337221018798452)},
{NewFieldElement(14723779398624676305), NewFieldElement(4351422752569601515)},
{NewFieldElement(7898206414568399642), NewFieldElement(3781389637016766144)},
{NewFieldElement(10959059343195760030), NewFieldElement(17524903422154932359)},
{NewFieldElement(7305896571823662942), NewFieldElement(12962835460398538761)},
{NewFieldElement(5653738395766265725), NewFieldElement(8097455003461687478)},
}
// PoseidonGate(PhantomData<plonky2_field::goldilocks_field::GoldilocksField>)<WIDTH=12>
var poseidonGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(7586090218847390134), NewFieldElement(13687926314033375459)},
{NewFieldElement(10774680496478357997), NewFieldElement(14419929234728022600)},
{NewFieldElement(983485807903636414), NewFieldElement(3028876395437704592)},
{NewFieldElement(5873163034459252869), NewFieldElement(11720300428168955402)},
{NewFieldElement(16261775977438390033), NewFieldElement(15598817592005081227)},
{NewFieldElement(3308439339359285309), NewFieldElement(16350160944703138332)},
{NewFieldElement(2477915029208949035), NewFieldElement(10909058342937234971)},
{NewFieldElement(2006101431747008114), NewFieldElement(1317396811566929515)},
{NewFieldElement(5743380333218483835), NewFieldElement(9864892326580372485)},
{NewFieldElement(4343047746155696133), NewFieldElement(2452956674303649004)},
{NewFieldElement(18237771591472199486), NewFieldElement(9201720967486340889)},
{NewFieldElement(7997743545022954538), NewFieldElement(5790905224346459337)},
{NewFieldElement(7270313259765139533), NewFieldElement(13664497978956485388)},
{NewFieldElement(11627392666242516567), NewFieldElement(6707531853885096654)},
{NewFieldElement(14108041676779390728), NewFieldElement(13890317640467961363)},
{NewFieldElement(10461937206408578346), NewFieldElement(16929842020525911045)},
{NewFieldElement(14163490001894639417), NewFieldElement(6486250350832733344)},
{NewFieldElement(6025822272051423893), NewFieldElement(6875599327185319749)},
{NewFieldElement(11800406778761598568), NewFieldElement(13445736562420900345)},
{NewFieldElement(8721632296347252438), NewFieldElement(15861696011210243831)},
{NewFieldElement(13862698645551446166), NewFieldElement(10895802231885823011)},
{NewFieldElement(9467131299943023152), NewFieldElement(508610840287781764)},
{NewFieldElement(10369576299876905473), NewFieldElement(1319089684709412204)},
{NewFieldElement(17202741125808968481), NewFieldElement(4132975454251812345)},
{NewFieldElement(4939406044782203142), NewFieldElement(18100435685377738067)},
{NewFieldElement(2662601992953696766), NewFieldElement(5356898997486457355)},
{NewFieldElement(12240740991568526347), NewFieldElement(14183052793978601368)},
{NewFieldElement(17267799754824241908), NewFieldElement(15067892579134674951)},
{NewFieldElement(3885637219153712510), NewFieldElement(2045928245539296545)},
{NewFieldElement(7614199998298216925), NewFieldElement(13135807303144108264)},
{NewFieldElement(12232208765790877245), NewFieldElement(6790391920585566719)},
{NewFieldElement(14027621788671850076), NewFieldElement(8244116705079721069)},
{NewFieldElement(18361849947075265980), NewFieldElement(636640170174188211)},
{NewFieldElement(15400723839777269850), NewFieldElement(7187627113110641974)},
{NewFieldElement(11208418886499216060), NewFieldElement(1068905181682993370)},
{NewFieldElement(8741978871712571992), NewFieldElement(11893984108008599655)},
{NewFieldElement(5904231306484990036), NewFieldElement(10974042651195177783)},
{NewFieldElement(12306264278608747297), NewFieldElement(6054935933756948006)},
{NewFieldElement(4439661353730067518), NewFieldElement(13536513851562309841)},
{NewFieldElement(13020734370698999772), NewFieldElement(163773705062531020)},
{NewFieldElement(10365756846699668634), NewFieldElement(5245413619357449)},
{NewFieldElement(15929862436085820709), NewFieldElement(10957910821863876318)},
{NewFieldElement(977018799724983158), NewFieldElement(15040949766668867994)},
{NewFieldElement(2993125862244950582), NewFieldElement(13234404554976574543)},
{NewFieldElement(14122201262568632993), NewFieldElement(93763383340088526)},
{NewFieldElement(8975477202804925208), NewFieldElement(1040893022864763499)},
{NewFieldElement(7725813871064262870), NewFieldElement(14455479145922718826)},
{NewFieldElement(1073062170185630790), NewFieldElement(16407856079088655345)},
{NewFieldElement(17737117878818849535), NewFieldElement(1900599912944642061)},
{NewFieldElement(12256168642879070567), NewFieldElement(8539769760609459864)},
{NewFieldElement(15141228232285134803), NewFieldElement(897120225935075003)},
{NewFieldElement(3388596123376728329), NewFieldElement(5128230734992475590)},
{NewFieldElement(8733319491992764673), NewFieldElement(1928863683866117576)},
{NewFieldElement(5203485787146767490), NewFieldElement(12954094447445057610)},
{NewFieldElement(5201734155949618873), NewFieldElement(3995115267673262244)},
{NewFieldElement(8666839426855174616), NewFieldElement(3659748522909014185)},
{NewFieldElement(9240426493517714121), NewFieldElement(12895319645103780590)},
{NewFieldElement(10104523192405168095), NewFieldElement(8335084014759232790)},
{NewFieldElement(12471660706832322357), NewFieldElement(16692471091408210242)},
{NewFieldElement(7713567301004647325), NewFieldElement(2346765742178693341)},
{NewFieldElement(5087966313974874861), NewFieldElement(17995538175842083522)},
{NewFieldElement(1103485120645095922), NewFieldElement(17358959631107792889)},
{NewFieldElement(16443030134912318512), NewFieldElement(4694929981527462915)},
{NewFieldElement(5229836547906072694), NewFieldElement(10529861755371621018)},
{NewFieldElement(17706463046886551260), NewFieldElement(7014625543777947259)},
{NewFieldElement(17494246083650429806), NewFieldElement(10059232320812188522)},
{NewFieldElement(6009623857477500128), NewFieldElement(9041821915077023327)},
{NewFieldElement(15414837134646072506), NewFieldElement(17735866267331281406)},
{NewFieldElement(9582418254228040565), NewFieldElement(9475780400052940525)},
{NewFieldElement(3850010214259020229), NewFieldElement(2344916032711572881)},
{NewFieldElement(3276478492985700631), NewFieldElement(9347511148183965796)},
{NewFieldElement(4260955157349956538), NewFieldElement(3737557221553060525)},
{NewFieldElement(1814028760671441115), NewFieldElement(1709540851509897224)},
{NewFieldElement(304220870213251471), NewFieldElement(18339319635968408171)},
{NewFieldElement(6309601903165399081), NewFieldElement(4611660338915358676)},
{NewFieldElement(5440836432197140901), NewFieldElement(835184832962669050)},
{NewFieldElement(4132483007111889331), NewFieldElement(17679464861654166329)},
{NewFieldElement(12071698679631585615), NewFieldElement(3526806430507304767)},
{NewFieldElement(16570124099871162516), NewFieldElement(16394949299416922104)},
{NewFieldElement(11779301434103087470), NewFieldElement(9928702854994401626)},
{NewFieldElement(486097273023099818), NewFieldElement(1666631222233964241)},
{NewFieldElement(13426511095962901265), NewFieldElement(16977352762229561063)},
{NewFieldElement(7848259968166982335), NewFieldElement(8923641610835432771)},
{NewFieldElement(6717523783985825261), NewFieldElement(8442698012198213832)},
{NewFieldElement(16551829854897630528), NewFieldElement(1207332518477764340)},
{NewFieldElement(9552262459546034571), NewFieldElement(4701791517562735608)},
{NewFieldElement(6527201331407091692), NewFieldElement(10762913938781033944)},
{NewFieldElement(11212416663128404375), NewFieldElement(6847749339754298086)},
{NewFieldElement(10791247438031342492), NewFieldElement(3448715099533950037)},
{NewFieldElement(1719220253088662156), NewFieldElement(15702968714187742357)},
{NewFieldElement(14008817631758138024), NewFieldElement(17297897981954620228)},
{NewFieldElement(7768014097976613936), NewFieldElement(15806402621409309279)},
{NewFieldElement(3886721256453659755), NewFieldElement(16395869594056206627)},
{NewFieldElement(13997073954856864246), NewFieldElement(1233051863712529371)},
{NewFieldElement(11334349192463912274), NewFieldElement(5454820034730801470)},
{NewFieldElement(7648426950649263998), NewFieldElement(9412547620105462810)},
{NewFieldElement(2869115266070242006), NewFieldElement(9873001547032180059)},
{NewFieldElement(11864269740491424738), NewFieldElement(3771973823544233765)},
{NewFieldElement(9374340554044631499), NewFieldElement(11414175937704649426)},
{NewFieldElement(8970748854700874383), NewFieldElement(2703579039677419011)},
{NewFieldElement(3743841601176432106), NewFieldElement(11043980835019875782)},
{NewFieldElement(1654705359096618107), NewFieldElement(4374088811382131752)},
{NewFieldElement(10209435051454821145), NewFieldElement(4087979231575661143)},
{NewFieldElement(9566392584670645438), NewFieldElement(5102479111558561813)},
{NewFieldElement(4542214823227660682), NewFieldElement(16447152846983873546)},
{NewFieldElement(3619667706484141693), NewFieldElement(3976495805371636999)},
{NewFieldElement(14677559952589127978), NewFieldElement(1506330427474903904)},
{NewFieldElement(9618330319963013853), NewFieldElement(7774314641304317232)},
{NewFieldElement(15136595569611237026), NewFieldElement(6241976546079100101)},
{NewFieldElement(6190131967820348937), NewFieldElement(8898314655028146727)},
{NewFieldElement(10664902807329902141), NewFieldElement(399679411582475270)},
{NewFieldElement(4620231951016842028), NewFieldElement(14227502135369964656)},
{NewFieldElement(14442830168084065060), NewFieldElement(18194643570654368962)},
{NewFieldElement(6026772169794354979), NewFieldElement(15538586941211648185)},
{NewFieldElement(3305763071851691617), NewFieldElement(7414963068017211970)},
{NewFieldElement(2348819716102409971), NewFieldElement(3414253607649082297)},
{NewFieldElement(5561613987159516190), NewFieldElement(18108137586585031915)},
{NewFieldElement(11622858756456645517), NewFieldElement(5481788959889711288)},
{NewFieldElement(14329441999576805903), NewFieldElement(7316385947805485474)},
{NewFieldElement(6619906970666076294), NewFieldElement(11606453814479815487)},
{NewFieldElement(273184393202580706), NewFieldElement(15538333835729971074)},
{NewFieldElement(16891566794426605557), NewFieldElement(432853148035369520)},
{NewFieldElement(3134481789780853760), NewFieldElement(10023938129020275945)},
}
var reducingExtensionGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(12512260201049243975), NewFieldElement(5104620179714279781)},
{NewFieldElement(13013016297591764071), NewFieldElement(3905565448987160512)},
{NewFieldElement(18168316387479509651), NewFieldElement(15285510648877030958)},
{NewFieldElement(2704136035168106924), NewFieldElement(17701154289967205509)},
{NewFieldElement(6350634844525158810), NewFieldElement(6841530668953763541)},
{NewFieldElement(14558428225759052231), NewFieldElement(6228114011555775975)},
{NewFieldElement(11984059988070020226), NewFieldElement(6404501976404464308)},
{NewFieldElement(7499833675686066082), NewFieldElement(13203954482927844021)},
{NewFieldElement(53729277296365862), NewFieldElement(11604944835579274791)},
{NewFieldElement(649276793194856338), NewFieldElement(15769159485820654298)},
{NewFieldElement(7220059241713171194), NewFieldElement(7593947467996717503)},
{NewFieldElement(11725388872832717991), NewFieldElement(2472966042937251891)},
{NewFieldElement(17103067711705259268), NewFieldElement(12741737218458998807)},
{NewFieldElement(2053029714235535081), NewFieldElement(5621084618445985853)},
{NewFieldElement(394074652594148954), NewFieldElement(14480160107167739683)},
{NewFieldElement(16319639492172307693), NewFieldElement(18262596047016856354)},
{NewFieldElement(7349401242823131130), NewFieldElement(16637643780538375248)},
{NewFieldElement(2968776512542894745), NewFieldElement(7967382686110631950)},
{NewFieldElement(4131567287142440211), NewFieldElement(16488573781037653146)},
{NewFieldElement(3210618110340609396), NewFieldElement(15575562053796139855)},
{NewFieldElement(866179987510198517), NewFieldElement(1621207644178469397)},
{NewFieldElement(13787839347867512750), NewFieldElement(5082451965770365331)},
{NewFieldElement(16727747831341625951), NewFieldElement(17003066965000183599)},
{NewFieldElement(5844378810576570680), NewFieldElement(7917389141334353441)},
{NewFieldElement(2806785896842529320), NewFieldElement(2418902247526900913)},
{NewFieldElement(16911660151499877134), NewFieldElement(12021165187528883860)},
{NewFieldElement(17281860563566587308), NewFieldElement(907492056629373413)},
{NewFieldElement(2149753706739034128), NewFieldElement(12371022473774589200)},
{NewFieldElement(7841056796552151745), NewFieldElement(3143088841967149638)},
{NewFieldElement(11915031067231681577), NewFieldElement(18108223564563708813)},
{NewFieldElement(2094314575212662773), NewFieldElement(188561272841399737)},
{NewFieldElement(16712479120741377751), NewFieldElement(13153292267876520211)},
{NewFieldElement(11528911604171979726), NewFieldElement(889050185568489714)},
{NewFieldElement(13117878881472895975), NewFieldElement(2608864599443833112)},
{NewFieldElement(310976139454954605), NewFieldElement(271726012479588385)},
{NewFieldElement(4724981023605656141), NewFieldElement(7786903198345013664)},
{NewFieldElement(7358470379588594806), NewFieldElement(5500290420069122896)},
{NewFieldElement(11249736961064437940), NewFieldElement(7500992311029866319)},
{NewFieldElement(16247982877846154545), NewFieldElement(18437922661172982146)},
{NewFieldElement(14828806288276948771), NewFieldElement(161861918745757497)},
{NewFieldElement(12207866405175784678), NewFieldElement(17882395070256177480)},
{NewFieldElement(1862300191557939305), NewFieldElement(12946149812989300425)},
{NewFieldElement(113183958399514852), NewFieldElement(6003153612730483196)},
{NewFieldElement(17112839880895845290), NewFieldElement(3628345828628316007)},
{NewFieldElement(8779978792406228661), NewFieldElement(11992923889396921201)},
{NewFieldElement(6179077038148294340), NewFieldElement(11713998999910876710)},
{NewFieldElement(13454002959297605186), NewFieldElement(2204743745696912515)},
{NewFieldElement(15623020893752344305), NewFieldElement(13749522681861530980)},
{NewFieldElement(6206230970377487041), NewFieldElement(16389331421791613953)},
{NewFieldElement(2425462828014799977), NewFieldElement(1558769431852532736)},
{NewFieldElement(2327926263345738065), NewFieldElement(8779034796068602190)},
{NewFieldElement(14563770135458078041), NewFieldElement(6494115966350812505)},
{NewFieldElement(8082502921781233722), NewFieldElement(7935499582140944140)},
{NewFieldElement(14539277379887693704), NewFieldElement(5161629331161118775)},
{NewFieldElement(13736527598285458228), NewFieldElement(7309962536813433388)},
{NewFieldElement(13933813405709515396), NewFieldElement(17798686485131016236)},
{NewFieldElement(8897530535975229493), NewFieldElement(14404791097089986313)},
{NewFieldElement(18088311324021484864), NewFieldElement(11991882587468162630)},
{NewFieldElement(8956488301372897339), NewFieldElement(8045253716620738816)},
{NewFieldElement(16016384501418916541), NewFieldElement(3181272893128323084)},
{NewFieldElement(2517080075900745791), NewFieldElement(18241855168616334247)},
{NewFieldElement(17868385271737172979), NewFieldElement(3149251797904840387)},
{NewFieldElement(16240211689398081741), NewFieldElement(12595579002758809850)},
{NewFieldElement(15129425055871583477), NewFieldElement(16556688233744925655)},
{NewFieldElement(12118068802024437752), NewFieldElement(1415394251822514067)},
{NewFieldElement(9998982344935417389), NewFieldElement(1388414311221312252)},
}
// ReducingGate { num_coeffs: 44 }
var reducingGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(2762695979854660261), NewFieldElement(6188975775006680731)},
{NewFieldElement(1791331417935738626), NewFieldElement(17085037714198081810)},
{NewFieldElement(2937679508710033736), NewFieldElement(5129621779087684534)},
{NewFieldElement(481168721643876637), NewFieldElement(7141872137498120988)},
{NewFieldElement(17254181100047942156), NewFieldElement(17775174281554210440)},
{NewFieldElement(5198890470471443302), NewFieldElement(14888425516661975457)},
{NewFieldElement(13028786198899252632), NewFieldElement(10937447292538980197)},
{NewFieldElement(2265158031754703100), NewFieldElement(12577502307628934155)},
{NewFieldElement(15551968276096003032), NewFieldElement(15292448269321193280)},
{NewFieldElement(17365969756658867370), NewFieldElement(17369305944822545977)},
{NewFieldElement(7080686817257839256), NewFieldElement(593963095520237279)},
{NewFieldElement(9676311908112124362), NewFieldElement(15674622921902422959)},
{NewFieldElement(11251136116732324348), NewFieldElement(18440217803596221468)},
{NewFieldElement(3735056268905622852), NewFieldElement(13863980656029437128)},
{NewFieldElement(8027041826265159623), NewFieldElement(11754189465873578671)},
{NewFieldElement(17583392801264300641), NewFieldElement(6466906893845676112)},
{NewFieldElement(10453982665201242303), NewFieldElement(10957427537661178463)},
{NewFieldElement(8008073576872573103), NewFieldElement(15936946455243860971)},
{NewFieldElement(10779255795330506743), NewFieldElement(1425676337306283564)},
{NewFieldElement(13500038741878953694), NewFieldElement(5693690628820948906)},
{NewFieldElement(6987584139748553407), NewFieldElement(4433192799815624764)},
{NewFieldElement(3618013197373611562), NewFieldElement(15641412670596115335)},
{NewFieldElement(4523765518023087797), NewFieldElement(5497960888090896635)},
{NewFieldElement(8750545727419259671), NewFieldElement(17422860419602722677)},
{NewFieldElement(17564615024878416866), NewFieldElement(16238022624102079273)},
{NewFieldElement(3740814195084876131), NewFieldElement(17474834584441312839)},
{NewFieldElement(2239459464265888484), NewFieldElement(8706775397593275819)},
{NewFieldElement(6491352471800031726), NewFieldElement(209451190673168977)},
{NewFieldElement(5778494879465125706), NewFieldElement(7142303398286289731)},
{NewFieldElement(7094902435091460736), NewFieldElement(17694563561889239395)},
{NewFieldElement(2647942785603144770), NewFieldElement(12183038555524816414)},
{NewFieldElement(15100729453671585276), NewFieldElement(8119652948094623285)},
{NewFieldElement(3441209666651626111), NewFieldElement(10072736477013237067)},
{NewFieldElement(2372663484566761092), NewFieldElement(594324049190490986)},
{NewFieldElement(4026947675295370811), NewFieldElement(1179770390904329138)},
{NewFieldElement(1595271198725095132), NewFieldElement(15771888513051752701)},
{NewFieldElement(15924194187528252748), NewFieldElement(6763066202850242722)},
{NewFieldElement(1445670890851930788), NewFieldElement(3792635664222385076)},
{NewFieldElement(12273956505460180574), NewFieldElement(2686688969956106705)},
{NewFieldElement(11658870742027189182), NewFieldElement(12329880551401953731)},
{NewFieldElement(3044295792231373345), NewFieldElement(17852841657875251990)},
{NewFieldElement(89567881331820860), NewFieldElement(15259944608836914642)},
{NewFieldElement(358286967559220432), NewFieldElement(4492752479771433484)},
{NewFieldElement(14577916428537408584), NewFieldElement(13741732911292090813)},
{NewFieldElement(16727747831341625951), NewFieldElement(17003066965000183599)},
{NewFieldElement(9070359631236984957), NewFieldElement(6062623613509003067)},
{NewFieldElement(2410743624398118478), NewFieldElement(13772226839431038397)},
{NewFieldElement(11807638155649559084), NewFieldElement(1137111487688533470)},
{NewFieldElement(64491941894197002), NewFieldElement(5868353091743239378)},
{NewFieldElement(11301275742904392411), NewFieldElement(16283949803466884532)},
{NewFieldElement(9890416519568149104), NewFieldElement(8227793073753762383)},
{NewFieldElement(14951282035757983160), NewFieldElement(9077678991191664958)},
{NewFieldElement(5033664288544688549), NewFieldElement(9192774674510226248)},
{NewFieldElement(11933408140918977315), NewFieldElement(7749057899233101160)},
{NewFieldElement(9164812869909307746), NewFieldElement(1719896377847214041)},
{NewFieldElement(15224563238586628983), NewFieldElement(2588693305957079413)},
{NewFieldElement(1889812039818739618), NewFieldElement(4817606363423939521)},
{NewFieldElement(15609561908880497864), NewFieldElement(11885907317258609874)},
{NewFieldElement(6792442952488353934), NewFieldElement(15088298397252768139)},
{NewFieldElement(2651197118788035780), NewFieldElement(5089685590535462009)},
{NewFieldElement(11982358277830572398), NewFieldElement(15471174962798992515)},
{NewFieldElement(7639615465545578427), NewFieldElement(12644783892223098985)},
{NewFieldElement(11009184909998310074), NewFieldElement(17958525789123172556)},
{NewFieldElement(7777052961871412232), NewFieldElement(9786263008632335028)},
{NewFieldElement(13336166292448975341), NewFieldElement(15263885337654327510)},
{NewFieldElement(12764160635364533900), NewFieldElement(15411617803867471736)},
{NewFieldElement(17491426030593864841), NewFieldElement(2688540155718191896)},
{NewFieldElement(4278381039362706308), NewFieldElement(17571997178209012848)},
{NewFieldElement(12726900947926109267), NewFieldElement(1433345131505837369)},
{NewFieldElement(6334884250665613762), NewFieldElement(9617978266076057841)},
{NewFieldElement(17511031815464775451), NewFieldElement(12281753446186189470)},
{NewFieldElement(10718030381939087273), NewFieldElement(10785278464322784199)},
{NewFieldElement(6964802145991989973), NewFieldElement(5630451507536431311)},
{NewFieldElement(1610931441749714598), NewFieldElement(17306081287063918214)},
{NewFieldElement(12529885758752979710), NewFieldElement(12015226868538417544)},
{NewFieldElement(8212526954290021947), NewFieldElement(2604665677904480075)},
{NewFieldElement(836429499775217902), NewFieldElement(14951071826451735988)},
{NewFieldElement(4322887569225425418), NewFieldElement(1803870148496860526)},
{NewFieldElement(11933437515394389470), NewFieldElement(5432495301370703205)},
{NewFieldElement(15379632811901291758), NewFieldElement(16475440758252311235)},
{NewFieldElement(8378463548508566883), NewFieldElement(12576809460019959325)},
{NewFieldElement(6878478934798340017), NewFieldElement(16203041885409513004)},
{NewFieldElement(4704361120432029530), NewFieldElement(15619278597929334259)},
{NewFieldElement(11896486732715322997), NewFieldElement(13476483500406677625)},
{NewFieldElement(3818194554960853168), NewFieldElement(17483945143600046041)},
{NewFieldElement(16655838413972803560), NewFieldElement(7859620736875007555)},
{NewFieldElement(9466644546267012606), NewFieldElement(15636572488448679353)},
{NewFieldElement(7705051962598852604), NewFieldElement(17843247208046088041)},
}
// ArithmeticExtensionGate { num_ops: 10 }
var arithmeticExtensionGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(18152046378789398239), NewFieldElement(835198655627980634)},
{NewFieldElement(14941458349516937745), NewFieldElement(195899842055585620)},
{NewFieldElement(11444294347859626222), NewFieldElement(7618743177769594838)},
{NewFieldElement(6847392923782354441), NewFieldElement(3129968840755754688)},
{NewFieldElement(11707145384221145922), NewFieldElement(286105987739288036)},
{NewFieldElement(2582465953258947981), NewFieldElement(9032385332294381140)},
{NewFieldElement(13238521192691745149), NewFieldElement(9704746731861618809)},
{NewFieldElement(1830772271680123935), NewFieldElement(2037318884130759975)},
{NewFieldElement(5532751095564029866), NewFieldElement(11560707807043359130)},
{NewFieldElement(4749576916935014495), NewFieldElement(2144864975020203842)},
{NewFieldElement(18162899505828592791), NewFieldElement(13853020020051211390)},
{NewFieldElement(16196741394015376387), NewFieldElement(16087121152637055080)},
{NewFieldElement(15478783842112089677), NewFieldElement(8151788319455760610)},
{NewFieldElement(4962260057365923941), NewFieldElement(12155107209004037964)},
{NewFieldElement(18192514584072489162), NewFieldElement(2336293494478946065)},
{NewFieldElement(3747540982963754880), NewFieldElement(5650114101530259911)},
{NewFieldElement(17757207146926514655), NewFieldElement(13461601821205159205)},
{NewFieldElement(17921720474545785568), NewFieldElement(4718996085070502683)},
{NewFieldElement(4443998758263224376), NewFieldElement(13890461367328975727)},
{NewFieldElement(13990958094457190244), NewFieldElement(3783673559976842909)},
}
// MulExtensionGate { num_ops: 13 }
var mulExtensionGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(7181113876231745794), NewFieldElement(7868884260109104825)},
{NewFieldElement(14067639069854412134), NewFieldElement(2094238260641413106)},
{NewFieldElement(3160167686452082144), NewFieldElement(15508587061137009544)},
{NewFieldElement(2701966180261760724), NewFieldElement(49742798193009777)},
{NewFieldElement(16965594259972472645), NewFieldElement(15119035756932709035)},
{NewFieldElement(8587305003975146248), NewFieldElement(11788991692426475292)},
{NewFieldElement(13134841191650990099), NewFieldElement(12468857767882216027)},
{NewFieldElement(5079312787147663415), NewFieldElement(315076378722635206)},
{NewFieldElement(4656603487897834248), NewFieldElement(4455086801173740459)},
{NewFieldElement(3630077482584148572), NewFieldElement(3283664780554963370)},
{NewFieldElement(1781217475359761081), NewFieldElement(17627776820166298232)},
{NewFieldElement(5917159494270473360), NewFieldElement(6025450051539258087)},
{NewFieldElement(6450855110748081528), NewFieldElement(7446684637376438458)},
{NewFieldElement(8607810652222212781), NewFieldElement(7298919685405344815)},
{NewFieldElement(13906434081686233303), NewFieldElement(13101189135710264580)},
{NewFieldElement(6489826249831576523), NewFieldElement(11224737887667008267)},
{NewFieldElement(3580221348553931303), NewFieldElement(4662435202527050543)},
{NewFieldElement(7286527320055156837), NewFieldElement(15670292738296412147)},
{NewFieldElement(2095892346123668330), NewFieldElement(5572639395382198548)},
{NewFieldElement(11836511250144945185), NewFieldElement(6212767141717037414)},
{NewFieldElement(12781535798978127236), NewFieldElement(14467390350363203888)},
{NewFieldElement(2635017860820288214), NewFieldElement(6092079726747224779)},
{NewFieldElement(18057143820634196774), NewFieldElement(16137749920970128474)},
{NewFieldElement(16754543715625171524), NewFieldElement(15674433195919785024)},
{NewFieldElement(2135423350522303111), NewFieldElement(32407260862438164)},
{NewFieldElement(14956506296276270245), NewFieldElement(1145919757338314609)},
}
// ExponentiationGate { num_power_bits: 67, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>
var exponentiationGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(11917134172330913896), NewFieldElement(17387498340632768165)},
{NewFieldElement(1312379412936626785), NewFieldElement(8487972230502205858)},
{NewFieldElement(1034346392193469803), NewFieldElement(10387255969849204765)},
{NewFieldElement(8975374558919785259), NewFieldElement(8379061308496297909)},
{NewFieldElement(5137354887085653470), NewFieldElement(18342299770587131344)},
{NewFieldElement(11284168756796657450), NewFieldElement(13822895496426653701)},
{NewFieldElement(235168160386175185), NewFieldElement(17356178727442490793)},
{NewFieldElement(11012326969983488833), NewFieldElement(13315935561725076264)},
{NewFieldElement(11064160789252923988), NewFieldElement(243775009899162201)},
{NewFieldElement(17368303548433332975), NewFieldElement(15625080509274199608)},
{NewFieldElement(5849122830228985352), NewFieldElement(5103229940930953650)},
{NewFieldElement(14713362802405597126), NewFieldElement(8157398625845036781)},
{NewFieldElement(16495373179302807753), NewFieldElement(4597863041430416411)},
{NewFieldElement(3274329863393011112), NewFieldElement(8955190641874111502)},
{NewFieldElement(4704531612240997322), NewFieldElement(2253948388369651634)},
{NewFieldElement(13333514818352143222), NewFieldElement(4999457874559250243)},
{NewFieldElement(2284463506187861590), NewFieldElement(13765412523042072026)},
{NewFieldElement(16636340184626646426), NewFieldElement(3174763529046637372)},
{NewFieldElement(5336400619848923540), NewFieldElement(10513883740898299385)},
{NewFieldElement(14200134528033869480), NewFieldElement(11039588311485209657)},
{NewFieldElement(18377155443679293884), NewFieldElement(13521764320839726823)},
{NewFieldElement(242773453939591946), NewFieldElement(6326451192242543829)},
{NewFieldElement(1296949085249594883), NewFieldElement(7990211688523987915)},
{NewFieldElement(5510982641888481009), NewFieldElement(10552089306004766754)},
{NewFieldElement(10914255593671877946), NewFieldElement(18175495064507840841)},
{NewFieldElement(7575617967752753230), NewFieldElement(9665518441862148402)},
{NewFieldElement(14351249981525100362), NewFieldElement(5763278800672952095)},
{NewFieldElement(16319397571073742470), NewFieldElement(1318308384414985616)},
{NewFieldElement(12030088917335470405), NewFieldElement(6668172884819717021)},
{NewFieldElement(17509060699703766693), NewFieldElement(1489607021074587548)},
{NewFieldElement(1096695845774334385), NewFieldElement(6122861634465429123)},
{NewFieldElement(13460252757128783693), NewFieldElement(17777045084091738197)},
{NewFieldElement(14557885155010631641), NewFieldElement(4298885986874834349)},
{NewFieldElement(3635088766034344822), NewFieldElement(8827496887313967507)},
{NewFieldElement(6550916348715580989), NewFieldElement(4180030543088252998)},
{NewFieldElement(16051569484464055768), NewFieldElement(2121040925634405127)},
{NewFieldElement(1788913367411914907), NewFieldElement(10745316805250218547)},
{NewFieldElement(4832917661842853637), NewFieldElement(1148465658973892394)},
{NewFieldElement(9162757057100424164), NewFieldElement(7814738929773741429)},
{NewFieldElement(13840071942242698046), NewFieldElement(12500211120922811757)},
{NewFieldElement(10699948139249128560), NewFieldElement(4891144553679573560)},
{NewFieldElement(14602444997841482522), NewFieldElement(17017251371157941125)},
{NewFieldElement(586839629673374241), NewFieldElement(3363863469002405744)},
{NewFieldElement(9011045001648305113), NewFieldElement(7085187243048562102)},
{NewFieldElement(13032999395920684322), NewFieldElement(6189400872664562846)},
{NewFieldElement(8971070287177655421), NewFieldElement(12582676780734324056)},
{NewFieldElement(558400378011382278), NewFieldElement(6298195151594790629)},
{NewFieldElement(17192073729541567806), NewFieldElement(5497805500866221538)},
{NewFieldElement(5728605922884243514), NewFieldElement(18070340533610014206)},
{NewFieldElement(15473455953886985277), NewFieldElement(11635823818659992567)},
{NewFieldElement(7477545430207969908), NewFieldElement(2742755471302540300)},
{NewFieldElement(12407179232895419141), NewFieldElement(17302315821428133291)},
{NewFieldElement(12858531909631903407), NewFieldElement(14746185565916474858)},
{NewFieldElement(12872867896453911017), NewFieldElement(6563250576201773751)},
{NewFieldElement(3384183107205264844), NewFieldElement(11512795156033923138)},
{NewFieldElement(8430135350637925522), NewFieldElement(10199901650713033996)},
{NewFieldElement(11167364659650598214), NewFieldElement(447394121422751322)},
{NewFieldElement(4931438368828291722), NewFieldElement(16717867949669373753)},
{NewFieldElement(5151270559741115914), NewFieldElement(45949586886299827)},
{NewFieldElement(11159644559144981603), NewFieldElement(2120703503452727949)},
{NewFieldElement(8830601119784247875), NewFieldElement(8542262650554393830)},
{NewFieldElement(6142186624494698182), NewFieldElement(7120939306807396235)},
{NewFieldElement(11716893898091265261), NewFieldElement(4311673012489504666)},
{NewFieldElement(2133003157459487893), NewFieldElement(1909522153859214178)},
{NewFieldElement(427412581044646901), NewFieldElement(15454912207372224939)},
{NewFieldElement(1842301960762096227), NewFieldElement(12476329615991638721)},
{NewFieldElement(696538585954127499), NewFieldElement(2702122491633241201)},
{NewFieldElement(5755584054765687076), NewFieldElement(5430280214517080555)},
}
// CosetInterpolationGate { subgroup_bits: 4, degree: 6, barycentric_weights: [17293822565076172801, 18374686475376656385, 18446744069413535745, 281474976645120, 17592186044416, 18446744069414584577, 18446744000695107601, 18446744065119617025, 1152921504338411520, 72057594037927936, 18446744069415632897, 18446462594437939201, 18446726477228539905, 18446744069414584065, 68719476720, 4294967296], _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>
var cosetInterpolationGateExpectedConstraints = []QuadraticExtension{
{NewFieldElement(13782516617623808439), NewFieldElement(15116825128522139629)},
{NewFieldElement(10605488313706531843), NewFieldElement(16124703860676816956)},
{NewFieldElement(2725554495824998780), NewFieldElement(13477621298303015045)},
{NewFieldElement(2936187345854242438), NewFieldElement(5827982872566017395)},
{NewFieldElement(11223822863576777799), NewFieldElement(2143123911507599653)},
{NewFieldElement(4839015650475288776), NewFieldElement(745790217755162273)},
{NewFieldElement(2205634412980832213), NewFieldElement(15767892564871259137)},
{NewFieldElement(9091626478775122653), NewFieldElement(9730482292097571809)},
{NewFieldElement(10636787321971723634), NewFieldElement(14666593583448965088)},
{NewFieldElement(7179924177530514890), NewFieldElement(10610536358289043895)},
{NewFieldElement(15067680125330943902), NewFieldElement(17960901266185771082)},
{NewFieldElement(5184847499291037169), NewFieldElement(16061742535733361053)},
}
type TestGateCircuit struct {
testGate gate
expectedConstraints []QuadraticExtension
}
func (circuit *TestGateCircuit) Define(api frontend.API) error {
commonCircuitData := DeserializeCommonCircuitData("./data/recursive_step/common_circuit_data.json")
numSelectors := len(commonCircuitData.SelectorsInfo.groups)
fieldAPI := NewFieldAPI(api)
qeAPI := NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
plonkChip := NewPlonkChip(api, qeAPI, commonCircuitData)
vars := EvaluationVars{localConstants: localConstants[numSelectors:], localWires: localWires, publicInputsHash: publicInputsHash}
constraints := circuit.testGate.EvalUnfiltered(plonkChip, vars)
if len(constraints) != len(circuit.expectedConstraints) {
return errors.New("gate constraints length mismatch")
}
for i := 0; i < len(constraints); i++ {
qeAPI.AssertIsEqual(constraints[i], circuit.expectedConstraints[i])
}
return nil
}
func TestGates(t *testing.T) {
assert := test.NewAssert(t)
testCase := func(testGate gate, expectedConstraints []QuadraticExtension) {
circuit := &TestGateCircuit{testGate: testGate, expectedConstraints: expectedConstraints}
witness := &TestGateCircuit{testGate: testGate, expectedConstraints: expectedConstraints}
err := test.IsSolved(circuit, witness, TEST_CURVE.ScalarField())
assert.NoError(err)
}
type gateTest struct {
testGate gate
expectedConstraints []QuadraticExtension
}
gateTests := []gateTest{
{&PublicInputGate{}, publicInputGateExpectedConstraints},
{&ArithmeticGate{numOps: 20}, arithmeticGateExpectedConstraints},
{&BaseSumGate{numLimbs: 63, base: 2}, baseSumGateExpectedConstraints},
{&RandomAccessGate{bits: 4, numCopies: 4, numExtraConstants: 2}, randomAccessGateExpectedConstraints},
{&PoseidonGate{}, poseidonGateExpectedConstraints},
{&ArithmeticExtensionGate{numOps: 10}, arithmeticExtensionGateExpectedConstraints},
{&MultiplicationExtensionGate{numOps: 13}, mulExtensionGateExpectedConstraints},
{&ReducingExtensionGate{numCoeffs: 33}, reducingExtensionGateExpectedConstraints},
{&ReducingGate{numCoeffs: 44}, reducingGateExpectedConstraints},
{&ExponentiationGate{numPowerBits: 67}, exponentiationGateExpectedConstraints},
{&CosetInterpolationGate{
subgroupBits: 4,
degree: 6,
barycentricWeights: []goldilocks.Element{
goldilocks.NewElement(17293822565076172801),
goldilocks.NewElement(18374686475376656385),
goldilocks.NewElement(18446744069413535745),
goldilocks.NewElement(281474976645120),
goldilocks.NewElement(17592186044416),
goldilocks.NewElement(18446744069414584577),
goldilocks.NewElement(18446744000695107601),
goldilocks.NewElement(18446744065119617025),
goldilocks.NewElement(1152921504338411520),
goldilocks.NewElement(72057594037927936),
goldilocks.NewElement(18446744069415632897),
goldilocks.NewElement(18446462594437939201),
goldilocks.NewElement(18446726477228539905),
goldilocks.NewElement(18446744069414584065),
goldilocks.NewElement(68719476720),
goldilocks.NewElement(4294967296),
},
}, cosetInterpolationGateExpectedConstraints},
}
for _, test := range gateTests {
testCase(
test.testGate,
test.expectedConstraints,
)
}
}

