From 018fb005f846e7d392d252c9a225e734674b5913 Mon Sep 17 00:00:00 2001 From: Daniel Lubarov Date: Thu, 29 Jul 2021 22:00:29 -0700 Subject: [PATCH] Move stuff around (#135) No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check). --- src/bin/bench_field_mul.rs | 2 +- src/bin/bench_field_mul_interleaved.rs | 2 +- src/bin/bench_gmimc.rs | 6 +- src/bin/bench_ldes.rs | 2 +- src/bin/bench_recursion.rs | 8 +- src/bin/bench_rescue.rs | 4 +- src/field/cosets.rs | 4 +- src/field/crandall_field.rs | 2 +- src/field/extension_field/algebra.rs | 2 +- src/field/extension_field/mod.rs | 2 +- src/field/extension_field/quadratic.rs | 5 +- src/field/extension_field/quartic.rs | 5 +- src/field/extension_field/target.rs | 6 +- src/field/fft.rs | 4 +- src/field/field_testing.rs | 6 +- src/field/{field.rs => field_types.rs} | 0 src/field/interpolation.rs | 4 +- src/field/mod.rs | 2 +- src/{polynomial => fri}/commitment.rs | 34 +-- src/fri/mod.rs | 4 +- src/fri/proof.rs | 94 +++++++ src/fri/prover.rs | 15 +- src/fri/recursive_verifier.rs | 24 +- src/fri/verifier.rs | 22 +- src/gadgets/arithmetic.rs | 4 +- src/gadgets/arithmetic_extension.rs | 18 +- src/gadgets/hash.rs | 8 +- src/gadgets/insert.rs | 12 +- src/gadgets/interpolation.rs | 14 +- src/gadgets/polynomial.rs | 4 +- src/gadgets/range_check.rs | 10 +- src/gadgets/select.rs | 14 +- src/gadgets/split_base.rs | 20 +- src/gadgets/split_join.rs | 12 +- src/gates/arithmetic.rs | 10 +- src/gates/base_sum.rs | 14 +- src/gates/constant.rs | 14 +- src/gates/exponentiation.rs | 27 +- src/gates/gate.rs | 8 +- src/gates/gate_testing.rs | 8 +- src/gates/gate_tree.rs | 2 +- src/gates/gmimc.rs | 38 +-- src/gates/insertion.rs | 22 +- src/gates/interpolation.rs | 20 +- src/gates/noop.rs | 6 +- src/gates/public_input.rs | 6 +- src/gates/reducing.rs | 10 +- src/{ => hash}/gmimc.rs | 6 +- src/hash/hash_types.rs | 63 +++++ src/{hash.rs => hash/hashing.rs} | 28 +- src/{ => hash}/merkle_proofs.rs | 43 +-- src/{ => hash}/merkle_tree.rs | 14 +- src/hash/mod.rs | 6 + src/{ => hash}/rescue.rs | 2 +- .../challenger.rs} | 39 +-- src/{ => iop}/generator.rs | 12 +- src/iop/mod.rs | 6 + src/{ => iop}/target.rs | 4 +- src/{ => iop}/wire.rs | 2 +- src/{ => iop}/witness.rs | 19 +- src/lib.rs | 23 +- src/{ => plonk}/circuit_builder.rs | 36 +-- src/{ => plonk}/circuit_data.rs | 27 +- src/{ => plonk}/copy_constraint.rs | 2 +- src/plonk/mod.rs | 11 + src/{ => plonk}/permutation_argument.rs | 6 +- src/{ => plonk}/plonk_common.rs | 11 +- src/plonk/proof.rs | 100 +++++++ src/{ => plonk}/prover.rs | 38 +-- src/{ => plonk}/recursive_verifier.rs | 31 +-- src/{ => plonk}/vanishing_poly.rs | 14 +- src/{ => plonk}/vars.rs | 10 +- src/{ => plonk}/verifier.rs | 16 +- src/polynomial/division.rs | 4 +- src/polynomial/mod.rs | 1 - src/polynomial/polynomial.rs | 2 +- src/proof.rs | 246 ------------------ src/{ => util}/context_tree.rs | 0 src/util/marking.rs | 12 +- src/util/mod.rs | 13 +- src/util/partial_products.rs | 2 +- src/util/reducing.rs | 12 +- 82 files changed, 727 insertions(+), 694 deletions(-) rename src/field/{field.rs => field_types.rs} (100%) rename src/{polynomial => fri}/commitment.rs (93%) create mode 100644 src/fri/proof.rs rename src/{ => hash}/gmimc.rs (95%) create mode 100644 src/hash/hash_types.rs rename src/{hash.rs => hash/hashing.rs} (90%) rename src/{ => hash}/merkle_proofs.rs (84%) rename src/{ => hash}/merkle_tree.rs (91%) create mode 100644 src/hash/mod.rs rename src/{ => hash}/rescue.rs (99%) rename src/{plonk_challenger.rs => iop/challenger.rs} (93%) rename src/{ => iop}/generator.rs (96%) create mode 100644 src/iop/mod.rs rename src/{ => iop}/target.rs (92%) rename src/{ => iop}/wire.rs (92%) rename src/{ => iop}/witness.rs (92%) rename src/{ => plonk}/circuit_builder.rs (96%) rename src/{ => plonk}/circuit_data.rs (92%) rename src/{ => plonk}/copy_constraint.rs (92%) create mode 100644 src/plonk/mod.rs rename src/{ => plonk}/permutation_argument.rs (98%) rename src/{ => plonk}/plonk_common.rs (97%) create mode 100644 src/plonk/proof.rs rename src/{ => plonk}/prover.rs (92%) rename src/{ => plonk}/recursive_verifier.rs (95%) rename src/{ => plonk}/vanishing_poly.rs (97%) rename src/{ => plonk}/vars.rs (90%) rename src/{ => plonk}/verifier.rs (89%) delete mode 100644 src/proof.rs rename src/{ => util}/context_tree.rs (100%) diff --git a/src/bin/bench_field_mul.rs b/src/bin/bench_field_mul.rs index b2063e50..d362d17f 100644 --- a/src/bin/bench_field_mul.rs +++ b/src/bin/bench_field_mul.rs @@ -3,7 +3,7 @@ use std::time::Instant; use plonky2::field::crandall_field::CrandallField; -use plonky2::field::field::Field; +use plonky2::field::field_types::Field; type F = CrandallField; diff --git a/src/bin/bench_field_mul_interleaved.rs b/src/bin/bench_field_mul_interleaved.rs index 737105ad..ed035a35 100644 --- a/src/bin/bench_field_mul_interleaved.rs +++ b/src/bin/bench_field_mul_interleaved.rs @@ -3,7 +3,7 @@ use std::time::Instant; use plonky2::field::crandall_field::CrandallField; -use plonky2::field::field::Field; +use plonky2::field::field_types::Field; type F = CrandallField; diff --git a/src/bin/bench_gmimc.rs b/src/bin/bench_gmimc.rs index 9611d48e..42c1b78a 100644 --- a/src/bin/bench_gmimc.rs +++ b/src/bin/bench_gmimc.rs @@ -3,9 +3,9 @@ use std::thread; use std::time::Instant; use plonky2::field::crandall_field::CrandallField; -use plonky2::field::field::Field; -use plonky2::gmimc::gmimc_permute_array; -use plonky2::hash::{GMIMC_CONSTANTS, GMIMC_ROUNDS}; +use plonky2::field::field_types::Field; +use plonky2::hash::gmimc::gmimc_permute_array; +use plonky2::hash::hashing::{GMIMC_CONSTANTS, GMIMC_ROUNDS}; type F = CrandallField; diff --git a/src/bin/bench_ldes.rs b/src/bin/bench_ldes.rs index e6d7c457..732eabd3 100644 --- a/src/bin/bench_ldes.rs +++ b/src/bin/bench_ldes.rs @@ -1,7 +1,7 @@ use std::time::Instant; use plonky2::field::crandall_field::CrandallField; -use plonky2::field::field::Field; +use plonky2::field::field_types::Field; use plonky2::polynomial::polynomial::PolynomialValues; use rayon::prelude::*; diff --git a/src/bin/bench_recursion.rs b/src/bin/bench_recursion.rs index a34bfe2e..59cdf4a6 100644 --- a/src/bin/bench_recursion.rs +++ b/src/bin/bench_recursion.rs @@ -1,13 +1,13 @@ use anyhow::Result; use env_logger::Env; use log::info; -use plonky2::circuit_builder::CircuitBuilder; -use plonky2::circuit_data::CircuitConfig; use plonky2::field::crandall_field::CrandallField; use plonky2::field::extension_field::Extendable; -use plonky2::field::field::Field; +use plonky2::field::field_types::Field; use plonky2::fri::FriConfig; -use plonky2::witness::PartialWitness; +use plonky2::iop::witness::PartialWitness; +use plonky2::plonk::circuit_builder::CircuitBuilder; +use plonky2::plonk::circuit_data::CircuitConfig; fn main() -> Result<()> { // Set the default log filter. This can be overridden using the `RUST_LOG` environment variable, diff --git a/src/bin/bench_rescue.rs b/src/bin/bench_rescue.rs index 1b45c31c..6aa3bd55 100644 --- a/src/bin/bench_rescue.rs +++ b/src/bin/bench_rescue.rs @@ -3,8 +3,8 @@ use std::thread; use std::time::Instant; use plonky2::field::crandall_field::CrandallField; -use plonky2::field::field::Field; -use plonky2::rescue::rescue; +use plonky2::field::field_types::Field; +use plonky2::hash::rescue::rescue; type F = CrandallField; diff --git a/src/field/cosets.rs b/src/field/cosets.rs index f2edd892..d0c1ce60 100644 --- a/src/field/cosets.rs +++ b/src/field/cosets.rs @@ -1,6 +1,6 @@ use num::bigint::BigUint; -use crate::field::field::Field; +use crate::field::field_types::Field; /// Finds a set of shifts that result in unique cosets for the multiplicative subgroup of size /// `2^subgroup_bits`. @@ -27,7 +27,7 @@ mod tests { use crate::field::cosets::get_unique_coset_shifts; use crate::field::crandall_field::CrandallField; - use crate::field::field::Field; + use crate::field::field_types::Field; #[test] fn