plonky2/starky2/src/cross_table_lookup.rs

use anyhow::{ensure, Result};
use plonky2::field::extension_field::{Extendable, FieldExtension};
use plonky2::field::field_types::Field;
use plonky2::field::packed_field::PackedField;
use plonky2::field::polynomial::PolynomialValues;
use plonky2::hash::hash_types::RichField;
use plonky2::iop::challenger::Challenger;
use plonky2::plonk::config::GenericConfig;
use plonky2::plonk::plonk_common::reduce_with_powers;
use plonky2::util::reducing::ReducingFactor;

use crate::all_stark::Table;
use crate::config::StarkConfig;
use crate::constraint_consumer::ConstraintConsumer;
use crate::permutation::{
    get_grand_product_challenge_set, GrandProductChallenge, GrandProductChallengeSet,
};
use crate::proof::StarkProofWithPublicInputs;
use crate::stark::Stark;
use crate::vars::StarkEvaluationVars;

#[derive(Clone)]
pub struct CrossTableLookup {
    pub looking_table: Table,
    pub looking_columns: Vec<usize>,
    pub looked_table: Table,
    pub looked_columns: Vec<usize>,
}

impl CrossTableLookup {
    pub fn new(
        looking_table: Table,
        looking_columns: Vec<usize>,
        looked_table: Table,
        looked_columns: Vec<usize>,
    ) -> Self {
        assert_eq!(looking_columns.len(), looked_columns.len());
        Self {
            looking_table,
            looking_columns,
            looked_table,
            looked_columns,
        }
    }
}

/// Lookup data for one table.
#[derive(Clone)]
pub struct CtlData<F: Field> {
    // Challenges used in the lookup argument.
    pub(crate) challenges: GrandProductChallengeSet<F>,
    // Vector of `(Z, columns)` where `Z` is a Z-polynomial for a lookup on columns `columns`.
    pub zs_columns: Vec<(PolynomialValues<F>, Vec<usize>)>,
}

impl<F: Field> CtlData<F> {
    pub(crate) fn new(challenges: GrandProductChallengeSet<F>) -> Self {
        Self {
            challenges,
            zs_columns: vec![],
        }
    }

    pub fn len(&self) -> usize {
        self.zs_columns.len()
    }

    pub fn is_empty(&self) -> bool {
        self.zs_columns.is_empty()
    }

    pub fn z_polys(&self) -> Vec<PolynomialValues<F>> {
        self.zs_columns.iter().map(|(p, _)| p.clone()).collect()
    }
}

pub fn cross_table_lookup_data<F: RichField, C: GenericConfig<D, F = F>, const D: usize>(
    config: &StarkConfig,
    trace_poly_values: &[Vec<PolynomialValues<F>>],
    cross_table_lookups: &[CrossTableLookup],
    challenger: &mut Challenger<F, C::Hasher>,
) -> Vec<CtlData<F>> {
    let challenges = get_grand_product_challenge_set(challenger, config.num_challenges);
    cross_table_lookups.iter().fold(
        vec![CtlData::new(challenges.clone()); trace_poly_values.len()],
        |mut acc, cross_table_lookup| {
            let CrossTableLookup {
                looking_table,
                looking_columns,
                looked_table,
                looked_columns,
            } = cross_table_lookup;

            for &GrandProductChallenge { beta, gamma } in &challenges.challenges {
                let z_looking = partial_products(
                    &trace_poly_values[*looking_table as usize],
                    looking_columns,
                    beta,
                    gamma,
                );
                let z_looked = partial_products(
                    &trace_poly_values[*looked_table as usize],
                    looked_columns,
                    beta,
                    gamma,
                );

                acc[*looking_table as usize]
                    .zs_columns
                    .push((z_looking, looking_columns.clone()));
                acc[*looked_table as usize]
                    .zs_columns
                    .push((z_looked, looked_columns.clone()));
            }
            acc
        },
    )
}

fn partial_products<F: Field>(
    trace: &[PolynomialValues<F>],
    columns: &[usize],
    beta: F,
    gamma: F,
) -> PolynomialValues<F> {
    let mut partial_prod = F::ONE;
    let degree = trace[0].len();
    let mut res = Vec::with_capacity(degree);
    for i in 0..degree {
        partial_prod *=
            gamma + reduce_with_powers(columns.iter().map(|&j| &trace[j].values[i]), beta);
        res.push(partial_prod);
    }
    res.into()
}