28
plonky2_verifier/noop_gate.go
View File

@ -1,28 +0,0 @@
package plonky2_verifier
import (
. "gnark-plonky2-verifier/field"
"regexp"
)
var noopGateRegex = regexp.MustCompile("NoopGate")
func deserializeNoopGate(parameters map[string]string) gate {
// Has the format "NoopGate"
return NewNoopGate()
}
type NoopGate struct {
}
func NewNoopGate() *NoopGate {
return &NoopGate{}
}
func (g *NoopGate) Id() string {
return "NoopGate"
}
func (g *NoopGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
return []QuadraticExtension{}
}

17
plonky2_verifier/selectors.go
View File

@ -1,17 +0,0 @@
package plonky2_verifier
const UNUSED_SELECTOR = uint64(^uint32(0)) // max uint32
type Range struct {
start uint64
end uint64
}
type SelectorsInfo struct {
selectorIndices []uint64
groups []Range
}
func (s *SelectorsInfo) NumSelectors() uint64 {
return uint64(len(s.groups))
}

129
plonky2_verifier/structs.go
View File

@ -1,129 +0,0 @@
package plonky2_verifier
import (
. "gnark-plonky2-verifier/field"
)
type MerkleCap = []Hash
type MerkleProof struct {
Siblings []Hash
}
type EvalProof struct {
Elements []F
MerkleProof MerkleProof
}
type FriInitialTreeProof struct {
EvalsProofs []EvalProof
}
type FriQueryStep struct {
Evals []QuadraticExtension
MerkleProof MerkleProof
}
type FriQueryRound struct {
InitialTreesProof FriInitialTreeProof
Steps []FriQueryStep
}
type PolynomialCoeffs struct {
Coeffs []QuadraticExtension
}
type FriProof struct {
CommitPhaseMerkleCaps []MerkleCap
QueryRoundProofs []FriQueryRound
FinalPoly PolynomialCoeffs
PowWitness F
}
type OpeningSet struct {
Constants []QuadraticExtension
PlonkSigmas []QuadraticExtension
Wires []QuadraticExtension
PlonkZs []QuadraticExtension
PlonkZsNext []QuadraticExtension
PartialProducts []QuadraticExtension
QuotientPolys []QuadraticExtension
}
type Proof struct {
WiresCap MerkleCap
PlonkZsPartialProductsCap MerkleCap
QuotientPolysCap MerkleCap
Openings OpeningSet
OpeningProof FriProof
}
type ProofWithPublicInputs struct {
Proof Proof
PublicInputs []F
}
type VerifierOnlyCircuitData struct {
ConstantSigmasCap MerkleCap
CircuitDigest Hash
}
type FriConfig struct {
RateBits uint64
CapHeight uint64
ProofOfWorkBits uint64
NumQueryRounds uint64
// TODO: add FriReductionStrategy
}
func (fc *FriConfig) rate() float64 {
return 1.0 / float64((uint64(1) << fc.RateBits))
}
type FriParams struct {
Config FriConfig
Hiding bool
DegreeBits uint64
ReductionArityBits []uint64
}
type CircuitConfig struct {
NumWires uint64
NumRoutedWires uint64
NumConstants uint64
UseBaseArithmeticGate bool
SecurityBits uint64
NumChallenges uint64
ZeroKnowledge bool
MaxQuotientDegreeFactor uint64
FriConfig FriConfig
}
type CommonCircuitData struct {
Config CircuitConfig
FriParams FriParams
Gates []gate
SelectorsInfo SelectorsInfo
DegreeBits uint64
QuotientDegreeFactor uint64
NumGateConstraints uint64
NumConstants uint64
NumPublicInputs uint64
KIs []F
NumPartialProducts uint64
}
type ProofChallenges struct {
PlonkBetas []F
PlonkGammas []F
PlonkAlphas []F
PlonkZeta QuadraticExtension
FriChallenges FriChallenges
}
type FriChallenges struct {
FriAlpha QuadraticExtension
FriBetas []QuadraticExtension
FriPowResponse F
FriQueryIndices []F
}

15
plonky2_verifier/utils.go
View File

@ -1,15 +0,0 @@
package plonky2_verifier
import (
"fmt"
"math/bits"
)
// Computes `log_2(n)`, panicking if `n` is not a power of two.
func log2Strict(n uint) int {
res := bits.TrailingZeros(n)
if n>>res != 1 {
panic(fmt.Sprintf("Not a power of two: %d", n))
}
return res
}

29
plonky2_verifier/vars.go
View File

@ -1,29 +0,0 @@
package plonky2_verifier
import (
. "gnark-plonky2-verifier/field"
)
type EvaluationVars struct {
localConstants []QuadraticExtension
localWires []QuadraticExtension
publicInputsHash Hash
}
func (e *EvaluationVars) RemovePrefix(numSelectors uint64) {
e.localConstants = e.localConstants[numSelectors:]
}
func (e *EvaluationVars) GetLocalExtAlgebra(wireRange Range) QEAlgebra {
// For now, only support degree 2
if wireRange.end-wireRange.start != D {
panic("Range must be of size D")
}
var ret QEAlgebra
for i := wireRange.start; i < wireRange.end; i++ {
ret[i-wireRange.start] = e.localWires[i]
}
return ret
}

334
plonky2_verifier/verifier_test.go
View File

@ -1,334 +0,0 @@
package plonky2_verifier
import (
. "gnark-plonky2-verifier/field"
. "gnark-plonky2-verifier/poseidon"
"testing"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
)
type TestVerifierChallengesCircuit struct {
fieldAPI frontend.API `gnark:"-"`
qeAPI *QuadraticExtensionAPI `gnark:"-"`
hashAPI *HashAPI `gnark:"-"`
proofWithPIsFilename string `gnark:"-"`
commonCircuitDataFilename string `gnark:"-"`
verifierOnlyCircuitDataFilename string `gnark:"-"`
numChallenges uint64 `gnark:"-"`
numFriQueries uint64 `gnark:"-"`
t *testing.T `gnark:"-"`
expectedPublicInputsHash Hash
expectedPlonkBetas []F // slice length == num challenges
expectedPlonkGammas []F // slice length == num challenges
expectedPlonkAlphas []F // slice length == num challenges
expectedPlonkZeta QuadraticExtension
expectedFriAlpha QuadraticExtension
expectedFriBetas []QuadraticExtension // slice length == num fri rounds
expectedFriQueryIndices []F // slice length == num fri queries
verifierChip *VerifierChip
}
func (c *TestVerifierChallengesCircuit) GetChallengesSanityCheck(
proofWithPis ProofWithPublicInputs,
verifierData VerifierOnlyCircuitData,
commonData CommonCircuitData,
) {
publicInputsHash := c.verifierChip.GetPublicInputsHash(proofWithPis.PublicInputs)
proofChallenges := c.verifierChip.GetChallenges(proofWithPis, publicInputsHash, commonData, verifierData)
c.hashAPI.AssertIsEqualHash(publicInputsHash, c.expectedPublicInputsHash)
if len(proofChallenges.PlonkBetas) != int(c.numChallenges) {
c.t.Errorf("len(PlonkBetas) should equal numChallenges")
}
for i := 0; i < int(c.numChallenges); i++ {
c.fieldAPI.AssertIsEqual(proofChallenges.PlonkBetas[i], c.expectedPlonkBetas[i])
}
if len(proofChallenges.PlonkGammas) != int(c.numChallenges) {
c.t.Errorf("len(PlonkGammas) should equal numChallenges")
}
for i := 0; i < int(c.numChallenges); i++ {
c.fieldAPI.AssertIsEqual(proofChallenges.PlonkGammas[i], c.expectedPlonkGammas[i])
}
if len(proofChallenges.PlonkAlphas) != int(c.numChallenges) {
c.t.Errorf("len(PlonkAlphas) should equal numChallenges")
}
for i := 0; i < int(c.numChallenges); i++ {
c.fieldAPI.AssertIsEqual(proofChallenges.PlonkAlphas[i], c.expectedPlonkAlphas[i])
}
c.qeAPI.AssertIsEqual(proofChallenges.PlonkZeta, c.expectedPlonkZeta)
c.qeAPI.AssertIsEqual(proofChallenges.FriChallenges.FriAlpha, c.expectedFriAlpha)
if len(proofChallenges.FriChallenges.FriBetas) != len(commonData.FriParams.ReductionArityBits) {
c.t.Errorf("len(PlonkAlphas) should equal num fri rounds")
}
for i := 0; i < len(commonData.FriParams.ReductionArityBits); i++ {
c.qeAPI.AssertIsEqual(proofChallenges.FriChallenges.FriBetas[i], c.expectedFriBetas[i])
}
// This test is commented out because pow_witness is randomized between runs of the prover.
// expectedPowResponse := NewFieldElementFromString("92909863298412")
// c.field.AssertIsEqual(proofChallenges.FriChallenges.FriPowResponse, expectedPowResponse)
if len(proofChallenges.FriChallenges.FriQueryIndices) != int(c.numFriQueries) {
c.t.Errorf("len(expectedFriQueryIndices) should equal num fri queries")
}
for i := 0; i < int(c.numFriQueries); i++ {
c.fieldAPI.AssertIsEqual(c.expectedFriQueryIndices[i], proofChallenges.FriChallenges.FriQueryIndices[i])
}
}
func (c *TestVerifierChallengesCircuit) Define(api frontend.API) error {
proofWithPis := DeserializeProofWithPublicInputs(c.proofWithPIsFilename)
commonCircuitData := DeserializeCommonCircuitData(c.commonCircuitDataFilename)
verfierOnlyCircuitData := DeserializeVerifierOnlyCircuitData(c.verifierOnlyCircuitDataFilename)
c.numChallenges = commonCircuitData.Config.NumChallenges
c.numFriQueries = commonCircuitData.FriParams.Config.NumQueryRounds
c.fieldAPI = NewFieldAPI(api)
c.qeAPI = NewQuadraticExtensionAPI(c.fieldAPI, commonCircuitData.DegreeBits)
c.hashAPI = NewHashAPI(c.fieldAPI)
poseidonChip := NewPoseidonChip(api, c.fieldAPI, c.qeAPI)
c.verifierChip = &VerifierChip{api: api, fieldAPI: c.fieldAPI, qeAPI: c.qeAPI, poseidonChip: poseidonChip}
c.GetChallengesSanityCheck(proofWithPis, verfierOnlyCircuitData, commonCircuitData)
return nil
}
func TestFibonacciVerifierWitness(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestVerifierChallengesCircuit{
proofWithPIsFilename: "./data/fibonacci/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/fibonacci/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/fibonacci/verifier_only_circuit_data.json",
t: t,
expectedPublicInputsHash: Hash{
NewFieldElementFromString("8416658900775745054"),
NewFieldElementFromString("12574228347150446423"),
NewFieldElementFromString("9629056739760131473"),
NewFieldElementFromString("3119289788404190010"),
},
expectedPlonkBetas: []F{
NewFieldElementFromString("4678728155650926271"),
NewFieldElementFromString("13611962404289024887"),
},
expectedPlonkGammas: []F{
NewFieldElementFromString("13237663823305715949"),
NewFieldElementFromString("15389314098328235145"),
},
expectedPlonkAlphas: []F{
NewFieldElementFromString("14505919539124304197"),
NewFieldElementFromString("1695455639263736117"),
},
expectedPlonkZeta: QuadraticExtension{
NewFieldElementFromString("14887793628029982930"),
NewFieldElementFromString("1136137158284059037"),
},
expectedFriAlpha: QuadraticExtension{
NewFieldElementFromString("14641715242626918707"),
NewFieldElementFromString("10574243340537902930"),
},
expectedFriBetas: []QuadraticExtension{},
expectedFriQueryIndices: []F{
NewFieldElement(6790812084677375942),
NewFieldElement(12394212020331474798),
NewFieldElement(16457600747000998582),
NewFieldElement(1543271328932331916),
NewFieldElement(12115726870906958644),
NewFieldElement(6775897107605342797),
NewFieldElement(15989401564746021030),
NewFieldElement(10691676456016926845),
NewFieldElement(1632499470630032007),
NewFieldElement(1317292355445098328),
NewFieldElement(18391440812534384252),
NewFieldElement(17321705613231354333),
NewFieldElement(6176487551308859603),
NewFieldElement(7119835651572002873),
NewFieldElement(3903019169623116693),
NewFieldElement(4886491111111487546),
NewFieldElement(4087641893164620518),
NewFieldElement(13801643080324181364),
NewFieldElement(16993775312274189321),
NewFieldElement(9268202926222765679),
NewFieldElement(10683001302406181735),
NewFieldElement(13359465725531647963),
NewFieldElement(4523327590105620849),
NewFieldElement(4883588003760409588),
NewFieldElement(187699146998097671),
NewFieldElement(14489263557623716717),
NewFieldElement(11748359318238148146),
NewFieldElement(13636347200053048758),
},
}
witness := TestVerifierChallengesCircuit{}
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}
func TestDummyVerifierWitness(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestVerifierChallengesCircuit{
proofWithPIsFilename: "./data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
t: t,
expectedPublicInputsHash: Hash{
NewFieldElementFromString("0"),
NewFieldElementFromString("0"),
NewFieldElementFromString("0"),
NewFieldElementFromString("0"),
},
expectedPlonkBetas: []F{
NewFieldElementFromString("11216469004148781751"),
NewFieldElementFromString("6201977337075152249"),
},
expectedPlonkGammas: []F{
NewFieldElementFromString("8369751006669847974"),
NewFieldElementFromString("3610024170884289835"),
},
expectedPlonkAlphas: []F{
NewFieldElementFromString("970160439138448145"),
NewFieldElementFromString("2402201283787401921"),
},
expectedPlonkZeta: QuadraticExtension{
NewFieldElementFromString("17377750363769967882"),
NewFieldElementFromString("11921191651424768462"),
},
expectedFriAlpha: QuadraticExtension{
NewFieldElementFromString("16721004555774385479"),
NewFieldElementFromString("10688151135543754663"),
},
expectedFriBetas: []QuadraticExtension{
{
NewFieldElementFromString("3312441922957827805"),
NewFieldElementFromString("15128092514958289671"),
},
{
NewFieldElementFromString("13630530769060141802"),
NewFieldElementFromString("14559883974933163008"),
},
{
NewFieldElementFromString("16146508250083930687"),
NewFieldElementFromString("5176346568444408396"),
},
},
expectedFriQueryIndices: []F{
NewFieldElement(16334967868590615051),
NewFieldElement(2911473540496037915),
NewFieldElement(14887216056886344225),
NewFieldElement(7808811227805914295),
NewFieldElement(2018594961417375749),
NewFieldElement(3733368398777208435),
NewFieldElement(2623035669037055104),
NewFieldElement(299243030573481514),
NewFieldElement(7189789717962704433),
NewFieldElement(14566344026886816268),
NewFieldElement(12555390069003437453),
NewFieldElement(17225508403199418233),
NewFieldElement(5088797913879903292),
NewFieldElement(9715691392773433023),
NewFieldElement(7565836764713256165),
NewFieldElement(1500143546029322929),
NewFieldElement(1245802417104422080),
NewFieldElement(6831959786661245110),
NewFieldElement(17271054758535453780),
NewFieldElement(6225460404576395409),
NewFieldElement(15932661092896277351),
NewFieldElement(12452534049198240575),
NewFieldElement(4225199666055520177),
NewFieldElement(13235091290587791090),
NewFieldElement(2562357622728700774),
NewFieldElement(17676678042980201498),
NewFieldElement(5837067135702409874),
NewFieldElement(11238419549114325157),
},
}
witness := TestVerifierChallengesCircuit{} // No real witness as the test circuit's Define function will inject in the witness
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}
type TestVerifierCircuit struct {
proofWithPIsFilename string `gnark:"-"`
commonCircuitDataFilename string `gnark:"-"`
verifierOnlyCircuitDataFilename string `gnark:"-"`
}
func (c *TestVerifierCircuit) Define(api frontend.API) error {
proofWithPis := DeserializeProofWithPublicInputs(c.proofWithPIsFilename)
commonCircuitData := DeserializeCommonCircuitData(c.commonCircuitDataFilename)
verfierOnlyCircuitData := DeserializeVerifierOnlyCircuitData(c.verifierOnlyCircuitDataFilename)
fieldAPI := NewFieldAPI(api)
qeAPI := NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
hashAPI := NewHashAPI(fieldAPI)
poseidonChip := NewPoseidonChip(api, fieldAPI, qeAPI)
plonkChip := NewPlonkChip(api, qeAPI, commonCircuitData)
friChip := NewFriChip(api, fieldAPI, qeAPI, hashAPI, poseidonChip, &commonCircuitData.FriParams)
verifierChip := VerifierChip{
api: api,
fieldAPI: fieldAPI,
qeAPI: qeAPI,
poseidonChip: poseidonChip,
plonkChip: plonkChip,
friChip: friChip,
}
verifierChip.Verify(proofWithPis, verfierOnlyCircuitData, commonCircuitData)
return nil
}
func TestDummyVerifier(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestVerifierCircuit{
proofWithPIsFilename: "./data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
}
witness := TestVerifierCircuit{}
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}

21
plonky2_verifier/hash.go → poseidon/hash.go
View File

@ -1,12 +1,12 @@
package plonky2_verifier
package poseidon
import (
"fmt"
. "gnark-plonky2-verifier/field"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
type Hash = [4]field.F
type HashAPI struct {
fieldAPI frontend.API
}
@ -22,7 +22,7 @@ func NewHashAPI(
func (h *HashAPI) SelectHash(bit frontend.Variable, leftHash, rightHash Hash) Hash {
var returnHash Hash
for i := 0; i < 4; i++ {
returnHash[i] = h.fieldAPI.Select(bit, leftHash[i], rightHash[i]).(F)
returnHash[i] = h.fieldAPI.Select(bit, leftHash[i], rightHash[i]).(field.F)
}
return returnHash
@ -32,7 +32,7 @@ func (h *HashAPI) Lookup2Hash(b0 frontend.Variable, b1 frontend.Variable, h0, h1
var returnHash Hash
for i := 0; i < 4; i++ {
returnHash[i] = h.fieldAPI.Lookup2(b0, b1, h0[i], h1[i], h2[i], h3[i]).(F)
returnHash[i] = h.fieldAPI.Lookup2(b0, b1, h0[i], h1[i], h2[i], h3[i]).(field.F)
}
return returnHash
@ -44,9 +44,10 @@ func (h *HashAPI) AssertIsEqualHash(h1, h2 Hash) {
}
}
func (h *HashAPI) PrintHash(hash Hash) {
for i := 0; i < 4; i++ {
fmt.Println("Hash Limb", i)
h.fieldAPI.Println(hash[i])
func Uint64ArrayToHashArray(input [][]uint64) []Hash {
var output []Hash
for i := 0; i < len(input); i++ {
output = append(output, [4]field.F{field.NewFieldElement(input[i][0]), field.NewFieldElement(input[i][1]), field.NewFieldElement(input[i][2]), field.NewFieldElement(input[i][3])})
}
return output
}

77
poseidon/poseidon.go
View File

@ -1,9 +1,8 @@
package poseidon
import (
. "gnark-plonky2-verifier/field"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
const HALF_N_FULL_ROUNDS = 4
@ -14,16 +13,16 @@ const MAX_WIDTH = 12
const SPONGE_WIDTH = 12
const SPONGE_RATE = 8
type PoseidonState = [SPONGE_WIDTH]F
type PoseidonStateExtension = [SPONGE_WIDTH]QuadraticExtension
type PoseidonState = [SPONGE_WIDTH]field.F
type PoseidonStateExtension = [SPONGE_WIDTH]field.QuadraticExtension
type PoseidonChip struct {
api frontend.API `gnark:"-"`
fieldAPI frontend.API `gnark:"-"`
qeAPI *QuadraticExtensionAPI `gnark:"-"`
api frontend.API `gnark:"-"`
fieldAPI frontend.API `gnark:"-"`
qeAPI *field.QuadraticExtensionAPI `gnark:"-"`
}
func NewPoseidonChip(api frontend.API, fieldAPI frontend.API, qeAPI *QuadraticExtensionAPI) *PoseidonChip {
func NewPoseidonChip(api frontend.API, fieldAPI frontend.API, qeAPI *field.QuadraticExtensionAPI) *PoseidonChip {
return &PoseidonChip{api: api, fieldAPI: fieldAPI, qeAPI: qeAPI}
}
@ -36,11 +35,11 @@ func (c *PoseidonChip) Poseidon(input PoseidonState) PoseidonState {
return state
}
func (c *PoseidonChip) HashNToMNoPad(input []F, nbOutputs int) []F {
func (c *PoseidonChip) HashNToMNoPad(input []field.F, nbOutputs int) []field.F {
var state PoseidonState
for i := 0; i < SPONGE_WIDTH; i++ {
state[i] = ZERO_F
state[i] = field.ZERO_F
}
for i := 0; i < len(input); i += SPONGE_RATE {
@ -52,7 +51,7 @@ func (c *PoseidonChip) HashNToMNoPad(input []F, nbOutputs int) []F {
state = c.Poseidon(state)
}
var outputs []F
var outputs []field.F
for {
for i := 0; i < SPONGE_RATE; i++ {
@ -65,7 +64,7 @@ func (c *PoseidonChip) HashNToMNoPad(input []F, nbOutputs int) []F {
}
}
func (c *PoseidonChip) HashNoPad(input []F) Hash {
func (c *PoseidonChip) HashNoPad(input []field.F) Hash {
var hash Hash
copy(hash[:], c.HashNToMNoPad(input, 4))
return hash
@ -87,7 +86,7 @@ func (c *PoseidonChip) PartialRounds(state PoseidonState, roundCounter *int) Pos
for i := 0; i < N_PARTIAL_ROUNDS; i++ {
state[0] = c.SBoxMonomial(state[0])
state[0] = c.fieldAPI.Add(state[0], FAST_PARTIAL_ROUND_CONSTANTS[i]).(F)
state[0] = c.fieldAPI.Add(state[0], FAST_PARTIAL_ROUND_CONSTANTS[i]).(field.F)
state = c.MdsPartialLayerFast(state, i)
}
@ -99,8 +98,8 @@ func (c *PoseidonChip) PartialRounds(state PoseidonState, roundCounter *int) Pos
func (c *PoseidonChip) ConstantLayer(state PoseidonState, roundCounter *int) PoseidonState {
for i := 0; i < 12; i++ {
if i < SPONGE_WIDTH {
roundConstant := NewFieldElement(ALL_ROUND_CONSTANTS[i+SPONGE_WIDTH*(*roundCounter)])
state[i] = c.fieldAPI.Add(state[i], roundConstant).(F)
roundConstant := field.NewFieldElement(ALL_ROUND_CONSTANTS[i+SPONGE_WIDTH*(*roundCounter)])
state[i] = c.fieldAPI.Add(state[i], roundConstant).(field.F)
}
}
return state
@ -109,21 +108,21 @@ func (c *PoseidonChip) ConstantLayer(state PoseidonState, roundCounter *int) Pos
func (c *PoseidonChip) ConstantLayerExtension(state PoseidonStateExtension, roundCounter *int) PoseidonStateExtension {
for i := 0; i < 12; i++ {
if i < SPONGE_WIDTH {
roundConstant := c.qeAPI.FieldToQE(NewFieldElement(ALL_ROUND_CONSTANTS[i+SPONGE_WIDTH*(*roundCounter)]))
roundConstant := c.qeAPI.FieldToQE(field.NewFieldElement(ALL_ROUND_CONSTANTS[i+SPONGE_WIDTH*(*roundCounter)]))
state[i] = c.qeAPI.AddExtension(state[i], roundConstant)
}
}
return state
}
func (c *PoseidonChip) SBoxMonomial(x F) F {
func (c *PoseidonChip) SBoxMonomial(x field.F) field.F {
x2 := c.fieldAPI.Mul(x, x)
x4 := c.fieldAPI.Mul(x2, x2)
x3 := c.fieldAPI.Mul(x, x2)
return c.fieldAPI.Mul(x3, x4).(F)
return c.fieldAPI.Mul(x3, x4).(field.F)
}
func (c *PoseidonChip) SBoxMonomialExtension(x QuadraticExtension) QuadraticExtension {
func (c *PoseidonChip) SBoxMonomialExtension(x field.QuadraticExtension) field.QuadraticExtension {
x2 := c.qeAPI.SquareExtension(x)
x4 := c.qeAPI.SquareExtension(x2)
x3 := c.qeAPI.MulExtension(x, x2)
@ -162,18 +161,18 @@ func (c *PoseidonChip) MdsRowShf(r int, v [SPONGE_WIDTH]frontend.Variable) front
return res
}
func (c *PoseidonChip) MdsRowShfExtension(r int, v [SPONGE_WIDTH]QuadraticExtension) QuadraticExtension {
res := c.qeAPI.FieldToQE(NewFieldElement(0))
func (c *PoseidonChip) MdsRowShfExtension(r int, v [SPONGE_WIDTH]field.QuadraticExtension) field.QuadraticExtension {
res := c.qeAPI.FieldToQE(field.NewFieldElement(0))
for i := 0; i < 12; i++ {
if i < SPONGE_WIDTH {
matrixVal := c.qeAPI.FieldToQE(NewFieldElement(MDS_MATRIX_CIRC[i]))
matrixVal := c.qeAPI.FieldToQE(field.NewFieldElement(MDS_MATRIX_CIRC[i]))
res1 := c.qeAPI.MulExtension(v[(i+r)%SPONGE_WIDTH], matrixVal)
res = c.qeAPI.AddExtension(res, res1)
}
}
matrixVal := c.qeAPI.FieldToQE(NewFieldElement(MDS_MATRIX_DIAG[r]))
matrixVal := c.qeAPI.FieldToQE(field.NewFieldElement(MDS_MATRIX_DIAG[r]))
res = c.qeAPI.AddExtension(res, c.qeAPI.MulExtension(v[r], matrixVal))
return res
}
@ -181,7 +180,7 @@ func (c *PoseidonChip) MdsRowShfExtension(r int, v [SPONGE_WIDTH]QuadraticExtens
func (c *PoseidonChip) MdsLayer(state_ PoseidonState) PoseidonState {
var result PoseidonState
for i := 0; i < SPONGE_WIDTH; i++ {
result[i] = NewFieldElement(0)
result[i] = field.NewFieldElement(0)
}
var state [SPONGE_WIDTH]frontend.Variable
@ -193,7 +192,7 @@ func (c *PoseidonChip) MdsLayer(state_ PoseidonState) PoseidonState {
if r < SPONGE_WIDTH {
sum := c.MdsRowShf(r, state)
bits := c.api.ToBinary(sum)
result[r] = c.fieldAPI.FromBinary(bits).(F)
result[r] = c.fieldAPI.FromBinary(bits).(field.F)
}
}
@ -216,7 +215,7 @@ func (c *PoseidonChip) MdsLayerExtension(state_ PoseidonStateExtension) Poseidon
func (c *PoseidonChip) PartialFirstConstantLayer(state PoseidonState) PoseidonState {
for i := 0; i < 12; i++ {
if i < SPONGE_WIDTH {
state[i] = c.fieldAPI.Add(state[i], NewFieldElement(FAST_PARTIAL_FIRST_ROUND_CONSTANT[i])).(F)
state[i] = c.fieldAPI.Add(state[i], field.NewFieldElement(FAST_PARTIAL_FIRST_ROUND_CONSTANT[i])).(field.F)
}
}
return state
@ -225,7 +224,7 @@ func (c *PoseidonChip) PartialFirstConstantLayer(state PoseidonState) PoseidonSt
func (c *PoseidonChip) PartialFirstConstantLayerExtension(state PoseidonStateExtension) PoseidonStateExtension {
for i := 0; i < 12; i++ {
if i < SPONGE_WIDTH {
state[i] = c.qeAPI.AddExtension(state[i], c.qeAPI.FieldToQE(NewFieldElement(FAST_PARTIAL_FIRST_ROUND_CONSTANT[i])))
state[i] = c.qeAPI.AddExtension(state[i], c.qeAPI.FieldToQE(field.NewFieldElement(FAST_PARTIAL_FIRST_ROUND_CONSTANT[i])))
}
}
return state
@ -234,7 +233,7 @@ func (c *PoseidonChip) PartialFirstConstantLayerExtension(state PoseidonStateExt
func (c *PoseidonChip) MdsPartialLayerInit(state PoseidonState) PoseidonState {
var result PoseidonState
for i := 0; i < 12; i++ {
result[i] = NewFieldElement(0)
result[i] = field.NewFieldElement(0)
}
result[0] = state[0]
@ -243,8 +242,8 @@ func (c *PoseidonChip) MdsPartialLayerInit(state PoseidonState) PoseidonState {
if r < SPONGE_WIDTH {
for d := 1; d < 12; d++ {
if d < SPONGE_WIDTH {
t := NewFieldElement(FAST_PARTIAL_ROUND_INITIAL_MATRIX[r-1][d-1])
result[d] = c.fieldAPI.Add(result[d], c.fieldAPI.Mul(state[r], t)).(F)
t := field.NewFieldElement(FAST_PARTIAL_ROUND_INITIAL_MATRIX[r-1][d-1])
result[d] = c.fieldAPI.Add(result[d], c.fieldAPI.Mul(state[r], t)).(field.F)
}
}
}
@ -256,7 +255,7 @@ func (c *PoseidonChip) MdsPartialLayerInit(state PoseidonState) PoseidonState {
func (c *PoseidonChip) MdsPartialLayerInitExtension(state PoseidonStateExtension) PoseidonStateExtension {
var result PoseidonStateExtension
for i := 0; i < 12; i++ {
result[i] = c.qeAPI.FieldToQE(NewFieldElement(0))
result[i] = c.qeAPI.FieldToQE(field.NewFieldElement(0))
}
result[0] = state[0]
@ -265,7 +264,7 @@ func (c *PoseidonChip) MdsPartialLayerInitExtension(state PoseidonStateExtension
if r < SPONGE_WIDTH {
for d := 1; d < 12; d++ {
if d < SPONGE_WIDTH {
t := c.qeAPI.FieldToQE(NewFieldElement(FAST_PARTIAL_ROUND_INITIAL_MATRIX[r-1][d-1]))
t := c.qeAPI.FieldToQE(field.NewFieldElement(FAST_PARTIAL_ROUND_INITIAL_MATRIX[r-1][d-1]))
result[d] = c.qeAPI.AddExtension(result[d], c.qeAPI.MulExtension(state[r], t))
}
}
@ -292,15 +291,15 @@ func (c *PoseidonChip) MdsPartialLayerFast(state PoseidonState, r int) PoseidonS
var result PoseidonState
for i := 0; i < SPONGE_WIDTH; i++ {
result[i] = NewFieldElement(0)
result[i] = field.NewFieldElement(0)
}
result[0] = d.(F)
result[0] = d.(field.F)
for i := 1; i < 12; i++ {
if i < SPONGE_WIDTH {
t := NewFieldElement(FAST_PARTIAL_ROUND_VS[r][i-1])
result[i] = c.fieldAPI.Add(state[i], c.fieldAPI.Mul(state[0], t)).(F)
t := field.NewFieldElement(FAST_PARTIAL_ROUND_VS[r][i-1])
result[i] = c.fieldAPI.Add(state[i], c.fieldAPI.Mul(state[0], t)).(field.F)
}
}
@ -309,11 +308,11 @@ func (c *PoseidonChip) MdsPartialLayerFast(state PoseidonState, r int) PoseidonS
func (c *PoseidonChip) MdsPartialLayerFastExtension(state PoseidonStateExtension, r int) PoseidonStateExtension {
s0 := state[0]
mds0to0 := c.qeAPI.FieldToQE(NewFieldElement(MDS_MATRIX_CIRC[0] + MDS_MATRIX_DIAG[0]))
mds0to0 := c.qeAPI.FieldToQE(field.NewFieldElement(MDS_MATRIX_CIRC[0] + MDS_MATRIX_DIAG[0]))
d := c.qeAPI.MulExtension(s0, mds0to0)
for i := 1; i < 12; i++ {
if i < SPONGE_WIDTH {
t := c.qeAPI.FieldToQE(NewFieldElement(FAST_PARTIAL_ROUND_W_HATS[r][i-1]))
t := c.qeAPI.FieldToQE(field.NewFieldElement(FAST_PARTIAL_ROUND_W_HATS[r][i-1]))
d = c.qeAPI.AddExtension(d, c.qeAPI.MulExtension(state[i], t))
}
}
@ -322,7 +321,7 @@ func (c *PoseidonChip) MdsPartialLayerFastExtension(state PoseidonStateExtension
result[0] = d
for i := 1; i < 12; i++ {
if i < SPONGE_WIDTH {
t := c.qeAPI.FieldToQE(NewFieldElement(FAST_PARTIAL_ROUND_VS[r][i-1]))
t := c.qeAPI.FieldToQE(field.NewFieldElement(FAST_PARTIAL_ROUND_VS[r][i-1]))
result[i] = c.qeAPI.AddExtension(c.qeAPI.MulExtension(state[0], t), state[i])
}
}