distinct_cosets() { diff --git a/src/field/crandall_field.rs b/src/field/crandall_field.rs index 36cea17b..ebdb9e25 100644 --- a/src/field/crandall_field.rs +++ b/src/field/crandall_field.rs @@ -12,7 +12,7 @@ use serde::{Deserialize, Serialize}; use crate::field::extension_field::quadratic::QuadraticCrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; use crate::field::extension_field::{Extendable, Frobenius}; -use crate::field::field::Field; +use crate::field::field_types::Field; const FIELD_ORDER: u64 = 18446744071293632513; diff --git a/src/field/extension_field/algebra.rs b/src/field/extension_field/algebra.rs index fcd60185..633c4d82 100644 --- a/src/field/extension_field/algebra.rs +++ b/src/field/extension_field/algebra.rs @@ -160,7 +160,7 @@ mod tests { use crate::field::crandall_field::CrandallField; use crate::field::extension_field::algebra::ExtensionAlgebra; use crate::field::extension_field::{Extendable, FieldExtension}; - use crate::field::field::Field; + use crate::field::field_types::Field; /// Tests that the multiplication on the extension algebra lifts that of the field extension. fn test_extension_algebra, const D: usize>() { diff --git a/src/field/extension_field/mod.rs b/src/field/extension_field/mod.rs index 7d706237..8eb16973 100644 --- a/src/field/extension_field/mod.rs +++ b/src/field/extension_field/mod.rs @@ -1,6 +1,6 @@ use std::convert::TryInto; -use crate::field::field::Field; +use crate::field::field_types::Field; pub mod algebra; pub mod quadratic; diff --git a/src/field/extension_field/quadratic.rs b/src/field/extension_field/quadratic.rs index fbbb535f..fa698fb6 100644 --- a/src/field/extension_field/quadratic.rs +++ b/src/field/extension_field/quadratic.rs @@ -1,5 +1,4 @@ use std::fmt::{Debug, Display, Formatter}; -use std::hash::Hash; use std::iter::{Product, Sum}; use std::ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign}; @@ -9,7 +8,7 @@ use serde::{Deserialize, Serialize}; use crate::field::crandall_field::CrandallField; use crate::field::extension_field::{FieldExtension, Frobenius, OEF}; -use crate::field::field::Field; +use crate::field::field_types::Field; #[derive(Copy, Clone, Eq, PartialEq, Hash, Serialize, Deserialize)] pub struct QuadraticCrandallField([CrandallField; 2]); @@ -220,7 +219,7 @@ impl DivAssign for QuadraticCrandallField { mod tests { use crate::field::extension_field::quadratic::QuadraticCrandallField; use crate::field::extension_field::{FieldExtension, Frobenius}; - use crate::field::field::Field; + use crate::field::field_types::Field; use crate::test_field_arithmetic; #[test] diff --git a/src/field/extension_field/quartic.rs b/src/field/extension_field/quartic.rs index ef356232..2bc1c9b3 100644 --- a/src/field/extension_field/quartic.rs +++ b/src/field/extension_field/quartic.rs @@ -1,5 +1,4 @@ use std::fmt::{Debug, Display, Formatter}; -use std::hash::Hash; use std::iter::{Product, Sum}; use std::ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign}; @@ -10,7 +9,7 @@ use serde::{Deserialize, Serialize}; use crate::field::crandall_field::CrandallField; use crate::field::extension_field::{FieldExtension, Frobenius, OEF}; -use crate::field::field::Field; +use crate::field::field_types::Field; /// A quartic extension of `CrandallField`. #[derive(Copy, Clone, Eq, PartialEq, Hash, Serialize, Deserialize)] @@ -287,7 +286,7 @@ impl DivAssign for QuarticCrandallField { mod tests { use crate::field::extension_field::quartic::QuarticCrandallField; use crate::field::extension_field::{FieldExtension, Frobenius}; - use crate::field::field::Field; + use crate::field::field_types::Field; use crate::test_field_arithmetic; fn exp_naive(x: F, power: u128) -> F { diff --git a/src/field/extension_field/target.rs b/src/field/extension_field/target.rs index 97576ac6..9c2e9648 100644 --- a/src/field/extension_field/target.rs +++ b/src/field/extension_field/target.rs @@ -1,11 +1,11 @@ use