#[derive(Clone)]
pub struct CTLCheckVars<'a, F, FE, P, const D2: usize>
where
    F: Field,
    FE: FieldExtension<D2, BaseField = F>,
    P: PackedField<Scalar = FE>,
{
    pub(crate) local_z: P,
    pub(crate) next_z: P,
    pub(crate) challenges: GrandProductChallenge<F>,
    pub(crate) columns: &'a [usize],
}

impl<'a, F: RichField + Extendable<D>, const D: usize>
    CTLCheckVars<'a, F, F::Extension, F::Extension, D>
{
    pub(crate) fn from_proofs<C: GenericConfig<D, F = F>>(
        proofs: &[&StarkProofWithPublicInputs<F, C, D>],
        cross_table_lookups: &'a [CrossTableLookup],
        ctl_challenges: &'a GrandProductChallengeSet<F>,
        num_permutation_zs: &[usize],
    ) -> Vec<Vec<Self>> {
        debug_assert_eq!(proofs.len(), num_permutation_zs.len());
        let mut ctl_zs = proofs
            .iter()
            .zip(num_permutation_zs)
            .map(|(p, &num_permutation)| -> Box<dyn Iterator<Item = _>> {
                if p.proof.openings.permutation_ctl_zs.is_some() {
                    Box::new(
                        p.proof
                            .openings
                            .permutation_ctl_zs
                            .as_ref()
                            .unwrap()
                            .iter()
                            .skip(num_permutation)
                            .zip(
                                p.proof
                                    .openings
                                    .permutation_ctl_zs_right
                                    .as_ref()
                                    .unwrap()
                                    .iter()
                                    .skip(num_permutation),
                            ),
                    )
                } else {
                    Box::new(std::iter::empty())
                }
            })
            .collect::<Vec<_>>();

        cross_table_lookups
            .iter()
            .fold(vec![vec![]; proofs.len()], |mut acc, ctl| {
                let CrossTableLookup {
                    looking_table,
                    looking_columns,
                    looked_table,
                    looked_columns,
                } = ctl;

                for &challenges in &ctl_challenges.challenges {
                    let (looking_z, looking_z_next) =
                        ctl_zs[*looking_table as usize].next().unwrap();
                    acc[*looking_table as usize].push(Self {
                        local_z: *looking_z,
                        next_z: *looking_z_next,
                        challenges,
                        columns: looking_columns,
                    });

                    let (looked_z, looked_z_next) = ctl_zs[*looked_table as usize].next().unwrap();
                    acc[*looked_table as usize].push(Self {
                        local_z: *looked_z,
                        next_z: *looked_z_next,
                        challenges,
                        columns: looked_columns,
                    });
                }
                acc
            })
    }
}

pub(crate) fn eval_cross_table_lookup_checks<F, FE, P, C, S, const D: usize, const D2: usize>(
    vars: StarkEvaluationVars<FE, P, { S::COLUMNS }, { S::PUBLIC_INPUTS }>,
    ctl_vars: &[CTLCheckVars<F, FE, P, D2>],
    consumer: &mut ConstraintConsumer<P>,
) where
    F: RichField + Extendable<D>,
    FE: FieldExtension<D2, BaseField = F>,
    P: PackedField<Scalar = FE>,
    C: GenericConfig<D, F = F>,
    S: Stark<F, D>,
{
    for lookup_vars in ctl_vars {
        let CTLCheckVars {
            local_z,
            next_z,
            challenges,
            columns,
        } = lookup_vars;
        let mut factor = ReducingFactor::new(challenges.beta);
        let mut combine = |v: &[P]| -> P {
            factor.reduce_ext(columns.iter().map(|&i| v[i])) + FE::from_basefield(challenges.gamma)
        };

