logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-08 16:53:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
plonky2/plonky2/src/fri/prover.rs

194 lines
6.3 KiB
Rust
Raw Normal View History

feat: move to alloc for Vec/String/Box Signed-off-by: Brandon H. Gomes <bhgomes@pm.me>
2022-11-02 19:59:12 -07:00
use alloc::vec::Vec;
Have hash functions take references to avoid cloning (#438) And other tweaks to `MerkleTree::new`
2022-01-18 12:51:04 -08:00
use itertools::Itertools;
fmt
2022-07-21 17:02:03 -04:00
use maybe_rayon::*;
`extension_field` -> `extension` (#581) It seems redundant in most contexts, e.g. `use plonky2::field::extension_field::Extendable;`. One could import `extension_field`, but it's not that common in Rust, and `field::extension` is now about as short.
2022-06-27 07:18:21 -07:00
use plonky2_field::extension::{flatten, unflatten, Extendable};
Split into crates (#406) * Split into crates I kept other changes to a minimum, so 95% of this is just moving things. One complication that came up is that since `PrimeField` is now outside the plonky2 crate, these two impls now conflict: ``` impl<F: PrimeField> From<HashOut<F>> for Vec<u8> { ... } impl<F: PrimeField> From<HashOut<F>> for Vec<F> { ... } ``` with this note: ``` note: upstream crates may add a new impl of trait `plonky2_field::field_types::PrimeField` for type `u8` in future versions ``` I worked around this by adding a `GenericHashOut` trait with methods like `to_bytes()` instead of overloading `From`/`Into`. Personally I prefer the explicitness anyway. * Move out permutation network stuff also * Fix imports * Fix import * Also move out insertion * Comment * fmt * PR feedback
2021-12-28 11:51:13 -08:00
use plonky2_field::polynomial::{PolynomialCoeffs, PolynomialValues};
use plonky2_util::reverse_index_bits_in_place;
Parallel proof-of-work search (#92)
2021-07-15 07:40:41 -07:00
Add CompressedProof type
2021-09-30 06:56:32 +02:00
use crate::fri::proof::{FriInitialTreeProof, FriProof, FriQueryRound, FriQueryStep};
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
use crate::fri::{FriConfig, FriParams};
Split into crates (#406) * Split into crates I kept other changes to a minimum, so 95% of this is just moving things. One complication that came up is that since `PrimeField` is now outside the plonky2 crate, these two impls now conflict: ``` impl<F: PrimeField> From<HashOut<F>> for Vec<u8> { ... } impl<F: PrimeField> From<HashOut<F>> for Vec<F> { ... } ``` with this note: ``` note: upstream crates may add a new impl of trait `plonky2_field::field_types::PrimeField` for type `u8` in future versions ``` I worked around this by adding a `GenericHashOut` trait with methods like `to_bytes()` instead of overloading `From`/`Into`. Personally I prefer the explicitness anyway. * Move out permutation network stuff also * Fix imports * Fix import * Also move out insertion * Comment * fmt * PR feedback
2021-12-28 11:51:13 -08:00
use crate::hash::hash_types::{HashOut, RichField};
Move stuff around (#135) No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check).
2021-07-29 22:00:29 -07:00
use crate::hash::merkle_tree::MerkleTree;
use crate::iop::challenger::Challenger;
Generic config
2021-11-05 10:56:23 +01:00
use crate::plonk::config::{GenericConfig, Hasher};
Move stuff around (#135) No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check).
2021-07-29 22:00:29 -07:00
use crate::plonk::plonk_common::reduce_with_powers;
Parallel proof-of-work search (#92)
2021-07-15 07:40:41 -07:00
use crate::timed;
Add a tree of scopes for proving times (#141) * Add a tree of scopes for proving times To replace the old `timed!` macro, which had no hierarchy. It's similar to `ContextTree`, which tracks gate counts of circuit operations. This gives a more organized output, with indentation levels based on scope depth, parent durations listed before child durations, etc. * PR feedback
2021-08-02 10:38:09 -07:00
use crate::util::timing::TimingTree;
FRI reorg
2021-05-05 18:23:59 +02:00
/// Builds a FRI proof.