19
poseidon/poseidon_test.go
View File

@ -1,15 +1,14 @@
package poseidon
import (
"gnark-plonky2-verifier/field"
. "gnark-plonky2-verifier/field"
"gnark-plonky2-verifier/utils"
"testing"
"github.com/consensys/gnark/backend/groth16"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/frontend/cs/r1cs"
"github.com/consensys/gnark/test"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/utils"
)
type TestPoseidonCircuit struct {
@ -19,11 +18,11 @@ type TestPoseidonCircuit struct {
func (circuit *TestPoseidonCircuit) Define(api frontend.API) error {
goldilocksApi := field.NewFieldAPI(api)
qeAPI := NewQuadraticExtensionAPI(goldilocksApi, 3)
qeAPI := field.NewQuadraticExtensionAPI(goldilocksApi, 3)
var input PoseidonState
for i := 0; i < 12; i++ {
input[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.In[i], 64)).(F)
input[i] = goldilocksApi.FromBinary(api.ToBinary(circuit.In[i], 64)).(field.F)
}
poseidonChip := NewPoseidonChip(api, goldilocksApi, qeAPI)
@ -32,7 +31,7 @@ func (circuit *TestPoseidonCircuit) Define(api frontend.API) error {
for i := 0; i < 12; i++ {
goldilocksApi.AssertIsEqual(
output[i],
goldilocksApi.FromBinary(api.ToBinary(circuit.Out[i])).(F),
goldilocksApi.FromBinary(api.ToBinary(circuit.Out[i])).(field.F),
)
}
@ -45,7 +44,7 @@ func TestPoseidonWitness(t *testing.T) {
testCase := func(in [12]frontend.Variable, out [12]frontend.Variable) {
circuit := TestPoseidonCircuit{In: in, Out: out}
witness := TestPoseidonCircuit{In: in, Out: out}
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
@ -79,12 +78,12 @@ func TestPoseidonProof(t *testing.T) {
circuit := TestPoseidonCircuit{In: in, Out: out}
assignment := TestPoseidonCircuit{In: in, Out: out}
r1cs, err := frontend.Compile(TEST_CURVE.ScalarField(), r1cs.NewBuilder, &circuit)
r1cs, err := frontend.Compile(field.TEST_CURVE.ScalarField(), r1cs.NewBuilder, &circuit)
if err != nil {
panic(err)
}
witness, err := frontend.NewWitness(&assignment, TEST_CURVE.ScalarField())
witness, err := frontend.NewWitness(&assignment, field.TEST_CURVE.ScalarField())
if err != nil {
panic(err)
}
@ -94,7 +93,7 @@ func TestPoseidonProof(t *testing.T) {
panic(err)
}
err = test.IsSolved(&circuit, &assignment, TEST_CURVE.ScalarField())
err = test.IsSolved(&circuit, &assignment, field.TEST_CURVE.ScalarField())
if err != nil {
panic(err)
}

12
poseidon/public_inputs_hash_test.go
View File

@ -1,13 +1,13 @@
package poseidon
import (
. "gnark-plonky2-verifier/field"
"gnark-plonky2-verifier/utils"
"testing"
"github.com/consensys/gnark-crypto/ecc"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/utils"
)
var testCurve = ecc.BN254
@ -18,12 +18,12 @@ type TestPublicInputsHashCircuit struct {
}
func (circuit *TestPublicInputsHashCircuit) Define(api frontend.API) error {
fieldAPI := NewFieldAPI(api)
fieldAPI := field.NewFieldAPI(api)
// BN254 -> Binary(64) -> F
var input [3]F
var input [3]field.F
for i := 0; i < 3; i++ {
input[i] = fieldAPI.FromBinary(api.ToBinary(circuit.In[i], 64)).(F)
input[i] = fieldAPI.FromBinary(api.ToBinary(circuit.In[i], 64)).(field.F)
}
poseidonChip := &PoseidonChip{api: api, fieldAPI: fieldAPI}
@ -33,7 +33,7 @@ func (circuit *TestPublicInputsHashCircuit) Define(api frontend.API) error {
for i := 0; i < 4; i++ {
fieldAPI.AssertIsEqual(
output[i],
fieldAPI.FromBinary(api.ToBinary(circuit.Out[i])).(F),
fieldAPI.FromBinary(api.ToBinary(circuit.Out[i])).(field.F),
)
}

26
utils/utils.go
View File

@ -1,10 +1,10 @@
package utils
import (
. "gnark-plonky2-verifier/field"
"math/big"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
func StrArrayToBigIntArray(input []string) []big.Int {
@ -25,30 +25,22 @@ func StrArrayToFrontendVariableArray(input []string) []frontend.Variable {
return output
}
func Uint64ArrayToFArray(input []uint64) []F {
var output []F
func Uint64ArrayToFArray(input []uint64) []field.F {
var output []field.F
for i := 0; i < len(input); i++ {
output = append(output, NewFieldElement(input[i]))
output = append(output, field.NewFieldElement(input[i]))
}
return output
}
func Uint64ArrayToQuadraticExtension(input []uint64) QuadraticExtension {
return [2]F{NewFieldElement(input[0]), NewFieldElement(input[1])}
func Uint64ArrayToQuadraticExtension(input []uint64) field.QuadraticExtension {
return [2]field.F{field.NewFieldElement(input[0]), field.NewFieldElement(input[1])}
}
func Uint64ArrayToQuadraticExtensionArray(input [][]uint64) []QuadraticExtension {
var output []QuadraticExtension
func Uint64ArrayToQuadraticExtensionArray(input [][]uint64) []field.QuadraticExtension {
var output []field.QuadraticExtension
for i := 0; i < len(input); i++ {
output = append(output, [2]F{NewFieldElement(input[i][0]), NewFieldElement(input[i][1])})
}
return output
}
func Uint64ArrayToHashArray(input [][]uint64) []Hash {
var output []Hash
for i := 0; i < len(input); i++ {
output = append(output, [4]F{NewFieldElement(input[i][0]), NewFieldElement(input[i][1]), NewFieldElement(input[i][2]), NewFieldElement(input[i][3])})
output = append(output, [2]field.F{field.NewFieldElement(input[i][0]), field.NewFieldElement(input[i][1])})
}
return output
}

57
verifier/common/config.go Normal file
View File

@ -0,0 +1,57 @@
package common
import (
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/gates"
)
type VerifierOnlyCircuitData struct {
ConstantSigmasCap MerkleCap
CircuitDigest poseidon.Hash
}
type CircuitConfig struct {
NumWires uint64
NumRoutedWires uint64
NumConstants uint64
UseBaseArithmeticGate bool
SecurityBits uint64
NumChallenges uint64
ZeroKnowledge bool
MaxQuotientDegreeFactor uint64
FriConfig FriConfig
}
type CommonCircuitData struct {
Config CircuitConfig
FriParams FriParams
Gates []gates.Gate
SelectorsInfo gates.SelectorsInfo
DegreeBits uint64
QuotientDegreeFactor uint64
NumGateConstraints uint64
NumConstants uint64
NumPublicInputs uint64
KIs []field.F
NumPartialProducts uint64
}
type FriConfig struct {
RateBits uint64
CapHeight uint64
ProofOfWorkBits uint64
NumQueryRounds uint64
// TODO: add FriReductionStrategy
}
func (fc *FriConfig) Rate() float64 {
return 1.0 / float64((uint64(1) << fc.RateBits))
}
type FriParams struct {
Config FriConfig
Hiding bool
DegreeBits uint64
ReductionArityBits []uint64
}

80
verifier/common/types.go Normal file
View File

@ -0,0 +1,80 @@
package common
import (
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
)
type MerkleCap = []poseidon.Hash
type MerkleProof struct {
Siblings []poseidon.Hash
}
type EvalProof struct {
Elements []field.F
MerkleProof MerkleProof
}
type PolynomialCoeffs struct {
Coeffs []field.QuadraticExtension
}
type OpeningSet struct {
Constants []field.QuadraticExtension
PlonkSigmas []field.QuadraticExtension
Wires []field.QuadraticExtension
PlonkZs []field.QuadraticExtension
PlonkZsNext []field.QuadraticExtension
PartialProducts []field.QuadraticExtension
QuotientPolys []field.QuadraticExtension
}
type Proof struct {
WiresCap MerkleCap
PlonkZsPartialProductsCap MerkleCap
QuotientPolysCap MerkleCap
Openings OpeningSet
OpeningProof FriProof
}
type ProofWithPublicInputs struct {
Proof Proof
PublicInputs []field.F
}
type ProofChallenges struct {
PlonkBetas []field.F
PlonkGammas []field.F
PlonkAlphas []field.F
PlonkZeta field.QuadraticExtension
FriChallenges FriChallenges
}
type FriInitialTreeProof struct {
EvalsProofs []EvalProof
}
type FriQueryStep struct {
Evals []field.QuadraticExtension
MerkleProof MerkleProof
}
type FriQueryRound struct {
InitialTreesProof FriInitialTreeProof
Steps []FriQueryStep
}
type FriProof struct {
CommitPhaseMerkleCaps []MerkleCap
QueryRoundProofs []FriQueryRound
FinalPoly PolynomialCoeffs
PowWitness field.F
}
type FriChallenges struct {
FriAlpha field.QuadraticExtension
FriBetas []field.QuadraticExtension
FriPowResponse field.F
FriQueryIndices []field.F
}

0
plonky2_verifier/data/dummy_2^14_gates/common_circuit_data.json → verifier/data/dummy_2^14_gates/common_circuit_data.json
View File

0
plonky2_verifier/data/dummy_2^14_gates/proof_with_public_inputs.json → verifier/data/dummy_2^14_gates/proof_with_public_inputs.json
View File

0
plonky2_verifier/data/dummy_2^14_gates/verifier_only_circuit_data.json → verifier/data/dummy_2^14_gates/verifier_only_circuit_data.json
View File

0
plonky2_verifier/data/dummy_small/common_circuit_data.json → verifier/data/dummy_small/common_circuit_data.json
View File

0
plonky2_verifier/data/dummy_small/proof_with_public_inputs.json → verifier/data/dummy_small/proof_with_public_inputs.json
View File

0
plonky2_verifier/data/dummy_small/verifier_only_circuit_data.json → verifier/data/dummy_small/verifier_only_circuit_data.json
View File

0
plonky2_verifier/data/fibonacci/common_circuit_data.json → verifier/data/fibonacci/common_circuit_data.json
View File

0
plonky2_verifier/data/fibonacci/proof_with_public_inputs.json → verifier/data/fibonacci/proof_with_public_inputs.json
View File

0
plonky2_verifier/data/fibonacci/verifier_only_circuit_data.json → verifier/data/fibonacci/verifier_only_circuit_data.json
View File

0
plonky2_verifier/data/recursive/common_circuit_data.json → verifier/data/recursive/common_circuit_data.json
View File

0
plonky2_verifier/data/recursive/proof_with_public_inputs.json → verifier/data/recursive/proof_with_public_inputs.json
View File

0
plonky2_verifier/data/recursive/verifier_only_circuit_data.json → verifier/data/recursive/verifier_only_circuit_data.json
View File

0
plonky2_verifier/data/recursive_small/common_circuit_data.json → verifier/data/recursive_small/common_circuit_data.json
View File

0
plonky2_verifier/data/recursive_small/proof_with_public_inputs.json → verifier/data/recursive_small/proof_with_public_inputs.json
View File

0
plonky2_verifier/data/recursive_small/verifier_only_circuit_data.json → verifier/data/recursive_small/verifier_only_circuit_data.json
View File

0
plonky2_verifier/data/recursive_step/common_circuit_data.json → verifier/data/recursive_step/common_circuit_data.json
View File

0
plonky2_verifier/data/recursive_step/proof_with_public_inputs.json → verifier/data/recursive_step/proof_with_public_inputs.json
View File

0
plonky2_verifier/data/recursive_step/verifier_only_circuit_data.json → verifier/data/recursive_step/verifier_only_circuit_data.json
View File

0
plonky2_verifier/data/step/common_circuit_data.json → verifier/data/step/common_circuit_data.json
View File

0
plonky2_verifier/data/step/proof_with_public_inputs.json → verifier/data/step/proof_with_public_inputs.json
View File

0
plonky2_verifier/data/step/verifier_only_circuit_data.json → verifier/data/step/verifier_only_circuit_data.json
View File

123
plonky2_verifier/fri.go → verifier/internal/fri/fri.go
View File

@ -1,37 +1,36 @@
package plonky2_verifier
package fri
import (
"fmt"
"gnark-plonky2-verifier/field"
. "gnark-plonky2-verifier/field"
"gnark-plonky2-verifier/poseidon"
"math"
"math/big"
"math/bits"
"github.com/consensys/gnark-crypto/field/goldilocks"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
)
type FriChip struct {
api frontend.API `gnark:"-"`
fieldAPI frontend.API `gnark:"-"`
qeAPI *QuadraticExtensionAPI `gnark:"-"`
hashAPI *HashAPI `gnark:"-"`
api frontend.API `gnark:"-"`
fieldAPI frontend.API `gnark:"-"`
qeAPI *field.QuadraticExtensionAPI `gnark:"-"`
hashAPI *poseidon.HashAPI `gnark:"-"`
poseidonChip *poseidon.PoseidonChip
friParams *FriParams `gnark:"-"`
verifierOnlyCircuitData *VerifierOnlyCircuitData `gnark:"-"`
friParams *common.FriParams `gnark:"-"`
}
func NewFriChip(
api frontend.API,
fieldAPI frontend.API,
qeAPI *QuadraticExtensionAPI,
hashAPI *HashAPI,
qeAPI *field.QuadraticExtensionAPI,
hashAPI *poseidon.HashAPI,
poseidonChip *poseidon.PoseidonChip,
friParams *FriParams,
friParams *common.FriParams,
) *FriChip {
return &FriChip{
api: api,
@ -43,7 +42,7 @@ func NewFriChip(
}
}
func (f *FriChip) assertLeadingZeros(powWitness F, friConfig FriConfig) {
func (f *FriChip) assertLeadingZeros(powWitness field.F, friConfig common.FriConfig) {
// Asserts that powWitness'es big-endian bit representation has at least `leading_zeros` leading zeros.
// Note that this is assuming that the Goldilocks field is being used. Specfically that the
// field is 64 bits long
@ -51,11 +50,11 @@ func (f *FriChip) assertLeadingZeros(powWitness F, friConfig FriConfig) {
f.fieldAPI.AssertIsLessOrEqual(powWitness, field.NewFieldElement(maxPowWitness))
}
func (f *FriChip) fromOpeningsAndAlpha(openings *FriOpenings, alpha QuadraticExtension) []QuadraticExtension {
func (f *FriChip) fromOpeningsAndAlpha(openings *FriOpenings, alpha field.QuadraticExtension) []field.QuadraticExtension {
// One reduced opening for all openings evaluated at point Zeta.
// Another one for all openings evaluated at point Zeta * Omega (which is only PlonkZsNext polynomial)
reducedOpenings := make([]QuadraticExtension, 0, 2)
reducedOpenings := make([]field.QuadraticExtension, 0, 2)
for _, batch := range openings.Batches {
reducedOpenings = append(reducedOpenings, f.qeAPI.ReduceWithPowers(batch.Values, alpha))
}
@ -63,8 +62,8 @@ func (f *FriChip) fromOpeningsAndAlpha(openings *FriOpenings, alpha QuadraticExt
return reducedOpenings
}
func (f *FriChip) hashOrNoop(data []F) Hash {
var elements Hash
func (f *FriChip) hashOrNoop(data []field.F) poseidon.Hash {
var elements poseidon.Hash
if len(data) <= 4 {
// Pad the data to have a size of 4
for i, inputElement := range data {
@ -90,9 +89,9 @@ func (f *FriChip) hashOrNoop(data []F) Hash {
}
}
func (f *FriChip) verifyMerkleProofToCapWithCapIndex(leafData []F, leafIndexBits []frontend.Variable, capIndexBits []frontend.Variable, merkleCap MerkleCap, proof *MerkleProof) {
func (f *FriChip) verifyMerkleProofToCapWithCapIndex(leafData []field.F, leafIndexBits []frontend.Variable, capIndexBits []frontend.Variable, merkleCap common.MerkleCap, proof *common.MerkleProof) {
currentDigest := f.hashOrNoop(leafData)
fourZeros := [4]F{field.ZERO_F, field.ZERO_F, field.ZERO_F, field.ZERO_F}
fourZeros := [4]field.F{field.ZERO_F, field.ZERO_F, field.ZERO_F, field.ZERO_F}
for i, sibling := range proof.Siblings {
bit := leafIndexBits[i]
@ -103,7 +102,7 @@ func (f *FriChip) verifyMerkleProofToCapWithCapIndex(leafData []F, leafIndexBits
leftHash := f.poseidonChip.Poseidon(leftSiblingState)
var leftHashCompress Hash
var leftHashCompress poseidon.Hash
leftHashCompress[0] = leftHash[0]
leftHashCompress[1] = leftHash[1]
leftHashCompress[2] = leftHash[2]
@ -116,7 +115,7 @@ func (f *FriChip) verifyMerkleProofToCapWithCapIndex(leafData []F, leafIndexBits
rightHash := f.poseidonChip.Poseidon(rightSiblingState)
var rightHashCompress Hash
var rightHashCompress poseidon.Hash
rightHashCompress[0] = rightHash[0]
rightHashCompress[1] = rightHash[1]
rightHashCompress[2] = rightHash[2]
@ -136,7 +135,7 @@ func (f *FriChip) verifyMerkleProofToCapWithCapIndex(leafData []F, leafIndexBits
}
const NUM_LEAF_LOOKUPS = 4
var leafLookups [NUM_LEAF_LOOKUPS]Hash
var leafLookups [NUM_LEAF_LOOKUPS]poseidon.Hash
// First create the "leaf" lookup2 circuits
// The will use the least significant bits of the capIndexBits array
for i := 0; i < NUM_LEAF_LOOKUPS; i++ {
@ -151,7 +150,7 @@ func (f *FriChip) verifyMerkleProofToCapWithCapIndex(leafData []F, leafIndexBits
f.hashAPI.AssertIsEqualHash(currentDigest, merkleCapEntry)
}
func (f *FriChip) verifyInitialProof(xIndexBits []frontend.Variable, proof *FriInitialTreeProof, initialMerkleCaps []MerkleCap, capIndexBits []frontend.Variable) {
func (f *FriChip) verifyInitialProof(xIndexBits []frontend.Variable, proof *common.FriInitialTreeProof, initialMerkleCaps []common.MerkleCap, capIndexBits []frontend.Variable) {
if len(proof.EvalsProofs) != len(initialMerkleCaps) {
panic("length of eval proofs in fri proof should equal length of initial merkle caps")
}
@ -178,7 +177,7 @@ func (f *FriChip) verifyInitialProof(xIndexBits []frontend.Variable, proof *FriI
// / Here we compare the probabilities as a sanity check, to verify the claim above.
func (f *FriChip) assertNoncanonicalIndicesOK() {
numAmbiguousElems := uint64(math.MaxUint64) - goldilocks.Modulus().Uint64() + 1
queryError := f.friParams.Config.rate()
queryError := f.friParams.Config.Rate()
pAmbiguous := float64(numAmbiguousElems) / float64(goldilocks.Modulus().Uint64())
// TODO: Check that pAmbiguous value is the same as the one in plonky2 verifier
@ -190,8 +189,8 @@ func (f *FriChip) assertNoncanonicalIndicesOK() {
func (f *FriChip) expFromBitsConstBase(
base goldilocks.Element,
exponentBits []frontend.Variable,
) F {
product := ONE_F
) field.F {
product := field.ONE_F
for i, bit := range exponentBits {
pow := int64(1 << i)
// If the bit is on, we multiply product by base^pow.
@ -201,7 +200,7 @@ func (f *FriChip) expFromBitsConstBase(
basePow := goldilocks.NewElement(0)
basePow.Exp(base, big.NewInt(pow))
basePowElement := NewFieldElement(basePow.Uint64() - 1)
basePowElement := field.NewFieldElement(basePow.Uint64() - 1)
product = f.fieldAPI.Add(
f.fieldAPI.Mul(
@ -210,7 +209,7 @@ func (f *FriChip) expFromBitsConstBase(
bit,
),
product,
).(F)
).(field.F)
}
return product
@ -219,7 +218,7 @@ func (f *FriChip) expFromBitsConstBase(
func (f *FriChip) calculateSubgroupX(
xIndexBits []frontend.Variable,
nLog uint64,
) F {
) field.F {
// Compute x from its index
// `subgroup_x` is `subgroup[x_index]`, i.e., the actual field element in the domain.
// TODO - Make these as global values
@ -234,16 +233,16 @@ func (f *FriChip) calculateSubgroupX(
product := f.expFromBitsConstBase(base, xIndexBitsRev)
return f.fieldAPI.Mul(g, product).(F)
return f.fieldAPI.Mul(g, product).(field.F)
}
func (f *FriChip) friCombineInitial(
instance FriInstanceInfo,
proof FriInitialTreeProof,
friAlpha QuadraticExtension,
subgroupX_QE QuadraticExtension,
precomputedReducedEval []QuadraticExtension,
) QuadraticExtension {
proof common.FriInitialTreeProof,
friAlpha field.QuadraticExtension,
subgroupX_QE field.QuadraticExtension,
precomputedReducedEval []field.QuadraticExtension,
) field.QuadraticExtension {
sum := f.qeAPI.ZERO_QE
if len(instance.Batches) != len(precomputedReducedEval) {
@ -255,11 +254,11 @@ func (f *FriChip) friCombineInitial(
reducedOpenings := precomputedReducedEval[i]
point := batch.Point
evals := make([]QuadraticExtension, 0)
evals := make([]field.QuadraticExtension, 0)
for _, polynomial := range batch.Polynomials {
evals = append(
evals,
QuadraticExtension{proof.EvalsProofs[polynomial.OracleIndex].Elements[polynomial.PolynomialInfo], field.ZERO_F},
field.QuadraticExtension{proof.EvalsProofs[polynomial.OracleIndex].Elements[polynomial.PolynomialInfo], field.ZERO_F},
)
}
@ -279,7 +278,7 @@ func (f *FriChip) friCombineInitial(
return sum
}
func (f *FriChip) finalPolyEval(finalPoly PolynomialCoeffs, point QuadraticExtension) QuadraticExtension {
func (f *FriChip) finalPolyEval(finalPoly common.PolynomialCoeffs, point field.QuadraticExtension) field.QuadraticExtension {
ret := f.qeAPI.ZERO_QE
for i := len(finalPoly.Coeffs) - 1; i >= 0; i-- {
ret = f.qeAPI.AddExtension(
@ -293,7 +292,7 @@ func (f *FriChip) finalPolyEval(finalPoly PolynomialCoeffs, point QuadraticExten
return ret
}
func (f *FriChip) interpolate(x QuadraticExtension, xPoints []QuadraticExtension, yPoints []QuadraticExtension, barycentricWeights []QuadraticExtension) QuadraticExtension {
func (f *FriChip) interpolate(x field.QuadraticExtension, xPoints []field.QuadraticExtension, yPoints []field.QuadraticExtension, barycentricWeights []field.QuadraticExtension) field.QuadraticExtension {
if len(xPoints) != len(yPoints) || len(xPoints) != len(barycentricWeights) {
panic("length of xPoints, yPoints, and barycentricWeights are inconsistent")
}
@ -342,12 +341,12 @@ func (f *FriChip) interpolate(x QuadraticExtension, xPoints []QuadraticExtension
}
func (f *FriChip) computeEvaluation(
x F,
x field.F,
xIndexWithinCosetBits []frontend.Variable,
arityBits uint64,
evals []QuadraticExtension,
beta QuadraticExtension,
) QuadraticExtension {
evals []field.QuadraticExtension,
beta field.QuadraticExtension,
) field.QuadraticExtension {
arity := 1 << arityBits
if (len(evals)) != arity {
panic("len(evals) ! arity")
@ -364,7 +363,7 @@ func (f *FriChip) computeEvaluation(
// element's new index is the bit reverse of it's original index.
// TODO: Optimization - Since the size of the evals array should be constant (e.g. 2^arityBits),
// we can just hard code the permutation.
permutedEvals := make([]QuadraticExtension, len(evals))
permutedEvals := make([]field.QuadraticExtension, len(evals))
for i := uint8(0); i < uint8(len(evals)); i++ {
newIndex := bits.Reverse8(i) >> arityBits
permutedEvals[newIndex] = evals[i]
@ -377,13 +376,13 @@ func (f *FriChip) computeEvaluation(
revXIndexWithinCosetBits[len(xIndexWithinCosetBits)-1-i] = xIndexWithinCosetBits[i]
}
start := f.expFromBitsConstBase(gInv, revXIndexWithinCosetBits)
cosetStart := f.fieldAPI.Mul(start, x).(F)
cosetStart := f.fieldAPI.Mul(start, x).(field.F)
xPoints := make([]QuadraticExtension, len(evals))
xPoints := make([]field.QuadraticExtension, len(evals))
yPoints := permutedEvals
// TODO: Make g_F a constant
g_F := f.qeAPI.FieldToQE(NewFieldElement(g.Uint64()))
g_F := f.qeAPI.FieldToQE(field.NewFieldElement(g.Uint64()))
xPoints[0] = f.qeAPI.FieldToQE(cosetStart)
for i := 1; i < len(evals); i++ {
xPoints[i] = f.qeAPI.MulExtension(xPoints[i-1], g_F)
@ -391,7 +390,7 @@ func (f *FriChip) computeEvaluation(
// TODO: This is n^2. Is there a way to do this better?
// Compute the barycentric weights
barycentricWeights := make([]QuadraticExtension, len(xPoints))
barycentricWeights := make([]field.QuadraticExtension, len(xPoints))
for i := 0; i < len(xPoints); i++ {
barycentricWeights[i] = f.qeAPI.ONE_QE
for j := 0; j < len(xPoints); j++ {
@ -412,14 +411,14 @@ func (f *FriChip) computeEvaluation(
func (f *FriChip) verifyQueryRound(
instance FriInstanceInfo,
challenges *FriChallenges,
precomputedReducedEval []QuadraticExtension,
initialMerkleCaps []MerkleCap,
proof *FriProof,
xIndex F,
challenges *common.FriChallenges,
precomputedReducedEval []field.QuadraticExtension,
initialMerkleCaps []common.MerkleCap,
proof *common.FriProof,
xIndex field.F,
n uint64,
nLog uint64,
roundProof *FriQueryRound,
roundProof *common.FriQueryRound,
) {
f.assertNoncanonicalIndicesOK()
xIndexBits := f.fieldAPI.ToBinary(xIndex, int(nLog))
@ -432,7 +431,7 @@ func (f *FriChip) verifyQueryRound(
nLog,
)
subgroupX_QE := QuadraticExtension{subgroupX, field.ZERO_F}
subgroupX_QE := field.QuadraticExtension{subgroupX, field.ZERO_F}
oldEval := f.friCombineInitial(
instance,
@ -457,7 +456,7 @@ func (f *FriChip) verifyQueryRound(
}
const NUM_LEAF_LOOKUPS = 4
var leafLookups [NUM_LEAF_LOOKUPS]QuadraticExtension
var leafLookups [NUM_LEAF_LOOKUPS]field.QuadraticExtension
// First create the "leaf" lookup2 circuits
// The will use the least significant bits of the xIndexWithCosetBits array
for i := 0; i < NUM_LEAF_LOOKUPS; i++ {
@ -492,7 +491,7 @@ func (f *FriChip) verifyQueryRound(
)
// Convert evals (array of QE) to fields by taking their 0th degree coefficients
fieldEvals := make([]F, 0, 2*len(evals))
fieldEvals := make([]field.F, 0, 2*len(evals))
for j := 0; j < len(evals); j++ {
fieldEvals = append(fieldEvals, evals[j][0])
fieldEvals = append(fieldEvals, evals[j][1])
@ -507,7 +506,7 @@ func (f *FriChip) verifyQueryRound(
// Update the point x to x^arity.
for j := uint64(0); j < arityBits; j++ {
subgroupX = f.fieldAPI.Mul(subgroupX, subgroupX).(F)
subgroupX = f.fieldAPI.Mul(subgroupX, subgroupX).(field.F)
}
xIndexBits = cosetIndexBits
@ -522,9 +521,9 @@ func (f *FriChip) verifyQueryRound(
func (f *FriChip) VerifyFriProof(
instance FriInstanceInfo,
openings FriOpenings,
friChallenges *FriChallenges,
initialMerkleCaps []MerkleCap,
friProof *FriProof,
friChallenges *common.FriChallenges,
initialMerkleCaps []common.MerkleCap,
friProof *common.FriProof,
) {
// TODO: Check fri config
/* if let Some(max_arity_bits) = params.max_arity_bits() {

188
verifier/internal/fri/fri_test.go Normal file
View File

@ -0,0 +1,188 @@
package fri_test
import (
"testing"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/fri"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/utils"
)
type TestFriCircuit struct {
proofWithPIsFilename string `gnark:"-"`
commonCircuitDataFilename string `gnark:"-"`
verifierOnlyCircuitDataFilename string `gnark:"-"`
plonkZeta field.QuadraticExtension
friAlpha field.QuadraticExtension
friBetas []field.QuadraticExtension
friPOWResponse field.F
friQueryIndices []field.F
}
func (circuit *TestFriCircuit) Define(api frontend.API) error {
proofWithPis := utils.DeserializeProofWithPublicInputs(circuit.proofWithPIsFilename)
commonCircuitData := utils.DeserializeCommonCircuitData(circuit.commonCircuitDataFilename)
verifierOnlyCircuitData := utils.DeserializeVerifierOnlyCircuitData(circuit.verifierOnlyCircuitDataFilename)
fieldAPI := field.NewFieldAPI(api)
qeAPI := field.NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
hashAPI := poseidon.NewHashAPI(fieldAPI)
poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
friChip := fri.NewFriChip(api, fieldAPI, qeAPI, hashAPI, poseidonChip, &commonCircuitData.FriParams)
friChallenges := common.FriChallenges{
FriAlpha: circuit.friAlpha,
FriBetas: circuit.friBetas,
FriPowResponse: circuit.friPOWResponse,
FriQueryIndices: circuit.friQueryIndices,
}
initialMerkleCaps := []common.MerkleCap{
verifierOnlyCircuitData.ConstantSigmasCap,
proofWithPis.Proof.WiresCap,
proofWithPis.Proof.PlonkZsPartialProductsCap,
proofWithPis.Proof.QuotientPolysCap,
}
friChip.VerifyFriProof(
fri.GetFriInstance(&commonCircuitData, qeAPI, circuit.plonkZeta, commonCircuitData.DegreeBits),
fri.ToFriOpenings(proofWithPis.Proof.Openings),
&friChallenges,
initialMerkleCaps,
&proofWithPis.Proof.OpeningProof,
)
return nil
}
func TestFibonacciFriProof(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestFriCircuit{
proofWithPIsFilename: "./data/fibonacci/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/fibonacci/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/fibonacci/verifier_only_circuit_data.json",
plonkZeta: field.QuadraticExtension{
field.NewFieldElementFromString("14887793628029982930"),
field.NewFieldElementFromString("1136137158284059037"),
},
friAlpha: field.QuadraticExtension{
field.NewFieldElementFromString("14641715242626918707"),
field.NewFieldElementFromString("10574243340537902930"),
},
friBetas: []field.QuadraticExtension{},
friPOWResponse: field.NewFieldElement(82451580476419),
friQueryIndices: []field.F{
field.NewFieldElement(6790812084677375942),
field.NewFieldElement(12394212020331474798),
field.NewFieldElement(16457600747000998582),
field.NewFieldElement(1543271328932331916),
field.NewFieldElement(12115726870906958644),
field.NewFieldElement(6775897107605342797),
field.NewFieldElement(15989401564746021030),
field.NewFieldElement(10691676456016926845),
field.NewFieldElement(1632499470630032007),
field.NewFieldElement(1317292355445098328),
field.NewFieldElement(18391440812534384252),
field.NewFieldElement(17321705613231354333),
field.NewFieldElement(6176487551308859603),
field.NewFieldElement(7119835651572002873),
field.NewFieldElement(3903019169623116693),
field.NewFieldElement(4886491111111487546),
field.NewFieldElement(4087641893164620518),
field.NewFieldElement(13801643080324181364),
field.NewFieldElement(16993775312274189321),
field.NewFieldElement(9268202926222765679),
field.NewFieldElement(10683001302406181735),
field.NewFieldElement(13359465725531647963),
field.NewFieldElement(4523327590105620849),
field.NewFieldElement(4883588003760409588),
field.NewFieldElement(187699146998097671),
field.NewFieldElement(14489263557623716717),
field.NewFieldElement(11748359318238148146),
field.NewFieldElement(13636347200053048758),
},
}
witness := TestFriCircuit{}
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}
func TestDummyFriProof(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestFriCircuit{
proofWithPIsFilename: "./data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
plonkZeta: field.QuadraticExtension{
field.NewFieldElementFromString("17377750363769967882"),
field.NewFieldElementFromString("11921191651424768462"),
},
friAlpha: field.QuadraticExtension{
field.NewFieldElementFromString("16721004555774385479"),
field.NewFieldElementFromString("10688151135543754663"),
},
friBetas: []field.QuadraticExtension{
{
field.NewFieldElementFromString("3312441922957827805"),
field.NewFieldElementFromString("15128092514958289671"),
},
{
field.NewFieldElementFromString("13630530769060141802"),
field.NewFieldElementFromString("14559883974933163008"),
},
{
field.NewFieldElementFromString("16146508250083930687"),
field.NewFieldElementFromString("5176346568444408396"),
},
},
friPOWResponse: field.NewFieldElement(4389),
friQueryIndices: []field.F{
field.NewFieldElementFromString("16334967868590615051"),
field.NewFieldElementFromString("2911473540496037915"),
field.NewFieldElementFromString("14887216056886344225"),
field.NewFieldElementFromString("7808811227805914295"),
field.NewFieldElementFromString("2018594961417375749"),
field.NewFieldElementFromString("3733368398777208435"),
field.NewFieldElementFromString("2623035669037055104"),
field.NewFieldElementFromString("299243030573481514"),
field.NewFieldElementFromString("7189789717962704433"),
field.NewFieldElementFromString("14566344026886816268"),
field.NewFieldElementFromString("12555390069003437453"),
field.NewFieldElementFromString("17225508403199418233"),
field.NewFieldElementFromString("5088797913879903292"),
field.NewFieldElementFromString("9715691392773433023"),
field.NewFieldElementFromString("7565836764713256165"),
field.NewFieldElementFromString("1500143546029322929"),
field.NewFieldElementFromString("1245802417104422080"),
field.NewFieldElementFromString("6831959786661245110"),
field.NewFieldElementFromString("17271054758535453780"),
field.NewFieldElementFromString("6225460404576395409"),
field.NewFieldElementFromString("15932661092896277351"),
field.NewFieldElementFromString("12452534049198240575"),
field.NewFieldElementFromString("4225199666055520177"),
field.NewFieldElementFromString("13235091290587791090"),
field.NewFieldElementFromString("2562357622728700774"),
field.NewFieldElementFromString("17676678042980201498"),
field.NewFieldElementFromString("5837067135702409874"),
field.NewFieldElementFromString("11238419549114325157"),
},
}
witness := TestFriCircuit{}
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}