std::convert::{TryFrom, TryInto}; use std::ops::Range; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::algebra::ExtensionAlgebra; use crate::field::extension_field::{Extendable, FieldExtension, OEF}; -use crate::field::field::Field; -use crate::target::Target; +use crate::field::field_types::Field; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; /// `Target`s representing an element of an extension field. #[derive(Copy, Clone, Debug)] diff --git a/src/field/fft.rs b/src/field/fft.rs index 3fd37b1c..6200e29a 100644 --- a/src/field/fft.rs +++ b/src/field/fft.rs @@ -1,6 +1,6 @@ use std::option::Option; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues}; use crate::util::{log2_strict, reverse_index_bits}; @@ -306,7 +306,7 @@ fn fft_unrolled(input: &[F], r_orig: usize, root_table: FftRootTable { +/// Represents a batch FRI based commitment to a list of polynomials. +pub struct PolynomialBatchCommitment { pub polynomials: Vec>, pub merkle_tree: MerkleTree, pub degree: usize, @@ -30,7 +33,7 @@ pub struct ListPolynomialCommitment { pub blinding: bool, } -impl ListPolynomialCommitment { +impl PolynomialBatchCommitment { /// Creates a list polynomial commitment for the polynomials interpolating the values in `values`. pub fn new(values: Vec>, rate_bits: usize, blinding: bool) -> Self { let degree = values[0].len(); @@ -244,7 +247,7 @@ impl, const D: usize> OpeningProof { &self, zeta: F::Extension, os: &OpeningSet, - merkle_roots: &[Hash], + merkle_roots: &[HashOut], challenger: &mut Challenger, common_data: &CommonCircuitData, ) -> Result<()> { @@ -274,7 +277,7 @@ impl OpeningProofTarget { &self, zeta: ExtensionTarget, os: &OpeningSetTarget, - merkle_roots: &[HashTarget], + merkle_roots: &[HashOutTarget], challenger: &mut RecursiveChallenger, common_data: &CommonCircuitData, builder: &mut CircuitBuilder, @@ -305,9 +308,8 @@ mod tests { use anyhow::Result; use super::*; - use crate::circuit_data::CircuitConfig; use crate::fri::FriConfig; - use crate::plonk_common::PlonkPolynomials; + use crate::plonk::circuit_data::CircuitConfig; fn gen_random_test_case, const D: usize>( k: usize, @@ -355,12 +357,12 @@ mod tests { num_constants: 4, k_is: vec![F::ONE; 6], num_partial_products: (0, 0), - circuit_digest: Hash::from_partial(vec![]), + circuit_digest: HashOut::from_partial(vec![]), }; let lpcs = (0..4) .map(|i| { - ListPolynomialCommitment::::new( + PolynomialBatchCommitment::::new( gen_random_test_case(ks[i], degree_log), common_data.config.rate_bits, PlonkPolynomials::polynomials(i).blinding, @@ -369,7 +371,7 @@ mod tests { .collect::>(); let zeta = gen_random_point::(degree_log); - let (proof, os) = ListPolynomialCommitment::open_plonk::( + let (proof, os) = PolynomialBatchCommitment::open_plonk::( &[&lpcs[0], &lpcs[1], &lpcs[2], &lpcs[3]], zeta, &mut Challenger::new(), diff --git a/src/fri/mod.rs b/src/fri/mod.rs index ab7137c2..c2f081d2 100644 --- a/src/fri/mod.rs +++ b/src/fri/mod.rs @@ -1,5 +1,7 @@ +pub mod commitment; +pub mod proof; pub mod prover; -mod recursive_verifier; +pub mod recursive_verifier; pub mod verifier; /// Somewhat arbitrary. Smaller values will increase delta, but with diminishing returns, diff --git a/src/fri/proof.rs b/src/fri/proof.rs new file mode 100644 index 00000000..0216d355 --- /dev/null +++ b/src/fri/proof.rs @@ -0,0 +1,94 @@ +use serde::{Deserialize, Serialize}; + +use crate::field::extension_field::target::ExtensionTarget; +use crate::field::extension_field::Extendable; +use crate::field::field_types::Field; +use crate::gadgets::polynomial::PolynomialCoeffsExtTarget; +use crate::hash::hash_types::{HashOut, HashOutTarget}; +use crate::hash::merkle_proofs::{MerkleProof, MerkleProofTarget}; +use crate::iop::target::Target; +use crate::plonk::plonk_common::PolynomialsIndexBlinding; +use crate::polynomial::polynomial::PolynomialCoeffs; + +/// Evaluations and Merkle proof produced by the prover in a FRI query