Split into crates (#406) * Split into crates I kept other changes to a minimum, so 95% of this is just moving things. One complication that came up is that since `PrimeField` is now outside the plonky2 crate, these two impls now conflict: ``` impl<F: PrimeField> From<HashOut<F>> for Vec<u8> { ... } impl<F: PrimeField> From<HashOut<F>> for Vec<F> { ... } ``` with this note: ``` note: upstream crates may add a new impl of trait `plonky2_field::field_types::PrimeField` for type `u8` in future versions ``` I worked around this by adding a `GenericHashOut` trait with methods like `to_bytes()` instead of overloading `From`/`Into`. Personally I prefer the explicitness anyway. * Move out permutation network stuff also * Fix imports * Fix import * Also move out insertion * Comment * fmt * PR feedback
2021-12-28 11:51:13 -08:00
pub fn fri_proof<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>(
Generic config
2021-11-05 10:56:23 +01:00
initial_merkle_trees: &[&MerkleTree<F, C::Hasher>],
FRI reorg
2021-05-05 18:23:59 +02:00
// Coefficients of the polynomial on which the LDT is performed. Only the first `1/rate` coefficients are non-zero.
Avoid a clone (#114)
2021-07-21 08:26:56 -07:00
lde_polynomial_coeffs: PolynomialCoeffs<F::Extension>,
FRI reorg
2021-05-05 18:23:59 +02:00
// Evaluation of the polynomial on the large domain.
Avoid a clone (#114)
2021-07-21 08:26:56 -07:00
lde_polynomial_values: PolynomialValues<F::Extension>,
Use outer hash in Challenger
2021-12-29 16:41:43 +01:00
challenger: &mut Challenger<F, C::Hasher>,
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
fri_params: &FriParams,
Add a tree of scopes for proving times (#141) * Add a tree of scopes for proving times To replace the old `timed!` macro, which had no hierarchy. It's similar to `ContextTree`, which tracks gate counts of circuit operations. This gives a more organized output, with indentation levels based on scope depth, parent durations listed before child durations, etc. * PR feedback
2021-08-02 10:38:09 -07:00
timing: &mut TimingTree,
fix: remove unstable features from plonky2 Signed-off-by: Brandon H. Gomes <bhgomes@pm.me>
2022-11-02 17:50:31 -07:00
) -> FriProof<F, C::Hasher, D> {
tweak len
2022-01-08 23:44:12 -08:00
let n = lde_polynomial_values.len();
assert_eq!(lde_polynomial_coeffs.len(), n);
FRI reorg
2021-05-05 18:23:59 +02:00
// Commit phase
More timing code for FRI prover (#146)
2021-08-02 15:49:06 -07:00
let (trees, final_coeffs) = timed!(
timing,
"fold codewords in the commitment phase",
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
fri_committed_trees::<F, C, D>(
More timing code for FRI prover (#146)
2021-08-02 15:49:06 -07:00
lde_polynomial_coeffs,
lde_polynomial_values,
challenger,
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
fri_params,
More timing code for FRI prover (#146)
2021-08-02 15:49:06 -07:00
)
FRI reorg
2021-05-05 18:23:59 +02:00
);
// PoW phase
Use generic hasher in Challenger
2021-11-05 12:02:33 +01:00
let current_hash = challenger.get_hash();
Parallel proof-of-work search (#92)
2021-07-15 07:40:41 -07:00
let pow_witness = timed!(
Add a tree of scopes for proving times (#141) * Add a tree of scopes for proving times To replace the old `timed!` macro, which had no hierarchy. It's similar to `ContextTree`, which tracks gate counts of circuit operations. This gives a more organized output, with indentation levels based on scope depth, parent durations listed before child durations, etc. * PR feedback
2021-08-02 10:38:09 -07:00
timing,
Refactor recursion tests (#285) * Refactor recursion tests E.g. the main part of `test_recursive_recursive_verifier` is now ```rust let (proof, vd, cd) = dummy_proof::<F, D>(&config, 8_000)?; let (proof, vd, cd) = recursive_proof(proof, vd, cd, &config, &config, false)?; let (proof, _vd, cd) = recursive_proof(proof, vd, cd, &config, &config, true)?; ``` Also adds a new `test_size_optimized_recursion` to see how small we can make the final proof in a recursion chain. The final proof is ~74kb (depending on compression luck) and takes ~20s to prove on my M1 (depending on PoW luck). * Refactor serialization * Don't log timestamps
2021-10-05 08:36:24 -07:00
"find proof-of-work witness",
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
fri_proof_of_work::<F, C, D>(current_hash, &fri_params.config)
Parallel proof-of-work search (#92)
2021-07-15 07:40:41 -07:00
);
FRI reorg
2021-05-05 18:23:59 +02:00
// Query phase