105
plonky2_verifier/fri_utils.go → verifier/internal/fri/fri_utils.go
View File

@ -1,19 +1,19 @@
package plonky2_verifier
package fri
import (
"gnark-plonky2-verifier/field"
. "gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
)
type FriOpeningBatch struct {
Values []QuadraticExtension
Values []field.QuadraticExtension
}
type FriOpenings struct {
Batches []FriOpeningBatch
}
func (c *OpeningSet) ToFriOpenings() FriOpenings {
func ToFriOpenings(c common.OpeningSet) FriOpenings {
values := c.Constants // num_constants + 1
values = append(values, c.PlonkSigmas...) // num_routed_wires
values = append(values, c.Wires...) // num_wires
@ -36,7 +36,7 @@ type FriOracleInfo struct {
}
type FriBatchInfo struct {
Point QuadraticExtension
Point field.QuadraticExtension
Polynomials []FriPolynomialInfo
}
@ -45,7 +45,32 @@ type FriInstanceInfo struct {
Batches []FriBatchInfo
}
func (c *CommonCircuitData) polynomialInfoFromRange(oracleIdx uint64, startPolyIdx uint64, endPolyIdx uint64) []FriPolynomialInfo {
type PlonkOracle struct {
index uint64
blinding bool
}
var CONSTANTS_SIGMAS = PlonkOracle{
index: 0,
blinding: false,
}
var WIRES = PlonkOracle{
index: 1,
blinding: true,
}
var ZS_PARTIAL_PRODUCTS = PlonkOracle{
index: 2,
blinding: true,
}
var QUOTIENT = PlonkOracle{
index: 3,
blinding: true,
}
func polynomialInfoFromRange(c *common.CommonCircuitData, oracleIdx uint64, startPolyIdx uint64, endPolyIdx uint64) []FriPolynomialInfo {
returnArr := make([]FriPolynomialInfo, 0)
for i := startPolyIdx; i < endPolyIdx; i++ {
returnArr = append(returnArr,
@ -59,7 +84,7 @@ func (c *CommonCircuitData) polynomialInfoFromRange(oracleIdx uint64, startPolyI
}
// Range of the sigma polynomials in the `constants_sigmas_commitment`.
func (c *CommonCircuitData) sigmasRange() []uint64 {
func sigmasRange(c *common.CommonCircuitData) []uint64 {
returnArr := make([]uint64, 0)
for i := c.NumConstants; i <= c.NumConstants+c.Config.NumRoutedWires; i++ {
returnArr = append(returnArr, i)
@ -68,60 +93,64 @@ func (c *CommonCircuitData) sigmasRange() []uint64 {
return returnArr
}
func (c *CommonCircuitData) numPreprocessedPolys() uint64 {
sigmasRange := c.sigmasRange()
func numPreprocessedPolys(c *common.CommonCircuitData) uint64 {
sigmasRange := sigmasRange(c)
return sigmasRange[len(sigmasRange)-1]
}
func (c *CommonCircuitData) numZSPartialProductsPolys() uint64 {
func numZSPartialProductsPolys(c *common.CommonCircuitData) uint64 {
return c.Config.NumChallenges * (1 + c.NumPartialProducts)
}
func (c *CommonCircuitData) numQuotientPolys() uint64 {
func numQuotientPolys(c *common.CommonCircuitData) uint64 {
return c.Config.NumChallenges * c.QuotientDegreeFactor
}
func (c *CommonCircuitData) friPreprocessedPolys() []FriPolynomialInfo {
return c.polynomialInfoFromRange(
func friPreprocessedPolys(c *common.CommonCircuitData) []FriPolynomialInfo {
return polynomialInfoFromRange(
c,
CONSTANTS_SIGMAS.index,
0,
c.numPreprocessedPolys(),
numPreprocessedPolys(c),
)
}
func (c *CommonCircuitData) friWirePolys() []FriPolynomialInfo {
func friWirePolys(c *common.CommonCircuitData) []FriPolynomialInfo {
numWirePolys := c.Config.NumWires
return c.polynomialInfoFromRange(WIRES.index, 0, numWirePolys)
return polynomialInfoFromRange(c, WIRES.index, 0, numWirePolys)
}
func (c *CommonCircuitData) friZSPartialProductsPolys() []FriPolynomialInfo {
return c.polynomialInfoFromRange(
func friZSPartialProductsPolys(c *common.CommonCircuitData) []FriPolynomialInfo {
return polynomialInfoFromRange(
c,
ZS_PARTIAL_PRODUCTS.index,
0,
c.numZSPartialProductsPolys(),
numZSPartialProductsPolys(c),
)
}
func (c *CommonCircuitData) friQuotientPolys() []FriPolynomialInfo {
return c.polynomialInfoFromRange(
func friQuotientPolys(c *common.CommonCircuitData) []FriPolynomialInfo {
return polynomialInfoFromRange(
c,
QUOTIENT.index,
0,
c.numQuotientPolys(),
numQuotientPolys(c),
)
}
func (c *CommonCircuitData) friZSPolys() []FriPolynomialInfo {
return c.polynomialInfoFromRange(
func friZSPolys(c *common.CommonCircuitData) []FriPolynomialInfo {
return polynomialInfoFromRange(
c,
ZS_PARTIAL_PRODUCTS.index,
0,
c.Config.NumChallenges,
)
}
func (c *CommonCircuitData) friOracles() []FriOracleInfo {
func friOracles(c *common.CommonCircuitData) []FriOracleInfo {
return []FriOracleInfo{
{
NumPolys: c.numPreprocessedPolys(),
NumPolys: numPreprocessedPolys(c),
Blinding: CONSTANTS_SIGMAS.blinding,
},
{
@ -129,30 +158,30 @@ func (c *CommonCircuitData) friOracles() []FriOracleInfo {
Blinding: WIRES.blinding,
},
{
NumPolys: c.numZSPartialProductsPolys(),
NumPolys: numZSPartialProductsPolys(c),
Blinding: ZS_PARTIAL_PRODUCTS.blinding,
},
{
NumPolys: c.numQuotientPolys(),
NumPolys: numQuotientPolys(c),
Blinding: QUOTIENT.blinding,
},
}
}
func (c *CommonCircuitData) friAllPolys() []FriPolynomialInfo {
func friAllPolys(c *common.CommonCircuitData) []FriPolynomialInfo {
returnArr := make([]FriPolynomialInfo, 0)
returnArr = append(returnArr, c.friPreprocessedPolys()...)
returnArr = append(returnArr, c.friWirePolys()...)
returnArr = append(returnArr, c.friZSPartialProductsPolys()...)
returnArr = append(returnArr, c.friQuotientPolys()...)
returnArr = append(returnArr, friPreprocessedPolys(c)...)
returnArr = append(returnArr, friWirePolys(c)...)
returnArr = append(returnArr, friZSPartialProductsPolys(c)...)
returnArr = append(returnArr, friQuotientPolys(c)...)
return returnArr
}
func (c *CommonCircuitData) GetFriInstance(qeAPI *QuadraticExtensionAPI, zeta QuadraticExtension, degreeBits uint64) FriInstanceInfo {
func GetFriInstance(c *common.CommonCircuitData, qeAPI *field.QuadraticExtensionAPI, zeta field.QuadraticExtension, degreeBits uint64) FriInstanceInfo {
zetaBatch := FriBatchInfo{
Point: zeta,
Polynomials: c.friAllPolys(),
Polynomials: friAllPolys(c),
}
g := field.GoldilocksPrimitiveRootOfUnity(degreeBits)
@ -160,11 +189,11 @@ func (c *CommonCircuitData) GetFriInstance(qeAPI *QuadraticExtensionAPI, zeta Qu
zetaNextBath := FriBatchInfo{
Point: zetaNext,
Polynomials: c.friZSPolys(),
Polynomials: friZSPolys(c),
}
return FriInstanceInfo{
Oracles: c.friOracles(),
Oracles: friOracles(c),
Batches: []FriBatchInfo{zetaBatch, zetaNextBath},
}
}

32
plonky2_verifier/arithmetic_extension_gate.go → verifier/internal/gates/arithmetic_extension_gate.go
View File

@ -1,15 +1,17 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"strconv"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var aritheticExtensionGateRegex = regexp.MustCompile("ArithmeticExtensionGate { num_ops: (?P<numOps>[0-9]+) }")
func deserializeExtensionArithmeticGate(parameters map[string]string) gate {
func deserializeExtensionArithmeticGate(parameters map[string]string) Gate {
// Has the format "ArithmeticExtensionGate { num_ops: 10 }"
numOps, hasNumOps := parameters["numOps"]
if !hasNumOps {
@ -39,39 +41,39 @@ func (g *ArithmeticExtensionGate) Id() string {
}
func (g *ArithmeticExtensionGate) wiresIthMultiplicand0(i uint64) Range {
return Range{4 * D * i, 4*D*i + D}
return Range{4 * field.D * i, 4*field.D*i + field.D}
}
func (g *ArithmeticExtensionGate) wiresIthMultiplicand1(i uint64) Range {
return Range{4*D*i + D, 4*D*i + 2*D}
return Range{4*field.D*i + field.D, 4*field.D*i + 2*field.D}
}
func (g *ArithmeticExtensionGate) wiresIthAddend(i uint64) Range {
return Range{4*D*i + 2*D, 4*D*i + 3*D}
return Range{4*field.D*i + 2*field.D, 4*field.D*i + 3*field.D}
}
func (g *ArithmeticExtensionGate) wiresIthOutput(i uint64) Range {
return Range{4*D*i + 3*D, 4*D*i + 4*D}
return Range{4*field.D*i + 3*field.D, 4*field.D*i + 4*field.D}
}
func (g *ArithmeticExtensionGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
func (g *ArithmeticExtensionGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
const0 := vars.localConstants[0]
const1 := vars.localConstants[1]
constraints := []QuadraticExtension{}
constraints := []field.QuadraticExtension{}
for i := uint64(0); i < g.numOps; i++ {
multiplicand0 := vars.GetLocalExtAlgebra(g.wiresIthMultiplicand0(i))
multiplicand1 := vars.GetLocalExtAlgebra(g.wiresIthMultiplicand1(i))
addend := vars.GetLocalExtAlgebra(g.wiresIthAddend(i))
output := vars.GetLocalExtAlgebra(g.wiresIthOutput(i))
mul := p.qeAPI.MulExtensionAlgebra(multiplicand0, multiplicand1)
scaled_mul := p.qeAPI.ScalarMulExtensionAlgebra(const0, mul)
computed_output := p.qeAPI.ScalarMulExtensionAlgebra(const1, addend)
computed_output = p.qeAPI.AddExtensionAlgebra(computed_output, scaled_mul)
mul := qeAPI.MulExtensionAlgebra(multiplicand0, multiplicand1)
scaled_mul := qeAPI.ScalarMulExtensionAlgebra(const0, mul)
computed_output := qeAPI.ScalarMulExtensionAlgebra(const1, addend)
computed_output = qeAPI.AddExtensionAlgebra(computed_output, scaled_mul)
diff := p.qeAPI.SubExtensionAlgebra(output, computed_output)
for j := 0; j < D; j++ {
diff := qeAPI.SubExtensionAlgebra(output, computed_output)
for j := 0; j < field.D; j++ {
constraints = append(constraints, diff[j])
}
}

20
plonky2_verifier/arithmetic_gate.go → verifier/internal/gates/arithmetic_gate.go
View File

@ -1,15 +1,17 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"strconv"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var aritheticGateRegex = regexp.MustCompile("ArithmeticGate { num_ops: (?P<numOps>[0-9]+) }")
func deserializeArithmeticGate(parameters map[string]string) gate {
func deserializeArithmeticGate(parameters map[string]string) Gate {
// Has the format "ArithmeticGate { num_ops: 10 }"
numOps, hasNumOps := parameters["numOps"]
@ -55,23 +57,23 @@ func (g *ArithmeticGate) WireIthOutput(i uint64) uint64 {
return 4*i + 3
}
func (g *ArithmeticGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
func (g *ArithmeticGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
const0 := vars.localConstants[0]
const1 := vars.localConstants[1]
constraints := []QuadraticExtension{}
constraints := []field.QuadraticExtension{}
for i := uint64(0); i < g.numOps; i++ {
multiplicand0 := vars.localWires[g.WireIthMultiplicand0(i)]
multiplicand1 := vars.localWires[g.WireIthMultiplicand1(i)]
addend := vars.localWires[g.WireIthAddend(i)]
output := vars.localWires[g.WireIthOutput(i)]
computedOutput := p.qeAPI.AddExtension(
p.qeAPI.MulExtension(p.qeAPI.MulExtension(multiplicand0, multiplicand1), const0),
p.qeAPI.MulExtension(addend, const1),
computedOutput := qeAPI.AddExtension(
qeAPI.MulExtension(qeAPI.MulExtension(multiplicand0, multiplicand1), const0),
qeAPI.MulExtension(addend, const1),
)
constraints = append(constraints, p.qeAPI.SubExtension(output, computedOutput))
constraints = append(constraints, qeAPI.SubExtension(output, computedOutput))
}
return constraints

28
plonky2_verifier/base_sum_gate.go → verifier/internal/gates/base_sum_gate.go
View File

@ -1,15 +1,17 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"strconv"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var baseSumGateRegex = regexp.MustCompile("BaseSumGate { num_limbs: (?P<numLimbs>[0-9]+) } \\+ Base: (?P<base>[0-9]+)")
var baseSumGateRegex = regexp.MustCompile(`BaseSumGate { num_limbs: (?P<numLimbs>[0-9]+) } \+ Base: (?P<base>[0-9]+)`)
func deserializeBaseSumGate(parameters map[string]string) gate {
func deserializeBaseSumGate(parameters map[string]string) Gate {
// Has the format "BaseSumGate { num_limbs: 32 } + Base: 2"
numLimbs, hasNumLimbs := parameters["numLimbs"]
@ -61,27 +63,27 @@ func (g *BaseSumGate) limbs() []uint64 {
return limbIndices
}
func (g *BaseSumGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
func (g *BaseSumGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
sum := vars.localWires[BASESUM_GATE_WIRE_SUM]
limbs := make([]QuadraticExtension, g.numLimbs)
limbs := make([]field.QuadraticExtension, g.numLimbs)
limbIndices := g.limbs()
for i, limbIdx := range limbIndices {
limbs[i] = vars.localWires[limbIdx]
}
base_qe := p.qeAPI.FieldToQE(NewFieldElement(g.base))
computedSum := p.qeAPI.ReduceWithPowers(
base_qe := qeAPI.FieldToQE(field.NewFieldElement(g.base))
computedSum := qeAPI.ReduceWithPowers(
limbs,
base_qe,
)
var constraints []QuadraticExtension
constraints = append(constraints, p.qeAPI.SubExtension(computedSum, sum))
var constraints []field.QuadraticExtension
constraints = append(constraints, qeAPI.SubExtension(computedSum, sum))
for _, limb := range limbs {
acc := p.qeAPI.ONE_QE
acc := qeAPI.ONE_QE
for i := uint64(0); i < g.base; i++ {
difference := p.qeAPI.SubExtension(limb, p.qeAPI.FieldToQE(NewFieldElement(i)))
acc = p.qeAPI.MulExtension(acc, difference)
difference := qeAPI.SubExtension(limb, qeAPI.FieldToQE(field.NewFieldElement(i)))
acc = qeAPI.MulExtension(acc, difference)
}
constraints = append(constraints, acc)
}

14
plonky2_verifier/constant_gate.go → verifier/internal/gates/constant_gate.go
View File

@ -1,15 +1,17 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"strconv"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var constantGateRegex = regexp.MustCompile("ConstantGate { num_consts: (?P<numConsts>[0-9]+) }")
func deserializeConstantGate(parameters map[string]string) gate {
func deserializeConstantGate(parameters map[string]string) Gate {
// Has the format "ConstantGate { num_consts: 2 }"
numConsts, hasNumConsts := parameters["numConsts"]
if !hasNumConsts {
@ -52,11 +54,11 @@ func (g *ConstantGate) WireOutput(i uint64) uint64 {
return i
}
func (g *ConstantGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
constraints := []QuadraticExtension{}
func (g *ConstantGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
constraints := []field.QuadraticExtension{}
for i := uint64(0); i < g.numConsts; i++ {
constraints = append(constraints, p.qeAPI.SubExtension(vars.localConstants[g.ConstInput(i)], vars.localWires[g.WireOutput(i)]))
constraints = append(constraints, qeAPI.SubExtension(vars.localConstants[g.ConstInput(i)], vars.localWires[g.WireOutput(i)]))
}
return constraints

71
plonky2_verifier/coset_interpolation_gate.go → verifier/internal/gates/coset_interpolation_gate.go
View File

@ -1,18 +1,19 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"strconv"
"strings"
"github.com/consensys/gnark-crypto/field/goldilocks"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var cosetInterpolationGateRegex = regexp.MustCompile("CosetInterpolationGate { subgroup_bits: (?P<subgroupBits>[0-9]+), degree: (?P<degree>[0-9]+), barycentric_weights: \\[(?P<barycentricWeights>[0-9, ]+)\\], _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>")
var cosetInterpolationGateRegex = regexp.MustCompile(`CosetInterpolationGate { subgroup_bits: (?P<subgroupBits>[0-9]+), degree: (?P<degree>[0-9]+), barycentric_weights: \[(?P<barycentricWeights>[0-9, ]+)\], _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>`)
func deserializeCosetInterpolationGate(parameters map[string]string) gate {
func deserializeCosetInterpolationGate(parameters map[string]string) Gate {
// Has the format CosetInterpolationGate { subgroup_bits: 4, degree: 6, barycentric_weights: [17293822565076172801, 18374686475376656385, 18446744069413535745, 281474976645120, 17592186044416, 18446744069414584577, 18446744000695107601, 18446744065119617025, 1152921504338411520, 72057594037927936, 18446744069415632897, 18446462594437939201, 18446726477228539905, 18446744069414584065, 68719476720, 4294967296], _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>
subgroupBits, hasSubgroupBits := parameters["subgroupBits"]
degree, hasDegree := parameters["degree"]
@ -88,32 +89,32 @@ func (g *CosetInterpolationGate) wiresValue(i uint64) Range {
if i >= g.numPoints() {
panic("Invalid point index")
}
start := g.startValues() + i*D
return Range{start, start + D}
start := g.startValues() + i*field.D
return Range{start, start + field.D}
}
func (g *CosetInterpolationGate) startEvaluationPoint() uint64 {
return g.startValues() + g.numPoints()*D
return g.startValues() + g.numPoints()*field.D
}
// Wire indices of the point to evaluate the interpolant at.
func (g *CosetInterpolationGate) wiresEvaluationPoint() Range {
start := g.startEvaluationPoint()
return Range{start, start + D}
return Range{start, start + field.D}
}
func (g *CosetInterpolationGate) startEvaluationValue() uint64 {
return g.startEvaluationPoint() + D
return g.startEvaluationPoint() + field.D
}
// Wire indices of the interpolated value.
func (g *CosetInterpolationGate) wiresEvaluationValue() Range {
start := g.startEvaluationValue()
return Range{start, start + D}
return Range{start, start + field.D}
}
func (g *CosetInterpolationGate) startIntermediates() uint64 {
return g.startEvaluationValue() + D
return g.startEvaluationValue() + field.D
}
func (g *CosetInterpolationGate) numIntermediates() uint64 {
@ -125,8 +126,8 @@ func (g *CosetInterpolationGate) wiresIntermediateEval(i uint64) Range {
if i >= g.numIntermediates() {
panic("Invalid intermediate index")
}
start := g.startIntermediates() + D*i
return Range{start, start + D}
start := g.startIntermediates() + field.D*i
return Range{start, start + field.D}
}
// The wires corresponding to the i'th intermediate product.
@ -134,42 +135,42 @@ func (g *CosetInterpolationGate) wiresIntermediateProd(i uint64) Range {
if i >= g.numIntermediates() {
panic("Invalid intermediate index")
}
start := g.startIntermediates() + D*(g.numIntermediates()+i)
return Range{start, start + D}
start := g.startIntermediates() + field.D*(g.numIntermediates()+i)
return Range{start, start + field.D}
}
// Wire indices of the shifted point to evaluate the interpolant at.
func (g *CosetInterpolationGate) wiresShiftedEvaluationPoint() Range {
start := g.startIntermediates() + D*2*g.numIntermediates()
return Range{start, start + D}
start := g.startIntermediates() + field.D*2*g.numIntermediates()
return Range{start, start + field.D}
}
func (g *CosetInterpolationGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
constraints := []QuadraticExtension{}
func (g *CosetInterpolationGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
constraints := []field.QuadraticExtension{}
shift := vars.localWires[g.wireShift()]
evaluationPoint := vars.GetLocalExtAlgebra(g.wiresEvaluationPoint())
shiftedEvaluationPoint := vars.GetLocalExtAlgebra(g.wiresShiftedEvaluationPoint())
negShift := p.qeAPI.ScalarMulExtension(shift, NEG_ONE_F)
negShift := qeAPI.ScalarMulExtension(shift, field.NEG_ONE_F)
tmp := p.qeAPI.ScalarMulExtensionAlgebra(negShift, shiftedEvaluationPoint)
tmp = p.qeAPI.AddExtensionAlgebra(tmp, evaluationPoint)
tmp := qeAPI.ScalarMulExtensionAlgebra(negShift, shiftedEvaluationPoint)
tmp = qeAPI.AddExtensionAlgebra(tmp, evaluationPoint)
for i := 0; i < D; i++ {
for i := 0; i < field.D; i++ {
constraints = append(constraints, tmp[i])
}
domain := TwoAdicSubgroup(g.subgroupBits)
values := []QEAlgebra{}
domain := field.TwoAdicSubgroup(g.subgroupBits)
values := []field.QEAlgebra{}
for i := uint64(0); i < g.numPoints(); i++ {
values = append(values, vars.GetLocalExtAlgebra(g.wiresValue(i)))
}
weights := g.barycentricWeights
initialEval := p.qeAPI.ZERO_QE_ALGEBRA
initialProd := QEAlgebra{p.qeAPI.ONE_QE, p.qeAPI.ZERO_QE}
computedEval, computedProd := p.qeAPI.PartialInterpolateExtAlgebra(
initialEval := qeAPI.ZERO_QE_ALGEBRA
initialProd := field.QEAlgebra{qeAPI.ONE_QE, qeAPI.ZERO_QE}
computedEval, computedProd := qeAPI.PartialInterpolateExtAlgebra(
domain[:g.degree],
values[:g.degree],
weights[:g.degree],
@ -182,19 +183,19 @@ func (g *CosetInterpolationGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVar
intermediateEval := vars.GetLocalExtAlgebra(g.wiresIntermediateEval(i))
intermediateProd := vars.GetLocalExtAlgebra(g.wiresIntermediateProd(i))
evalDiff := p.qeAPI.SubExtensionAlgebra(intermediateEval, computedEval)
for j := 0; j < D; j++ {
evalDiff := qeAPI.SubExtensionAlgebra(intermediateEval, computedEval)
for j := 0; j < field.D; j++ {
constraints = append(constraints, evalDiff[j])
}
prodDiff := p.qeAPI.SubExtensionAlgebra(intermediateProd, computedProd)
for j := 0; j < D; j++ {
prodDiff := qeAPI.SubExtensionAlgebra(intermediateProd, computedProd)
for j := 0; j < field.D; j++ {
constraints = append(constraints, prodDiff[j])
}
startIndex := 1 + (g.degree-1)*(i+1)
endIndex := startIndex + g.degree - 1
computedEval, computedProd = p.qeAPI.PartialInterpolateExtAlgebra(
computedEval, computedProd = qeAPI.PartialInterpolateExtAlgebra(
domain[startIndex:endIndex],
values[startIndex:endIndex],
weights[startIndex:endIndex],
@ -205,8 +206,8 @@ func (g *CosetInterpolationGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVar
}
evaluationValue := vars.GetLocalExtAlgebra(g.wiresEvaluationValue())
evalDiff := p.qeAPI.SubExtensionAlgebra(evaluationValue, computedEval)
for j := 0; j < D; j++ {
evalDiff := qeAPI.SubExtensionAlgebra(evaluationValue, computedEval)
for j := 0; j < field.D; j++ {
constraints = append(constraints, evalDiff[j])
}

104
verifier/internal/gates/evaluate_gates.go Normal file
View File

@ -0,0 +1,104 @@
package gates
import (
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
type EvaluateGatesChip struct {
api frontend.API
qeAPI *field.QuadraticExtensionAPI
gates []Gate
numGateConstraints uint64
selectorsInfo SelectorsInfo
}
func NewEvaluateGatesChip(
api frontend.API,
qeAPI *field.QuadraticExtensionAPI,
gates []Gate,
numGateConstraints uint64,
selectorsInfo SelectorsInfo,
) *EvaluateGatesChip {
return &EvaluateGatesChip{
api: api,
qeAPI: qeAPI,
gates: gates,
numGateConstraints: numGateConstraints,
selectorsInfo: selectorsInfo,
}
}
func (g *EvaluateGatesChip) computeFilter(
row uint64,
groupRange Range,
s field.QuadraticExtension,
manySelector bool,
) field.QuadraticExtension {
product := g.qeAPI.ONE_QE
for i := groupRange.start; i < groupRange.end; i++ {
if i == uint64(row) {
continue
}
product = g.qeAPI.MulExtension(product, g.qeAPI.SubExtension(g.qeAPI.FieldToQE(field.NewFieldElement(i)), s))
}
if manySelector {
product = g.qeAPI.MulExtension(product, g.qeAPI.SubExtension(g.qeAPI.FieldToQE(field.NewFieldElement(UNUSED_SELECTOR)), s))
}
return product
}
func (g *EvaluateGatesChip) evalFiltered(
gate Gate,
vars EvaluationVars,
row uint64,
selectorIndex uint64,
groupRange Range,
numSelectors uint64,
) []field.QuadraticExtension {
filter := g.computeFilter(row, groupRange, vars.localConstants[selectorIndex], numSelectors > 1)
vars.RemovePrefix(numSelectors)
unfiltered := gate.EvalUnfiltered(g.api, g.qeAPI, vars)
for i := range unfiltered {
unfiltered[i] = g.qeAPI.MulExtension(unfiltered[i], filter)
}
return unfiltered
}
func (g *EvaluateGatesChip) EvaluateGateConstraints(vars EvaluationVars) []field.QuadraticExtension {
constraints := make([]field.QuadraticExtension, g.numGateConstraints)
for i := range constraints {
constraints[i] = g.qeAPI.ZERO_QE
}
for i, gate := range g.gates {
selectorIndex := g.selectorsInfo.selectorIndices[i]
gateConstraints := g.evalFiltered(
gate,
vars,
uint64(i),
selectorIndex,
g.selectorsInfo.groups[selectorIndex],
g.selectorsInfo.NumSelectors(),
)
for i, constraint := range gateConstraints {
if uint64(i) >= g.numGateConstraints {
panic("num_constraints() gave too low of a number")
}
constraints[i] = g.qeAPI.AddExtension(constraints[i], constraint)
}
}
return constraints
}

36
plonky2_verifier/exponentiation_gate.go → verifier/internal/gates/exponentiation_gate.go
View File

@ -1,15 +1,17 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"strconv"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var exponentiationGateRegex = regexp.MustCompile("ExponentiationGate { num_power_bits: (?P<numPowerBits>[0-9]+), _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=(?P<base>[0-9]+)>")
func deserializeExponentiationGate(parameters map[string]string) gate {
func deserializeExponentiationGate(parameters map[string]string) Gate {
// Has the format "ExponentiationGate { num_power_bits: 67, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>"
numPowerBits, hasNumPowerBits := parameters["numPowerBits"]
if !hasNumPowerBits {
@ -61,29 +63,29 @@ func (g *ExponentiationGate) wireIntermediateValue(i uint64) uint64 {
return 2 + g.numPowerBits + i
}
func (g *ExponentiationGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
func (g *ExponentiationGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
base := vars.localWires[g.wireBase()]
var powerBits []QuadraticExtension
var powerBits []field.QuadraticExtension
for i := uint64(0); i < g.numPowerBits; i++ {
powerBits = append(powerBits, vars.localWires[g.wirePowerBit(i)])
}
var intermediateValues []QuadraticExtension
var intermediateValues []field.QuadraticExtension
for i := uint64(0); i < g.numPowerBits; i++ {
intermediateValues = append(intermediateValues, vars.localWires[g.wireIntermediateValue(i)])
}
output := vars.localWires[g.wireOutput()]
var constraints []QuadraticExtension
var constraints []field.QuadraticExtension
for i := uint64(0); i < g.numPowerBits; i++ {
var prevIntermediateValue QuadraticExtension
var prevIntermediateValue field.QuadraticExtension
if i == 0 {
prevIntermediateValue = p.qeAPI.ONE_QE
prevIntermediateValue = qeAPI.ONE_QE
} else {
prevIntermediateValue = p.qeAPI.SquareExtension(intermediateValues[i-1])
prevIntermediateValue = qeAPI.SquareExtension(intermediateValues[i-1])
}
// powerBits is in LE order, but we accumulate in BE order.
@ -92,16 +94,16 @@ func (g *ExponentiationGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) [
// Do a polynomial representation of generaized select (where the selector variable doesn't have to be binary)
// if b { x } else { y }
// i.e. `bx - (by-y)`.
tmp := p.qeAPI.MulExtension(curBit, p.qeAPI.ONE_QE)
tmp = p.qeAPI.SubExtension(tmp, p.qeAPI.ONE_QE)
mulBy := p.qeAPI.MulExtension(curBit, base)
mulBy = p.qeAPI.SubExtension(mulBy, tmp)
intermediateValueDiff := p.qeAPI.MulExtension(prevIntermediateValue, mulBy)
intermediateValueDiff = p.qeAPI.SubExtension(intermediateValueDiff, intermediateValues[i])
tmp := qeAPI.MulExtension(curBit, qeAPI.ONE_QE)
tmp = qeAPI.SubExtension(tmp, qeAPI.ONE_QE)
mulBy := qeAPI.MulExtension(curBit, base)
mulBy = qeAPI.SubExtension(mulBy, tmp)
intermediateValueDiff := qeAPI.MulExtension(prevIntermediateValue, mulBy)
intermediateValueDiff = qeAPI.SubExtension(intermediateValueDiff, intermediateValues[i])
constraints = append(constraints, intermediateValueDiff)
}
outputDiff := p.qeAPI.SubExtension(output, intermediateValues[g.numPowerBits-1])
outputDiff := qeAPI.SubExtension(output, intermediateValues[g.numPowerBits-1])
constraints = append(constraints, outputDiff)
return constraints

55
plonky2_verifier/gate.go → verifier/internal/gates/gate.go
View File

@ -1,17 +1,19 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
type gate interface {
type Gate interface {
Id() string
EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension
EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension
}
var gateRegexHandlers = map[*regexp.Regexp]func(parameters map[string]string) gate{
var gateRegexHandlers = map[*regexp.Regexp]func(parameters map[string]string) Gate{
aritheticGateRegex: deserializeArithmeticGate,
aritheticExtensionGateRegex: deserializeExtensionArithmeticGate,
baseSumGateRegex: deserializeBaseSumGate,
@ -27,7 +29,7 @@ var gateRegexHandlers = map[*regexp.Regexp]func(parameters map[string]string) ga
reducingGateRegex: deserializeReducingGate,
}
func GateInstanceFromId(gateId string) gate {
func GateInstanceFromId(gateId string) Gate {
for regex, handler := range gateRegexHandlers {
matches := regex.FindStringSubmatch(gateId)
if matches != nil {
@ -45,44 +47,3 @@ func GateInstanceFromId(gateId string) gate {
}
panic(fmt.Sprintf("Unknown gate ID %s", gateId))
}
func (p *PlonkChip) computeFilter(
row uint64,
groupRange Range,
s QuadraticExtension,
manySelector bool,
) QuadraticExtension {
product := p.qeAPI.ONE_QE
for i := groupRange.start; i < groupRange.end; i++ {
if i == uint64(row) {
continue
}
product = p.qeAPI.MulExtension(product, p.qeAPI.SubExtension(p.qeAPI.FieldToQE(NewFieldElement(i)), s))
}
if manySelector {
product = p.qeAPI.MulExtension(product, p.qeAPI.SubExtension(p.qeAPI.FieldToQE(NewFieldElement(UNUSED_SELECTOR)), s))
}
return product
}
func (p *PlonkChip) evalFiltered(
g gate,
vars EvaluationVars,
row uint64,
selectorIndex uint64,
groupRange Range,
numSelectors uint64,
) []QuadraticExtension {
filter := p.computeFilter(row, groupRange, vars.localConstants[selectorIndex], numSelectors > 1)
vars.RemovePrefix(numSelectors)
unfiltered := g.EvalUnfiltered(p, vars)
for i := range unfiltered {
unfiltered[i] = p.qeAPI.MulExtension(unfiltered[i], filter)
}
return unfiltered
}