        // Check value of `Z(1)`
        consumer.constraint_first_row(*local_z - combine(vars.local_values));
        // Check `Z(gw) = combination * Z(w)`
        consumer.constraint_transition(*next_z - *local_z * combine(vars.next_values));
    }
}

pub(crate) fn verify_cross_table_lookups<
    F: RichField + Extendable<D>,
    C: GenericConfig<D, F = F>,
    const D: usize,
>(
    cross_table_lookups: Vec<CrossTableLookup>,
    proofs: &[&StarkProofWithPublicInputs<F, C, D>],
    challenges: GrandProductChallengeSet<F>,
    config: &StarkConfig,
) -> Result<()> {
    let degrees_bits = proofs
        .iter()
        .map(|p| p.proof.recover_degree_bits(config))
        .collect::<Vec<_>>();
    let mut ctl_zs_openings = proofs
        .iter()
        .map(|p| p.proof.openings.ctl_zs_last.iter())
        .collect::<Vec<_>>();
    for (
        i,
        CrossTableLookup {
            looking_table,
            looked_table,
            ..
        },
    ) in cross_table_lookups.into_iter().enumerate()
    {
        let looking_degree = 1 << degrees_bits[looking_table as usize];
        let looked_degree = 1 << degrees_bits[looked_table as usize];
        let looking_z = *ctl_zs_openings[looking_table as usize].next().unwrap();
        let looked_z = *ctl_zs_openings[looked_table as usize].next().unwrap();
        ensure!(
            looking_z
                == looked_z
                    * challenges.challenges[i % config.num_challenges]
                        .gamma
                        .exp_u64(looking_degree - looked_degree),
            "Cross-table lookup verification failed."
        );
    }

    Ok(())
}
CTL verification 2022-05-11 16:09:12 +02:00			`use anyhow::{ensure, Result};`
Add eval for cross table lookups 2022-05-06 14:55:54 +02:00			`use plonky2::field::extension_field::{Extendable, FieldExtension};`
More cleaning 2022-05-05 22:21:09 +02:00			`use plonky2::field::field_types::Field;`
			`use plonky2::field::packed_field::PackedField;`
			`use plonky2::field::polynomial::PolynomialValues;`
			`use plonky2::hash::hash_types::RichField;`
			`use plonky2::iop::challenger::Challenger;`
			`use plonky2::plonk::config::GenericConfig;`
			`use plonky2::plonk::plonk_common::reduce_with_powers;`
Add eval for cross table lookups 2022-05-06 14:55:54 +02:00			`use plonky2::util::reducing::ReducingFactor;`
More cleaning 2022-05-05 22:21:09 +02:00
Rename 2022-05-06 17:35:25 +02:00			`use crate::all_stark::Table;`
More cleaning 2022-05-05 22:21:09 +02:00			`use crate::config::StarkConfig;`
Add eval for cross table lookups 2022-05-06 14:55:54 +02:00			`use crate::constraint_consumer::ConstraintConsumer;`
Finish verifier 2022-05-12 13:47:55 +02:00			`use crate::permutation::{`
PermutationChallenge -> GrandProductChallenge since it's also used for cross-table lookups 2022-05-12 13:51:02 +02:00			`get_grand_product_challenge_set, GrandProductChallenge, GrandProductChallengeSet,`
Finish verifier 2022-05-12 13:47:55 +02:00			`};`
CTL verification 2022-05-11 16:09:12 +02:00			`use crate::proof::StarkProofWithPublicInputs;`
Add eval for cross table lookups 2022-05-06 14:55:54 +02:00			`use crate::stark::Stark;`
			`use crate::vars::StarkEvaluationVars;`
More cleaning 2022-05-05 22:21:09 +02:00
Finish verifier 2022-05-12 13:47:55 +02:00			`#[derive(Clone)]`
Cleaning 2022-05-06 17:22:30 +02:00			`pub struct CrossTableLookup {`
			`pub looking_table: Table,`
			`pub looking_columns: Vec<usize>,`
Fix `looked_table: Table` 2022-05-10 07:45:42 +02:00			`pub looked_table: Table,`
Cleaning 2022-05-06 17:22:30 +02:00			`pub looked_columns: Vec<usize>,`
			`}`