Automatically select FRI reduction arities (#282) * Automatically select FRI reduction arities This way when a proof's degree changes, we won't need to manually update the `FriConfig`s of any recursive proofs on top of it. For now I've added two methods of selecting arities. The first, `ConstantArityBits`, just applies a fixed reduciton arity until the degree has shrunk below a certain threshold. The second, `MinSize`, searches for the sequence of arities that minimizes proof size. Note that this optimization is approximate -- e.g. it doesn't account for the effect of compression, and doesn't count some minor contributions to proof size, like the Merkle roots from the commit phase. It also assumes we're not using Merkle caps in serialized proofs, and that we're inferring one of the evaluations, even though we haven't made those changes yet. I think we should generally use `ConstantArityBits` for proofs that we will recurse on, since using a single arity tends to be more recursion-friendly. We could use `MinSize` for generating final bridge proofs, since we won't do further recursion on top of those. * Fix tests * Feedback
2021-10-04 13:52:05 -07:00
let query_round_proofs =
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
fri_prover_query_rounds::<F, C, D>(initial_merkle_trees, &trees, challenger, n, fri_params);
FRI reorg
2021-05-05 18:23:59 +02:00
Add CompressedProof type
2021-09-30 06:56:32 +02:00
FriProof {
Cleaning / Renaming
2021-08-10 15:53:27 +02:00
commit_phase_merkle_caps: trees.iter().map(|t| t.cap.clone()).collect(),
FRI reorg
2021-05-05 18:23:59 +02:00
query_round_proofs,
final_poly: final_coeffs,
pow_witness,
}
}
fix: remove unstable features from plonky2 Signed-off-by: Brandon H. Gomes <bhgomes@pm.me>
2022-11-02 17:50:31 -07:00
type FriCommitedTrees<F, C, const D: usize> = (
Vec<MerkleTree<F, <C as GenericConfig<D>>::Hasher>>,
PolynomialCoeffs<<F as Extendable<D>>::Extension>,
);
Split into crates (#406) * Split into crates I kept other changes to a minimum, so 95% of this is just moving things. One complication that came up is that since `PrimeField` is now outside the plonky2 crate, these two impls now conflict: ``` impl<F: PrimeField> From<HashOut<F>> for Vec<u8> { ... } impl<F: PrimeField> From<HashOut<F>> for Vec<F> { ... } ``` with this note: ``` note: upstream crates may add a new impl of trait `plonky2_field::field_types::PrimeField` for type `u8` in future versions ``` I worked around this by adding a `GenericHashOut` trait with methods like `to_bytes()` instead of overloading `From`/`Into`. Personally I prefer the explicitness anyway. * Move out permutation network stuff also * Fix imports * Fix import * Also move out insertion * Comment * fmt * PR feedback
2021-12-28 11:51:13 -08:00
fn fri_committed_trees<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>(
Avoid a clone (#114)
2021-07-21 08:26:56 -07:00
mut coeffs: PolynomialCoeffs<F::Extension>,
mut values: PolynomialValues<F::Extension>,
Use outer hash in Challenger
2021-12-29 16:41:43 +01:00
challenger: &mut Challenger<F, C::Hasher>,
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
fri_params: &FriParams,
fix: remove unstable features from plonky2 Signed-off-by: Brandon H. Gomes <bhgomes@pm.me>
2022-11-02 17:50:31 -07:00
) -> FriCommitedTrees<F, C, D> {
FRI reorg
2021-05-05 18:23:59 +02:00
let mut trees = Vec::new();
let mut shift = F::MULTIPLICATIVE_GROUP_GENERATOR;
Replace `proof_to_proof_target` (#445) * Replace `proof_to_proof_target` With a `add_virtual_proof_with_pis` method that uses the inner circuit data, but does not require constructing a proof. Note that this doesn't support IVC yet. For that, I think we can add a variant of `add_virtual_proof_with_pis` that takes several parameters like FRI arities, but does not involve `CommonCircuitData` (since no circuit has been build yet). It might also be best to avoid large objects like `FriParams`, and pass just the data we need. Then there will be some nontrivial work to do recursion with "estimated" parameters (degree, arities, etc), check if the estimates were correct, and try again if not. * PR feedback
2022-01-23 23:27:26 -08:00
for arity_bits in &fri_params.reduction_arity_bits {
let arity = 1 << arity_bits;
FRI reorg
2021-05-05 18:23:59 +02:00
reverse_index_bits_in_place(&mut values.values);
FRI refactor (#172) I sort of "shifted" the loop in `fri_verifier_query_round` so that `fri_combine_initial` is called before the loop, and all `compute_evaluation` calls are in the loop (rather than the final one being outside). This lines up with my mental model of FRI, and I think it's more natural as it results in a loop with no branches, no `i - 1`s, and less state stored between iterations. Also added some comments etc. Should be functionally equivalent to the old version.