807
verifier/internal/gates/gate_test.go Normal file
View File

@ -0,0 +1,807 @@
package gates_test
import (
"errors"
"testing"
"github.com/consensys/gnark-crypto/field/goldilocks"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/gates"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/utils"
)
// From recursive_step circuit
var localConstants = []field.QuadraticExtension{
{field.NewFieldElement(1164933405384298079), field.NewFieldElement(7438400583921661370)},
{field.NewFieldElement(13151230530771189075), field.NewFieldElement(13023721207846057894)},
{field.NewFieldElement(3881971040049882570), field.NewFieldElement(16581297326342691797)},
{field.NewFieldElement(5184944824742294361), field.NewFieldElement(4925002013441838394)},
{field.NewFieldElement(13156856690013129271), field.NewFieldElement(11795766134230417198)},
}
var localWires = []field.QuadraticExtension{
{field.NewFieldElement(10289971018233574142), field.NewFieldElement(4567684908222573778)},
{field.NewFieldElement(11564178579868812087), field.NewFieldElement(4510091545046358953)},
{field.NewFieldElement(2427374067806073277), field.NewFieldElement(6911441533263492425)},
{field.NewFieldElement(7693977127287585254), field.NewFieldElement(9885192257977663560)},
{field.NewFieldElement(4829743769894031521), field.NewFieldElement(1070322096310857911)},
{field.NewFieldElement(841614584488095356), field.NewFieldElement(3266720090708573245)},
{field.NewFieldElement(9335841732020668562), field.NewFieldElement(7959135654284183511)},
{field.NewFieldElement(16824107175117300959), field.NewFieldElement(14823581113270528881)},
{field.NewFieldElement(4989727169526686805), field.NewFieldElement(6246956987038299573)},
{field.NewFieldElement(17410065909497815114), field.NewFieldElement(226319705525892670)},
{field.NewFieldElement(4568933895769710275), field.NewFieldElement(6430695446169305195)},
{field.NewFieldElement(8067075753959020505), field.NewFieldElement(6018662820882606998)},
{field.NewFieldElement(9927277077277524164), field.NewFieldElement(12530942893897967446)},
{field.NewFieldElement(404931240594605346), field.NewFieldElement(13956134990453188947)},
{field.NewFieldElement(12279755093013597997), field.NewFieldElement(13891866662848929655)},
{field.NewFieldElement(3995291408937855383), field.NewFieldElement(7649506537726031013)},
{field.NewFieldElement(1975344541433284175), field.NewFieldElement(11787783246524974192)},
{field.NewFieldElement(9352725388265956899), field.NewFieldElement(1878641993746760905)},
{field.NewFieldElement(4386025806925594020), field.NewFieldElement(7199468962263347888)},
{field.NewFieldElement(457758515510439949), field.NewFieldElement(8295940174808817473)},
{field.NewFieldElement(3721711968672629644), field.NewFieldElement(13268744315779792869)},
{field.NewFieldElement(14873968601320376905), field.NewFieldElement(14469960382794471278)},
{field.NewFieldElement(16643239035786323413), field.NewFieldElement(14266572255541493756)},
{field.NewFieldElement(9756649839930289884), field.NewFieldElement(14084246204123262540)},
{field.NewFieldElement(805087434192149117), field.NewFieldElement(5551650411462295908)},
{field.NewFieldElement(3121050229008788536), field.NewFieldElement(315617444959225213)},
{field.NewFieldElement(18164560008695666572), field.NewFieldElement(6915918288299894752)},
{field.NewFieldElement(17656666988744688487), field.NewFieldElement(9787463123892858839)},
{field.NewFieldElement(9992120570629943241), field.NewFieldElement(18182369503102252267)},
{field.NewFieldElement(15220763248754170044), field.NewFieldElement(1854765527825350374)},
{field.NewFieldElement(15616805521198580886), field.NewFieldElement(8948185005335797211)},
{field.NewFieldElement(5104021995850318050), field.NewFieldElement(10884053699840350390)},
{field.NewFieldElement(14387430073456386871), field.NewFieldElement(3987323970221931246)},
{field.NewFieldElement(9295222033249226038), field.NewFieldElement(14533816739722288989)},
{field.NewFieldElement(3054662272834320691), field.NewFieldElement(5799349468053737645)},
{field.NewFieldElement(15410493100888282738), field.NewFieldElement(9030544573372043855)},
{field.NewFieldElement(11448080360124361095), field.NewFieldElement(13429854637967689056)},
{field.NewFieldElement(4779070979822400436), field.NewFieldElement(5404234368643419051)},
{field.NewFieldElement(11659320767511898018), field.NewFieldElement(13702970547443564662)},
{field.NewFieldElement(16340059712300851313), field.NewFieldElement(20171293486753699)},
{field.NewFieldElement(1475826372470535678), field.NewFieldElement(1253469117109386509)},
{field.NewFieldElement(7562163184139742598), field.NewFieldElement(14347739950500988111)},
{field.NewFieldElement(15976520527988523610), field.NewFieldElement(17889280665602982933)},
{field.NewFieldElement(8598539842276402160), field.NewFieldElement(2411306720494404310)},
{field.NewFieldElement(15713704960139943242), field.NewFieldElement(16396602336341678687)},
{field.NewFieldElement(7189190822731370344), field.NewFieldElement(5963822095937242833)},
{field.NewFieldElement(5977752474999875040), field.NewFieldElement(5328103649776423975)},
{field.NewFieldElement(12531991299101111394), field.NewFieldElement(3159886804356965397)},
{field.NewFieldElement(16883082502877021850), field.NewFieldElement(4442238822519720348)},
{field.NewFieldElement(4348679245531311390), field.NewFieldElement(6663472094175428592)},
{field.NewFieldElement(7628612474113215133), field.NewFieldElement(9324555027165483004)},
{field.NewFieldElement(1900695998785588032), field.NewFieldElement(12588745891116448183)},
{field.NewFieldElement(2202928383842031597), field.NewFieldElement(2024867731300461655)},
{field.NewFieldElement(9288136643086730543), field.NewFieldElement(4131544415785473139)},
{field.NewFieldElement(14704106408467038509), field.NewFieldElement(8573856691828273)},
{field.NewFieldElement(10154176515490297025), field.NewFieldElement(9220235036944332858)},
{field.NewFieldElement(11339644645342271702), field.NewFieldElement(2591119884720569491)},
{field.NewFieldElement(12952838693708363443), field.NewFieldElement(7634778748701478612)},
{field.NewFieldElement(4151157005304656172), field.NewFieldElement(16778323503511515227)},
{field.NewFieldElement(6326750425597671757), field.NewFieldElement(2556963653256638700)},
{field.NewFieldElement(10167058989235599247), field.NewFieldElement(8755493046703376087)},
{field.NewFieldElement(9610925836484089978), field.NewFieldElement(15994816336634155710)},
{field.NewFieldElement(4153283843312210367), field.NewFieldElement(14936117891656525941)},
{field.NewFieldElement(2708678512120193106), field.NewFieldElement(13963185898630435716)},
{field.NewFieldElement(6555777227864205496), field.NewFieldElement(796547906377203466)},
{field.NewFieldElement(9137905566620576524), field.NewFieldElement(5424975077133394401)},
{field.NewFieldElement(10344710254569827655), field.NewFieldElement(5782463375043965385)},
{field.NewFieldElement(5971898539021849982), field.NewFieldElement(8119512366912747083)},
{field.NewFieldElement(10858355567899666102), field.NewFieldElement(18000616751093068478)},
{field.NewFieldElement(16920330711313364238), field.NewFieldElement(8697067496869918100)},
{field.NewFieldElement(7000103501288736536), field.NewFieldElement(10889037926963847627)},
{field.NewFieldElement(2293930382336564785), field.NewFieldElement(1991911172589808532)},
{field.NewFieldElement(16325792322333215740), field.NewFieldElement(10408910622457883954)},
{field.NewFieldElement(7503118294246863546), field.NewFieldElement(3698311130768729720)},
{field.NewFieldElement(8086040183115185263), field.NewFieldElement(5047183760990874466)},
{field.NewFieldElement(9862182807054696027), field.NewFieldElement(1177341139111149965)},
{field.NewFieldElement(16001172854107018622), field.NewFieldElement(10666261425617835543)},
{field.NewFieldElement(5580184714347609844), field.NewFieldElement(12694115766192868759)},
{field.NewFieldElement(18281558831138544975), field.NewFieldElement(3361626347282823513)},
{field.NewFieldElement(3031997905089686532), field.NewFieldElement(15324883672435732043)},
{field.NewFieldElement(450952121891526527), field.NewFieldElement(3760645720813651878)},
{field.NewFieldElement(12802993704800176346), field.NewFieldElement(5762382859373230998)},
{field.NewFieldElement(3276893202573968613), field.NewFieldElement(1800240087286854287)},
{field.NewFieldElement(5921423446901282771), field.NewFieldElement(1701259673949139858)},
{field.NewFieldElement(9599792256793291230), field.NewFieldElement(14953029539933413769)},
{field.NewFieldElement(6924230983683680937), field.NewFieldElement(11341266871925411757)},
{field.NewFieldElement(7369845262101528427), field.NewFieldElement(14511942995651504957)},
{field.NewFieldElement(3575537879709813183), field.NewFieldElement(8500642062708926725)},
{field.NewFieldElement(4175897998808440429), field.NewFieldElement(3374384071922541929)},
{field.NewFieldElement(12757283027846003446), field.NewFieldElement(17905830097386863938)},
{field.NewFieldElement(6320876143845688240), field.NewFieldElement(11931531275984972701)},
{field.NewFieldElement(18217933064159243751), field.NewFieldElement(10071176713368801471)},
{field.NewFieldElement(4777714881679002884), field.NewFieldElement(11864655235286620829)},
{field.NewFieldElement(5051586433049660820), field.NewFieldElement(9706334979530647226)},
{field.NewFieldElement(10142518025690185130), field.NewFieldElement(11625111857426302867)},
{field.NewFieldElement(12942439955200094763), field.NewFieldElement(12974281474830386034)},
{field.NewFieldElement(12714064210006754841), field.NewFieldElement(10541770037347437502)},
{field.NewFieldElement(10048643184275048639), field.NewFieldElement(3986690477062097502)},
{field.NewFieldElement(1705165528883143091), field.NewFieldElement(15274852618321664478)},
{field.NewFieldElement(7505339430009963451), field.NewFieldElement(15833594687115464439)},
{field.NewFieldElement(14969085142351848679), field.NewFieldElement(1313378114647584372)},
{field.NewFieldElement(13860248504174697653), field.NewFieldElement(11813005399232850289)},
{field.NewFieldElement(251943684565772115), field.NewFieldElement(7573719044708266257)},
{field.NewFieldElement(3106490314923518751), field.NewFieldElement(6708785325259176544)},
{field.NewFieldElement(16356137633407478618), field.NewFieldElement(10204772059332988569)},
{field.NewFieldElement(6854820980459043959), field.NewFieldElement(15547517301904265885)},
{field.NewFieldElement(11272546272005349344), field.NewFieldElement(13048057766361438654)},
{field.NewFieldElement(1292326010164513793), field.NewFieldElement(3884499312974286465)},
{field.NewFieldElement(13766861546348177296), field.NewFieldElement(16189793227494584882)},
{field.NewFieldElement(17409073821234659314), field.NewFieldElement(9981103842753464857)},
{field.NewFieldElement(9704863891305672730), field.NewFieldElement(6734589298170331622)},
{field.NewFieldElement(12730115352516859625), field.NewFieldElement(7184752625986384624)},
{field.NewFieldElement(11668345947294231238), field.NewFieldElement(16115042113565080691)},
{field.NewFieldElement(14062084624592649794), field.NewFieldElement(2756332865729973692)},
{field.NewFieldElement(3748768277402965633), field.NewFieldElement(16866814743891506413)},
{field.NewFieldElement(10432481590948249422), field.NewFieldElement(16082227217718892532)},
{field.NewFieldElement(491495918184990934), field.NewFieldElement(6356796615401236136)},
{field.NewFieldElement(17901902629808882123), field.NewFieldElement(13514738065473981771)},
{field.NewFieldElement(12660442011781098101), field.NewFieldElement(6869178288883388452)},
{field.NewFieldElement(4393627135520874514), field.NewFieldElement(18356603129965580261)},
{field.NewFieldElement(677707009508889751), field.NewFieldElement(12680875774839515608)},
{field.NewFieldElement(10378933644525583340), field.NewFieldElement(13309450528739048419)},
{field.NewFieldElement(17340442394158194152), field.NewFieldElement(2264038306172498436)},
{field.NewFieldElement(3370239755875426470), field.NewFieldElement(16608802578078035004)},
{field.NewFieldElement(10934853199725686361), field.NewFieldElement(16013313141655891901)},
{field.NewFieldElement(13594205540632772459), field.NewFieldElement(2004743885124905326)},
{field.NewFieldElement(2746704624744404227), field.NewFieldElement(16776409524391586509)},
{field.NewFieldElement(3958873682280414366), field.NewFieldElement(1600073271711289868)},
{field.NewFieldElement(2428249869256780385), field.NewFieldElement(4540186883415041033)},
{field.NewFieldElement(11471613891518396403), field.NewFieldElement(12378090703999608437)},
{field.NewFieldElement(2473054093631985558), field.NewFieldElement(6016173170699559864)},
{field.NewFieldElement(5753078745189531749), field.NewFieldElement(7917608537613216175)},
{field.NewFieldElement(8855440271433298214), field.NewFieldElement(16093723431433530090)},
{field.NewFieldElement(18386320557740714138), field.NewFieldElement(8240697133069742104)},
{field.NewFieldElement(15199992048380262587), field.NewFieldElement(2301519535136472331)},
{field.NewFieldElement(5102771513133979026), field.NewFieldElement(12570336536575987923)},
}
var publicInputsHash = poseidon.Hash{field.ZERO_F, field.ZERO_F, field.ZERO_F, field.ZERO_F}
var publicInputGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(10289971018233574142), field.NewFieldElement(4567684908222573778)},
{field.NewFieldElement(11564178579868812087), field.NewFieldElement(4510091545046358953)},
{field.NewFieldElement(2427374067806073277), field.NewFieldElement(6911441533263492425)},
{field.NewFieldElement(7693977127287585254), field.NewFieldElement(9885192257977663560)},
}
// BaseSumGate { num_limbs: 63 }), (Base: 2)
var baseSumGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(11424008506420489027), field.NewFieldElement(2915141729320103909)},
{field.NewFieldElement(990850510351998129), field.NewFieldElement(10775195787959069600)},
{field.NewFieldElement(6614688617813304624), field.NewFieldElement(11090441606706959264)},
{field.NewFieldElement(17750388994193092499), field.NewFieldElement(9822716613211085052)},
{field.NewFieldElement(15668686535963465292), field.NewFieldElement(5860790519230132950)},
{field.NewFieldElement(9301693563861638036), field.NewFieldElement(5759072521542705927)},
{field.NewFieldElement(1463677617048504116), field.NewFieldElement(657088188145156737)},
{field.NewFieldElement(11221326157331101168), field.NewFieldElement(3258353713560294154)},
{field.NewFieldElement(6298170343528505052), field.NewFieldElement(1515404430931450244)},
{field.NewFieldElement(10609142393996097059), field.NewFieldElement(5676353771077187085)},
{field.NewFieldElement(15377741222281320), field.NewFieldElement(17210062473996670458)},
{field.NewFieldElement(16623098697475668629), field.NewFieldElement(16010660943931470875)},
{field.NewFieldElement(13742463434921610007), field.NewFieldElement(11069510319782271171)},
{field.NewFieldElement(14872905802739821087), field.NewFieldElement(16577474870939262513)},
{field.NewFieldElement(15699671366929256655), field.NewFieldElement(15598194197245819873)},
{field.NewFieldElement(10679123900573339697), field.NewFieldElement(10228522398312889861)},
{field.NewFieldElement(8872281223292031801), field.NewFieldElement(1329834573379055460)},
{field.NewFieldElement(2535224613123191755), field.NewFieldElement(12786291812393663221)},
{field.NewFieldElement(17788228910394641125), field.NewFieldElement(5545904820430114370)},
{field.NewFieldElement(10489817294122939391), field.NewFieldElement(14636352222428121923)},
{field.NewFieldElement(10852238020744398528), field.NewFieldElement(2312796082809010853)},
{field.NewFieldElement(5067875522341132442), field.NewFieldElement(2107737958122288286)},
{field.NewFieldElement(17283146688878926257), field.NewFieldElement(8456549639899437925)},
{field.NewFieldElement(10637171512256553781), field.NewFieldElement(6390530901963054085)},
{field.NewFieldElement(7586090218847390134), field.NewFieldElement(13687926314033375459)},
{field.NewFieldElement(9523662200490053374), field.NewFieldElement(13361040406642218763)},
{field.NewFieldElement(634822311162237689), field.NewFieldElement(9630483174624222223)},
{field.NewFieldElement(15242934013445465604), field.NewFieldElement(1135488709061427932)},
{field.NewFieldElement(10311174951052257420), field.NewFieldElement(524968500387403585)},
{field.NewFieldElement(6646751050961926593), field.NewFieldElement(8684017064299024213)},
{field.NewFieldElement(16629184374162391253), field.NewFieldElement(13745216788879851113)},
{field.NewFieldElement(15725765914323741961), field.NewFieldElement(4607182206571650287)},
{field.NewFieldElement(4905637093691966606), field.NewFieldElement(218562275165442331)},
{field.NewFieldElement(15526612325511973871), field.NewFieldElement(5770955229659050735)},
{field.NewFieldElement(9591223869277908917), field.NewFieldElement(1518900007157334701)},
{field.NewFieldElement(14713177841944866109), field.NewFieldElement(16661134545564989407)},
{field.NewFieldElement(4236602876840371235), field.NewFieldElement(12185730046300426061)},
{field.NewFieldElement(14844502873470690827), field.NewFieldElement(5567680392033564858)},
{field.NewFieldElement(5550472614893629959), field.NewFieldElement(17955875404530787722)},
{field.NewFieldElement(9965647340229188622), field.NewFieldElement(12067752288619191155)},
{field.NewFieldElement(15624184226617424434), field.NewFieldElement(13522086059807517857)},
{field.NewFieldElement(6001948917737119729), field.NewFieldElement(10555349705067997421)},
{field.NewFieldElement(7967852853408273634), field.NewFieldElement(16393445105337145265)},
{field.NewFieldElement(13601491066758079307), field.NewFieldElement(11390709918813075818)},
{field.NewFieldElement(5704706916270196865), field.NewFieldElement(17007264058732032659)},
{field.NewFieldElement(18354610167186324196), field.NewFieldElement(16917152819910011122)},
{field.NewFieldElement(6026824824087688959), field.NewFieldElement(11547555659280958524)},
{field.NewFieldElement(15645938871784252821), field.NewFieldElement(12381341093764170444)},
{field.NewFieldElement(1202470274460413029), field.NewFieldElement(3583599940021118482)},
{field.NewFieldElement(5248479930891455774), field.NewFieldElement(2393692482194449448)},
{field.NewFieldElement(13386434971986911647), field.NewFieldElement(12326376082602154018)},
{field.NewFieldElement(11327299405009394635), field.NewFieldElement(7538844592867989882)},
{field.NewFieldElement(7984839537656677309), field.NewFieldElement(6441274039505923023)},
{field.NewFieldElement(3942932013374375924), field.NewFieldElement(6548354659360045418)},
{field.NewFieldElement(10139699962065730425), field.NewFieldElement(16908585391181627242)},
{field.NewFieldElement(18094104343668325187), field.NewFieldElement(8370083050741645827)},
{field.NewFieldElement(12131340922292526267), field.NewFieldElement(17299488555769517106)},
{field.NewFieldElement(11470330746430670818), field.NewFieldElement(15960507373360402879)},
{field.NewFieldElement(386512699105836065), field.NewFieldElement(8986007306829996238)},
{field.NewFieldElement(1834598616243509000), field.NewFieldElement(14626792908408543748)},
{field.NewFieldElement(17890037858181404101), field.NewFieldElement(17018218424290394313)},
{field.NewFieldElement(11758664078194540174), field.NewFieldElement(16603941107284246147)},
{field.NewFieldElement(14022184733842887279), field.NewFieldElement(13741139908708752348)},
{field.NewFieldElement(4836630213324422487), field.NewFieldElement(222498232493222193)},
}
// ArithmeticGate { num_ops: 20 }
var arithmeticGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(12119614175182896132), field.NewFieldElement(9100747776469133669)},
{field.NewFieldElement(1435113994507051493), field.NewFieldElement(16937897191584383857)},
{field.NewFieldElement(51616472710099652), field.NewFieldElement(4146295929435411488)},
{field.NewFieldElement(92237181388579392), field.NewFieldElement(12824787281527009080)},
{field.NewFieldElement(11063958613047368831), field.NewFieldElement(516751095582253219)},
{field.NewFieldElement(8881502495740733965), field.NewFieldElement(5405782271334426100)},
{field.NewFieldElement(9646745645960524278), field.NewFieldElement(6323317609176095073)},
{field.NewFieldElement(10334354202446659881), field.NewFieldElement(17865166204439996809)},
{field.NewFieldElement(9511789862027881130), field.NewFieldElement(17897392861017078901)},
{field.NewFieldElement(4686618214331097217), field.NewFieldElement(7102232698145277151)},
{field.NewFieldElement(5140381642477065044), field.NewFieldElement(15554316144351441473)},
{field.NewFieldElement(14252043934312871974), field.NewFieldElement(1198292921407928539)},
{field.NewFieldElement(13289413398237564138), field.NewFieldElement(15704998539419457452)},
{field.NewFieldElement(4800979510155331538), field.NewFieldElement(14057404157182035427)},
{field.NewFieldElement(17908028924715246889), field.NewFieldElement(8716376706845369224)},
{field.NewFieldElement(3226678693544038862), field.NewFieldElement(5577680088492344738)},
{field.NewFieldElement(10987852156126930017), field.NewFieldElement(16323667584216755558)},
{field.NewFieldElement(5135981108938961064), field.NewFieldElement(6684115991562770960)},
{field.NewFieldElement(8519638889718596339), field.NewFieldElement(7662028578892995756)},
{field.NewFieldElement(7747323897933750795), field.NewFieldElement(6872730347313691927)},
}
// RandomAccessGate { bits: 4, num_copies: 4, num_extra_constants: 2, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>
var randomAccessGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(2891299230460455680), field.NewFieldElement(12638923114586787038)},
{field.NewFieldElement(10369791235277272383), field.NewFieldElement(11178254747952182382)},
{field.NewFieldElement(2609100974341658152), field.NewFieldElement(7141157629969452340)},
{field.NewFieldElement(10885639242129231953), field.NewFieldElement(10224819739496777877)},
{field.NewFieldElement(15486139493712450489), field.NewFieldElement(17924944477102802615)},
{field.NewFieldElement(5969758517166950176), field.NewFieldElement(4139464862931677318)},
{field.NewFieldElement(7251510967440451429), field.NewFieldElement(11634060506931912043)},
{field.NewFieldElement(581371472896562405), field.NewFieldElement(1340263685452848185)},
{field.NewFieldElement(11876289968532354241), field.NewFieldElement(39606365246086104)},
{field.NewFieldElement(17037991399414168046), field.NewFieldElement(9356315359108087151)},
{field.NewFieldElement(13506822543872334969), field.NewFieldElement(14166594210473057923)},
{field.NewFieldElement(530968584207084639), field.NewFieldElement(12346975065647187607)},
{field.NewFieldElement(8780439534301283756), field.NewFieldElement(14250307971393105395)},
{field.NewFieldElement(5955166439403627952), field.NewFieldElement(427818832806268253)},
{field.NewFieldElement(10383473532295208089), field.NewFieldElement(10834018170496866410)},
{field.NewFieldElement(17770159895239813531), field.NewFieldElement(3803908573438301448)},
{field.NewFieldElement(5230956285821863871), field.NewFieldElement(13187949446452303832)},
{field.NewFieldElement(4082775007574051589), field.NewFieldElement(17608951079871259588)},
{field.NewFieldElement(15832332042406144153), field.NewFieldElement(9112933169473505864)},
{field.NewFieldElement(17289713569232165217), field.NewFieldElement(764355564171754371)},
{field.NewFieldElement(11875388597093781742), field.NewFieldElement(17390337221018798452)},
{field.NewFieldElement(14723779398624676305), field.NewFieldElement(4351422752569601515)},
{field.NewFieldElement(7898206414568399642), field.NewFieldElement(3781389637016766144)},
{field.NewFieldElement(10959059343195760030), field.NewFieldElement(17524903422154932359)},
{field.NewFieldElement(7305896571823662942), field.NewFieldElement(12962835460398538761)},
{field.NewFieldElement(5653738395766265725), field.NewFieldElement(8097455003461687478)},
}
// PoseidonGate(PhantomData<plonky2_field::goldilocks_field::GoldilocksField>)<WIDTH=12>
var poseidonGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(7586090218847390134), field.NewFieldElement(13687926314033375459)},
{field.NewFieldElement(10774680496478357997), field.NewFieldElement(14419929234728022600)},
{field.NewFieldElement(983485807903636414), field.NewFieldElement(3028876395437704592)},
{field.NewFieldElement(5873163034459252869), field.NewFieldElement(11720300428168955402)},
{field.NewFieldElement(16261775977438390033), field.NewFieldElement(15598817592005081227)},
{field.NewFieldElement(3308439339359285309), field.NewFieldElement(16350160944703138332)},
{field.NewFieldElement(2477915029208949035), field.NewFieldElement(10909058342937234971)},
{field.NewFieldElement(2006101431747008114), field.NewFieldElement(1317396811566929515)},
{field.NewFieldElement(5743380333218483835), field.NewFieldElement(9864892326580372485)},
{field.NewFieldElement(4343047746155696133), field.NewFieldElement(2452956674303649004)},
{field.NewFieldElement(18237771591472199486), field.NewFieldElement(9201720967486340889)},
{field.NewFieldElement(7997743545022954538), field.NewFieldElement(5790905224346459337)},
{field.NewFieldElement(7270313259765139533), field.NewFieldElement(13664497978956485388)},
{field.NewFieldElement(11627392666242516567), field.NewFieldElement(6707531853885096654)},
{field.NewFieldElement(14108041676779390728), field.NewFieldElement(13890317640467961363)},
{field.NewFieldElement(10461937206408578346), field.NewFieldElement(16929842020525911045)},
{field.NewFieldElement(14163490001894639417), field.NewFieldElement(6486250350832733344)},
{field.NewFieldElement(6025822272051423893), field.NewFieldElement(6875599327185319749)},
{field.NewFieldElement(11800406778761598568), field.NewFieldElement(13445736562420900345)},
{field.NewFieldElement(8721632296347252438), field.NewFieldElement(15861696011210243831)},
{field.NewFieldElement(13862698645551446166), field.NewFieldElement(10895802231885823011)},
{field.NewFieldElement(9467131299943023152), field.NewFieldElement(508610840287781764)},
{field.NewFieldElement(10369576299876905473), field.NewFieldElement(1319089684709412204)},
{field.NewFieldElement(17202741125808968481), field.NewFieldElement(4132975454251812345)},
{field.NewFieldElement(4939406044782203142), field.NewFieldElement(18100435685377738067)},
{field.NewFieldElement(2662601992953696766), field.NewFieldElement(5356898997486457355)},
{field.NewFieldElement(12240740991568526347), field.NewFieldElement(14183052793978601368)},
{field.NewFieldElement(17267799754824241908), field.NewFieldElement(15067892579134674951)},
{field.NewFieldElement(3885637219153712510), field.NewFieldElement(2045928245539296545)},
{field.NewFieldElement(7614199998298216925), field.NewFieldElement(13135807303144108264)},
{field.NewFieldElement(12232208765790877245), field.NewFieldElement(6790391920585566719)},
{field.NewFieldElement(14027621788671850076), field.NewFieldElement(8244116705079721069)},
{field.NewFieldElement(18361849947075265980), field.NewFieldElement(636640170174188211)},
{field.NewFieldElement(15400723839777269850), field.NewFieldElement(7187627113110641974)},
{field.NewFieldElement(11208418886499216060), field.NewFieldElement(1068905181682993370)},
{field.NewFieldElement(8741978871712571992), field.NewFieldElement(11893984108008599655)},
{field.NewFieldElement(5904231306484990036), field.NewFieldElement(10974042651195177783)},
{field.NewFieldElement(12306264278608747297), field.NewFieldElement(6054935933756948006)},
{field.NewFieldElement(4439661353730067518), field.NewFieldElement(13536513851562309841)},
{field.NewFieldElement(13020734370698999772), field.NewFieldElement(163773705062531020)},
{field.NewFieldElement(10365756846699668634), field.NewFieldElement(5245413619357449)},
{field.NewFieldElement(15929862436085820709), field.NewFieldElement(10957910821863876318)},
{field.NewFieldElement(977018799724983158), field.NewFieldElement(15040949766668867994)},
{field.NewFieldElement(2993125862244950582), field.NewFieldElement(13234404554976574543)},
{field.NewFieldElement(14122201262568632993), field.NewFieldElement(93763383340088526)},
{field.NewFieldElement(8975477202804925208), field.NewFieldElement(1040893022864763499)},
{field.NewFieldElement(7725813871064262870), field.NewFieldElement(14455479145922718826)},
{field.NewFieldElement(1073062170185630790), field.NewFieldElement(16407856079088655345)},
{field.NewFieldElement(17737117878818849535), field.NewFieldElement(1900599912944642061)},
{field.NewFieldElement(12256168642879070567), field.NewFieldElement(8539769760609459864)},
{field.NewFieldElement(15141228232285134803), field.NewFieldElement(897120225935075003)},
{field.NewFieldElement(3388596123376728329), field.NewFieldElement(5128230734992475590)},
{field.NewFieldElement(8733319491992764673), field.NewFieldElement(1928863683866117576)},
{field.NewFieldElement(5203485787146767490), field.NewFieldElement(12954094447445057610)},
{field.NewFieldElement(5201734155949618873), field.NewFieldElement(3995115267673262244)},
{field.NewFieldElement(8666839426855174616), field.NewFieldElement(3659748522909014185)},
{field.NewFieldElement(9240426493517714121), field.NewFieldElement(12895319645103780590)},
{field.NewFieldElement(10104523192405168095), field.NewFieldElement(8335084014759232790)},
{field.NewFieldElement(12471660706832322357), field.NewFieldElement(16692471091408210242)},
{field.NewFieldElement(7713567301004647325), field.NewFieldElement(2346765742178693341)},
{field.NewFieldElement(5087966313974874861), field.NewFieldElement(17995538175842083522)},
{field.NewFieldElement(1103485120645095922), field.NewFieldElement(17358959631107792889)},
{field.NewFieldElement(16443030134912318512), field.NewFieldElement(4694929981527462915)},
{field.NewFieldElement(5229836547906072694), field.NewFieldElement(10529861755371621018)},
{field.NewFieldElement(17706463046886551260), field.NewFieldElement(7014625543777947259)},
{field.NewFieldElement(17494246083650429806), field.NewFieldElement(10059232320812188522)},
{field.NewFieldElement(6009623857477500128), field.NewFieldElement(9041821915077023327)},
{field.NewFieldElement(15414837134646072506), field.NewFieldElement(17735866267331281406)},
{field.NewFieldElement(9582418254228040565), field.NewFieldElement(9475780400052940525)},
{field.NewFieldElement(3850010214259020229), field.NewFieldElement(2344916032711572881)},
{field.NewFieldElement(3276478492985700631), field.NewFieldElement(9347511148183965796)},
{field.NewFieldElement(4260955157349956538), field.NewFieldElement(3737557221553060525)},
{field.NewFieldElement(1814028760671441115), field.NewFieldElement(1709540851509897224)},
{field.NewFieldElement(304220870213251471), field.NewFieldElement(18339319635968408171)},
{field.NewFieldElement(6309601903165399081), field.NewFieldElement(4611660338915358676)},
{field.NewFieldElement(5440836432197140901), field.NewFieldElement(835184832962669050)},
{field.NewFieldElement(4132483007111889331), field.NewFieldElement(17679464861654166329)},
{field.NewFieldElement(12071698679631585615), field.NewFieldElement(3526806430507304767)},
{field.NewFieldElement(16570124099871162516), field.NewFieldElement(16394949299416922104)},
{field.NewFieldElement(11779301434103087470), field.NewFieldElement(9928702854994401626)},
{field.NewFieldElement(486097273023099818), field.NewFieldElement(1666631222233964241)},
{field.NewFieldElement(13426511095962901265), field.NewFieldElement(16977352762229561063)},
{field.NewFieldElement(7848259968166982335), field.NewFieldElement(8923641610835432771)},
{field.NewFieldElement(6717523783985825261), field.NewFieldElement(8442698012198213832)},
{field.NewFieldElement(16551829854897630528), field.NewFieldElement(1207332518477764340)},
{field.NewFieldElement(9552262459546034571), field.NewFieldElement(4701791517562735608)},
{field.NewFieldElement(6527201331407091692), field.NewFieldElement(10762913938781033944)},
{field.NewFieldElement(11212416663128404375), field.NewFieldElement(6847749339754298086)},
{field.NewFieldElement(10791247438031342492), field.NewFieldElement(3448715099533950037)},
{field.NewFieldElement(1719220253088662156), field.NewFieldElement(15702968714187742357)},
{field.NewFieldElement(14008817631758138024), field.NewFieldElement(17297897981954620228)},
{field.NewFieldElement(7768014097976613936), field.NewFieldElement(15806402621409309279)},
{field.NewFieldElement(3886721256453659755), field.NewFieldElement(16395869594056206627)},
{field.NewFieldElement(13997073954856864246), field.NewFieldElement(1233051863712529371)},
{field.NewFieldElement(11334349192463912274), field.NewFieldElement(5454820034730801470)},
{field.NewFieldElement(7648426950649263998), field.NewFieldElement(9412547620105462810)},
{field.NewFieldElement(2869115266070242006), field.NewFieldElement(9873001547032180059)},
{field.NewFieldElement(11864269740491424738), field.NewFieldElement(3771973823544233765)},
{field.NewFieldElement(9374340554044631499), field.NewFieldElement(11414175937704649426)},
{field.NewFieldElement(8970748854700874383), field.NewFieldElement(2703579039677419011)},
{field.NewFieldElement(3743841601176432106), field.NewFieldElement(11043980835019875782)},
{field.NewFieldElement(1654705359096618107), field.NewFieldElement(4374088811382131752)},
{field.NewFieldElement(10209435051454821145), field.NewFieldElement(4087979231575661143)},
{field.NewFieldElement(9566392584670645438), field.NewFieldElement(5102479111558561813)},
{field.NewFieldElement(4542214823227660682), field.NewFieldElement(16447152846983873546)},
{field.NewFieldElement(3619667706484141693), field.NewFieldElement(3976495805371636999)},
{field.NewFieldElement(14677559952589127978), field.NewFieldElement(1506330427474903904)},
{field.NewFieldElement(9618330319963013853), field.NewFieldElement(7774314641304317232)},
{field.NewFieldElement(15136595569611237026), field.NewFieldElement(6241976546079100101)},
{field.NewFieldElement(6190131967820348937), field.NewFieldElement(8898314655028146727)},
{field.NewFieldElement(10664902807329902141), field.NewFieldElement(399679411582475270)},
{field.NewFieldElement(4620231951016842028), field.NewFieldElement(14227502135369964656)},
{field.NewFieldElement(14442830168084065060), field.NewFieldElement(18194643570654368962)},
{field.NewFieldElement(6026772169794354979), field.NewFieldElement(15538586941211648185)},
{field.NewFieldElement(3305763071851691617), field.NewFieldElement(7414963068017211970)},
{field.NewFieldElement(2348819716102409971), field.NewFieldElement(3414253607649082297)},
{field.NewFieldElement(5561613987159516190), field.NewFieldElement(18108137586585031915)},
{field.NewFieldElement(11622858756456645517), field.NewFieldElement(5481788959889711288)},
{field.NewFieldElement(14329441999576805903), field.NewFieldElement(7316385947805485474)},
{field.NewFieldElement(6619906970666076294), field.NewFieldElement(11606453814479815487)},
{field.NewFieldElement(273184393202580706), field.NewFieldElement(15538333835729971074)},
{field.NewFieldElement(16891566794426605557), field.NewFieldElement(432853148035369520)},
{field.NewFieldElement(3134481789780853760), field.NewFieldElement(10023938129020275945)},
}
var reducingExtensionGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(12512260201049243975), field.NewFieldElement(5104620179714279781)},
{field.NewFieldElement(13013016297591764071), field.NewFieldElement(3905565448987160512)},
{field.NewFieldElement(18168316387479509651), field.NewFieldElement(15285510648877030958)},
{field.NewFieldElement(2704136035168106924), field.NewFieldElement(17701154289967205509)},
{field.NewFieldElement(6350634844525158810), field.NewFieldElement(6841530668953763541)},
{field.NewFieldElement(14558428225759052231), field.NewFieldElement(6228114011555775975)},
{field.NewFieldElement(11984059988070020226), field.NewFieldElement(6404501976404464308)},
{field.NewFieldElement(7499833675686066082), field.NewFieldElement(13203954482927844021)},
{field.NewFieldElement(53729277296365862), field.NewFieldElement(11604944835579274791)},
{field.NewFieldElement(649276793194856338), field.NewFieldElement(15769159485820654298)},
{field.NewFieldElement(7220059241713171194), field.NewFieldElement(7593947467996717503)},
{field.NewFieldElement(11725388872832717991), field.NewFieldElement(2472966042937251891)},
{field.NewFieldElement(17103067711705259268), field.NewFieldElement(12741737218458998807)},
{field.NewFieldElement(2053029714235535081), field.NewFieldElement(5621084618445985853)},
{field.NewFieldElement(394074652594148954), field.NewFieldElement(14480160107167739683)},
{field.NewFieldElement(16319639492172307693), field.NewFieldElement(18262596047016856354)},
{field.NewFieldElement(7349401242823131130), field.NewFieldElement(16637643780538375248)},
{field.NewFieldElement(2968776512542894745), field.NewFieldElement(7967382686110631950)},
{field.NewFieldElement(4131567287142440211), field.NewFieldElement(16488573781037653146)},
{field.NewFieldElement(3210618110340609396), field.NewFieldElement(15575562053796139855)},
{field.NewFieldElement(866179987510198517), field.NewFieldElement(1621207644178469397)},
{field.NewFieldElement(13787839347867512750), field.NewFieldElement(5082451965770365331)},
{field.NewFieldElement(16727747831341625951), field.NewFieldElement(17003066965000183599)},
{field.NewFieldElement(5844378810576570680), field.NewFieldElement(7917389141334353441)},
{field.NewFieldElement(2806785896842529320), field.NewFieldElement(2418902247526900913)},
{field.NewFieldElement(16911660151499877134), field.NewFieldElement(12021165187528883860)},
{field.NewFieldElement(17281860563566587308), field.NewFieldElement(907492056629373413)},
{field.NewFieldElement(2149753706739034128), field.NewFieldElement(12371022473774589200)},
{field.NewFieldElement(7841056796552151745), field.NewFieldElement(3143088841967149638)},
{field.NewFieldElement(11915031067231681577), field.NewFieldElement(18108223564563708813)},
{field.NewFieldElement(2094314575212662773), field.NewFieldElement(188561272841399737)},
{field.NewFieldElement(16712479120741377751), field.NewFieldElement(13153292267876520211)},
{field.NewFieldElement(11528911604171979726), field.NewFieldElement(889050185568489714)},
{field.NewFieldElement(13117878881472895975), field.NewFieldElement(2608864599443833112)},
{field.NewFieldElement(310976139454954605), field.NewFieldElement(271726012479588385)},
{field.NewFieldElement(4724981023605656141), field.NewFieldElement(7786903198345013664)},
{field.NewFieldElement(7358470379588594806), field.NewFieldElement(5500290420069122896)},
{field.NewFieldElement(11249736961064437940), field.NewFieldElement(7500992311029866319)},
{field.NewFieldElement(16247982877846154545), field.NewFieldElement(18437922661172982146)},
{field.NewFieldElement(14828806288276948771), field.NewFieldElement(161861918745757497)},
{field.NewFieldElement(12207866405175784678), field.NewFieldElement(17882395070256177480)},
{field.NewFieldElement(1862300191557939305), field.NewFieldElement(12946149812989300425)},
{field.NewFieldElement(113183958399514852), field.NewFieldElement(6003153612730483196)},
{field.NewFieldElement(17112839880895845290), field.NewFieldElement(3628345828628316007)},
{field.NewFieldElement(8779978792406228661), field.NewFieldElement(11992923889396921201)},
{field.NewFieldElement(6179077038148294340), field.NewFieldElement(11713998999910876710)},
{field.NewFieldElement(13454002959297605186), field.NewFieldElement(2204743745696912515)},
{field.NewFieldElement(15623020893752344305), field.NewFieldElement(13749522681861530980)},
{field.NewFieldElement(6206230970377487041), field.NewFieldElement(16389331421791613953)},
{field.NewFieldElement(2425462828014799977), field.NewFieldElement(1558769431852532736)},
{field.NewFieldElement(2327926263345738065), field.NewFieldElement(8779034796068602190)},
{field.NewFieldElement(14563770135458078041), field.NewFieldElement(6494115966350812505)},
{field.NewFieldElement(8082502921781233722), field.NewFieldElement(7935499582140944140)},
{field.NewFieldElement(14539277379887693704), field.NewFieldElement(5161629331161118775)},
{field.NewFieldElement(13736527598285458228), field.NewFieldElement(7309962536813433388)},
{field.NewFieldElement(13933813405709515396), field.NewFieldElement(17798686485131016236)},
{field.NewFieldElement(8897530535975229493), field.NewFieldElement(14404791097089986313)},
{field.NewFieldElement(18088311324021484864), field.NewFieldElement(11991882587468162630)},
{field.NewFieldElement(8956488301372897339), field.NewFieldElement(8045253716620738816)},
{field.NewFieldElement(16016384501418916541), field.NewFieldElement(3181272893128323084)},
{field.NewFieldElement(2517080075900745791), field.NewFieldElement(18241855168616334247)},
{field.NewFieldElement(17868385271737172979), field.NewFieldElement(3149251797904840387)},
{field.NewFieldElement(16240211689398081741), field.NewFieldElement(12595579002758809850)},
{field.NewFieldElement(15129425055871583477), field.NewFieldElement(16556688233744925655)},
{field.NewFieldElement(12118068802024437752), field.NewFieldElement(1415394251822514067)},
{field.NewFieldElement(9998982344935417389), field.NewFieldElement(1388414311221312252)},
}
// ReducingGate { num_coeffs: 44 }
var reducingGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(2762695979854660261), field.NewFieldElement(6188975775006680731)},
{field.NewFieldElement(1791331417935738626), field.NewFieldElement(17085037714198081810)},
{field.NewFieldElement(2937679508710033736), field.NewFieldElement(5129621779087684534)},
{field.NewFieldElement(481168721643876637), field.NewFieldElement(7141872137498120988)},
{field.NewFieldElement(17254181100047942156), field.NewFieldElement(17775174281554210440)},
{field.NewFieldElement(5198890470471443302), field.NewFieldElement(14888425516661975457)},
{field.NewFieldElement(13028786198899252632), field.NewFieldElement(10937447292538980197)},
{field.NewFieldElement(2265158031754703100), field.NewFieldElement(12577502307628934155)},
{field.NewFieldElement(15551968276096003032), field.NewFieldElement(15292448269321193280)},
{field.NewFieldElement(17365969756658867370), field.NewFieldElement(17369305944822545977)},
{field.NewFieldElement(7080686817257839256), field.NewFieldElement(593963095520237279)},
{field.NewFieldElement(9676311908112124362), field.NewFieldElement(15674622921902422959)},
{field.NewFieldElement(11251136116732324348), field.NewFieldElement(18440217803596221468)},
{field.NewFieldElement(3735056268905622852), field.NewFieldElement(13863980656029437128)},
{field.NewFieldElement(8027041826265159623), field.NewFieldElement(11754189465873578671)},
{field.NewFieldElement(17583392801264300641), field.NewFieldElement(6466906893845676112)},
{field.NewFieldElement(10453982665201242303), field.NewFieldElement(10957427537661178463)},
{field.NewFieldElement(8008073576872573103), field.NewFieldElement(15936946455243860971)},
{field.NewFieldElement(10779255795330506743), field.NewFieldElement(1425676337306283564)},
{field.NewFieldElement(13500038741878953694), field.NewFieldElement(5693690628820948906)},
{field.NewFieldElement(6987584139748553407), field.NewFieldElement(4433192799815624764)},
{field.NewFieldElement(3618013197373611562), field.NewFieldElement(15641412670596115335)},
{field.NewFieldElement(4523765518023087797), field.NewFieldElement(5497960888090896635)},
{field.NewFieldElement(8750545727419259671), field.NewFieldElement(17422860419602722677)},
{field.NewFieldElement(17564615024878416866), field.NewFieldElement(16238022624102079273)},
{field.NewFieldElement(3740814195084876131), field.NewFieldElement(17474834584441312839)},
{field.NewFieldElement(2239459464265888484), field.NewFieldElement(8706775397593275819)},
{field.NewFieldElement(6491352471800031726), field.NewFieldElement(209451190673168977)},
{field.NewFieldElement(5778494879465125706), field.NewFieldElement(7142303398286289731)},
{field.NewFieldElement(7094902435091460736), field.NewFieldElement(17694563561889239395)},
{field.NewFieldElement(2647942785603144770), field.NewFieldElement(12183038555524816414)},
{field.NewFieldElement(15100729453671585276), field.NewFieldElement(8119652948094623285)},
{field.NewFieldElement(3441209666651626111), field.NewFieldElement(10072736477013237067)},
{field.NewFieldElement(2372663484566761092), field.NewFieldElement(594324049190490986)},
{field.NewFieldElement(4026947675295370811), field.NewFieldElement(1179770390904329138)},
{field.NewFieldElement(1595271198725095132), field.NewFieldElement(15771888513051752701)},
{field.NewFieldElement(15924194187528252748), field.NewFieldElement(6763066202850242722)},
{field.NewFieldElement(1445670890851930788), field.NewFieldElement(3792635664222385076)},
{field.NewFieldElement(12273956505460180574), field.NewFieldElement(2686688969956106705)},
{field.NewFieldElement(11658870742027189182), field.NewFieldElement(12329880551401953731)},
{field.NewFieldElement(3044295792231373345), field.NewFieldElement(17852841657875251990)},
{field.NewFieldElement(89567881331820860), field.NewFieldElement(15259944608836914642)},
{field.NewFieldElement(358286967559220432), field.NewFieldElement(4492752479771433484)},
{field.NewFieldElement(14577916428537408584), field.NewFieldElement(13741732911292090813)},
{field.NewFieldElement(16727747831341625951), field.NewFieldElement(17003066965000183599)},
{field.NewFieldElement(9070359631236984957), field.NewFieldElement(6062623613509003067)},
{field.NewFieldElement(2410743624398118478), field.NewFieldElement(13772226839431038397)},
{field.NewFieldElement(11807638155649559084), field.NewFieldElement(1137111487688533470)},
{field.NewFieldElement(64491941894197002), field.NewFieldElement(5868353091743239378)},
{field.NewFieldElement(11301275742904392411), field.NewFieldElement(16283949803466884532)},
{field.NewFieldElement(9890416519568149104), field.NewFieldElement(8227793073753762383)},
{field.NewFieldElement(14951282035757983160), field.NewFieldElement(9077678991191664958)},
{field.NewFieldElement(5033664288544688549), field.NewFieldElement(9192774674510226248)},
{field.NewFieldElement(11933408140918977315), field.NewFieldElement(7749057899233101160)},
{field.NewFieldElement(9164812869909307746), field.NewFieldElement(1719896377847214041)},
{field.NewFieldElement(15224563238586628983), field.NewFieldElement(2588693305957079413)},
{field.NewFieldElement(1889812039818739618), field.NewFieldElement(4817606363423939521)},
{field.NewFieldElement(15609561908880497864), field.NewFieldElement(11885907317258609874)},
{field.NewFieldElement(6792442952488353934), field.NewFieldElement(15088298397252768139)},
{field.NewFieldElement(2651197118788035780), field.NewFieldElement(5089685590535462009)},
{field.NewFieldElement(11982358277830572398), field.NewFieldElement(15471174962798992515)},
{field.NewFieldElement(7639615465545578427), field.NewFieldElement(12644783892223098985)},
{field.NewFieldElement(11009184909998310074), field.NewFieldElement(17958525789123172556)},
{field.NewFieldElement(7777052961871412232), field.NewFieldElement(9786263008632335028)},
{field.NewFieldElement(13336166292448975341), field.NewFieldElement(15263885337654327510)},
{field.NewFieldElement(12764160635364533900), field.NewFieldElement(15411617803867471736)},
{field.NewFieldElement(17491426030593864841), field.NewFieldElement(2688540155718191896)},
{field.NewFieldElement(4278381039362706308), field.NewFieldElement(17571997178209012848)},
{field.NewFieldElement(12726900947926109267), field.NewFieldElement(1433345131505837369)},
{field.NewFieldElement(6334884250665613762), field.NewFieldElement(9617978266076057841)},
{field.NewFieldElement(17511031815464775451), field.NewFieldElement(12281753446186189470)},
{field.NewFieldElement(10718030381939087273), field.NewFieldElement(10785278464322784199)},
{field.NewFieldElement(6964802145991989973), field.NewFieldElement(5630451507536431311)},
{field.NewFieldElement(1610931441749714598), field.NewFieldElement(17306081287063918214)},
{field.NewFieldElement(12529885758752979710), field.NewFieldElement(12015226868538417544)},
{field.NewFieldElement(8212526954290021947), field.NewFieldElement(2604665677904480075)},
{field.NewFieldElement(836429499775217902), field.NewFieldElement(14951071826451735988)},
{field.NewFieldElement(4322887569225425418), field.NewFieldElement(1803870148496860526)},
{field.NewFieldElement(11933437515394389470), field.NewFieldElement(5432495301370703205)},
{field.NewFieldElement(15379632811901291758), field.NewFieldElement(16475440758252311235)},
{field.NewFieldElement(8378463548508566883), field.NewFieldElement(12576809460019959325)},
{field.NewFieldElement(6878478934798340017), field.NewFieldElement(16203041885409513004)},
{field.NewFieldElement(4704361120432029530), field.NewFieldElement(15619278597929334259)},
{field.NewFieldElement(11896486732715322997), field.NewFieldElement(13476483500406677625)},
{field.NewFieldElement(3818194554960853168), field.NewFieldElement(17483945143600046041)},
{field.NewFieldElement(16655838413972803560), field.NewFieldElement(7859620736875007555)},
{field.NewFieldElement(9466644546267012606), field.NewFieldElement(15636572488448679353)},
{field.NewFieldElement(7705051962598852604), field.NewFieldElement(17843247208046088041)},
}
// ArithmeticExtensionGate { num_ops: 10 }
var arithmeticExtensionGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(18152046378789398239), field.NewFieldElement(835198655627980634)},
{field.NewFieldElement(14941458349516937745), field.NewFieldElement(195899842055585620)},
{field.NewFieldElement(11444294347859626222), field.NewFieldElement(7618743177769594838)},
{field.NewFieldElement(6847392923782354441), field.NewFieldElement(3129968840755754688)},
{field.NewFieldElement(11707145384221145922), field.NewFieldElement(286105987739288036)},
{field.NewFieldElement(2582465953258947981), field.NewFieldElement(9032385332294381140)},
{field.NewFieldElement(13238521192691745149), field.NewFieldElement(9704746731861618809)},
{field.NewFieldElement(1830772271680123935), field.NewFieldElement(2037318884130759975)},
{field.NewFieldElement(5532751095564029866), field.NewFieldElement(11560707807043359130)},
{field.NewFieldElement(4749576916935014495), field.NewFieldElement(2144864975020203842)},
{field.NewFieldElement(18162899505828592791), field.NewFieldElement(13853020020051211390)},
{field.NewFieldElement(16196741394015376387), field.NewFieldElement(16087121152637055080)},
{field.NewFieldElement(15478783842112089677), field.NewFieldElement(8151788319455760610)},
{field.NewFieldElement(4962260057365923941), field.NewFieldElement(12155107209004037964)},
{field.NewFieldElement(18192514584072489162), field.NewFieldElement(2336293494478946065)},
{field.NewFieldElement(3747540982963754880), field.NewFieldElement(5650114101530259911)},
{field.NewFieldElement(17757207146926514655), field.NewFieldElement(13461601821205159205)},
{field.NewFieldElement(17921720474545785568), field.NewFieldElement(4718996085070502683)},
{field.NewFieldElement(4443998758263224376), field.NewFieldElement(13890461367328975727)},
{field.NewFieldElement(13990958094457190244), field.NewFieldElement(3783673559976842909)},
}
// MulExtensionGate { num_ops: 13 }
var mulExtensionGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(7181113876231745794), field.NewFieldElement(7868884260109104825)},
{field.NewFieldElement(14067639069854412134), field.NewFieldElement(2094238260641413106)},
{field.NewFieldElement(3160167686452082144), field.NewFieldElement(15508587061137009544)},
{field.NewFieldElement(2701966180261760724), field.NewFieldElement(49742798193009777)},
{field.NewFieldElement(16965594259972472645), field.NewFieldElement(15119035756932709035)},
{field.NewFieldElement(8587305003975146248), field.NewFieldElement(11788991692426475292)},
{field.NewFieldElement(13134841191650990099), field.NewFieldElement(12468857767882216027)},
{field.NewFieldElement(5079312787147663415), field.NewFieldElement(315076378722635206)},
{field.NewFieldElement(4656603487897834248), field.NewFieldElement(4455086801173740459)},
{field.NewFieldElement(3630077482584148572), field.NewFieldElement(3283664780554963370)},
{field.NewFieldElement(1781217475359761081), field.NewFieldElement(17627776820166298232)},
{field.NewFieldElement(5917159494270473360), field.NewFieldElement(6025450051539258087)},
{field.NewFieldElement(6450855110748081528), field.NewFieldElement(7446684637376438458)},
{field.NewFieldElement(8607810652222212781), field.NewFieldElement(7298919685405344815)},
{field.NewFieldElement(13906434081686233303), field.NewFieldElement(13101189135710264580)},
{field.NewFieldElement(6489826249831576523), field.NewFieldElement(11224737887667008267)},
{field.NewFieldElement(3580221348553931303), field.NewFieldElement(4662435202527050543)},
{field.NewFieldElement(7286527320055156837), field.NewFieldElement(15670292738296412147)},
{field.NewFieldElement(2095892346123668330), field.NewFieldElement(5572639395382198548)},
{field.NewFieldElement(11836511250144945185), field.NewFieldElement(6212767141717037414)},
{field.NewFieldElement(12781535798978127236), field.NewFieldElement(14467390350363203888)},
{field.NewFieldElement(2635017860820288214), field.NewFieldElement(6092079726747224779)},
{field.NewFieldElement(18057143820634196774), field.NewFieldElement(16137749920970128474)},
{field.NewFieldElement(16754543715625171524), field.NewFieldElement(15674433195919785024)},
{field.NewFieldElement(2135423350522303111), field.NewFieldElement(32407260862438164)},
{field.NewFieldElement(14956506296276270245), field.NewFieldElement(1145919757338314609)},
}
// ExponentiationGate { num_power_bits: 67, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>
var exponentiationGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(11917134172330913896), field.NewFieldElement(17387498340632768165)},
{field.NewFieldElement(1312379412936626785), field.NewFieldElement(8487972230502205858)},
{field.NewFieldElement(1034346392193469803), field.NewFieldElement(10387255969849204765)},
{field.NewFieldElement(8975374558919785259), field.NewFieldElement(8379061308496297909)},
{field.NewFieldElement(5137354887085653470), field.NewFieldElement(18342299770587131344)},
{field.NewFieldElement(11284168756796657450), field.NewFieldElement(13822895496426653701)},
{field.NewFieldElement(235168160386175185), field.NewFieldElement(17356178727442490793)},
{field.NewFieldElement(11012326969983488833), field.NewFieldElement(13315935561725076264)},
{field.NewFieldElement(11064160789252923988), field.NewFieldElement(243775009899162201)},
{field.NewFieldElement(17368303548433332975), field.NewFieldElement(15625080509274199608)},
{field.NewFieldElement(5849122830228985352), field.NewFieldElement(5103229940930953650)},
{field.NewFieldElement(14713362802405597126), field.NewFieldElement(8157398625845036781)},
{field.NewFieldElement(16495373179302807753), field.NewFieldElement(4597863041430416411)},
{field.NewFieldElement(3274329863393011112), field.NewFieldElement(8955190641874111502)},
{field.NewFieldElement(4704531612240997322), field.NewFieldElement(2253948388369651634)},
{field.NewFieldElement(13333514818352143222), field.NewFieldElement(4999457874559250243)},
{field.NewFieldElement(2284463506187861590), field.NewFieldElement(13765412523042072026)},
{field.NewFieldElement(16636340184626646426), field.NewFieldElement(3174763529046637372)},
{field.NewFieldElement(5336400619848923540), field.NewFieldElement(10513883740898299385)},
{field.NewFieldElement(14200134528033869480), field.NewFieldElement(11039588311485209657)},
{field.NewFieldElement(18377155443679293884), field.NewFieldElement(13521764320839726823)},
{field.NewFieldElement(242773453939591946), field.NewFieldElement(6326451192242543829)},
{field.NewFieldElement(1296949085249594883), field.NewFieldElement(7990211688523987915)},
{field.NewFieldElement(5510982641888481009), field.NewFieldElement(10552089306004766754)},
{field.NewFieldElement(10914255593671877946), field.NewFieldElement(18175495064507840841)},
{field.NewFieldElement(7575617967752753230), field.NewFieldElement(9665518441862148402)},
{field.NewFieldElement(14351249981525100362), field.NewFieldElement(5763278800672952095)},
{field.NewFieldElement(16319397571073742470), field.NewFieldElement(1318308384414985616)},
{field.NewFieldElement(12030088917335470405), field.NewFieldElement(6668172884819717021)},
{field.NewFieldElement(17509060699703766693), field.NewFieldElement(1489607021074587548)},
{field.NewFieldElement(1096695845774334385), field.NewFieldElement(6122861634465429123)},
{field.NewFieldElement(13460252757128783693), field.NewFieldElement(17777045084091738197)},
{field.NewFieldElement(14557885155010631641), field.NewFieldElement(4298885986874834349)},
{field.NewFieldElement(3635088766034344822), field.NewFieldElement(8827496887313967507)},
{field.NewFieldElement(6550916348715580989), field.NewFieldElement(4180030543088252998)},
{field.NewFieldElement(16051569484464055768), field.NewFieldElement(2121040925634405127)},
{field.NewFieldElement(1788913367411914907), field.NewFieldElement(10745316805250218547)},
{field.NewFieldElement(4832917661842853637), field.NewFieldElement(1148465658973892394)},
{field.NewFieldElement(9162757057100424164), field.NewFieldElement(7814738929773741429)},
{field.NewFieldElement(13840071942242698046), field.NewFieldElement(12500211120922811757)},
{field.NewFieldElement(10699948139249128560), field.NewFieldElement(4891144553679573560)},
{field.NewFieldElement(14602444997841482522), field.NewFieldElement(17017251371157941125)},
{field.NewFieldElement(586839629673374241), field.NewFieldElement(3363863469002405744)},
{field.NewFieldElement(9011045001648305113), field.NewFieldElement(7085187243048562102)},
{field.NewFieldElement(13032999395920684322), field.NewFieldElement(6189400872664562846)},
{field.NewFieldElement(8971070287177655421), field.NewFieldElement(12582676780734324056)},
{field.NewFieldElement(558400378011382278), field.NewFieldElement(6298195151594790629)},
{field.NewFieldElement(17192073729541567806), field.NewFieldElement(5497805500866221538)},
{field.NewFieldElement(5728605922884243514), field.NewFieldElement(18070340533610014206)},
{field.NewFieldElement(15473455953886985277), field.NewFieldElement(11635823818659992567)},
{field.NewFieldElement(7477545430207969908), field.NewFieldElement(2742755471302540300)},
{field.NewFieldElement(12407179232895419141), field.NewFieldElement(17302315821428133291)},
{field.NewFieldElement(12858531909631903407), field.NewFieldElement(14746185565916474858)},
{field.NewFieldElement(12872867896453911017), field.NewFieldElement(6563250576201773751)},
{field.NewFieldElement(3384183107205264844), field.NewFieldElement(11512795156033923138)},
{field.NewFieldElement(8430135350637925522), field.NewFieldElement(10199901650713033996)},
{field.NewFieldElement(11167364659650598214), field.NewFieldElement(447394121422751322)},
{field.NewFieldElement(4931438368828291722), field.NewFieldElement(16717867949669373753)},
{field.NewFieldElement(5151270559741115914), field.NewFieldElement(45949586886299827)},
{field.NewFieldElement(11159644559144981603), field.NewFieldElement(2120703503452727949)},
{field.NewFieldElement(8830601119784247875), field.NewFieldElement(8542262650554393830)},
{field.NewFieldElement(6142186624494698182), field.NewFieldElement(7120939306807396235)},
{field.NewFieldElement(11716893898091265261), field.NewFieldElement(4311673012489504666)},
{field.NewFieldElement(2133003157459487893), field.NewFieldElement(1909522153859214178)},
{field.NewFieldElement(427412581044646901), field.NewFieldElement(15454912207372224939)},
{field.NewFieldElement(1842301960762096227), field.NewFieldElement(12476329615991638721)},
{field.NewFieldElement(696538585954127499), field.NewFieldElement(2702122491633241201)},
{field.NewFieldElement(5755584054765687076), field.NewFieldElement(5430280214517080555)},
}
// CosetInterpolationGate { subgroup_bits: 4, degree: 6, barycentric_weights: [17293822565076172801, 18374686475376656385, 18446744069413535745, 281474976645120, 17592186044416, 18446744069414584577, 18446744000695107601, 18446744065119617025, 1152921504338411520, 72057594037927936, 18446744069415632897, 18446462594437939201, 18446726477228539905, 18446744069414584065, 68719476720, 4294967296], _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>
var cosetInterpolationGateExpectedConstraints = []field.QuadraticExtension{
{field.NewFieldElement(13782516617623808439), field.NewFieldElement(15116825128522139629)},
{field.NewFieldElement(10605488313706531843), field.NewFieldElement(16124703860676816956)},
{field.NewFieldElement(2725554495824998780), field.NewFieldElement(13477621298303015045)},
{field.NewFieldElement(2936187345854242438), field.NewFieldElement(5827982872566017395)},
{field.NewFieldElement(11223822863576777799), field.NewFieldElement(2143123911507599653)},
{field.NewFieldElement(4839015650475288776), field.NewFieldElement(745790217755162273)},
{field.NewFieldElement(2205634412980832213), field.NewFieldElement(15767892564871259137)},
{field.NewFieldElement(9091626478775122653), field.NewFieldElement(9730482292097571809)},
{field.NewFieldElement(10636787321971723634), field.NewFieldElement(14666593583448965088)},
{field.NewFieldElement(7179924177530514890), field.NewFieldElement(10610536358289043895)},
{field.NewFieldElement(15067680125330943902), field.NewFieldElement(17960901266185771082)},
{field.NewFieldElement(5184847499291037169), field.NewFieldElement(16061742535733361053)},
}
type TestGateCircuit struct {
testGate gates.Gate
expectedConstraints []field.QuadraticExtension
}
func (circuit *TestGateCircuit) Define(api frontend.API) error {
commonCircuitData := utils.DeserializeCommonCircuitData("../../data/recursive_step/common_circuit_data.json")
numSelectors := commonCircuitData.SelectorsInfo.NumSelectors()
fieldAPI := field.NewFieldAPI(api)
qeAPI := field.NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
vars := gates.NewEvaluationVars(localConstants[numSelectors:], localWires, publicInputsHash)
constraints := circuit.testGate.EvalUnfiltered(api, qeAPI, *vars)
if len(constraints) != len(circuit.expectedConstraints) {
return errors.New("gate constraints length mismatch")
}
for i := 0; i < len(constraints); i++ {
qeAPI.AssertIsEqual(constraints[i], circuit.expectedConstraints[i])
}
return nil
}
func TestGates(t *testing.T) {
assert := test.NewAssert(t)
testCase := func(testGate gates.Gate, expectedConstraints []field.QuadraticExtension) {
circuit := &TestGateCircuit{testGate: testGate, expectedConstraints: expectedConstraints}
witness := &TestGateCircuit{testGate: testGate, expectedConstraints: expectedConstraints}
err := test.IsSolved(circuit, witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
type gateTest struct {
testGate gates.Gate
expectedConstraints []field.QuadraticExtension
}
gateTests := []gateTest{
{gates.NewPublicInputGate(), publicInputGateExpectedConstraints},
{gates.NewArithmeticGate(20), arithmeticGateExpectedConstraints},
{gates.NewBaseSumGate(63, 2), baseSumGateExpectedConstraints},
{gates.NewRandomAccessGate(4, 4, 2), randomAccessGateExpectedConstraints},
{gates.NewPoseidonGate(), poseidonGateExpectedConstraints},
{gates.NewArithmeticExtensionGate(10), arithmeticExtensionGateExpectedConstraints},
{gates.NewMultiplicationExtensionGate(13), mulExtensionGateExpectedConstraints},
{gates.NewReducingExtensionGate(33), reducingExtensionGateExpectedConstraints},
{gates.NewReducingGate(44), reducingGateExpectedConstraints},
{gates.NewExponentiationGate(67), exponentiationGateExpectedConstraints},
{gates.NewCosetInterpolationGate(
4,
6,
[]goldilocks.Element{
goldilocks.NewElement(17293822565076172801),
goldilocks.NewElement(18374686475376656385),
goldilocks.NewElement(18446744069413535745),
goldilocks.NewElement(281474976645120),
goldilocks.NewElement(17592186044416),
goldilocks.NewElement(18446744069414584577),
goldilocks.NewElement(18446744000695107601),
goldilocks.NewElement(18446744065119617025),
goldilocks.NewElement(1152921504338411520),
goldilocks.NewElement(72057594037927936),
goldilocks.NewElement(18446744069415632897),
goldilocks.NewElement(18446462594437939201),
goldilocks.NewElement(18446726477228539905),
goldilocks.NewElement(18446744069414584065),
goldilocks.NewElement(68719476720),
goldilocks.NewElement(4294967296),
},
), cosetInterpolationGateExpectedConstraints},
}
for _, test := range gateTests {
testCase(
test.testGate,
test.expectedConstraints,
)
}
}

