plonky2/src/gadgets/split_base.rs

use std::borrow::Borrow;

use crate::field::extension_field::Extendable;
use crate::field::field_types::Field;
use crate::gates::base_sum::BaseSumGate;
use crate::iop::generator::{GeneratedValues, SimpleGenerator};
use crate::iop::target::{BoolTarget, Target};
use crate::iop::witness::PartialWitness;
use crate::plonk::circuit_builder::CircuitBuilder;

impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
    /// Split the given element into a list of targets, where each one represents a
    /// base-B limb of the element, with little-endian ordering.
    pub(crate) fn split_le_base<const B: usize>(
        &mut self,
        x: Target,
        num_limbs: usize,
    ) -> Vec<Target> {
        let gate_type = BaseSumGate::<B>::new(num_limbs);
        let gate = self.add_gate(gate_type.clone(), vec![]);
        let sum = Target::wire(gate, BaseSumGate::<B>::WIRE_SUM);
        self.route(x, sum);

        Target::wires_from_range(gate, gate_type.limbs())
    }

    /// Asserts that `x`'s big-endian bit representation has at least `leading_zeros` leading zeros.
    pub(crate) fn assert_leading_zeros(&mut self, x: Target, leading_zeros: u32) {
        self.range_check(x, (64 - leading_zeros) as usize);
    }

    /// Takes an iterator of bits `(b_i)` and returns `sum b_i * 2^i`, i.e.,
    /// the number with little-endian bit representation given by `bits`.
    pub(crate) fn le_sum(
        &mut self,
        bits: impl ExactSizeIterator<Item = impl Borrow<BoolTarget>> + Clone,
    ) -> Target {
        let num_bits = bits.len();
        debug_assert!(
            BaseSumGate::<2>::START_LIMBS + num_bits <= self.config.num_routed_wires,
            "Not enough routed wires."
        );
        let gate_index = self.add_gate(BaseSumGate::<2>::new(num_bits), vec![]);
        for (limb, wire) in bits
            .clone()
            .zip(BaseSumGate::<2>::START_LIMBS..BaseSumGate::<2>::START_LIMBS + num_bits)
        {
            self.route(limb.borrow().target, Target::wire(gate_index, wire));
        }

        self.add_generator(BaseSumGenerator::<2> {
            gate_index,
            limbs: bits.map(|l| *l.borrow()).collect(),
        });

        Target::wire(gate_index, BaseSumGate::<2>::WIRE_SUM)
    }
}

#[derive(Debug)]
struct BaseSumGenerator<const B: usize> {
    gate_index: usize,
    limbs: Vec<BoolTarget>,
}

impl<F: Field, const B: usize> SimpleGenerator<F> for BaseSumGenerator<B> {
    fn dependencies(&self) -> Vec<Target> {
        self.limbs.iter().map(|b| b.target).collect()
    }

    fn run_once(&self, witness: &PartialWitness<F>, out_buffer: &mut GeneratedValues<F>) {
        let sum = self
            .limbs
            .iter()
            .map(|&t| witness.get_bool_target(t))
            .rev()
            .fold(F::ZERO, |acc, limb| {
                acc * F::from_canonical_usize(B) + F::from_bool(limb)
            });

        out_buffer.set_target(
            Target::wire(self.gate_index, BaseSumGate::<B>::WIRE_SUM),
            sum,
        );
    }
}

#[cfg(test)]
mod tests {
    use anyhow::Result;
    use rand::{thread_rng, Rng};

    use crate::field::crandall_field::CrandallField;
    use crate::field::field_types::Field;
    use crate::iop::witness::PartialWitness;
    use crate::plonk::circuit_builder::CircuitBuilder;
    use crate::plonk::circuit_data::CircuitConfig;
    use crate::plonk::verifier::verify;

    #[test]
    fn test_split_base() -> Result<()> {
        type F = CrandallField;
        let config = CircuitConfig::large_config();
        let pw = PartialWitness::new(config.num_wires);
        let mut builder = CircuitBuilder::<F, 4>::new(config);
        let x = F::from_canonical_usize(0b110100000); // 416 = 1532 in base 6.
        let xt = builder.constant(x);
        let limbs = builder.split_le_base::<6>(xt, 24);
        let one = builder.one();
        let two = builder.two();
        let three = builder.constant(F::from_canonical_u64(3));
        let five = builder.constant(F::from_canonical_u64(5));
        builder.route(limbs[0], two);
        builder.route(limbs[1], three);
        builder.route(limbs[2], five);
        builder.route(limbs[3], one);

        builder.assert_leading_zeros(xt, 64 - 9);
        let data = builder.build();

        let proof = data.prove(pw)?;