2021-08-12 07:27:33 -07:00
let chunked_values = values
.values
.par_chunks(arity)
.map(|chunk: &[F::Extension]| flatten(chunk))
.collect();
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
let tree = MerkleTree::<F, C::Hasher>::new(chunked_values, fri_params.config.cap_height);
FRI reorg
2021-05-05 18:23:59 +02:00
Cleaning / Renaming
2021-08-10 15:53:27 +02:00
challenger.observe_cap(&tree.cap);
FRI reorg
2021-05-05 18:23:59 +02:00
trees.push(tree);
Use generic hasher in Challenger
2021-11-05 12:02:33 +01:00
let beta = challenger.get_extension_challenge::<D>();
FRI reorg
2021-05-05 18:23:59 +02:00
// P(x) = sum_{i<r} x^i * P_i(x^r) becomes sum_{i<r} beta^i * P_i(x).
coeffs = PolynomialCoeffs::new(
coeffs
.coeffs
More par_iter (#150)
2021-08-03 07:39:36 -07:00
.par_chunks_exact(arity)
FRI reorg
2021-05-05 18:23:59 +02:00
.map(|chunk| reduce_with_powers(chunk, beta))
.collect::<Vec<_>>(),
);
Move some Field members to a Field64 subtrait (#213) * Move some Field members to a Field64 subtrait I.e. move anything specific to 64-bit fields. Also, relatedly, - Tweak a bunch of prover code to require `Field64`, since 64-bit stuff is used in a couple places, like the FRI proof-of-work - Remove `bits()`, which was unused and assumed a 64-bit field - Rename a couple methods to reflect that they're u64 variants There are no functional changes. * Field64 -> PrimeField * Remove `exp_u32`, `kth_root_u32` * PrimeField: PrimeField * Move `to_canonical_biguint` as well * Add back from_noncanonical_u128
2021-09-05 10:27:11 -07:00
shift = shift.exp_u64(arity as u64);
Change FFT methods to accept references (#115)
2021-07-21 08:26:41 -07:00
values = coeffs.coset_fft(shift.into())
FRI reorg
2021-05-05 18:23:59 +02:00
}
Comment fix
2021-08-15 23:45:38 -07:00
// The coefficients being removed here should always be zero.