			`impl CrossTableLookup {`
			`pub fn new(`
			`looking_table: Table,`
			`looking_columns: Vec<usize>,`
Fix `looked_table: Table` 2022-05-10 07:45:42 +02:00			`looked_table: Table,`
Cleaning 2022-05-06 17:22:30 +02:00			`looked_columns: Vec<usize>,`
			`) -> Self {`
			`assert_eq!(looking_columns.len(), looked_columns.len());`
			`Self {`
			`looking_table,`
			`looking_columns,`
			`looked_table,`
			`looked_columns,`
			`}`
			`}`
			`}`

More cleaning 2022-05-05 22:21:09 +02:00			`/// Lookup data for one table.`
			`#[derive(Clone)]`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`pub struct CtlData<F: Field> {`
			`// Challenges used in the lookup argument.`
PermutationChallenge -> GrandProductChallenge since it's also used for cross-table lookups 2022-05-12 13:51:02 +02:00			`pub(crate) challenges: GrandProductChallengeSet<F>,`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			// Vector of `(Z, columns)` where `Z` is a Z-polynomial for a lookup on columns `columns`.
Progress on verifier 2022-05-11 14:35:33 +02:00			`pub zs_columns: Vec<(PolynomialValues<F>, Vec<usize>)>,`
More cleaning 2022-05-05 22:21:09 +02:00			`}`

Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`impl<F: Field> CtlData<F> {`
PermutationChallenge -> GrandProductChallenge since it's also used for cross-table lookups 2022-05-12 13:51:02 +02:00			`pub(crate) fn new(challenges: GrandProductChallengeSet<F>) -> Self {`
More cleaning 2022-05-05 22:21:09 +02:00			`Self {`
Finish verifier 2022-05-12 13:47:55 +02:00			`challenges,`
Progress on verifier 2022-05-11 14:35:33 +02:00			`zs_columns: vec![],`
More cleaning 2022-05-05 22:21:09 +02:00			`}`
			`}`

Open lookup polys 2022-05-10 15:08:08 +02:00			`pub fn len(&self) -> usize {`
Progress on verifier 2022-05-11 14:35:33 +02:00			`self.zs_columns.len()`
Open lookup polys 2022-05-10 15:08:08 +02:00			`}`

More cleaning 2022-05-05 22:21:09 +02:00			`pub fn is_empty(&self) -> bool {`
Progress on verifier 2022-05-11 14:35:33 +02:00			`self.zs_columns.is_empty()`
More cleaning 2022-05-05 22:21:09 +02:00			`}`

			`pub fn z_polys(&self) -> Vec<PolynomialValues<F>> {`
Progress on verifier 2022-05-11 14:35:33 +02:00			`self.zs_columns.iter().map(\|(p, _)\| p.clone()).collect()`
More cleaning 2022-05-05 22:21:09 +02:00			`}`
			`}`

Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`pub fn cross_table_lookup_data<F: RichField, C: GenericConfig<D, F = F>, const D: usize>(`
More cleaning 2022-05-05 22:21:09 +02:00			`config: &StarkConfig,`
			`trace_poly_values: &[Vec<PolynomialValues<F>>],`
Cleaning 2022-05-06 17:22:30 +02:00			`cross_table_lookups: &[CrossTableLookup],`
More cleaning 2022-05-05 22:21:09 +02:00			`challenger: &mut Challenger<F, C::Hasher>,`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`) -> Vec<CtlData<F>> {`
PermutationChallenge -> GrandProductChallenge since it's also used for cross-table lookups 2022-05-12 13:51:02 +02:00			`let challenges = get_grand_product_challenge_set(challenger, config.num_challenges);`
More cleaning 2022-05-05 22:21:09 +02:00			`cross_table_lookups.iter().fold(`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`vec![CtlData::new(challenges.clone()); trace_poly_values.len()],`
More cleaning 2022-05-05 22:21:09 +02:00			`\|mut acc, cross_table_lookup\| {`
			`let CrossTableLookup {`
			`looking_table,`
			`looking_columns,`
			`looked_table,`
			`looked_columns,`
			`} = cross_table_lookup;`