26
plonky2_verifier/multiplication_extension_gate.go → verifier/internal/gates/multiplication_extension_gate.go
View File

@ -1,15 +1,17 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"strconv"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var mulExtensionGateRegex = regexp.MustCompile("MulExtensionGate { num_ops: (?P<numOps>[0-9]+) }")
func deserializeMulExtensionGate(parameters map[string]string) gate {
func deserializeMulExtensionGate(parameters map[string]string) Gate {
// Has the format "MulExtensionGate { num_ops: 13 }"
numOps, hasNumOps := parameters["numOps"]
if !hasNumOps {
@ -39,31 +41,31 @@ func (g *MultiplicationExtensionGate) Id() string {
}
func (g *MultiplicationExtensionGate) wiresIthMultiplicand0(i uint64) Range {
return Range{3 * D * i, 3*D*i + D}
return Range{3 * field.D * i, 3*field.D*i + field.D}
}
func (g *MultiplicationExtensionGate) wiresIthMultiplicand1(i uint64) Range {
return Range{3*D*i + D, 3*D*i + 2*D}
return Range{3*field.D*i + field.D, 3*field.D*i + 2*field.D}
}
func (g *MultiplicationExtensionGate) wiresIthOutput(i uint64) Range {
return Range{3*D*i + 2*D, 3*D*i + 3*D}
return Range{3*field.D*i + 2*field.D, 3*field.D*i + 3*field.D}
}
func (g *MultiplicationExtensionGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
func (g *MultiplicationExtensionGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
const0 := vars.localConstants[0]
constraints := []QuadraticExtension{}
constraints := []field.QuadraticExtension{}
for i := uint64(0); i < g.numOps; i++ {
multiplicand0 := vars.GetLocalExtAlgebra(g.wiresIthMultiplicand0(i))
multiplicand1 := vars.GetLocalExtAlgebra(g.wiresIthMultiplicand1(i))
output := vars.GetLocalExtAlgebra(g.wiresIthOutput(i))
mul := p.qeAPI.MulExtensionAlgebra(multiplicand0, multiplicand1)
computed_output := p.qeAPI.ScalarMulExtensionAlgebra(const0, mul)
mul := qeAPI.MulExtensionAlgebra(multiplicand0, multiplicand1)
computed_output := qeAPI.ScalarMulExtensionAlgebra(const0, mul)
diff := p.qeAPI.SubExtensionAlgebra(output, computed_output)
for j := 0; j < D; j++ {
diff := qeAPI.SubExtensionAlgebra(output, computed_output)
for j := 0; j < field.D; j++ {
constraints = append(constraints, diff[j])
}
}

30
verifier/internal/gates/noop_gate.go Normal file
View File

@ -0,0 +1,30 @@
package gates
import (
"regexp"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var noopGateRegex = regexp.MustCompile("NoopGate")
func deserializeNoopGate(parameters map[string]string) Gate {
// Has the format "NoopGate"
return NewNoopGate()
}
type NoopGate struct {
}
func NewNoopGate() *NoopGate {
return &NoopGate{}
}
func (g *NoopGate) Id() string {
return "NoopGate"
}
func (g *NoopGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
return []field.QuadraticExtension{}
}

44
plonky2_verifier/poseidon_gate.go → verifier/internal/gates/poseidon_gate.go
View File

@ -1,14 +1,16 @@
package plonky2_verifier
package gates
import (
. "gnark-plonky2-verifier/field"
"gnark-plonky2-verifier/poseidon"
"regexp"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
)
var poseidonGateRegex = regexp.MustCompile("PoseidonGate.*")
func deserializePoseidonGate(parameters map[string]string) gate {
func deserializePoseidonGate(parameters map[string]string) Gate {
// Has the format "PoseidonGate(PhantomData<plonky2_field::goldilocks_field::GoldilocksField>)<WIDTH=12>"
return NewPoseidonGate()
}
@ -87,34 +89,34 @@ func (g *PoseidonGate) WiresEnd() uint64 {
return START_FULL_1 + poseidon.HALF_N_FULL_ROUNDS*poseidon.SPONGE_WIDTH
}
func (g *PoseidonGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
constraints := []QuadraticExtension{}
func (g *PoseidonGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
constraints := []field.QuadraticExtension{}
poseidonChip := poseidon.NewPoseidonChip(p.api, NewFieldAPI(p.api), p.qeAPI)
poseidonChip := poseidon.NewPoseidonChip(api, field.NewFieldAPI(api), qeAPI)
// Assert that `swap` is binary.
swap := vars.localWires[g.WireSwap()]
swapMinusOne := p.qeAPI.SubExtension(swap, p.qeAPI.FieldToQE(ONE_F))
constraints = append(constraints, p.qeAPI.MulExtension(swap, swapMinusOne))
swapMinusOne := qeAPI.SubExtension(swap, qeAPI.FieldToQE(field.ONE_F))
constraints = append(constraints, qeAPI.MulExtension(swap, swapMinusOne))
// Assert that each delta wire is set properly: `delta_i = swap * (rhs - lhs)`.
for i := uint64(0); i < 4; i++ {
inputLhs := vars.localWires[g.WireInput(i)]
inputRhs := vars.localWires[g.WireInput(i+4)]
deltaI := vars.localWires[g.WireDelta(i)]
diff := p.qeAPI.SubExtension(inputRhs, inputLhs)
expectedDeltaI := p.qeAPI.MulExtension(swap, diff)
constraints = append(constraints, p.qeAPI.SubExtension(expectedDeltaI, deltaI))
diff := qeAPI.SubExtension(inputRhs, inputLhs)
expectedDeltaI := qeAPI.MulExtension(swap, diff)
constraints = append(constraints, qeAPI.SubExtension(expectedDeltaI, deltaI))
}
// Compute the possibly-swapped input layer.
var state [poseidon.SPONGE_WIDTH]QuadraticExtension
var state [poseidon.SPONGE_WIDTH]field.QuadraticExtension
for i := uint64(0); i < 4; i++ {
deltaI := vars.localWires[g.WireDelta(i)]
inputLhs := vars.localWires[g.WireInput(i)]
inputRhs := vars.localWires[g.WireInput(i+4)]
state[i] = p.qeAPI.AddExtension(inputLhs, deltaI)
state[i+4] = p.qeAPI.SubExtension(inputRhs, deltaI)
state[i] = qeAPI.AddExtension(inputLhs, deltaI)
state[i+4] = qeAPI.SubExtension(inputRhs, deltaI)
}
for i := uint64(8); i < poseidon.SPONGE_WIDTH; i++ {
state[i] = vars.localWires[g.WireInput(i)]
@ -128,7 +130,7 @@ func (g *PoseidonGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []Quadr
if r != 0 {
for i := uint64(0); i < poseidon.SPONGE_WIDTH; i++ {
sBoxIn := vars.localWires[g.WireFullSBox0(r, i)]
constraints = append(constraints, p.qeAPI.SubExtension(state[i], sBoxIn))
constraints = append(constraints, qeAPI.SubExtension(state[i], sBoxIn))
state[i] = sBoxIn
}
}
@ -143,13 +145,13 @@ func (g *PoseidonGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []Quadr
for r := uint64(0); r < poseidon.N_PARTIAL_ROUNDS-1; r++ {
sBoxIn := vars.localWires[g.WirePartialSBox(r)]
constraints = append(constraints, p.qeAPI.SubExtension(state[0], sBoxIn))
constraints = append(constraints, qeAPI.SubExtension(state[0], sBoxIn))
state[0] = poseidonChip.SBoxMonomialExtension(sBoxIn)
state[0] = p.qeAPI.AddExtension(state[0], p.qeAPI.FieldToQE(NewFieldElement(poseidon.FAST_PARTIAL_ROUND_CONSTANTS[r])))
state[0] = qeAPI.AddExtension(state[0], qeAPI.FieldToQE(field.NewFieldElement(poseidon.FAST_PARTIAL_ROUND_CONSTANTS[r])))
state = poseidonChip.MdsPartialLayerFastExtension(state, int(r))
}
sBoxIn := vars.localWires[g.WirePartialSBox(poseidon.N_PARTIAL_ROUNDS-1)]
constraints = append(constraints, p.qeAPI.SubExtension(state[0], sBoxIn))
constraints = append(constraints, qeAPI.SubExtension(state[0], sBoxIn))
state[0] = poseidonChip.SBoxMonomialExtension(sBoxIn)
state = poseidonChip.MdsPartialLayerFastExtension(state, poseidon.N_PARTIAL_ROUNDS-1)
roundCounter += poseidon.N_PARTIAL_ROUNDS
@ -159,7 +161,7 @@ func (g *PoseidonGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []Quadr
state = poseidonChip.ConstantLayerExtension(state, &roundCounter)
for i := uint64(0); i < poseidon.SPONGE_WIDTH; i++ {
sBoxIn := vars.localWires[g.WireFullSBox1(r, i)]
constraints = append(constraints, p.qeAPI.SubExtension(state[i], sBoxIn))
constraints = append(constraints, qeAPI.SubExtension(state[i], sBoxIn))
state[i] = sBoxIn
}
state = poseidonChip.SBoxLayerExtension(state)
@ -168,7 +170,7 @@ func (g *PoseidonGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []Quadr
}
for i := uint64(0); i < poseidon.SPONGE_WIDTH; i++ {
constraints = append(constraints, p.qeAPI.SubExtension(state[i], vars.localWires[g.WireOutput(i)]))
constraints = append(constraints, qeAPI.SubExtension(state[i], vars.localWires[g.WireOutput(i)]))
}
return constraints

14
plonky2_verifier/public_input_gate.go → verifier/internal/gates/public_input_gate.go
View File

@ -1,13 +1,15 @@
package plonky2_verifier
package gates
import (
. "gnark-plonky2-verifier/field"
"regexp"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var publicInputGateRegex = regexp.MustCompile("PublicInputGate")
func deserializePublicInputGate(parameters map[string]string) gate {
func deserializePublicInputGate(parameters map[string]string) Gate {
// Has the format "PublicInputGate"
return NewPublicInputGate()
}
@ -27,8 +29,8 @@ func (g *PublicInputGate) WiresPublicInputsHash() []uint64 {
return []uint64{0, 1, 2, 3}
}
func (g *PublicInputGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
constraints := []QuadraticExtension{}
func (g *PublicInputGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
constraints := []field.QuadraticExtension{}
wires := g.WiresPublicInputsHash()
hash_parts := vars.publicInputsHash
@ -36,7 +38,7 @@ func (g *PublicInputGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []Qu
wire := wires[i]
hash_part := hash_parts[i]
diff := p.qeAPI.SubExtension(vars.localWires[wire], p.qeAPI.FieldToQE(hash_part))
diff := qeAPI.SubExtension(vars.localWires[wire], qeAPI.FieldToQE(hash_part))
constraints = append(constraints, diff)
}