step. +#[derive(Serialize, Deserialize, Clone, Debug)] +#[serde(bound = "")] +pub struct FriQueryStep, const D: usize> { + pub evals: Vec, + pub merkle_proof: MerkleProof, +} + +#[derive(Clone)] +pub struct FriQueryStepTarget { + pub evals: Vec>, + pub merkle_proof: MerkleProofTarget, +} + +/// Evaluations and Merkle proofs of the original set of polynomials, +/// before they are combined into a composition polynomial. +#[derive(Serialize, Deserialize, Clone, Debug)] +#[serde(bound = "")] +pub struct FriInitialTreeProof { + pub evals_proofs: Vec<(Vec, MerkleProof)>, +} + +impl FriInitialTreeProof { + pub(crate) fn unsalted_evals( + &self, + polynomials: PolynomialsIndexBlinding, + zero_knowledge: bool, + ) -> &[F] { + let evals = &self.evals_proofs[polynomials.index].0; + &evals[..evals.len() - polynomials.salt_size(zero_knowledge)] + } +} + +#[derive(Clone)] +pub struct FriInitialTreeProofTarget { + pub evals_proofs: Vec<(Vec, MerkleProofTarget)>, +} + +impl FriInitialTreeProofTarget { + pub(crate) fn unsalted_evals( + &self, + polynomials: PolynomialsIndexBlinding, + zero_knowledge: bool, + ) -> &[Target] { + let evals = &self.evals_proofs[polynomials.index].0; + &evals[..evals.len() - polynomials.salt_size(zero_knowledge)] + } +} + +/// Proof for a FRI query round. +#[derive(Serialize, Deserialize, Clone, Debug)] +#[serde(bound = "")] +pub struct FriQueryRound, const D: usize> { + pub initial_trees_proof: FriInitialTreeProof, + pub steps: Vec>, +} + +#[derive(Clone)] +pub struct FriQueryRoundTarget { + pub initial_trees_proof: FriInitialTreeProofTarget, + pub steps: Vec>, +} + +#[derive(Serialize, Deserialize, Clone, Debug)] +#[serde(bound = "")] +pub struct FriProof, const D: usize> { + /// A Merkle root for each reduced polynomial in the commit phase. + pub commit_phase_merkle_roots: Vec>, + /// Query rounds proofs + pub query_round_proofs: Vec>, + /// The final polynomial in coefficient form. + pub final_poly: PolynomialCoeffs, + /// Witness showing that the prover did PoW. + pub pow_witness: F, +} + +pub struct FriProofTarget { + pub commit_phase_merkle_roots: Vec, + pub query_round_proofs: Vec>, + pub final_poly: PolynomialCoeffsExtTarget, + pub pow_witness: Target, +} diff --git a/src/fri/prover.rs b/src/fri/prover.rs index a4147da7..04c29205 100644 --- a/src/fri/prover.rs +++ b/src/fri/prover.rs @@ -1,14 +1,15 @@ use rayon::prelude::*; use crate::field::extension_field::{flatten, unflatten, Extendable}; -use crate::field::field::Field; +use crate::field::field_types::Field; +use crate::fri::proof::{FriInitialTreeProof, FriProof, FriQueryRound, FriQueryStep}; use crate::fri::FriConfig; -use crate::hash::hash_n_to_1; -use crate::merkle_tree::MerkleTree; -use crate::plonk_challenger::Challenger; -use crate::plonk_common::reduce_with_powers; +use crate::hash::hash_types::HashOut; +use crate::hash::hashing::hash_n_to_1; +use crate::hash::merkle_tree::MerkleTree; +use crate::iop::challenger::Challenger; +use crate::plonk::plonk_common::reduce_with_powers; use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues}; -use crate::proof::{FriInitialTreeProof, FriProof, FriQueryRound, FriQueryStep, Hash}; use crate::timed; use crate::util::reverse_index_bits_in_place; @@ -96,7 +97,7 @@ fn fri_committed_trees, const D: usize>( (trees, coeffs) } -fn fri_proof_of_work(current_hash: Hash, config: &FriConfig) -> F { +fn fri_proof_of_work(current_hash: HashOut, config: &FriConfig) -> F { (0..u64::MAX) .into_par_iter() .find_any(|&i| { diff --git a/src/fri/recursive_verifier.rs b/src/fri/recursive_verifier.rs index 386a6cf9..7135cc4c 100644 --- a/src/fri/recursive_verifier.rs +++ b/src/fri/recursive_verifier.rs @@ -1,15 +1,15 @@ -use crate::circuit_builder::CircuitBuilder; -use crate::circuit_data::CommonCircuitData; use crate::field::extension_field::target::{flatten_target, ExtensionTarget}; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; +use crate::fri::proof::{FriInitialTreeProofTarget, FriProofTarget, FriQueryRoundTarget}; use