2021-03-25 15:20:14 -07:00
|
|
|
use std::time::Instant;
|
|
|
|
|
|
|
|
|
|
use log::info;
|
|
|
|
|
|
2021-02-09 21:25:21 -08:00
|
|
|
use crate::circuit_data::{CommonCircuitData, ProverOnlyCircuitData};
|
2021-03-25 15:20:14 -07:00
|
|
|
use crate::field::fft::{fft, ifft, lde};
|
2021-02-09 21:25:21 -08:00
|
|
|
use crate::field::field::Field;
|
2021-03-21 11:17:00 -07:00
|
|
|
use crate::generator::generate_partial_witness;
|
2021-03-25 15:20:14 -07:00
|
|
|
use crate::hash::{compress, hash_n_to_hash, hash_n_to_m, hash_or_noop, merkle_root_bit_rev_order};
|
|
|
|
|
use crate::proof::{Hash, Proof2};
|
|
|
|
|
use crate::util::{log2_ceil, reverse_index_bits};
|
2021-03-21 11:57:33 -07:00
|
|
|
use crate::wire::Wire;
|
2021-03-21 11:17:00 -07:00
|
|
|
use crate::witness::PartialWitness;
|
2021-03-25 15:20:14 -07:00
|
|
|
use rayon::prelude::*;
|
2021-02-09 21:25:21 -08:00
|
|
|
|
2021-03-21 11:17:00 -07:00
|
|
|
pub(crate) fn prove<F: Field>(
|
2021-02-09 21:25:21 -08:00
|
|
|
prover_data: &ProverOnlyCircuitData<F>,
|
|
|
|
|
common_data: &CommonCircuitData<F>,
|
2021-03-21 11:17:00 -07:00
|
|
|
inputs: PartialWitness<F>,
|
2021-02-09 21:25:21 -08:00
|
|
|
) -> Proof2<F> {
|
2021-03-21 11:17:00 -07:00
|
|
|
let mut witness = inputs;
|
2021-03-25 15:20:14 -07:00
|
|
|
let start_witness = Instant::now();
|
|
|
|
|
info!("Running {} generators", prover_data.generators.len());
|
2021-03-21 11:17:00 -07:00
|
|
|
generate_partial_witness(&mut witness, &prover_data.generators);
|
2021-03-25 15:20:14 -07:00
|
|
|
info!("Witness generation took {}s", start_witness.elapsed().as_secs_f32());
|
2021-03-21 11:17:00 -07:00
|
|
|
|
2021-03-21 11:57:33 -07:00
|
|
|
let config = common_data.config;
|
|
|
|
|
let num_wires = config.num_wires;
|
2021-03-25 15:20:14 -07:00
|
|
|
|
|
|
|
|
let start_wire_ldes = Instant::now();
|
|
|
|
|
// TODO: Simplify using lde_multiple.
|
|
|
|
|
// TODO: Parallelize.
|
2021-03-21 11:57:33 -07:00
|
|
|
let wire_ldes = (0..num_wires)
|
2021-03-25 15:20:14 -07:00
|
|
|
.map(|i| compute_wire_lde(i, &witness, common_data.degree, config.rate_bits))
|
2021-03-21 11:57:33 -07:00
|
|
|
.collect::<Vec<_>>();
|
2021-03-25 15:20:14 -07:00
|
|
|
info!("Computing wire LDEs took {}s", start_wire_ldes.elapsed().as_secs_f32());
|
|
|
|
|
|
|
|
|
|
let start_wires_root = Instant::now();
|
|
|
|
|
let wires_root = merkle_root_bit_rev_order(wire_ldes);
|
|
|
|
|
info!("Merklizing wire LDEs took {}s", start_wires_root.elapsed().as_secs_f32());
|
2021-03-21 11:57:33 -07:00
|
|
|
|
2021-03-25 15:20:14 -07:00
|
|
|
let plonk_z_vecs = todo!();
|
|
|
|
|
let plonk_z_ldes = todo!();
|
|
|
|
|
let plonk_z_root = merkle_root_bit_rev_order(plonk_z_ldes);
|
2021-03-21 11:57:33 -07:00
|
|
|
|
2021-03-25 15:20:14 -07:00
|
|
|
let plonk_t_vecs = todo!();
|
|
|
|
|
let plonk_t_ldes = todo!();
|
|
|
|
|
let plonk_t_root = merkle_root_bit_rev_order(plonk_t_ldes);
|
2021-03-21 11:57:33 -07:00
|
|
|
|
|
|
|
|
let openings = todo!();
|
|
|
|
|
|
2021-03-21 11:17:00 -07:00
|
|
|
Proof2 {
|
2021-03-21 11:57:33 -07:00
|
|
|
wires_root,
|
|
|
|
|
plonk_z_root,
|
|
|
|
|
plonk_t_root,
|
|
|
|
|
openings,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fn compute_wire_lde<F: Field>(
|
|
|
|
|
input: usize,
|
|
|
|
|
witness: &PartialWitness<F>,
|
|
|
|
|
degree: usize,
|
2021-03-25 15:20:14 -07:00
|
|
|
rate_bits: usize,
|
2021-03-21 11:57:33 -07:00
|
|
|
) -> Vec<F> {
|
2021-03-25 15:20:14 -07:00
|
|
|
let wire_values = (0..degree)
|
2021-03-21 19:50:05 -07:00
|
|
|
// Some gates do not use all wires, and we do not require that generators populate unused
|
|
|
|
|
// wires, so some wire values will not be set. We can set these to any value; here we
|
|
|
|
|
// arbitrary pick zero. Ideally we would verify that no constraints operate on these unset
|
|
|
|
|
// wires, but that isn't trivial.
|
|
|
|
|
.map(|gate| witness.try_get_wire(Wire { gate, input }).unwrap_or(F::ZERO))
|
2021-03-21 11:57:33 -07:00
|
|
|
.collect();
|
2021-03-25 15:20:14 -07:00
|
|
|
lde(wire_values, rate_bits)
|
2021-02-09 21:25:21 -08:00
|
|
|
}
|