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
coeffs
.coeffs
.truncate(coeffs.len() >> fri_params.config.rate_bits);
Disable ZK in `large_config` (#180) * Disable ZK in large_config Speeds up the tests from ~6m to ~1m (debug mode). `large_config` is crate-private so I don't think we need to worry about real users forgetting ZK, and I don't think ZK seems important in these tests, though we should probably have ZK enabled for a couple tests. A couple tests need ZK or they fail; I added a TODO to look later. This led to a few other changes: - Fixed a bug where `trim` could truncate the final poly to a non-power-of-two length. This was improbable when ZK is on due to randomization. - Gave a few methods access to the whole `CircuitConfig` vs `FriConfig` -- sort of necessary for the above fix, and I don't think there's much downside. - Remove `cap_height` from `FriConfig` -- didn't really need it any more after giving more methods access to `CircuitConfig`, and having a single copy of the param feels cleaner/safer to me. * PR feedback
2021-08-14 10:01:10 -07:00
Working FRI with field extensions
2021-05-18 15:22:06 +02:00
challenger.observe_extension_elements(&coeffs.coeffs);
FRI reorg
2021-05-05 18:23:59 +02:00
(trees, coeffs)
}
Split into crates (#406) * Split into crates I kept other changes to a minimum, so 95% of this is just moving things. One complication that came up is that since `PrimeField` is now outside the plonky2 crate, these two impls now conflict: ``` impl<F: PrimeField> From<HashOut<F>> for Vec<u8> { ... } impl<F: PrimeField> From<HashOut<F>> for Vec<F> { ... } ``` with this note: ``` note: upstream crates may add a new impl of trait `plonky2_field::field_types::PrimeField` for type `u8` in future versions ``` I worked around this by adding a `GenericHashOut` trait with methods like `to_bytes()` instead of overloading `From`/`Into`. Personally I prefer the explicitness anyway. * Move out permutation network stuff also * Fix imports * Fix import * Also move out insertion * Comment * fmt * PR feedback
2021-12-28 11:51:13 -08:00
fn fri_proof_of_work<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>(
Generic config
2021-11-05 10:56:23 +01:00
current_hash: HashOut<F>,
config: &FriConfig,
) -> F {
Try PoW seeds up to p (#186) No point in going higher.
2021-08-18 00:53:20 -07:00
(0..=F::NEG_ONE.to_canonical_u64())
switch rest of names back
2022-07-21 17:01:21 -04:00
.into_par_iter()
Parallel proof-of-work search (#92)
2021-07-15 07:40:41 -07:00
.find_any(|&i| {
Separate methods for hashing with or without padding (#458) * Separate methods for hashing with or without padding This should be a tad better for for performance, and lets us do padding in a generic way, rather than each hash reimplementing it. This also disables padding for public inputs. It seems unnecessary since the number of public inputs is fixed for any given instance. * PR feedback * update
2022-02-04 13:08:57 -08:00
C::InnerHasher::hash_no_pad(
Have hash functions take references to avoid cloning (#438) And other tweaks to `MerkleTree::new`
2022-01-18 12:51:04 -08:00
&current_hash
FRI reorg
2021-05-05 18:23:59 +02:00
.elements
.iter()
.copied()
.chain(Some(F::from_canonical_u64(i)))
Have hash functions take references to avoid cloning (#438) And other tweaks to `MerkleTree::new`
2022-01-18 12:51:04 -08:00
.collect_vec(),
FRI reorg
2021-05-05 18:23:59 +02:00
)
Generic config
2021-11-05 10:56:23 +01:00
.elements[0]
.to_canonical_u64()
.leading_zeros()
fixes
2021-07-21 13:05:32 -07:00
>= config.proof_of_work_bits + (64 - F::order().bits()) as u32
FRI reorg
2021-05-05 18:23:59 +02:00
})
.map(F::from_canonical_u64)
Parallel proof-of-work search (#92)
2021-07-15 07:40:41 -07:00
.expect("Proof of work failed. This is highly unlikely!")
FRI reorg
2021-05-05 18:23:59 +02:00
}
Split into crates (#406) * Split into crates I kept other changes to a minimum, so 95% of this is just moving things. One complication that came up is that since `PrimeField` is now outside the plonky2 crate, these two impls now conflict: ``` impl<F: PrimeField> From<HashOut<F>> for Vec<u8> { ... } impl<F: PrimeField> From<HashOut<F>> for Vec<F> { ... } ``` with this note: ``` note: upstream crates may add a new impl of trait `plonky2_field::field_types::PrimeField` for type `u8` in future versions ``` I worked around this by adding a `GenericHashOut` trait with methods like `to_bytes()` instead of overloading `From`/`Into`. Personally I prefer the explicitness anyway. * Move out permutation network stuff also * Fix imports * Fix import * Also move out insertion * Comment * fmt * PR feedback
2021-12-28 11:51:13 -08:00
fn fri_prover_query_rounds<
F: RichField + Extendable<D>,
C: GenericConfig<D, F = F>,
const D: usize,
>(
Generic config
2021-11-05 10:56:23 +01:00
initial_merkle_trees: &[&MerkleTree<F, C::Hasher>],
trees: &[MerkleTree<F, C::Hasher>],
Use outer hash in Challenger
2021-12-29 16:41:43 +01:00
challenger: &mut Challenger<F, C::Hasher>,
FRI reorg
2021-05-05 18:23:59 +02:00
n: usize,
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
fri_params: &FriParams,
Generic config
2021-11-05 10:56:23 +01:00
) -> Vec<FriQueryRound<F, C::Hasher, D>> {
Compute answers to FRI queries in parallel It shaved off much less than a millisecond, so it's rather negligible, but the code came out simpler so might as well.