crate::fri::FriConfig; -use crate::plonk_challenger::RecursiveChallenger; -use crate::plonk_common::PlonkPolynomials; -use crate::proof::{ - FriInitialTreeProofTarget, FriProofTarget, FriQueryRoundTarget, HashTarget, OpeningSetTarget, -}; -use crate::target::Target; +use crate::hash::hash_types::HashOutTarget; +use crate::iop::challenger::RecursiveChallenger; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::circuit_data::CommonCircuitData; +use crate::plonk::plonk_common::PlonkPolynomials; +use crate::plonk::proof::OpeningSetTarget; use crate::util::reducing::ReducingFactorTarget; use crate::util::{log2_strict, reverse_index_bits_in_place}; use crate::with_context; @@ -77,7 +77,7 @@ impl, const D: usize> CircuitBuilder { zeta: ExtensionTarget, // Scaling factor to combine polynomials. alpha: ExtensionTarget, - initial_merkle_roots: &[HashTarget], + initial_merkle_roots: &[HashOutTarget], proof: &FriProofTarget, challenger: &mut RecursiveChallenger, common_data: &CommonCircuitData, @@ -165,7 +165,7 @@ impl, const D: usize> CircuitBuilder { &mut self, x_index_bits: &[Target], proof: &FriInitialTreeProofTarget, - initial_merkle_roots: &[HashTarget], + initial_merkle_roots: &[HashOutTarget], ) { for (i, ((evals, merkle_proof), &root)) in proof .evals_proofs @@ -260,7 +260,7 @@ impl, const D: usize> CircuitBuilder { zeta: ExtensionTarget, alpha: ExtensionTarget, precomputed_reduced_evals: PrecomputedReducedEvalsTarget, - initial_merkle_roots: &[HashTarget], + initial_merkle_roots: &[HashOutTarget], proof: &FriProofTarget, challenger: &mut RecursiveChallenger, n: usize, diff --git a/src/fri/verifier.rs b/src/fri/verifier.rs index 8417dac1..6e814cac 100644 --- a/src/fri/verifier.rs +++ b/src/fri/verifier.rs @@ -1,15 +1,17 @@ use anyhow::{ensure, Result}; -use crate::circuit_data::CommonCircuitData; use crate::field::extension_field::{flatten, Extendable, FieldExtension}; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::field::interpolation::{barycentric_weights, interpolate, interpolate2}; +use crate::fri::proof::{FriInitialTreeProof, FriProof, FriQueryRound}; use crate::fri::FriConfig; -use crate::hash::hash_n_to_1; -use crate::merkle_proofs::verify_merkle_proof; -use crate::plonk_challenger::Challenger; -use crate::plonk_common::PlonkPolynomials; -use crate::proof::{FriInitialTreeProof, FriProof, FriQueryRound, Hash, OpeningSet}; +use crate::hash::hash_types::HashOut; +use crate::hash::hashing::hash_n_to_1; +use crate::hash::merkle_proofs::verify_merkle_proof; +use crate::iop::challenger::Challenger; +use crate::plonk::circuit_data::CommonCircuitData; +use crate::plonk::plonk_common::PlonkPolynomials; +use crate::plonk::proof::OpeningSet; use crate::util::reducing::ReducingFactor; use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place}; @@ -74,7 +76,7 @@ pub fn verify_fri_proof, const D: usize>( zeta: F::Extension, // Scaling factor to combine polynomials. alpha: F::Extension, - initial_merkle_roots: &[Hash], + initial_merkle_roots: &[HashOut], proof: &FriProof, challenger: &mut Challenger, common_data: &CommonCircuitData, @@ -135,7 +137,7 @@ pub fn verify_fri_proof, const D: usize>( fn fri_verify_initial_proof( x_index: usize, proof: &FriInitialTreeProof, - initial_merkle_roots: &[Hash], + initial_merkle_roots: &[HashOut], ) -> Result<()> { for ((evals, merkle_proof), &root) in proof.evals_proofs.iter().zip(initial_merkle_roots) { verify_merkle_proof(evals.clone(), x_index, root, merkle_proof, false)?; @@ -240,7 +242,7 @@ fn fri_verifier_query_round, const D: usize>( zeta: F::Extension, alpha: F::Extension, precomputed_reduced_evals: PrecomputedReducedEvals, - initial_merkle_roots: &[Hash], + initial_merkle_roots: &[HashOut], proof: &FriProof, challenger: &mut Challenger, n: usize, diff --git a/src/gadgets/arithmetic.rs b/src/gadgets/arithmetic.rs index bf3c188d..4163e00b 100644 --- a/src/gadgets/arithmetic.rs +++ b/src/gadgets/arithmetic.rs @@ -1,9 +1,9 @@ use std::borrow::Borrow; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::Extendable; use crate::gates::exponentiation::ExponentiationGate; -use crate::target::Target; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; use crate::util::log2_ceil; impl, const D: usize> CircuitBuilder { diff --git a/src/gadgets/arithmetic_extension.rs b/src/gadgets/arithmetic_extension.rs index 7d43dbfb..59ad71d5 100644 --- a/src/gadgets/arithmetic_extension.rs +++ b/src/gadgets/arithmetic_extension.rs @@ -3,14 +3,14 @@ use std::convert::TryInto; use itertools::Itertools; use num::Integer; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::{ExtensionAlgebraTarget, ExtensionTarget}; use crate::field::extension_field::{Extendable, OEF}; use crate::gates::arithmetic::ArithmeticExtensionGate; -use crate::generator::{GeneratedValues, SimpleGenerator}; -use crate::target::Target; +use crate::iop::generator::{GeneratedValues, SimpleGenerator}; +use crate::iop::target::Target; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; use crate::util::bits_u64; -use crate::witness::PartialWitness; impl, const D: usize> CircuitBuilder { pub fn double_arithmetic_extension( @@ -505,13 +505,13 @@ impl, const D: usize> CircuitBuilder { mod tests { use anyhow::Result; - use crate::circuit_builder::CircuitBuilder; - use crate::circuit_data::CircuitConfig; use crate::field::crandall_field::CrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; - use crate::field::field::Field; - use crate::verifier::verify; - use crate::witness::PartialWitness; + use crate::field::field_types::Field; + use crate::iop::witness::PartialWitness; + use crate::plonk::circuit_builder::CircuitBuilder; + use crate::plonk::circuit_data::CircuitConfig; + use crate::plonk::verifier::verify; #[test] fn test_mul_many() -> Result<()> { diff --git a/src/gadgets/hash.rs b/src/gadgets/hash.rs index dfe46772..0326dc64 100644 --- a/src/gadgets/hash.rs +++ b/src/gadgets/hash.rs @@ -1,11 +1,11 @@ use std::convert::TryInto; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::Extendable; use crate::gates::gmimc::GMiMCGate; -use crate::hash::GMIMC_ROUNDS; -use crate::target::Target; -use crate::wire::Wire; +use crate::hash::hashing::GMIMC_ROUNDS; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::plonk::circuit_builder::CircuitBuilder; // TODO: Move to be next to native `permute`? impl, const D: usize> CircuitBuilder { diff --git a/src/gadgets/insert.rs b/src/gadgets/insert.rs index e9345ef7..72fe032b 100644 --- a/src/gadgets/insert.rs +++ b/src/gadgets/insert.rs @@ -1,8 +1,8 @@ -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; use crate::gates::insertion::InsertionGate; -use crate::target::Target; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; impl, const D: usize> CircuitBuilder { /// Inserts a `Target` in a vector at a non-deterministic index. @@ -42,12 +42,12 @@ mod tests { use anyhow::Result; use super::*; - use crate::circuit_data::CircuitConfig; use crate::field::crandall_field::CrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; - use crate::field::field::Field; - use crate::verifier::verify; - use crate::witness::PartialWitness; + use crate::field::field_types::Field; + use crate::iop::witness::PartialWitness; + use crate::plonk::circuit_data::CircuitConfig; + use crate::plonk::verifier::verify; fn real_insert( index: usize, diff --git a/src/gadgets/interpolation.rs b/src/gadgets/interpolation.rs index 72119354..cc547d88 100644 --- a/src/gadgets/interpolation.rs +++ b/src/gadgets/interpolation.rs @@ -1,8 +1,8 @@ -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; use crate::gates::interpolation::InterpolationGate; -use crate::target::Target; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; impl, const D: usize> CircuitBuilder { /// Interpolate two points. No need for an `InterpolationGate` since the coefficients @@ -55,15 +55,15 @@ mod tests { use anyhow::Result; - use