PermutationChallenge -> GrandProductChallenge since it's also used for cross-table lookups 2022-05-12 13:51:02 +02:00			`for &GrandProductChallenge { beta, gamma } in &challenges.challenges {`
More cleaning 2022-05-05 22:21:09 +02:00			`let z_looking = partial_products(`
			`&trace_poly_values[*looking_table as usize],`
Minor 2022-05-06 16:59:25 +02:00			`looking_columns,`
More cleaning 2022-05-05 22:21:09 +02:00			`beta,`
			`gamma,`
			`);`
			`let z_looked = partial_products(`
			`&trace_poly_values[*looked_table as usize],`
Minor 2022-05-06 16:59:25 +02:00			`looked_columns,`
More cleaning 2022-05-05 22:21:09 +02:00			`beta,`
			`gamma,`
			`);`

Progress on verifier 2022-05-11 14:35:33 +02:00			`acc[*looking_table as usize]`
			`.zs_columns`
			`.push((z_looking, looking_columns.clone()));`
			`acc[*looked_table as usize]`
			`.zs_columns`
			`.push((z_looked, looked_columns.clone()));`
More cleaning 2022-05-05 22:21:09 +02:00			`}`
			`acc`
			`},`
			`)`
			`}`

			`fn partial_products<F: Field>(`
			`trace: &[PolynomialValues<F>],`
			`columns: &[usize],`
			`beta: F,`
			`gamma: F,`
			`) -> PolynomialValues<F> {`
			`let mut partial_prod = F::ONE;`
Add mock test (doesn't work) 2022-05-12 20:38:11 +02:00			`let degree = trace[0].len();`
			`let mut res = Vec::with_capacity(degree);`
			`for i in 0..degree {`
More cleaning 2022-05-05 22:21:09 +02:00			`partial_prod *=`
Minor 2022-05-06 16:59:25 +02:00			`gamma + reduce_with_powers(columns.iter().map(\|&j\| &trace[j].values[i]), beta);`
More cleaning 2022-05-05 22:21:09 +02:00			`res.push(partial_prod);`
			`}`
			`res.into()`
			`}`

Finish verifier 2022-05-12 13:47:55 +02:00			`#[derive(Clone)]`
			`pub struct CTLCheckVars<'a, F, FE, P, const D2: usize>`
More cleaning 2022-05-05 22:21:09 +02:00			`where`
			`F: Field,`
			`FE: FieldExtension<D2, BaseField = F>,`
			`P: PackedField<Scalar = FE>,`
			`{`
Add eval for cross table lookups 2022-05-06 14:55:54 +02:00			`pub(crate) local_z: P,`
			`pub(crate) next_z: P,`
PermutationChallenge -> GrandProductChallenge since it's also used for cross-table lookups 2022-05-12 13:51:02 +02:00			`pub(crate) challenges: GrandProductChallenge<F>,`
Finish verifier 2022-05-12 13:47:55 +02:00			`pub(crate) columns: &'a [usize],`
			`}`