2022-09-04 22:46:16 -07:00
challenger
.get_n_challenges(fri_params.config.num_query_rounds)
.into_par_iter()
.map(|rand| {
let x_index = rand.to_canonical_u64() as usize % n;
fri_prover_query_round::<F, C, D>(initial_merkle_trees, trees, x_index, fri_params)
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
})
FRI reorg
2021-05-05 18:23:59 +02:00
.collect()
}
Split into crates (#406) * Split into crates I kept other changes to a minimum, so 95% of this is just moving things. One complication that came up is that since `PrimeField` is now outside the plonky2 crate, these two impls now conflict: ``` impl<F: PrimeField> From<HashOut<F>> for Vec<u8> { ... } impl<F: PrimeField> From<HashOut<F>> for Vec<F> { ... } ``` with this note: ``` note: upstream crates may add a new impl of trait `plonky2_field::field_types::PrimeField` for type `u8` in future versions ``` I worked around this by adding a `GenericHashOut` trait with methods like `to_bytes()` instead of overloading `From`/`Into`. Personally I prefer the explicitness anyway. * Move out permutation network stuff also * Fix imports * Fix import * Also move out insertion * Comment * fmt * PR feedback
2021-12-28 11:51:13 -08:00
fn fri_prover_query_round<
F: RichField + Extendable<D>,
C: GenericConfig<D, F = F>,
const D: usize,
>(
Generic config
2021-11-05 10:56:23 +01:00
initial_merkle_trees: &[&MerkleTree<F, C::Hasher>],
trees: &[MerkleTree<F, C::Hasher>],
Compute answers to FRI queries in parallel It shaved off much less than a millisecond, so it's rather negligible, but the code came out simpler so might as well.
2022-09-04 22:46:16 -07:00
mut x_index: usize,
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
fri_params: &FriParams,
Generic config
2021-11-05 10:56:23 +01:00
) -> FriQueryRound<F, C::Hasher, D> {
FRI reorg
2021-05-05 18:23:59 +02:00
let mut query_steps = Vec::new();
let initial_proof = initial_merkle_trees
.iter()
.map(|t| (t.get(x_index).to_vec(), t.prove(x_index)))
.collect::<Vec<_>>();
for (i, tree) in trees.iter().enumerate() {
Separate some circuit logic from FRI code (#414) My goal is to make the FRI code independent of circuit objects like `CommonCircuitData`, so that it can be reused by STARK code which won't involve those objects. A few changes here: - Move `rate_bits` and `cap_height` into `FriConfig`. - Move `degree_bits` into `FriParameters` (since it's instance size specific). - Make `FriParams` contain `FriConfig`, so FRI methods can take just the former and access fields in both. - Replace `CommonCircuitConfig` with `FriParams` in FRI prover methods. The FRI verifier methods still involve circuit objects, as they have PLONK logic in `fri_combine_initial`. Will think about how to deal with that after this.
2022-01-02 11:26:26 -08:00
let arity_bits = fri_params.reduction_arity_bits[i];
Cleaning / Renaming
2021-08-10 15:53:27 +02:00
let evals = unflatten(tree.get(x_index >> arity_bits));
FRI reorg
2021-05-05 18:23:59 +02:00
let merkle_proof = tree.prove(x_index >> arity_bits);
query_steps.push(FriQueryStep {
evals,
merkle_proof,
});
x_index >>= arity_bits;
}
FriQueryRound {
initial_trees_proof: FriInitialTreeProof {
evals_proofs: initial_proof,
},
steps: query_steps,
}
}
Reference in New Issue Copy Permalink