        verify(proof, &data.verifier_only, &data.common)
    }

    #[test]
    fn test_base_sum() -> Result<()> {
        type F = CrandallField;
        let config = CircuitConfig::large_config();
        let pw = PartialWitness::new(config.num_wires);
        let mut builder = CircuitBuilder::<F, 4>::new(config);

        let n = thread_rng().gen_range(0..(1 << 10));
        let x = builder.constant(F::from_canonical_usize(n));

        let zero = builder._false();
        let one = builder._true();

        let y = builder.le_sum(
            (0..10)
                .scan(n, |acc, _| {
                    let tmp = *acc % 2;
                    *acc /= 2;
                    Some(if tmp == 1 { one } else { zero })
                })
                .collect::<Vec<_>>()
                .iter(),
        );

        builder.assert_equal(x, y);

        let data = builder.build();

        let proof = data.prove(pw)?;

        verify(proof, &data.verifier_only, &data.common)
    }
}
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`use std::borrow::Borrow;`

Recursive PoW 2021-06-04 16:02:48 +02:00			`use crate::field::extension_field::Extendable;`
Move stuff around (#135) No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check). 2021-07-29 22:00:29 -07:00			`use crate::field::field_types::Field;`
Clippy 2021-06-14 10:33:38 +02:00			`use crate::gates::base_sum::BaseSumGate;`
Move stuff around (#135) No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check). 2021-07-29 22:00:29 -07:00			`use crate::iop::generator::{GeneratedValues, SimpleGenerator};`
Add a BoolTarget (#179) It's just a wrapper around `Target`, which signifies that the wrapped `Target` has already been range checked. Should make it easier to audit code that expects bools. 2021-08-14 08:53:39 -07:00			`use crate::iop::target::{BoolTarget, Target};`
Move stuff around (#135) No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check). 2021-07-29 22:00:29 -07:00			`use crate::iop::witness::PartialWitness;`
			`use crate::plonk::circuit_builder::CircuitBuilder;`
Recursive PoW 2021-06-04 16:02:48 +02:00
			`impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {`
Added in-circuit `reverse_bits` and `exp`. 2021-06-09 17:39:45 +02:00			`/// Split the given element into a list of targets, where each one represents a`
			`/// base-B limb of the element, with little-endian ordering.`
Fix bugs 2021-06-10 16:48:05 +02:00			`pub(crate) fn split_le_base<const B: usize>(`
			`&mut self,`
			`x: Target,`
			`num_limbs: usize,`
			`) -> Vec<Target> {`
Have `add_gate` take a generic type instead of `GateRef` (#125) * Have add_gate take a generic type instead of GateRef There are a couple advantages - Users writing their own gates won't need to know about the `GateRef` wrapper; it's more of an internal thing now. - Easier access to gate methods requiring `self` -- for example, `split_le_base` can just call `gate_type.limbs()` now. * Update comment * Always insert 2021-07-22 23:48:03 -07:00			`let gate_type = BaseSumGate::<B>::new(num_limbs);`
			`let gate = self.add_gate(gate_type.clone(), vec![]);`
Added in-circuit `reverse_bits` and `exp`. 2021-06-09 17:39:45 +02:00			`let sum = Target::wire(gate, BaseSumGate::<B>::WIRE_SUM);`
Recursive PoW 2021-06-04 16:02:48 +02:00			`self.route(x, sum);`
Use `ExtensionAlgebra` + new `CircuitBuilder::mul_extension` 2021-06-09 10:51:50 +02:00
Have `add_gate` take a generic type instead of `GateRef` (#125) * Have add_gate take a generic type instead of GateRef There are a couple advantages - Users writing their own gates won't need to know about the `GateRef` wrapper; it's more of an internal thing now. - Easier access to gate methods requiring `self` -- for example, `split_le_base` can just call `gate_type.limbs()` now. * Update comment * Always insert 2021-07-22 23:48:03 -07:00			`Target::wires_from_range(gate, gate_type.limbs())`
Recursive PoW 2021-06-04 16:02:48 +02:00			`}`