40
plonky2_verifier/random_access_gate.go → verifier/internal/gates/random_access_gate.go
View File

@ -1,15 +1,17 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"strconv"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var randomAccessGateRegex = regexp.MustCompile("RandomAccessGate { bits: (?P<bits>[0-9]+), num_copies: (?P<numCopies>[0-9]+), num_extra_constants: (?P<numExtraConstants>[0-9]+), _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=(?P<base>[0-9]+)>")
func deserializeRandomAccessGate(parameters map[string]string) gate {
func deserializeRandomAccessGate(parameters map[string]string) Gate {
// Has the format "RandomAccessGate { bits: 2, num_copies: 13, num_extra_constants: 2, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>"
bits, hasBits := parameters["bits"]
numCopies, hasNumCopies := parameters["numCopies"]
@ -112,45 +114,45 @@ func (g *RandomAccessGate) WireBit(i uint64, copy uint64) uint64 {
return g.NumRoutedWires() + copy*g.bits + i
}
func (g *RandomAccessGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
two := QuadraticExtension{NewFieldElement(2), NewFieldElement(0)}
constraints := []QuadraticExtension{}
func (g *RandomAccessGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
two := field.QuadraticExtension{field.NewFieldElement(2), field.NewFieldElement(0)}
constraints := []field.QuadraticExtension{}
for copy := uint64(0); copy < g.numCopies; copy++ {
accessIndex := vars.localWires[g.WireAccessIndex(copy)]
listItems := []QuadraticExtension{}
listItems := []field.QuadraticExtension{}
for i := uint64(0); i < g.vecSize(); i++ {
listItems = append(listItems, vars.localWires[g.WireListItem(i, copy)])
}
claimedElement := vars.localWires[g.WireClaimedElement(copy)]
bits := []QuadraticExtension{}
bits := []field.QuadraticExtension{}
for i := uint64(0); i < g.bits; i++ {
bits = append(bits, vars.localWires[g.WireBit(i, copy)])
}
// Assert that each bit wire value is indeed boolean.
for _, b := range bits {
bSquared := p.qeAPI.MulExtension(b, b)
constraints = append(constraints, p.qeAPI.SubExtension(bSquared, b))
bSquared := qeAPI.MulExtension(b, b)
constraints = append(constraints, qeAPI.SubExtension(bSquared, b))
}
// Assert that the binary decomposition was correct.
reconstructedIndex := p.qeAPI.ReduceWithPowers(bits, two)
constraints = append(constraints, p.qeAPI.SubExtension(reconstructedIndex, accessIndex))
reconstructedIndex := qeAPI.ReduceWithPowers(bits, two)
constraints = append(constraints, qeAPI.SubExtension(reconstructedIndex, accessIndex))
for _, b := range bits {
listItemsTmp := []QuadraticExtension{}
listItemsTmp := []field.QuadraticExtension{}
for i := 0; i < len(listItems); i += 2 {
x := listItems[i]
y := listItems[i+1]
// This is computing `if b { x } else { y }`
// i.e. `bx - (by-y)`.
mul1 := p.qeAPI.MulExtension(b, x)
sub1 := p.qeAPI.SubExtension(mul1, x)
mul1 := qeAPI.MulExtension(b, x)
sub1 := qeAPI.SubExtension(mul1, x)
mul2 := p.qeAPI.MulExtension(b, y)
sub2 := p.qeAPI.SubExtension(mul2, sub1)
mul2 := qeAPI.MulExtension(b, y)
sub2 := qeAPI.SubExtension(mul2, sub1)
listItemsTmp = append(listItemsTmp, sub2)
}
@ -161,11 +163,11 @@ func (g *RandomAccessGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []Q
panic("listItems(len) != 1")
}
constraints = append(constraints, p.qeAPI.SubExtension(listItems[0], claimedElement))
constraints = append(constraints, qeAPI.SubExtension(listItems[0], claimedElement))
}
for i := uint64(0); i < g.numExtraConstants; i++ {
constraints = append(constraints, p.qeAPI.SubExtension(vars.localConstants[i], vars.localWires[g.wireExtraConstant(i)]))
constraints = append(constraints, qeAPI.SubExtension(vars.localConstants[i], vars.localWires[g.wireExtraConstant(i)]))
}
return constraints

38
plonky2_verifier/reducing_extension_gate.go → verifier/internal/gates/reducing_extension_gate.go
View File

@ -1,15 +1,17 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"strconv"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var reducingExtensionGateRegex = regexp.MustCompile("ReducingExtensionGate { num_coeffs: (?P<numCoeffs>[0-9]+) }")
func deserializeReducingExtensionGate(parameters map[string]string) gate {
func deserializeReducingExtensionGate(parameters map[string]string) Gate {
// Has the format "ReducingGate { num_coeffs: 33 }"
numCoeffs, hasNumCoeffs := parameters["numCoeffs"]
if !hasNumCoeffs {
@ -28,7 +30,7 @@ type ReducingExtensionGate struct {
numCoeffs uint64
}
const START_COEFFS_REDUCING_EXTENSION_GATE = 3 * D
const START_COEFFS_REDUCING_EXTENSION_GATE = 3 * field.D
func NewReducingExtensionGate(numCoeffs uint64) *ReducingExtensionGate {
return &ReducingExtensionGate{
@ -41,23 +43,23 @@ func (g *ReducingExtensionGate) Id() string {
}
func (g *ReducingExtensionGate) wiresOutput() Range {
return Range{0, D}
return Range{0, field.D}
}
func (g *ReducingExtensionGate) wiresAlpha() Range {
return Range{D, 2 * D}
return Range{field.D, 2 * field.D}
}
func (g *ReducingExtensionGate) wiresOldAcc() Range {
return Range{2 * D, 3 * D}
return Range{2 * field.D, 3 * field.D}
}
func (g *ReducingExtensionGate) wiresCoeff(i uint64) Range {
return Range{START_COEFFS_REDUCING_EXTENSION_GATE + D*i, START_COEFFS_REDUCING_EXTENSION_GATE + D*(i+1)}
return Range{START_COEFFS_REDUCING_EXTENSION_GATE + field.D*i, START_COEFFS_REDUCING_EXTENSION_GATE + field.D*(i+1)}
}
func (g *ReducingExtensionGate) startAccs() uint64 {
return START_COEFFS_REDUCING_EXTENSION_GATE + g.numCoeffs*D
return START_COEFFS_REDUCING_EXTENSION_GATE + g.numCoeffs*field.D
}
func (g *ReducingExtensionGate) wiresAccs(i uint64) Range {
@ -69,31 +71,31 @@ func (g *ReducingExtensionGate) wiresAccs(i uint64) Range {
return g.wiresOutput()
}
return Range{g.startAccs() + D*i, g.startAccs() + D*(i+1)}
return Range{g.startAccs() + field.D*i, g.startAccs() + field.D*(i+1)}
}
func (g *ReducingExtensionGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
func (g *ReducingExtensionGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
alpha := vars.GetLocalExtAlgebra(g.wiresAlpha())
oldAcc := vars.GetLocalExtAlgebra(g.wiresOldAcc())
coeffs := []QEAlgebra{}
coeffs := []field.QEAlgebra{}
for i := uint64(0); i < g.numCoeffs; i++ {
coeffs = append(coeffs, vars.GetLocalExtAlgebra(g.wiresCoeff(i)))
}
accs := []QEAlgebra{}
accs := []field.QEAlgebra{}
for i := uint64(0); i < g.numCoeffs; i++ {
accs = append(accs, vars.GetLocalExtAlgebra(g.wiresAccs(i)))
}
constraints := []QuadraticExtension{}
constraints := []field.QuadraticExtension{}
acc := oldAcc
for i := uint64(0); i < g.numCoeffs; i++ {
coeff := coeffs[i]
tmp := p.qeAPI.MulExtensionAlgebra(acc, alpha)
tmp = p.qeAPI.AddExtensionAlgebra(tmp, coeff)
tmp = p.qeAPI.SubExtensionAlgebra(tmp, accs[i])
for j := uint64(0); j < D; j++ {
tmp := qeAPI.MulExtensionAlgebra(acc, alpha)
tmp = qeAPI.AddExtensionAlgebra(tmp, coeff)
tmp = qeAPI.SubExtensionAlgebra(tmp, accs[i])
for j := uint64(0); j < field.D; j++ {
constraints = append(constraints, tmp[j])
}
acc = accs[i]

40
plonky2_verifier/reducing_gate.go → verifier/internal/gates/reducing_gate.go
View File

@ -1,15 +1,17 @@
package plonky2_verifier
package gates
import (
"fmt"
. "gnark-plonky2-verifier/field"
"regexp"
"strconv"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
var reducingGateRegex = regexp.MustCompile("ReducingGate { num_coeffs: (?P<numCoeffs>[0-9]+) }")
func deserializeReducingGate(parameters map[string]string) gate {
func deserializeReducingGate(parameters map[string]string) Gate {
// Has the format "ReducingGate { num_coeffs: 33 }"
numCoeffs, hasNumCoeffs := parameters["numCoeffs"]
if !hasNumCoeffs {
@ -28,7 +30,7 @@ type ReducingGate struct {
numCoeffs uint64
}
const START_COEFFS_REDUCING_GATE = 3 * D
const START_COEFFS_REDUCING_GATE = 3 * field.D
func NewReducingGate(numCoeffs uint64) *ReducingGate {
return &ReducingGate{
@ -41,15 +43,15 @@ func (g *ReducingGate) Id() string {
}
func (g *ReducingGate) wiresOutput() Range {
return Range{0, D}
return Range{0, field.D}
}
func (g *ReducingGate) wiresAlpha() Range {
return Range{D, 2 * D}
return Range{field.D, 2 * field.D}
}
func (g *ReducingGate) wiresOldAcc() Range {
return Range{2 * D, 3 * D}
return Range{2 * field.D, 3 * field.D}
}
func (g *ReducingGate) wiresCoeff() Range {
@ -69,36 +71,36 @@ func (g *ReducingGate) wiresAccs(i uint64) Range {
return g.wiresOutput()
}
return Range{g.startAccs() + D*i, g.startAccs() + D*(i+1)}
return Range{g.startAccs() + field.D*i, g.startAccs() + field.D*(i+1)}
}
func (g *ReducingGate) EvalUnfiltered(p *PlonkChip, vars EvaluationVars) []QuadraticExtension {
func (g *ReducingGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
alpha := vars.GetLocalExtAlgebra(g.wiresAlpha())
oldAcc := vars.GetLocalExtAlgebra(g.wiresOldAcc())
coeffs := []QuadraticExtension{}
coeffs := []field.QuadraticExtension{}
coeffsRange := g.wiresCoeff()
for i := coeffsRange.start; i < coeffsRange.end; i++ {
coeffs = append(coeffs, vars.localWires[i])
}
accs := []QEAlgebra{}
accs := []field.QEAlgebra{}
for i := uint64(0); i < g.numCoeffs; i++ {
accs = append(accs, vars.GetLocalExtAlgebra(g.wiresAccs(i)))
}
constraints := []QuadraticExtension{}
constraints := []field.QuadraticExtension{}
acc := oldAcc
for i := uint64(0); i < g.numCoeffs; i++ {
var coeff QEAlgebra
for j := 0; j < D; j++ {
coeff[j] = p.qeAPI.ZERO_QE
var coeff field.QEAlgebra
for j := 0; j < field.D; j++ {
coeff[j] = qeAPI.ZERO_QE
}
coeff[0] = coeffs[i]
tmp := p.qeAPI.MulExtensionAlgebra(acc, alpha)
tmp = p.qeAPI.AddExtensionAlgebra(tmp, coeff)
tmp = p.qeAPI.SubExtensionAlgebra(tmp, accs[i])
for j := 0; j < D; j++ {
tmp := qeAPI.MulExtensionAlgebra(acc, alpha)
tmp = qeAPI.AddExtensionAlgebra(tmp, coeff)
tmp = qeAPI.SubExtensionAlgebra(tmp, accs[i])
for j := 0; j < field.D; j++ {
constraints = append(constraints, tmp[j])
}
acc = accs[i]

36
verifier/internal/gates/selectors.go Normal file
View File

@ -0,0 +1,36 @@
package gates
const UNUSED_SELECTOR = uint64(^uint32(0)) // max uint32
type Range struct {
start uint64
end uint64
}
type SelectorsInfo struct {
selectorIndices []uint64
groups []Range
}
func NewSelectorsInfo(selectorIndices []uint64, groupStarts []uint64, groupEnds []uint64) *SelectorsInfo {
if len(groupStarts) != len(groupEnds) {
panic("groupStarts and groupEnds must have the same length")
}
groups := []Range{}
for i := range groupStarts {
groups = append(groups, Range{
start: groupStarts[i],
end: groupEnds[i],
})
}
return &SelectorsInfo{
selectorIndices: selectorIndices,
groups: groups,
}
}
func (s *SelectorsInfo) NumSelectors() uint64 {
return uint64(len(s.groups))
}

42
verifier/internal/gates/vars.go Normal file
View File

@ -0,0 +1,42 @@
package gates
import (
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
)
type EvaluationVars struct {
localConstants []field.QuadraticExtension
localWires []field.QuadraticExtension
publicInputsHash poseidon.Hash
}
func NewEvaluationVars(
localConstants []field.QuadraticExtension,
localWires []field.QuadraticExtension,
publicInputsHash poseidon.Hash,
) *EvaluationVars {
return &EvaluationVars{
localConstants: localConstants,
localWires: localWires,
publicInputsHash: publicInputsHash,
}
}
func (e *EvaluationVars) RemovePrefix(numSelectors uint64) {
e.localConstants = e.localConstants[numSelectors:]
}
func (e *EvaluationVars) GetLocalExtAlgebra(wireRange Range) field.QEAlgebra {
// For now, only support degree 2
if wireRange.end-wireRange.start != field.D {
panic("Range must be of size D")
}
var ret field.QEAlgebra
for i := wireRange.start; i < wireRange.end; i++ {
ret[i-wireRange.start] = e.localWires[i]
}
return ret
}

65
plonky2_verifier/challenger.go → verifier/internal/plonk/challenger.go
View File

@ -1,34 +1,36 @@
package plonky2_verifier
package plonk
import (
"fmt"
. "gnark-plonky2-verifier/field"
"gnark-plonky2-verifier/poseidon"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/fri"
)
type ChallengerChip struct {
api frontend.API `gnark:"-"`
field frontend.API `gnark:"-"`
poseidonChip *poseidon.PoseidonChip
spongeState [poseidon.SPONGE_WIDTH]F
inputBuffer []F
outputBuffer []F
spongeState [poseidon.SPONGE_WIDTH]field.F
inputBuffer []field.F
outputBuffer []field.F
}
func NewChallengerChip(api frontend.API, field frontend.API, poseidonChip *poseidon.PoseidonChip) *ChallengerChip {
var spongeState [poseidon.SPONGE_WIDTH]F
var inputBuffer []F
var outputBuffer []F
func NewChallengerChip(api frontend.API, fieldAPI frontend.API, poseidonChip *poseidon.PoseidonChip) *ChallengerChip {
var spongeState [poseidon.SPONGE_WIDTH]field.F
var inputBuffer []field.F
var outputBuffer []field.F
for i := 0; i < poseidon.SPONGE_WIDTH; i++ {
spongeState[i] = ZERO_F
spongeState[i] = field.ZERO_F
}
return &ChallengerChip{
api: api,
field: field,
field: fieldAPI,
poseidonChip: poseidonChip,
spongeState: spongeState,
inputBuffer: inputBuffer,
@ -36,7 +38,7 @@ func NewChallengerChip(api frontend.API, field frontend.API, poseidonChip *posei
}
}
func (c *ChallengerChip) ObserveElement(element F) {
func (c *ChallengerChip) ObserveElement(element field.F) {
c.outputBuffer = clearBuffer(c.outputBuffer)
c.inputBuffer = append(c.inputBuffer, element)
if len(c.inputBuffer) == poseidon.SPONGE_RATE {
@ -44,39 +46,39 @@ func (c *ChallengerChip) ObserveElement(element F) {
}
}
func (c *ChallengerChip) ObserveElements(elements []F) {
func (c *ChallengerChip) ObserveElements(elements []field.F) {
for i := 0; i < len(elements); i++ {
c.ObserveElement(elements[i])
}
}
func (c *ChallengerChip) ObserveHash(hash Hash) {
func (c *ChallengerChip) ObserveHash(hash poseidon.Hash) {
c.ObserveElements(hash[:])
}
func (c *ChallengerChip) ObserveCap(cap []Hash) {
func (c *ChallengerChip) ObserveCap(cap []poseidon.Hash) {
for i := 0; i < len(cap); i++ {
c.ObserveHash(cap[i])
}
}
func (c *ChallengerChip) ObserveExtensionElement(element QuadraticExtension) {
func (c *ChallengerChip) ObserveExtensionElement(element field.QuadraticExtension) {
c.ObserveElements(element[:])
}
func (c *ChallengerChip) ObserveExtensionElements(elements []QuadraticExtension) {
func (c *ChallengerChip) ObserveExtensionElements(elements []field.QuadraticExtension) {
for i := 0; i < len(elements); i++ {
c.ObserveExtensionElement(elements[i])
}
}
func (c *ChallengerChip) ObserveOpenings(openings FriOpenings) {
func (c *ChallengerChip) ObserveOpenings(openings fri.FriOpenings) {
for i := 0; i < len(openings.Batches); i++ {
c.ObserveExtensionElements(openings.Batches[i].Values)
}
}
func (c *ChallengerChip) GetChallenge() F {
func (c *ChallengerChip) GetChallenge() field.F {
if len(c.inputBuffer) != 0 || len(c.outputBuffer) == 0 {
c.duplexing()
}
@ -87,28 +89,28 @@ func (c *ChallengerChip) GetChallenge() F {
return challenge
}
func (c *ChallengerChip) GetNChallenges(n uint64) []F {
challenges := make([]F, n)
func (c *ChallengerChip) GetNChallenges(n uint64) []field.F {
challenges := make([]field.F, n)
for i := uint64(0); i < n; i++ {
challenges[i] = c.GetChallenge()
}
return challenges
}
func (c *ChallengerChip) GetExtensionChallenge() QuadraticExtension {
func (c *ChallengerChip) GetExtensionChallenge() field.QuadraticExtension {
values := c.GetNChallenges(2)
return QuadraticExtension{values[0], values[1]}
return field.QuadraticExtension{values[0], values[1]}
}
func (c *ChallengerChip) GetHash() Hash {
return [4]F{c.GetChallenge(), c.GetChallenge(), c.GetChallenge(), c.GetChallenge()}
func (c *ChallengerChip) GetHash() poseidon.Hash {
return [4]field.F{c.GetChallenge(), c.GetChallenge(), c.GetChallenge(), c.GetChallenge()}
}
func (c *ChallengerChip) GetFriChallenges(commitPhaseMerkleCaps []MerkleCap, finalPoly PolynomialCoeffs, powWitness F, degreeBits uint64, config FriConfig) FriChallenges {
func (c *ChallengerChip) GetFriChallenges(commitPhaseMerkleCaps []common.MerkleCap, finalPoly common.PolynomialCoeffs, powWitness field.F, degreeBits uint64, config common.FriConfig) common.FriChallenges {
numFriQueries := config.NumQueryRounds
friAlpha := c.GetExtensionChallenge()
var friBetas []QuadraticExtension
var friBetas []field.QuadraticExtension
for i := 0; i < len(commitPhaseMerkleCaps); i++ {
c.ObserveCap(commitPhaseMerkleCaps[i])
friBetas = append(friBetas, c.GetExtensionChallenge())
@ -120,7 +122,7 @@ func (c *ChallengerChip) GetFriChallenges(commitPhaseMerkleCaps []MerkleCap, fin
friPowResponse := c.GetChallenge()
friQueryIndices := c.GetNChallenges(numFriQueries)
return FriChallenges{
return common.FriChallenges{
FriAlpha: friAlpha,
FriBetas: friBetas,
FriPowResponse: friPowResponse,
@ -128,8 +130,8 @@ func (c *ChallengerChip) GetFriChallenges(commitPhaseMerkleCaps []MerkleCap, fin
}
}
func clearBuffer(buffer []F) []F {
return make([]F, 0)
func clearBuffer(buffer []field.F) []field.F {
return make([]field.F, 0)
}
func (c *ChallengerChip) duplexing() {
@ -137,6 +139,7 @@ func (c *ChallengerChip) duplexing() {
fmt.Println(len(c.inputBuffer))
panic("something went wrong")
}
for i := 0; i < len(c.inputBuffer); i++ {
c.spongeState[i] = c.inputBuffer[i]
}

67
plonky2_verifier/challenger_test.go → verifier/internal/plonk/challenger_test.go
View File

@ -1,14 +1,13 @@
package plonky2_verifier
package plonk
import (
"gnark-plonky2-verifier/field"
. "gnark-plonky2-verifier/field"
. "gnark-plonky2-verifier/poseidon"
"gnark-plonky2-verifier/utils"
"testing"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/utils"
)
type TestChallengerCircuit struct {
@ -22,38 +21,38 @@ type TestChallengerCircuit struct {
func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
fieldAPI := field.NewFieldAPI(api)
degreeBits := 3
qeAPI := NewQuadraticExtensionAPI(fieldAPI, uint64(degreeBits))
poseidonChip := NewPoseidonChip(api, fieldAPI, qeAPI)
qeAPI := field.NewQuadraticExtensionAPI(fieldAPI, uint64(degreeBits))
poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
challengerChip := NewChallengerChip(api, fieldAPI, poseidonChip)
var circuitDigest [4]F
var circuitDigest [4]field.F
for i := 0; i < len(circuitDigest); i++ {
circuitDigest[i] = fieldAPI.FromBinary(api.ToBinary(circuit.CircuitDigest[i], 64)).(F)
circuitDigest[i] = fieldAPI.FromBinary(api.ToBinary(circuit.CircuitDigest[i], 64)).(field.F)
}
var publicInputs [3]F
var publicInputs [3]field.F
for i := 0; i < len(publicInputs); i++ {
publicInputs[i] = fieldAPI.FromBinary(api.ToBinary(circuit.PublicInputs[i], 64)).(F)
publicInputs[i] = fieldAPI.FromBinary(api.ToBinary(circuit.PublicInputs[i], 64)).(field.F)
}
var wiresCap [16][4]F
var wiresCap [16][4]field.F
for i := 0; i < len(wiresCap); i++ {
for j := 0; j < len(wiresCap[0]); j++ {
wiresCap[i][j] = fieldAPI.FromBinary(api.ToBinary(circuit.WiresCap[i][j], 64)).(F)
wiresCap[i][j] = fieldAPI.FromBinary(api.ToBinary(circuit.WiresCap[i][j], 64)).(field.F)
}
}
var plonkZsPartialProductsCap [16][4]F
var plonkZsPartialProductsCap [16][4]field.F
for i := 0; i < len(plonkZsPartialProductsCap); i++ {
for j := 0; j < len(plonkZsPartialProductsCap[0]); j++ {
plonkZsPartialProductsCap[i][j] = fieldAPI.FromBinary(api.ToBinary(circuit.PlonkZsPartialProductsCap[i][j], 64)).(F)
plonkZsPartialProductsCap[i][j] = fieldAPI.FromBinary(api.ToBinary(circuit.PlonkZsPartialProductsCap[i][j], 64)).(field.F)
}
}
var quotientPolysCap [16][4]F
var quotientPolysCap [16][4]field.F
for i := 0; i < len(quotientPolysCap); i++ {
for j := 0; j < len(quotientPolysCap[0]); j++ {
quotientPolysCap[i][j] = fieldAPI.FromBinary(api.ToBinary(circuit.QuotientPolysCap[i][j], 64)).(F)
quotientPolysCap[i][j] = fieldAPI.FromBinary(api.ToBinary(circuit.QuotientPolysCap[i][j], 64)).(field.F)
}
}
@ -66,25 +65,25 @@ func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
plonkBetas := challengerChip.GetNChallenges(numChallenges)
plonkGammas := challengerChip.GetNChallenges(numChallenges)
expectedPublicInputHash := [4]F{
NewFieldElementFromString("8416658900775745054"),
NewFieldElementFromString("12574228347150446423"),
NewFieldElementFromString("9629056739760131473"),
NewFieldElementFromString("3119289788404190010"),
expectedPublicInputHash := [4]field.F{
field.NewFieldElementFromString("8416658900775745054"),
field.NewFieldElementFromString("12574228347150446423"),
field.NewFieldElementFromString("9629056739760131473"),
field.NewFieldElementFromString("3119289788404190010"),
}
for i := 0; i < 4; i++ {
fieldAPI.AssertIsEqual(publicInputHash[i], expectedPublicInputHash[i])
}
expectedPlonkBetas := [2]F{
NewFieldElementFromString("4678728155650926271"),
NewFieldElementFromString("13611962404289024887"),
expectedPlonkBetas := [2]field.F{
field.NewFieldElementFromString("4678728155650926271"),
field.NewFieldElementFromString("13611962404289024887"),
}
expectedPlonkGammas := [2]frontend.Variable{
NewFieldElementFromString("13237663823305715949"),
NewFieldElementFromString("15389314098328235145"),
field.NewFieldElementFromString("13237663823305715949"),
field.NewFieldElementFromString("15389314098328235145"),
}
for i := 0; i < 2; i++ {
@ -95,9 +94,9 @@ func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
challengerChip.ObserveCap(plonkZsPartialProductsCap[:])
plonkAlphas := challengerChip.GetNChallenges(numChallenges)
expectedPlonkAlphas := [2]F{
NewFieldElementFromString("14505919539124304197"),
NewFieldElementFromString("1695455639263736117"),
expectedPlonkAlphas := [2]field.F{
field.NewFieldElementFromString("14505919539124304197"),
field.NewFieldElementFromString("1695455639263736117"),
}
for i := 0; i < 2; i++ {
@ -107,9 +106,9 @@ func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
challengerChip.ObserveCap(quotientPolysCap[:])
plonkZeta := challengerChip.GetExtensionChallenge()
expectedPlonkZeta := QuadraticExtension{
NewFieldElementFromString("14887793628029982930"),
NewFieldElementFromString("1136137158284059037"),
expectedPlonkZeta := field.QuadraticExtension{
field.NewFieldElementFromString("14887793628029982930"),
field.NewFieldElementFromString("1136137158284059037"),
}
for i := 0; i < 2; i++ {
@ -143,7 +142,7 @@ func TestChallengerWitness(t *testing.T) {
PlonkZsPartialProductsCap: plonkZsPartialProductsCap,
QuotientPolysCap: quotientPolysCap,
}
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}

134
plonky2_verifier/plonk.go → verifier/internal/plonk/plonk.go
View File

@ -1,63 +1,52 @@
package plonky2_verifier
package plonk
import (
. "gnark-plonky2-verifier/field"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/gates"
)
type PlonkOracle struct {
index uint64
blinding bool
}
var CONSTANTS_SIGMAS = PlonkOracle{
index: 0,
blinding: false,
}
var WIRES = PlonkOracle{
index: 1,
blinding: true,
}
var ZS_PARTIAL_PRODUCTS = PlonkOracle{
index: 2,
blinding: true,
}
var QUOTIENT = PlonkOracle{
index: 3,
blinding: true,
}
type PlonkChip struct {
api frontend.API `gnark:"-"`
qeAPI *QuadraticExtensionAPI `gnark:"-"`
api frontend.API `gnark:"-"`
qeAPI *field.QuadraticExtensionAPI `gnark:"-"`
commonData CommonCircuitData `gnark:"-"`
commonData common.CommonCircuitData `gnark:"-"`
DEGREE F `gnark:"-"`
DEGREE_BITS_F F `gnark:"-"`
DEGREE_QE QuadraticExtension `gnark:"-"`
DEGREE field.F `gnark:"-"`
DEGREE_BITS_F field.F `gnark:"-"`
DEGREE_QE field.QuadraticExtension `gnark:"-"`
evaluateGatesChip *gates.EvaluateGatesChip
}
func NewPlonkChip(api frontend.API, qeAPI *QuadraticExtensionAPI, commonData CommonCircuitData) *PlonkChip {
func NewPlonkChip(api frontend.API, qeAPI *field.QuadraticExtensionAPI, commonData common.CommonCircuitData) *PlonkChip {
// TODO: Should degreeBits be verified that it fits within the field and that degree is within uint64?
evaluateGatesChip := gates.NewEvaluateGatesChip(
api,
qeAPI,
commonData.Gates,
commonData.NumGateConstraints,
commonData.SelectorsInfo,
)
return &PlonkChip{
api: api,
qeAPI: qeAPI,
commonData: commonData,
DEGREE: NewFieldElement(1 << commonData.DegreeBits),
DEGREE_BITS_F: NewFieldElement(commonData.DegreeBits),
DEGREE_QE: QuadraticExtension{NewFieldElement(1 << commonData.DegreeBits), ZERO_F},
DEGREE: field.NewFieldElement(1 << commonData.DegreeBits),
DEGREE_BITS_F: field.NewFieldElement(commonData.DegreeBits),
DEGREE_QE: field.QuadraticExtension{field.NewFieldElement(1 << commonData.DegreeBits), field.ZERO_F},
evaluateGatesChip: evaluateGatesChip,
}
}
func (p *PlonkChip) expPowerOf2Extension(x QuadraticExtension) QuadraticExtension {
func (p *PlonkChip) expPowerOf2Extension(x field.QuadraticExtension) field.QuadraticExtension {
for i := uint64(0); i < p.commonData.DegreeBits; i++ {
x = p.qeAPI.SquareExtension(x)
}
@ -65,7 +54,7 @@ func (p *PlonkChip) expPowerOf2Extension(x QuadraticExtension) QuadraticExtensio
return x
}
func (p *PlonkChip) evalL0(x QuadraticExtension, xPowN QuadraticExtension) QuadraticExtension {
func (p *PlonkChip) evalL0(x field.QuadraticExtension, xPowN field.QuadraticExtension) field.QuadraticExtension {
// L_0(x) = (x^n - 1) / (n * (x - 1))
evalZeroPoly := p.qeAPI.SubExtension(
xPowN,
@ -82,20 +71,20 @@ func (p *PlonkChip) evalL0(x QuadraticExtension, xPowN QuadraticExtension) Quadr
}
func (p *PlonkChip) checkPartialProducts(
numerators []QuadraticExtension,
denominators []QuadraticExtension,
numerators []field.QuadraticExtension,
denominators []field.QuadraticExtension,
challengeNum uint64,
openings OpeningSet,
) []QuadraticExtension {
openings common.OpeningSet,
) []field.QuadraticExtension {
numPartProds := p.commonData.NumPartialProducts
quotDegreeFactor := p.commonData.QuotientDegreeFactor
productAccs := make([]QuadraticExtension, 0, numPartProds+2)
productAccs := make([]field.QuadraticExtension, 0, numPartProds+2)
productAccs = append(productAccs, openings.PlonkZs[challengeNum])
productAccs = append(productAccs, openings.PartialProducts[challengeNum*numPartProds:(challengeNum+1)*numPartProds]...)
productAccs = append(productAccs, openings.PlonkZsNext[challengeNum])
partialProductChecks := make([]QuadraticExtension, 0, numPartProds)
partialProductChecks := make([]field.QuadraticExtension, 0, numPartProds)
for i := uint64(0); i <= numPartProds; i += 1 {
ppStartIdx := i * quotDegreeFactor
@ -116,40 +105,11 @@ func (p *PlonkChip) checkPartialProducts(
return partialProductChecks
}
func (p *PlonkChip) evaluateGateConstraints(vars EvaluationVars) []QuadraticExtension {
constraints := make([]QuadraticExtension, p.commonData.NumGateConstraints)
for i, _ := range constraints {
constraints[i] = p.qeAPI.ZERO_QE
}
for i, gate := range p.commonData.Gates {
selectorIndex := p.commonData.SelectorsInfo.selectorIndices[i]
gateConstraints := p.evalFiltered(
gate,
vars,
uint64(i),
selectorIndex,
p.commonData.SelectorsInfo.groups[selectorIndex],
p.commonData.SelectorsInfo.NumSelectors(),
)
for i, constraint := range gateConstraints {
if uint64(i) >= p.commonData.NumGateConstraints {
panic("num_constraints() gave too low of a number")
}
constraints[i] = p.qeAPI.AddExtension(constraints[i], constraint)
}
}
return constraints
}
func (p *PlonkChip) evalVanishingPoly(vars EvaluationVars, proofChallenges ProofChallenges, openings OpeningSet, zetaPowN QuadraticExtension) []QuadraticExtension {
constraintTerms := p.evaluateGateConstraints(vars)
func (p *PlonkChip) evalVanishingPoly(vars gates.EvaluationVars, proofChallenges common.ProofChallenges, openings common.OpeningSet, zetaPowN field.QuadraticExtension) []field.QuadraticExtension {
constraintTerms := p.evaluateGatesChip.EvaluateGateConstraints(vars)
// Calculate the k[i] * x
sIDs := make([]QuadraticExtension, p.commonData.Config.NumRoutedWires)
sIDs := make([]field.QuadraticExtension, p.commonData.Config.NumRoutedWires)
for i := uint64(0); i < p.commonData.Config.NumRoutedWires; i++ {
sIDs[i] = p.qeAPI.ScalarMulExtension(proofChallenges.PlonkZeta, p.commonData.KIs[i])
@ -158,8 +118,8 @@ func (p *PlonkChip) evalVanishingPoly(vars EvaluationVars, proofChallenges Proof
// Calculate L_0(zeta)
l0Zeta := p.evalL0(proofChallenges.PlonkZeta, zetaPowN)
vanishingZ1Terms := make([]QuadraticExtension, 0, p.commonData.Config.NumChallenges)
vanishingPartialProductsTerms := make([]QuadraticExtension, 0, p.commonData.Config.NumChallenges*p.commonData.NumPartialProducts)
vanishingZ1Terms := make([]field.QuadraticExtension, 0, p.commonData.Config.NumChallenges)
vanishingPartialProductsTerms := make([]field.QuadraticExtension, 0, p.commonData.Config.NumChallenges*p.commonData.NumPartialProducts)
for i := uint64(0); i < p.commonData.Config.NumChallenges; i++ {
// L_0(zeta) (Z(zeta) - 1) = 0
z1_term := p.qeAPI.MulExtension(
@ -167,8 +127,8 @@ func (p *PlonkChip) evalVanishingPoly(vars EvaluationVars, proofChallenges Proof
p.qeAPI.SubExtension(openings.PlonkZs[i], p.qeAPI.ONE_QE))
vanishingZ1Terms = append(vanishingZ1Terms, z1_term)
numeratorValues := make([]QuadraticExtension, 0, p.commonData.Config.NumRoutedWires)
denominatorValues := make([]QuadraticExtension, 0, p.commonData.Config.NumRoutedWires)
numeratorValues := make([]field.QuadraticExtension, 0, p.commonData.Config.NumRoutedWires)
denominatorValues := make([]field.QuadraticExtension, 0, p.commonData.Config.NumRoutedWires)
for j := uint64(0); j < p.commonData.Config.NumRoutedWires; j++ {
// The numerator is `beta * s_id + wire_value + gamma`, and the denominator is
// `beta * s_sigma + wire_value + gamma`.
@ -206,7 +166,7 @@ func (p *PlonkChip) evalVanishingPoly(vars EvaluationVars, proofChallenges Proof
vanishingTerms := append(vanishingZ1Terms, vanishingPartialProductsTerms...)
vanishingTerms = append(vanishingTerms, constraintTerms...)
reducedValues := make([]QuadraticExtension, p.commonData.Config.NumChallenges)
reducedValues := make([]field.QuadraticExtension, p.commonData.Config.NumChallenges)
for i := uint64(0); i < p.commonData.Config.NumChallenges; i++ {
reducedValues[i] = p.qeAPI.ZERO_QE
}
@ -227,19 +187,19 @@ func (p *PlonkChip) evalVanishingPoly(vars EvaluationVars, proofChallenges Proof
return reducedValues
}
func (p *PlonkChip) Verify(proofChallenges ProofChallenges, openings OpeningSet, publicInputsHash Hash) {
func (p *PlonkChip) Verify(proofChallenges common.ProofChallenges, openings common.OpeningSet, publicInputsHash poseidon.Hash) {
// Calculate zeta^n
zetaPowN := p.expPowerOf2Extension(proofChallenges.PlonkZeta)
localConstants := openings.Constants
localWires := openings.Wires
vars := EvaluationVars{
vars := gates.NewEvaluationVars(
localConstants,
localWires,
publicInputsHash,
}
)
vanishingPolysZeta := p.evalVanishingPoly(vars, proofChallenges, openings, zetaPowN)
vanishingPolysZeta := p.evalVanishingPoly(*vars, proofChallenges, openings, zetaPowN)
// Calculate Z(H)
zHZeta := p.qeAPI.SubExtension(zetaPowN, p.qeAPI.ONE_QE)