			`impl<'a, F: RichField + Extendable<D>, const D: usize>`
			`CTLCheckVars<'a, F, F::Extension, F::Extension, D>`
			`{`
			`pub(crate) fn from_proofs<C: GenericConfig<D, F = F>>(`
			`proofs: &[&StarkProofWithPublicInputs<F, C, D>],`
			`cross_table_lookups: &'a [CrossTableLookup],`
PermutationChallenge -> GrandProductChallenge since it's also used for cross-table lookups 2022-05-12 13:51:02 +02:00			`ctl_challenges: &'a GrandProductChallengeSet<F>,`
Fix num_permutation_zs 2022-05-13 10:48:56 +02:00			`num_permutation_zs: &[usize],`
Finish verifier 2022-05-12 13:47:55 +02:00			`) -> Vec<Vec<Self>> {`
Fix num_permutation_zs 2022-05-13 10:48:56 +02:00			`debug_assert_eq!(proofs.len(), num_permutation_zs.len());`
Finish verifier 2022-05-12 13:47:55 +02:00			`let mut ctl_zs = proofs`
			`.iter()`
Fix num_permutation_zs 2022-05-13 10:48:56 +02:00			`.zip(num_permutation_zs)`
			`.map(\|(p, &num_permutation)\| -> Box<dyn Iterator<Item = _>> {`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`if p.proof.openings.permutation_ctl_zs.is_some() {`
Fix bugs when no ctls 2022-05-13 10:35:59 +02:00			`Box::new(`
Finish verifier 2022-05-12 13:47:55 +02:00			`p.proof`
			`.openings`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`.permutation_ctl_zs`
Finish verifier 2022-05-12 13:47:55 +02:00			`.as_ref()`
			`.unwrap()`
Test works 2022-05-12 22:29:10 +02:00			`.iter()`
Fix num_permutation_zs 2022-05-13 10:48:56 +02:00			`.skip(num_permutation)`
Fix bugs when no ctls 2022-05-13 10:35:59 +02:00			`.zip(`
			`p.proof`
			`.openings`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`.permutation_ctl_zs_right`
Fix bugs when no ctls 2022-05-13 10:35:59 +02:00			`.as_ref()`
			`.unwrap()`
			`.iter()`
Fix num_permutation_zs 2022-05-13 10:48:56 +02:00			`.skip(num_permutation),`
Fix bugs when no ctls 2022-05-13 10:35:59 +02:00			`),`
Finish verifier 2022-05-12 13:47:55 +02:00			`)`
Fix bugs when no ctls 2022-05-13 10:35:59 +02:00			`} else {`
			`Box::new(std::iter::empty())`
			`}`
Finish verifier 2022-05-12 13:47:55 +02:00			`})`
			`.collect::<Vec<_>>();`

			`cross_table_lookups`
			`.iter()`
			`.fold(vec![vec![]; proofs.len()], \|mut acc, ctl\| {`
			`let CrossTableLookup {`
			`looking_table,`
			`looking_columns,`
			`looked_table,`
			`looked_columns,`
			`} = ctl;`

			`for &challenges in &ctl_challenges.challenges {`
			`let (looking_z, looking_z_next) =`
			`ctl_zs[*looking_table as usize].next().unwrap();`
			`acc[*looking_table as usize].push(Self {`
			`local_z: *looking_z,`
			`next_z: *looking_z_next,`
			`challenges,`
Clippy 2022-05-12 14:07:03 +02:00			`columns: looking_columns,`
Finish verifier 2022-05-12 13:47:55 +02:00			`});`

			`let (looked_z, looked_z_next) = ctl_zs[*looked_table as usize].next().unwrap();`
			`acc[*looked_table as usize].push(Self {`
			`local_z: *looked_z,`
			`next_z: *looked_z_next,`
			`challenges,`
Clippy 2022-05-12 14:07:03 +02:00			`columns: looked_columns,`
Finish verifier 2022-05-12 13:47:55 +02:00			`});`
			`}`
			`acc`
			`})`
			`}`
More cleaning 2022-05-05 22:21:09 +02:00			`}`