Change PoW to checking leading zeros 2021-06-17 09:49:41 +02:00			/// Asserts that `x`'s big-endian bit representation has at least `leading_zeros` leading zeros.
			`pub(crate) fn assert_leading_zeros(&mut self, x: Target, leading_zeros: u32) {`
			`self.range_check(x, (64 - leading_zeros) as usize);`
Recursive PoW 2021-06-04 16:02:48 +02:00			`}`
Added in-circuit `reverse_bits` and `exp`. 2021-06-09 17:39:45 +02:00
Renaming 2021-07-22 16:25:47 +02:00			/// Takes an iterator of bits `(b_i)` and returns `sum b_i * 2^i`, i.e.,
			/// the number with little-endian bit representation given by `bits`.
			`pub(crate) fn le_sum(`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`&mut self,`
Add a BoolTarget (#179) It's just a wrapper around `Target`, which signifies that the wrapped `Target` has already been range checked. Should make it easier to audit code that expects bools. 2021-08-14 08:53:39 -07:00			`bits: impl ExactSizeIterator<Item = impl Borrow<BoolTarget>> + Clone,`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`) -> Target {`
Renaming 2021-07-22 16:25:47 +02:00			`let num_bits = bits.len();`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`debug_assert!(`
Renaming 2021-07-22 16:25:47 +02:00			`BaseSumGate::<2>::START_LIMBS + num_bits <= self.config.num_routed_wires,`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`"Not enough routed wires."`
			`);`
Renaming 2021-07-22 16:25:47 +02:00			`let gate_index = self.add_gate(BaseSumGate::<2>::new(num_bits), vec![]);`
			`for (limb, wire) in bits`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`.clone()`
Renaming 2021-07-22 16:25:47 +02:00			`.zip(BaseSumGate::<2>::START_LIMBS..BaseSumGate::<2>::START_LIMBS + num_bits)`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`{`
Add a BoolTarget (#179) It's just a wrapper around `Target`, which signifies that the wrapped `Target` has already been range checked. Should make it easier to audit code that expects bools. 2021-08-14 08:53:39 -07:00			`self.route(limb.borrow().target, Target::wire(gate_index, wire));`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`}`

			`self.add_generator(BaseSumGenerator::<2> {`
			`gate_index,`
Renaming 2021-07-22 16:25:47 +02:00			`limbs: bits.map(\|l\| *l.borrow()).collect(),`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`});`

			`Target::wire(gate_index, BaseSumGate::<2>::WIRE_SUM)`
			`}`
			`}`

			`#[derive(Debug)]`
			`struct BaseSumGenerator<const B: usize> {`
			`gate_index: usize,`
Add a BoolTarget (#179) It's just a wrapper around `Target`, which signifies that the wrapped `Target` has already been range checked. Should make it easier to audit code that expects bools. 2021-08-14 08:53:39 -07:00			`limbs: Vec<BoolTarget>,`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`}`

			`impl<F: Field, const B: usize> SimpleGenerator<F> for BaseSumGenerator<B> {`
			`fn dependencies(&self) -> Vec<Target> {`
Add a BoolTarget (#179) It's just a wrapper around `Target`, which signifies that the wrapped `Target` has already been range checked. Should make it easier to audit code that expects bools. 2021-08-14 08:53:39 -07:00			`self.limbs.iter().map(\|b\| b.target).collect()`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`}`