35
plonky2_verifier/plonk_test.go → verifier/internal/plonk/plonk_test.go
View File

@ -1,12 +1,14 @@
package plonky2_verifier
package plonk_test
import (
. "gnark-plonky2-verifier/field"
"gnark-plonky2-verifier/poseidon"
"testing"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/plonk"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/utils"
)
type TestPlonkCircuit struct {
@ -16,21 +18,22 @@ type TestPlonkCircuit struct {
}
func (circuit *TestPlonkCircuit) Define(api frontend.API) error {
proofWithPis := DeserializeProofWithPublicInputs(circuit.proofWithPIsFilename)
commonCircuitData := DeserializeCommonCircuitData(circuit.commonCircuitDataFilename)
verifierOnlyCircuitData := DeserializeVerifierOnlyCircuitData(circuit.verifierOnlyCircuitDataFilename)
proofWithPis := utils.DeserializeProofWithPublicInputs(circuit.proofWithPIsFilename)
commonCircuitData := utils.DeserializeCommonCircuitData(circuit.commonCircuitDataFilename)
verifierOnlyCircuitData := utils.DeserializeVerifierOnlyCircuitData(circuit.verifierOnlyCircuitDataFilename)
fieldAPI := NewFieldAPI(api)
qeAPI := NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
hashAPI := NewHashAPI(fieldAPI)
poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
friChip := NewFriChip(api, fieldAPI, qeAPI, hashAPI, poseidonChip, &commonCircuitData.FriParams)
plonkChip := NewPlonkChip(api, qeAPI, commonCircuitData)
verifierChip := NewVerifierChip(api, fieldAPI, qeAPI, poseidonChip, plonkChip, friChip)
verifierChip := verifier.NewVerifierChip(api, commonCircuitData)
publicInputsHash := verifierChip.GetPublicInputsHash(proofWithPis.PublicInputs)
proofChallenges := verifierChip.GetChallenges(proofWithPis, publicInputsHash, commonCircuitData, verifierOnlyCircuitData)
fieldAPI := field.NewFieldAPI(api)
qeAPI := field.NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
plonkChip := plonk.NewPlonkChip(
api,
qeAPI,
commonCircuitData,
)
plonkChip.Verify(proofChallenges, proofWithPis.Proof.Openings, publicInputsHash)
return nil
}
@ -45,7 +48,7 @@ func TestPlonkFibonacci(t *testing.T) {
verifierOnlyCircuitDataFilename: "./data/fibonacci/verifier_only_circuit_data.json",
}
witness := TestPlonkCircuit{}
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
@ -62,7 +65,7 @@ func TestPlonkDummy(t *testing.T) {
verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
}
witness := TestPlonkCircuit{}
err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}

13
verifier/internal/plonk/types.go Normal file
View File

@ -0,0 +1,13 @@
package plonk
import "github.com/succinctlabs/gnark-plonky2-verifier/field"
type OpeningSet struct {
Constants []field.QuadraticExtension
PlonkSigmas []field.QuadraticExtension
Wires []field.QuadraticExtension
PlonkZs []field.QuadraticExtension
PlonkZsNext []field.QuadraticExtension
PartialProducts []field.QuadraticExtension
QuotientPolys []field.QuadraticExtension
}

28
verifier/types.go Normal file
View File

@ -0,0 +1,28 @@
package verifier
import (
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/plonk"
)
type Proof struct {
WiresCap common.MerkleCap
PlonkZsPartialProductsCap common.MerkleCap
QuotientPolysCap common.MerkleCap
Openings plonk.OpeningSet
OpeningProof common.FriProof
}
type ProofWithPublicInputs struct {
Proof Proof
PublicInputs []field.F
}
type ProofChallenges struct {
PlonkBetas []field.F
PlonkGammas []field.F
PlonkAlphas []field.F
PlonkZeta field.QuadraticExtension
FriChallenges common.FriChallenges
}

92
plonky2_verifier/deserialize.go → verifier/utils/deserialize.go
View File

@ -1,11 +1,15 @@
package plonky2_verifier
package utils
import (
"encoding/json"
. "gnark-plonky2-verifier/field"
"gnark-plonky2-verifier/utils"
"io/ioutil"
"io"
"os"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/utils"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/gates"
)
type ProofWithPublicInputsRaw struct {
@ -168,19 +172,19 @@ type VerifierOnlyCircuitDataRaw struct {
} `json:"circuit_digest"`
}
func DeserializeMerkleCap(merkleCapRaw []struct{ Elements []uint64 }) MerkleCap {
func DeserializeMerkleCap(merkleCapRaw []struct{ Elements []uint64 }) common.MerkleCap {
n := len(merkleCapRaw)
merkleCap := make([]Hash, n)
merkleCap := make([]poseidon.Hash, n)
for i := 0; i < n; i++ {
copy(merkleCap[i][:], utils.Uint64ArrayToFArray(merkleCapRaw[i].Elements))
}
return merkleCap
}
func DeserializeMerkleProof(merkleProofRaw struct{ Siblings []interface{} }) MerkleProof {
func DeserializeMerkleProof(merkleProofRaw struct{ Siblings []interface{} }) common.MerkleProof {
n := len(merkleProofRaw.Siblings)
var mp MerkleProof
mp.Siblings = make([]Hash, n)
var mp common.MerkleProof
mp.Siblings = make([]poseidon.Hash, n)
for i := 0; i < n; i++ {
element := merkleProofRaw.Siblings[i].(struct{ Elements []uint64 })
copy(mp.Siblings[i][:], utils.Uint64ArrayToFArray(element.Elements))
@ -196,8 +200,8 @@ func DeserializeOpeningSet(openingSetRaw struct {
PlonkZsNext [][]uint64
PartialProducts [][]uint64
QuotientPolys [][]uint64
}) OpeningSet {
return OpeningSet{
}) common.OpeningSet {
return common.OpeningSet{
Constants: utils.Uint64ArrayToQuadraticExtensionArray(openingSetRaw.Constants),
PlonkSigmas: utils.Uint64ArrayToQuadraticExtensionArray(openingSetRaw.PlonkSigmas),
Wires: utils.Uint64ArrayToQuadraticExtensionArray(openingSetRaw.Wires),
@ -223,46 +227,46 @@ func DeserializeFriProof(openingProofRaw struct {
Coeffs [][]uint64
}
PowWitness uint64
}) FriProof {
var openingProof FriProof
openingProof.PowWitness = NewFieldElement(openingProofRaw.PowWitness)
}) common.FriProof {
var openingProof common.FriProof
openingProof.PowWitness = field.NewFieldElement(openingProofRaw.PowWitness)
openingProof.FinalPoly.Coeffs = utils.Uint64ArrayToQuadraticExtensionArray(openingProofRaw.FinalPoly.Coeffs)
openingProof.CommitPhaseMerkleCaps = make([]MerkleCap, len(openingProofRaw.CommitPhaseMerkleCaps))
openingProof.CommitPhaseMerkleCaps = make([]common.MerkleCap, len(openingProofRaw.CommitPhaseMerkleCaps))
for i := 0; i < len(openingProofRaw.CommitPhaseMerkleCaps); i++ {
openingProof.CommitPhaseMerkleCaps[i] = utils.Uint64ArrayToHashArray(openingProofRaw.CommitPhaseMerkleCaps[i].hashes)
openingProof.CommitPhaseMerkleCaps[i] = poseidon.Uint64ArrayToHashArray(openingProofRaw.CommitPhaseMerkleCaps[i].hashes)
}
numQueryRoundProofs := len(openingProofRaw.QueryRoundProofs)
openingProof.QueryRoundProofs = make([]FriQueryRound, numQueryRoundProofs)
openingProof.QueryRoundProofs = make([]common.FriQueryRound, numQueryRoundProofs)
for i := 0; i < numQueryRoundProofs; i++ {
numEvalProofs := len(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs)
openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs = make([]EvalProof, numEvalProofs)
openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs = make([]common.EvalProof, numEvalProofs)
for j := 0; j < numEvalProofs; j++ {
openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].Elements = utils.Uint64ArrayToFArray(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].leafElements)
openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].MerkleProof.Siblings = utils.Uint64ArrayToHashArray(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].merkleProof.hash)
openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].MerkleProof.Siblings = poseidon.Uint64ArrayToHashArray(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].merkleProof.hash)
}
numSteps := len(openingProofRaw.QueryRoundProofs[i].Steps)
openingProof.QueryRoundProofs[i].Steps = make([]FriQueryStep, numSteps)
openingProof.QueryRoundProofs[i].Steps = make([]common.FriQueryStep, numSteps)
for j := 0; j < numSteps; j++ {
openingProof.QueryRoundProofs[i].Steps[j].Evals = utils.Uint64ArrayToQuadraticExtensionArray(openingProofRaw.QueryRoundProofs[i].Steps[j].Evals)
openingProof.QueryRoundProofs[i].Steps[j].MerkleProof.Siblings = utils.Uint64ArrayToHashArray(openingProofRaw.QueryRoundProofs[i].Steps[j].MerkleProof.hash)
openingProof.QueryRoundProofs[i].Steps[j].MerkleProof.Siblings = poseidon.Uint64ArrayToHashArray(openingProofRaw.QueryRoundProofs[i].Steps[j].MerkleProof.hash)
}
}
return openingProof
}
func DeserializeProofWithPublicInputs(path string) ProofWithPublicInputs {
func DeserializeProofWithPublicInputs(path string) common.ProofWithPublicInputs {
jsonFile, err := os.Open(path)
if err != nil {
panic(err)
}
defer jsonFile.Close()
rawBytes, _ := ioutil.ReadAll(jsonFile)
rawBytes, _ := io.ReadAll(jsonFile)
var raw ProofWithPublicInputsRaw
err = json.Unmarshal(rawBytes, &raw)
@ -270,7 +274,7 @@ func DeserializeProofWithPublicInputs(path string) ProofWithPublicInputs {
panic(err)
}
var proofWithPis ProofWithPublicInputs
var proofWithPis common.ProofWithPublicInputs
proofWithPis.Proof.WiresCap = DeserializeMerkleCap([]struct{ Elements []uint64 }(raw.Proof.WiresCap))
proofWithPis.Proof.PlonkZsPartialProductsCap = DeserializeMerkleCap([]struct{ Elements []uint64 }(raw.Proof.PlonkZsPartialProductsCap))
proofWithPis.Proof.QuotientPolysCap = DeserializeMerkleCap([]struct{ Elements []uint64 }(raw.Proof.QuotientPolysCap))
@ -302,14 +306,14 @@ func DeserializeProofWithPublicInputs(path string) ProofWithPublicInputs {
return proofWithPis
}
func DeserializeProofChallenges(path string) ProofChallenges {
func DeserializeProofChallenges(path string) common.ProofChallenges {
jsonFile, err := os.Open(path)
if err != nil {
panic(err)
}
defer jsonFile.Close()
rawBytes, _ := ioutil.ReadAll(jsonFile)
rawBytes, _ := io.ReadAll(jsonFile)
var raw ProofChallengesRaw
err = json.Unmarshal(rawBytes, &raw)
@ -317,14 +321,14 @@ func DeserializeProofChallenges(path string) ProofChallenges {
panic(err)
}
var proofChallenges ProofChallenges
var proofChallenges common.ProofChallenges
proofChallenges.PlonkBetas = utils.Uint64ArrayToFArray(raw.PlonkBetas)
proofChallenges.PlonkGammas = utils.Uint64ArrayToFArray(raw.PlonkGammas)
proofChallenges.PlonkAlphas = utils.Uint64ArrayToFArray(raw.PlonkAlphas)
proofChallenges.PlonkZeta = utils.Uint64ArrayToQuadraticExtension(raw.PlonkZeta)
proofChallenges.FriChallenges.FriAlpha = utils.Uint64ArrayToQuadraticExtension(raw.FriChallenges.FriAlpha)
proofChallenges.FriChallenges.FriBetas = utils.Uint64ArrayToQuadraticExtensionArray(raw.FriChallenges.FriBetas)
proofChallenges.FriChallenges.FriPowResponse = NewFieldElement(raw.FriChallenges.FriPowResponse)
proofChallenges.FriChallenges.FriPowResponse = field.NewFieldElement(raw.FriChallenges.FriPowResponse)
proofChallenges.FriChallenges.FriQueryIndices = utils.Uint64ArrayToFArray(raw.FriChallenges.FriQueryIndices)
return proofChallenges
@ -350,14 +354,14 @@ func ReductionArityBits(
return returnArr
}
func DeserializeCommonCircuitData(path string) CommonCircuitData {
func DeserializeCommonCircuitData(path string) common.CommonCircuitData {
jsonFile, err := os.Open(path)
if err != nil {
panic(err)
}
defer jsonFile.Close()
rawBytes, _ := ioutil.ReadAll(jsonFile)
rawBytes, _ := io.ReadAll(jsonFile)
var raw CommonCircuitDataRaw
err = json.Unmarshal(rawBytes, &raw)
@ -365,7 +369,7 @@ func DeserializeCommonCircuitData(path string) CommonCircuitData {
panic(err)
}
var commonCircuitData CommonCircuitData
var commonCircuitData common.CommonCircuitData
commonCircuitData.Config.NumWires = raw.Config.NumWires
commonCircuitData.Config.NumRoutedWires = raw.Config.NumRoutedWires
commonCircuitData.Config.NumConstants = raw.Config.NumConstants
@ -388,20 +392,24 @@ func DeserializeCommonCircuitData(path string) CommonCircuitData {
commonCircuitData.FriParams.Config.NumQueryRounds = raw.FriParams.Config.NumQueryRounds
commonCircuitData.FriParams.ReductionArityBits = raw.FriParams.ReductionArityBits
commonCircuitData.Gates = []gate{}
commonCircuitData.Gates = []gates.Gate{}
for _, gate := range raw.Gates {
commonCircuitData.Gates = append(commonCircuitData.Gates, GateInstanceFromId(gate))
commonCircuitData.Gates = append(commonCircuitData.Gates, gates.GateInstanceFromId(gate))
}
commonCircuitData.SelectorsInfo.selectorIndices = raw.SelectorsInfo.SelectorIndices
commonCircuitData.SelectorsInfo.groups = []Range{}
selectorGroupStart := []uint64{}
selectorGroupEnd := []uint64{}
for _, group := range raw.SelectorsInfo.Groups {
commonCircuitData.SelectorsInfo.groups = append(commonCircuitData.SelectorsInfo.groups, Range{
start: group.Start,
end: group.End,
})
selectorGroupStart = append(selectorGroupStart, group.Start)
selectorGroupEnd = append(selectorGroupEnd, group.End)
}
commonCircuitData.SelectorsInfo = *gates.NewSelectorsInfo(
raw.SelectorsInfo.SelectorIndices,
selectorGroupStart,
selectorGroupEnd,
)
commonCircuitData.QuotientDegreeFactor = raw.QuotientDegreeFactor
commonCircuitData.NumGateConstraints = raw.NumGateConstraints
commonCircuitData.NumConstants = raw.NumConstants
@ -412,14 +420,14 @@ func DeserializeCommonCircuitData(path string) CommonCircuitData {
return commonCircuitData
}
func DeserializeVerifierOnlyCircuitData(path string) VerifierOnlyCircuitData {
func DeserializeVerifierOnlyCircuitData(path string) common.VerifierOnlyCircuitData {
jsonFile, err := os.Open(path)
if err != nil {
panic(err)
}
defer jsonFile.Close()
rawBytes, _ := ioutil.ReadAll(jsonFile)
rawBytes, _ := io.ReadAll(jsonFile)
var raw VerifierOnlyCircuitDataRaw
err = json.Unmarshal(rawBytes, &raw)
@ -427,7 +435,7 @@ func DeserializeVerifierOnlyCircuitData(path string) VerifierOnlyCircuitData {
panic(err)
}
var verifierOnlyCircuitData VerifierOnlyCircuitData
var verifierOnlyCircuitData common.VerifierOnlyCircuitData
verifierOnlyCircuitData.ConstantSigmasCap = DeserializeMerkleCap([]struct{ Elements []uint64 }(raw.ConstantsSigmasCap))
copy(verifierOnlyCircuitData.CircuitDigest[:], utils.Uint64ArrayToFArray(raw.CircuitDigest.Elements))

2
plonky2_verifier/deserialize_test.go → verifier/utils/deserialize_test.go
View File

@ -1,4 +1,4 @@
package plonky2_verifier
package utils
import (
"fmt"

70
plonky2_verifier/verifier.go → verifier/verifier.go
View File

@ -1,22 +1,33 @@
package plonky2_verifier
package verifier
import (
. "gnark-plonky2-verifier/field"
"gnark-plonky2-verifier/poseidon"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/fri"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/plonk"
)
type VerifierChip struct {
api frontend.API `gnark:"-"`
fieldAPI frontend.API `gnark:"-"`
qeAPI *QuadraticExtensionAPI `gnark:"-"`
api frontend.API `gnark:"-"`
fieldAPI frontend.API `gnark:"-"`
qeAPI *field.QuadraticExtensionAPI `gnark:"-"`
poseidonChip *poseidon.PoseidonChip
plonkChip *PlonkChip
friChip *FriChip
plonkChip *plonk.PlonkChip
friChip *fri.FriChip
}
func NewVerifierChip(api frontend.API, fieldAPI frontend.API, qeAPI *QuadraticExtensionAPI, poseidonChip *poseidon.PoseidonChip, plonkChip *PlonkChip, friChip *FriChip) *VerifierChip {
func NewVerifierChip(api frontend.API, commonCircuitData common.CommonCircuitData) *VerifierChip {
fieldAPI := field.NewFieldAPI(api)
qeAPI := field.NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
hashAPI := poseidon.NewHashAPI(fieldAPI)
poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
friChip := fri.NewFriChip(api, fieldAPI, qeAPI, hashAPI, poseidonChip, &commonCircuitData.FriParams)
plonkChip := plonk.NewPlonkChip(api, qeAPI, commonCircuitData)
return &VerifierChip{
api: api,
fieldAPI: fieldAPI,
@ -27,14 +38,19 @@ func NewVerifierChip(api frontend.API, fieldAPI frontend.API, qeAPI *QuadraticEx
}
}
func (c *VerifierChip) GetPublicInputsHash(publicInputs []F) Hash {
func (c *VerifierChip) GetPublicInputsHash(publicInputs []field.F) poseidon.Hash {
return c.poseidonChip.HashNoPad(publicInputs)
}
func (c *VerifierChip) GetChallenges(proofWithPis ProofWithPublicInputs, publicInputsHash Hash, commonData CommonCircuitData, verifierData VerifierOnlyCircuitData) ProofChallenges {
func (c *VerifierChip) GetChallenges(
proofWithPis common.ProofWithPublicInputs,
publicInputsHash poseidon.Hash,
commonData common.CommonCircuitData,
verifierData common.VerifierOnlyCircuitData,
) common.ProofChallenges {
config := commonData.Config
numChallenges := config.NumChallenges
challenger := NewChallengerChip(c.api, c.fieldAPI, c.poseidonChip)
challenger := plonk.NewChallengerChip(c.api, c.fieldAPI, c.poseidonChip)
var circuitDigest = verifierData.CircuitDigest
@ -50,9 +66,9 @@ func (c *VerifierChip) GetChallenges(proofWithPis ProofWithPublicInputs, publicI
challenger.ObserveCap(proofWithPis.Proof.QuotientPolysCap)
plonkZeta := challenger.GetExtensionChallenge()
challenger.ObserveOpenings(proofWithPis.Proof.Openings.ToFriOpenings())
challenger.ObserveOpenings(fri.ToFriOpenings(proofWithPis.Proof.Openings))
return ProofChallenges{
return common.ProofChallenges{
PlonkBetas: plonkBetas,
PlonkGammas: plonkGammas,
PlonkAlphas: plonkAlphas,
@ -67,7 +83,7 @@ func (c *VerifierChip) GetChallenges(proofWithPis ProofWithPublicInputs, publicI
}
}
func (c *VerifierChip) Verify(proofWithPis ProofWithPublicInputs, verifierData VerifierOnlyCircuitData, commonData CommonCircuitData) {
func (c *VerifierChip) Verify(proofWithPis common.ProofWithPublicInputs, verifierData common.VerifierOnlyCircuitData, commonData common.CommonCircuitData) {
// TODO: Verify shape of the proof?
publicInputsHash := c.GetPublicInputsHash(proofWithPis.PublicInputs)
@ -75,7 +91,7 @@ func (c *VerifierChip) Verify(proofWithPis ProofWithPublicInputs, verifierData V
c.plonkChip.Verify(proofChallenges, proofWithPis.Proof.Openings, publicInputsHash)
initialMerkleCaps := []MerkleCap{
initialMerkleCaps := []common.MerkleCap{
verifierData.ConstantSigmasCap,
proofWithPis.Proof.WiresCap,
proofWithPis.Proof.PlonkZsPartialProductsCap,
@ -84,26 +100,26 @@ func (c *VerifierChip) Verify(proofWithPis ProofWithPublicInputs, verifierData V
// Seems like there is a bug in the emulated field code.
// Add ZERO to all of the fri challenges values to reduce them.
proofChallenges.PlonkZeta[0] = c.fieldAPI.Add(proofChallenges.PlonkZeta[0], ZERO_F).(F)
proofChallenges.PlonkZeta[1] = c.fieldAPI.Add(proofChallenges.PlonkZeta[1], ZERO_F).(F)
proofChallenges.PlonkZeta[0] = c.fieldAPI.Add(proofChallenges.PlonkZeta[0], field.ZERO_F).(field.F)
proofChallenges.PlonkZeta[1] = c.fieldAPI.Add(proofChallenges.PlonkZeta[1], field.ZERO_F).(field.F)
proofChallenges.FriChallenges.FriAlpha[0] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriAlpha[0], ZERO_F).(F)
proofChallenges.FriChallenges.FriAlpha[1] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriAlpha[1], ZERO_F).(F)
proofChallenges.FriChallenges.FriAlpha[0] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriAlpha[0], field.ZERO_F).(field.F)
proofChallenges.FriChallenges.FriAlpha[1] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriAlpha[1], field.ZERO_F).(field.F)
for i := 0; i < len(proofChallenges.FriChallenges.FriBetas); i++ {
proofChallenges.FriChallenges.FriBetas[i][0] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriBetas[i][0], ZERO_F).(F)
proofChallenges.FriChallenges.FriBetas[i][1] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriBetas[i][1], ZERO_F).(F)
proofChallenges.FriChallenges.FriBetas[i][0] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriBetas[i][0], field.ZERO_F).(field.F)
proofChallenges.FriChallenges.FriBetas[i][1] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriBetas[i][1], field.ZERO_F).(field.F)
}
proofChallenges.FriChallenges.FriPowResponse = c.fieldAPI.Add(proofChallenges.FriChallenges.FriPowResponse, ZERO_F).(F)
proofChallenges.FriChallenges.FriPowResponse = c.fieldAPI.Add(proofChallenges.FriChallenges.FriPowResponse, field.ZERO_F).(field.F)
for i := 0; i < len(proofChallenges.FriChallenges.FriQueryIndices); i++ {
proofChallenges.FriChallenges.FriQueryIndices[i] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriQueryIndices[i], ZERO_F).(F)
proofChallenges.FriChallenges.FriQueryIndices[i] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriQueryIndices[i], field.ZERO_F).(field.F)
}
c.friChip.VerifyFriProof(
commonData.GetFriInstance(c.qeAPI, proofChallenges.PlonkZeta, commonData.DegreeBits),
proofWithPis.Proof.Openings.ToFriOpenings(),
fri.GetFriInstance(&commonData, c.qeAPI, proofChallenges.PlonkZeta, commonData.DegreeBits),
fri.ToFriOpenings(proofWithPis.Proof.Openings),
&proofChallenges.FriChallenges,
initialMerkleCaps,
&proofWithPis.Proof.OpeningProof,

320
verifier/verifier_test.go Normal file
View File

@ -0,0 +1,320 @@
package verifier_test
import (
"testing"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/utils"
)
type TestVerifierChallengesCircuit struct {
fieldAPI frontend.API `gnark:"-"`
qeAPI *field.QuadraticExtensionAPI `gnark:"-"`
hashAPI *poseidon.HashAPI `gnark:"-"`
proofWithPIsFilename string `gnark:"-"`
commonCircuitDataFilename string `gnark:"-"`
verifierOnlyCircuitDataFilename string `gnark:"-"`
numChallenges uint64 `gnark:"-"`
numFriQueries uint64 `gnark:"-"`
t *testing.T `gnark:"-"`
expectedPublicInputsHash poseidon.Hash
expectedPlonkBetas []field.F // slice length == num challenges
expectedPlonkGammas []field.F // slice length == num challenges
expectedPlonkAlphas []field.F // slice length == num challenges
expectedPlonkZeta field.QuadraticExtension
expectedFriAlpha field.QuadraticExtension
expectedFriBetas []field.QuadraticExtension // slice length == num fri rounds
expectedFriQueryIndices []field.F // slice length == num fri queries
verifierChip *verifier.VerifierChip
}
func (c *TestVerifierChallengesCircuit) GetChallengesSanityCheck(
proofWithPis common.ProofWithPublicInputs,
verifierData common.VerifierOnlyCircuitData,
commonData common.CommonCircuitData,
) {
publicInputsHash := c.verifierChip.GetPublicInputsHash(proofWithPis.PublicInputs)
proofChallenges := c.verifierChip.GetChallenges(proofWithPis, publicInputsHash, commonData, verifierData)
c.hashAPI.AssertIsEqualHash(publicInputsHash, c.expectedPublicInputsHash)
if len(proofChallenges.PlonkBetas) != int(c.numChallenges) {
c.t.Errorf("len(PlonkBetas) should equal numChallenges")
}
for i := 0; i < int(c.numChallenges); i++ {
c.fieldAPI.AssertIsEqual(proofChallenges.PlonkBetas[i], c.expectedPlonkBetas[i])
}
if len(proofChallenges.PlonkGammas) != int(c.numChallenges) {
c.t.Errorf("len(PlonkGammas) should equal numChallenges")
}
for i := 0; i < int(c.numChallenges); i++ {
c.fieldAPI.AssertIsEqual(proofChallenges.PlonkGammas[i], c.expectedPlonkGammas[i])
}
if len(proofChallenges.PlonkAlphas) != int(c.numChallenges) {
c.t.Errorf("len(PlonkAlphas) should equal numChallenges")
}
for i := 0; i < int(c.numChallenges); i++ {
c.fieldAPI.AssertIsEqual(proofChallenges.PlonkAlphas[i], c.expectedPlonkAlphas[i])
}
c.qeAPI.AssertIsEqual(proofChallenges.PlonkZeta, c.expectedPlonkZeta)
c.qeAPI.AssertIsEqual(proofChallenges.FriChallenges.FriAlpha, c.expectedFriAlpha)
if len(proofChallenges.FriChallenges.FriBetas) != len(commonData.FriParams.ReductionArityBits) {
c.t.Errorf("len(PlonkAlphas) should equal num fri rounds")
}
for i := 0; i < len(commonData.FriParams.ReductionArityBits); i++ {
c.qeAPI.AssertIsEqual(proofChallenges.FriChallenges.FriBetas[i], c.expectedFriBetas[i])
}
// This test is commented out because pow_witness is randomized between runs of the prover.
// expectedPowResponse := field.NewFieldElementFromString("92909863298412")
// c.field.AssertIsEqual(proofChallenges.FriChallenges.FriPowResponse, expectedPowResponse)
if len(proofChallenges.FriChallenges.FriQueryIndices) != int(c.numFriQueries) {
c.t.Errorf("len(expectedFriQueryIndices) should equal num fri queries")
}
for i := 0; i < int(c.numFriQueries); i++ {
c.fieldAPI.AssertIsEqual(c.expectedFriQueryIndices[i], proofChallenges.FriChallenges.FriQueryIndices[i])
}
}
func (c *TestVerifierChallengesCircuit) Define(api frontend.API) error {
proofWithPis := utils.DeserializeProofWithPublicInputs(c.proofWithPIsFilename)
commonCircuitData := utils.DeserializeCommonCircuitData(c.commonCircuitDataFilename)
verfierOnlyCircuitData := utils.DeserializeVerifierOnlyCircuitData(c.verifierOnlyCircuitDataFilename)
c.numChallenges = commonCircuitData.Config.NumChallenges
c.numFriQueries = commonCircuitData.FriParams.Config.NumQueryRounds
c.verifierChip = verifier.NewVerifierChip(api, commonCircuitData)
c.GetChallengesSanityCheck(proofWithPis, verfierOnlyCircuitData, commonCircuitData)
return nil
}
func TestFibonacciVerifierWitness(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestVerifierChallengesCircuit{
proofWithPIsFilename: "./data/fibonacci/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/fibonacci/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/fibonacci/verifier_only_circuit_data.json",
t: t,
expectedPublicInputsHash: poseidon.Hash{
field.NewFieldElementFromString("8416658900775745054"),
field.NewFieldElementFromString("12574228347150446423"),
field.NewFieldElementFromString("9629056739760131473"),
field.NewFieldElementFromString("3119289788404190010"),
},
expectedPlonkBetas: []field.F{
field.NewFieldElementFromString("4678728155650926271"),
field.NewFieldElementFromString("13611962404289024887"),
},
expectedPlonkGammas: []field.F{
field.NewFieldElementFromString("13237663823305715949"),
field.NewFieldElementFromString("15389314098328235145"),
},
expectedPlonkAlphas: []field.F{
field.NewFieldElementFromString("14505919539124304197"),
field.NewFieldElementFromString("1695455639263736117"),
},
expectedPlonkZeta: field.QuadraticExtension{
field.NewFieldElementFromString("14887793628029982930"),
field.NewFieldElementFromString("1136137158284059037"),
},
expectedFriAlpha: field.QuadraticExtension{
field.NewFieldElementFromString("14641715242626918707"),
field.NewFieldElementFromString("10574243340537902930"),
},
expectedFriBetas: []field.QuadraticExtension{},
expectedFriQueryIndices: []field.F{
field.NewFieldElement(6790812084677375942),
field.NewFieldElement(12394212020331474798),
field.NewFieldElement(16457600747000998582),
field.NewFieldElement(1543271328932331916),
field.NewFieldElement(12115726870906958644),
field.NewFieldElement(6775897107605342797),
field.NewFieldElement(15989401564746021030),
field.NewFieldElement(10691676456016926845),
field.NewFieldElement(1632499470630032007),
field.NewFieldElement(1317292355445098328),
field.NewFieldElement(18391440812534384252),
field.NewFieldElement(17321705613231354333),
field.NewFieldElement(6176487551308859603),
field.NewFieldElement(7119835651572002873),
field.NewFieldElement(3903019169623116693),
field.NewFieldElement(4886491111111487546),
field.NewFieldElement(4087641893164620518),
field.NewFieldElement(13801643080324181364),
field.NewFieldElement(16993775312274189321),
field.NewFieldElement(9268202926222765679),
field.NewFieldElement(10683001302406181735),
field.NewFieldElement(13359465725531647963),
field.NewFieldElement(4523327590105620849),
field.NewFieldElement(4883588003760409588),
field.NewFieldElement(187699146998097671),
field.NewFieldElement(14489263557623716717),
field.NewFieldElement(11748359318238148146),
field.NewFieldElement(13636347200053048758),
},
}
witness := TestVerifierChallengesCircuit{}
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}
func TestDummyVerifierWitness(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestVerifierChallengesCircuit{
proofWithPIsFilename: "./data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
t: t,
expectedPublicInputsHash: poseidon.Hash{
field.NewFieldElementFromString("0"),
field.NewFieldElementFromString("0"),
field.NewFieldElementFromString("0"),
field.NewFieldElementFromString("0"),
},
expectedPlonkBetas: []field.F{
field.NewFieldElementFromString("11216469004148781751"),
field.NewFieldElementFromString("6201977337075152249"),
},
expectedPlonkGammas: []field.F{
field.NewFieldElementFromString("8369751006669847974"),
field.NewFieldElementFromString("3610024170884289835"),
},
expectedPlonkAlphas: []field.F{
field.NewFieldElementFromString("970160439138448145"),
field.NewFieldElementFromString("2402201283787401921"),
},
expectedPlonkZeta: field.QuadraticExtension{
field.NewFieldElementFromString("17377750363769967882"),
field.NewFieldElementFromString("11921191651424768462"),
},
expectedFriAlpha: field.QuadraticExtension{
field.NewFieldElementFromString("16721004555774385479"),
field.NewFieldElementFromString("10688151135543754663"),
},
expectedFriBetas: []field.QuadraticExtension{
{
field.NewFieldElementFromString("3312441922957827805"),
field.NewFieldElementFromString("15128092514958289671"),
},
{
field.NewFieldElementFromString("13630530769060141802"),
field.NewFieldElementFromString("14559883974933163008"),
},
{
field.NewFieldElementFromString("16146508250083930687"),
field.NewFieldElementFromString("5176346568444408396"),
},
},
expectedFriQueryIndices: []field.F{
field.NewFieldElement(16334967868590615051),
field.NewFieldElement(2911473540496037915),
field.NewFieldElement(14887216056886344225),
field.NewFieldElement(7808811227805914295),
field.NewFieldElement(2018594961417375749),
field.NewFieldElement(3733368398777208435),
field.NewFieldElement(2623035669037055104),
field.NewFieldElement(299243030573481514),
field.NewFieldElement(7189789717962704433),
field.NewFieldElement(14566344026886816268),
field.NewFieldElement(12555390069003437453),
field.NewFieldElement(17225508403199418233),
field.NewFieldElement(5088797913879903292),
field.NewFieldElement(9715691392773433023),
field.NewFieldElement(7565836764713256165),
field.NewFieldElement(1500143546029322929),
field.NewFieldElement(1245802417104422080),
field.NewFieldElement(6831959786661245110),
field.NewFieldElement(17271054758535453780),
field.NewFieldElement(6225460404576395409),
field.NewFieldElement(15932661092896277351),
field.NewFieldElement(12452534049198240575),
field.NewFieldElement(4225199666055520177),
field.NewFieldElement(13235091290587791090),
field.NewFieldElement(2562357622728700774),
field.NewFieldElement(17676678042980201498),
field.NewFieldElement(5837067135702409874),
field.NewFieldElement(11238419549114325157),
},
}
witness := TestVerifierChallengesCircuit{} // No real witness as the test circuit's Define function will inject in the witness
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}
type TestVerifierCircuit struct {
proofWithPIsFilename string `gnark:"-"`
commonCircuitDataFilename string `gnark:"-"`
verifierOnlyCircuitDataFilename string `gnark:"-"`
}
func (c *TestVerifierCircuit) Define(api frontend.API) error {
proofWithPis := utils.DeserializeProofWithPublicInputs(c.proofWithPIsFilename)
commonCircuitData := utils.DeserializeCommonCircuitData(c.commonCircuitDataFilename)
verfierOnlyCircuitData := utils.DeserializeVerifierOnlyCircuitData(c.verifierOnlyCircuitDataFilename)
verifierChip := verifier.NewVerifierChip(api, commonCircuitData)
verifierChip.Verify(proofWithPis, verfierOnlyCircuitData, commonCircuitData)
return nil
}
func TestDummyVerifier(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestVerifierCircuit{
proofWithPIsFilename: "./data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
}
witness := TestVerifierCircuit{}
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}