Add eval for cross table lookups 2022-05-06 14:55:54 +02:00			`pub(crate) fn eval_cross_table_lookup_checks<F, FE, P, C, S, const D: usize, const D2: usize>(`
Back to const generic + arrays 2022-05-13 14:16:28 +02:00			`vars: StarkEvaluationVars<FE, P, { S::COLUMNS }, { S::PUBLIC_INPUTS }>,`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`ctl_vars: &[CTLCheckVars<F, FE, P, D2>],`
More cleaning 2022-05-05 22:21:09 +02:00			`consumer: &mut ConstraintConsumer<P>,`
			`) where`
			`F: RichField + Extendable<D>,`
			`FE: FieldExtension<D2, BaseField = F>,`
			`P: PackedField<Scalar = FE>,`
			`C: GenericConfig<D, F = F>,`
			`S: Stark<F, D>,`
			`{`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`for lookup_vars in ctl_vars {`
Add eval for cross table lookups 2022-05-06 14:55:54 +02:00			`let CTLCheckVars {`
			`local_z,`
			`next_z,`
			`challenges,`
			`columns,`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`} = lookup_vars;`
Add eval for cross table lookups 2022-05-06 14:55:54 +02:00			`let mut factor = ReducingFactor::new(challenges.beta);`
			`let mut combine = \|v: &[P]\| -> P {`
			`factor.reduce_ext(columns.iter().map(\|&i\| v[i])) + FE::from_basefield(challenges.gamma)`
			`};`
More cleaning 2022-05-05 22:21:09 +02:00
Add eval for cross table lookups 2022-05-06 14:55:54 +02:00			// Check value of `Z(1)`
			`consumer.constraint_first_row(*local_z - combine(vars.local_values));`
			// Check `Z(gw) = combination * Z(w)`
			`consumer.constraint_transition(next_z - local_z * combine(vars.next_values));`
More cleaning 2022-05-05 22:21:09 +02:00			`}`
			`}`
CTL verification 2022-05-11 16:09:12 +02:00
			`pub(crate) fn verify_cross_table_lookups<`
			`F: RichField + Extendable<D>,`
			`C: GenericConfig<D, F = F>,`
			`const D: usize,`
			`>(`
			`cross_table_lookups: Vec<CrossTableLookup>,`
			`proofs: &[&StarkProofWithPublicInputs<F, C, D>],`
PermutationChallenge -> GrandProductChallenge since it's also used for cross-table lookups 2022-05-12 13:51:02 +02:00			`challenges: GrandProductChallengeSet<F>,`
CTL verification 2022-05-11 16:09:12 +02:00			`config: &StarkConfig,`
			`) -> Result<()> {`
			`let degrees_bits = proofs`
			`.iter()`
			`.map(\|p\| p.proof.recover_degree_bits(config))`
			`.collect::<Vec<_>>();`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`let mut ctl_zs_openings = proofs`
CTL verification 2022-05-11 16:09:12 +02:00			`.iter()`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`.map(\|p\| p.proof.openings.ctl_zs_last.iter())`
CTL verification 2022-05-11 16:09:12 +02:00			`.collect::<Vec<_>>();`
Finish verifier 2022-05-12 13:47:55 +02:00			`for (`
			`i,`
			`CrossTableLookup {`
			`looking_table,`
			`looked_table,`
			`..`
			`},`
			`) in cross_table_lookups.into_iter().enumerate()`
CTL verification 2022-05-11 16:09:12 +02:00			`{`
			`let looking_degree = 1 << degrees_bits[looking_table as usize];`
			`let looked_degree = 1 << degrees_bits[looked_table as usize];`
Some renaming + cleaning 2022-05-13 11:20:29 +02:00			`let looking_z = *ctl_zs_openings[looking_table as usize].next().unwrap();`
			`let looked_z = *ctl_zs_openings[looked_table as usize].next().unwrap();`
CTL verification 2022-05-11 16:09:12 +02:00			`ensure!(`
Finish verifier 2022-05-12 13:47:55 +02:00			`looking_z`
			`== looked_z`
			`* challenges.challenges[i % config.num_challenges]`
			`.gamma`
			`.exp_u64(looking_degree - looked_degree),`
CTL verification 2022-05-11 16:09:12 +02:00			`"Cross-table lookup verification failed."`
			`);`
			`}`

			`Ok(())`
			`}`