Reuse a buffer of generated values (#142) * Reuse a buffer of generated values To avoid allocating `GeneratedValues` all the time. Saves ~60ms or so. * PR feedback 2021-08-02 10:55:10 -07:00			`fn run_once(&self, witness: &PartialWitness<F>, out_buffer: &mut GeneratedValues<F>) {`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`let sum = self`
			`.limbs`
			`.iter()`
Add a BoolTarget (#179) It's just a wrapper around `Target`, which signifies that the wrapped `Target` has already been range checked. Should make it easier to audit code that expects bools. 2021-08-14 08:53:39 -07:00			`.map(\|&t\| witness.get_bool_target(t))`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`.rev()`
Add a BoolTarget (#179) It's just a wrapper around `Target`, which signifies that the wrapped `Target` has already been range checked. Should make it easier to audit code that expects bools. 2021-08-14 08:53:39 -07:00			`.fold(F::ZERO, \|acc, limb\| {`
			`acc * F::from_canonical_usize(B) + F::from_bool(limb)`
			`});`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00
Reuse a buffer of generated values (#142) * Reuse a buffer of generated values To avoid allocating `GeneratedValues` all the time. Saves ~60ms or so. * PR feedback 2021-08-02 10:55:10 -07:00			`out_buffer.set_target(`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`Target::wire(self.gate_index, BaseSumGate::<B>::WIRE_SUM),`
			`sum,`
Reuse a buffer of generated values (#142) * Reuse a buffer of generated values To avoid allocating `GeneratedValues` all the time. Saves ~60ms or so. * PR feedback 2021-08-02 10:55:10 -07:00			`);`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`}`
Recursive PoW 2021-06-04 16:02:48 +02:00			`}`
Added test 2021-06-04 17:07:14 +02:00
			`#[cfg(test)]`
			`mod tests {`
Have `prove` return `Result` (#100) * Have `prove` return `Result` To address that TODO. * PR feedback 2021-07-18 23:14:48 -07:00			`use anyhow::Result;`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`use rand::{thread_rng, Rng};`
Have `prove` return `Result` (#100) * Have `prove` return `Result` To address that TODO. * PR feedback 2021-07-18 23:14:48 -07:00
Added test 2021-06-04 17:07:14 +02:00			`use crate::field::crandall_field::CrandallField;`
Move stuff around (#135) No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check). 2021-07-29 22:00:29 -07:00			`use crate::field::field_types::Field;`
			`use crate::iop::witness::PartialWitness;`
			`use crate::plonk::circuit_builder::CircuitBuilder;`
			`use crate::plonk::circuit_data::CircuitConfig;`
			`use crate::plonk::verifier::verify;`
Added test 2021-06-04 17:07:14 +02:00
			`#[test]`
Have `prove` return `Result` (#100) * Have `prove` return `Result` To address that TODO. * PR feedback 2021-07-18 23:14:48 -07:00			`fn test_split_base() -> Result<()> {`
Added test 2021-06-04 17:07:14 +02:00			`type F = CrandallField;`
Add `CircuitConfig::large_config()` for tests. 2021-06-11 09:44:19 +02:00			`let config = CircuitConfig::large_config();`
Auto resize partial witness 2021-08-09 09:58:09 +02:00			`let pw = PartialWitness::new(config.num_wires);`
Added test 2021-06-04 17:07:14 +02:00			`let mut builder = CircuitBuilder::<F, 4>::new(config);`
Fix bugs 2021-06-10 16:48:05 +02:00			`let x = F::from_canonical_usize(0b110100000); // 416 = 1532 in base 6.`
Added test 2021-06-04 17:07:14 +02:00			`let xt = builder.constant(x);`
Fix bugs 2021-06-10 16:48:05 +02:00			`let limbs = builder.split_le_base::<6>(xt, 24);`
Added test 2021-06-04 17:07:14 +02:00			`let one = builder.one();`
			`let two = builder.two();`
Fix bugs 2021-06-10 16:48:05 +02:00			`let three = builder.constant(F::from_canonical_u64(3));`
			`let five = builder.constant(F::from_canonical_u64(5));`
Remove `rev` in computation of the reversed sum in `BaseSplitGenerator`. 2021-06-16 08:15:44 +02:00			`builder.route(limbs[0], two);`
			`builder.route(limbs[1], three);`
			`builder.route(limbs[2], five);`
			`builder.route(limbs[3], one);`
Added test 2021-06-04 17:07:14 +02:00
Change PoW to checking leading zeros 2021-06-17 09:49:41 +02:00			`builder.assert_leading_zeros(xt, 64 - 9);`
Added test 2021-06-04 17:07:14 +02:00			`let data = builder.build();`

Fix tests 2021-08-06 15:14:38 +02:00			`let proof = data.prove(pw)?;`
Working verifier 2021-07-08 15:13:29 +02:00
Have `prove` return `Result` (#100) * Have `prove` return `Result` To address that TODO. * PR feedback 2021-07-18 23:14:48 -07:00			`verify(proof, &data.verifier_only, &data.common)`
Added test 2021-06-04 17:07:14 +02:00			`}`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00
			`#[test]`
			`fn test_base_sum() -> Result<()> {`
			`type F = CrandallField;`
			`let config = CircuitConfig::large_config();`
Auto resize partial witness 2021-08-09 09:58:09 +02:00			`let pw = PartialWitness::new(config.num_wires);`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`let mut builder = CircuitBuilder::<F, 4>::new(config);`

Update various dependencies (#163) 2021-08-09 10:11:42 -07:00			`let n = thread_rng().gen_range(0..(1 << 10));`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`let x = builder.constant(F::from_canonical_usize(n));`

Add a BoolTarget (#179) It's just a wrapper around `Target`, which signifies that the wrapped `Target` has already been range checked. Should make it easier to audit code that expects bools. 2021-08-14 08:53:39 -07:00			`let zero = builder._false();`
			`let one = builder._true();`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00
Renaming 2021-07-22 16:25:47 +02:00			`let y = builder.le_sum(`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00			`(0..10)`
			`.scan(n, \|acc, _\| {`
			`let tmp = *acc % 2;`
			`*acc /= 2;`
			`Some(if tmp == 1 { one } else { zero })`
			`})`
			`.collect::<Vec<_>>()`
			`.iter(),`
			`);`

			`builder.assert_equal(x, y);`

			`let data = builder.build();`

Fix tests 2021-08-06 15:14:38 +02:00			`let proof = data.prove(pw)?;`
Remove all non-bits indices in the FRI verifier 2021-07-22 16:07:07 +02:00
			`verify(proof, &data.verifier_only, &data.common)`
			`}`
Added test 2021-06-04 17:07:14 +02:00			`}`