super::*; - use crate::circuit_data::CircuitConfig; use crate::field::crandall_field::CrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; use crate::field::extension_field::FieldExtension; - use crate::field::field::Field; + use crate::field::field_types::Field; use crate::field::interpolation::interpolant; - use crate::verifier::verify; - use crate::witness::PartialWitness; + use crate::iop::witness::PartialWitness; + use crate::plonk::circuit_builder::CircuitBuilder; + use crate::plonk::circuit_data::CircuitConfig; + use crate::plonk::verifier::verify; #[test] fn test_interpolate() -> Result<()> { diff --git a/src/gadgets/polynomial.rs b/src/gadgets/polynomial.rs index 07bc1952..a83cbcd4 100644 --- a/src/gadgets/polynomial.rs +++ b/src/gadgets/polynomial.rs @@ -1,7 +1,7 @@ -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::{ExtensionAlgebraTarget, ExtensionTarget}; use crate::field::extension_field::Extendable; -use crate::target::Target; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; pub struct PolynomialCoeffsExtTarget(pub Vec>); diff --git a/src/gadgets/range_check.rs b/src/gadgets/range_check.rs index e3408cbf..0fc38afe 100644 --- a/src/gadgets/range_check.rs +++ b/src/gadgets/range_check.rs @@ -1,10 +1,10 @@ -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::base_sum::BaseSumGate; -use crate::generator::{GeneratedValues, SimpleGenerator}; -use crate::target::Target; -use crate::witness::PartialWitness; +use crate::iop::generator::{GeneratedValues, SimpleGenerator}; +use crate::iop::target::Target; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; impl, const D: usize> CircuitBuilder { /// Checks that `x < 2^n_log` using a `BaseSumGate`. diff --git a/src/gadgets/select.rs b/src/gadgets/select.rs index 9df395d8..f1f651dc 100644 --- a/src/gadgets/select.rs +++ b/src/gadgets/select.rs @@ -1,8 +1,8 @@ -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; use crate::gates::arithmetic::ArithmeticExtensionGate; -use crate::target::Target; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; impl, const D: usize> CircuitBuilder { /// Selects `x` or `y` based on `b`, which is assumed to be binary, i.e., this returns `if b { x } else { y }`. @@ -35,13 +35,13 @@ impl, const D: usize> CircuitBuilder { mod tests { use anyhow::Result; - use super::*; - use crate::circuit_data::CircuitConfig; use crate::field::crandall_field::CrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; - use crate::field::field::Field; - use crate::verifier::verify; - use crate::witness::PartialWitness; + use crate::field::field_types::Field; + use crate::iop::witness::PartialWitness; + use crate::plonk::circuit_builder::CircuitBuilder; + use crate::plonk::circuit_data::CircuitConfig; + use crate::plonk::verifier::verify; #[test] fn test_select() -> Result<()> { diff --git a/src/gadgets/split_base.rs b/src/gadgets/split_base.rs index 1929fd1c..901b4728 100644 --- a/src/gadgets/split_base.rs +++ b/src/gadgets/split_base.rs @@ -1,12 +1,12 @@ use std::borrow::Borrow; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::base_sum::BaseSumGate; -use crate::generator::{GeneratedValues, SimpleGenerator}; -use crate::target::Target; -use crate::witness::PartialWitness; +use crate::iop::generator::{GeneratedValues, SimpleGenerator}; +use crate::iop::target::Target; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; impl, const D: usize> CircuitBuilder { /// Split the given element into a list of targets, where each one represents a @@ -96,12 +96,12 @@ mod tests { use anyhow::Result; use rand::{thread_rng, Rng}; - use super::*; - use crate::circuit_data::CircuitConfig; use crate::field::crandall_field::CrandallField; - use crate::field::field::Field; - use crate::verifier::verify; - use crate::witness::PartialWitness; + use crate::field::field_types::Field; + use crate::iop::witness::PartialWitness; + use crate::plonk::circuit_builder::CircuitBuilder; + use crate::plonk::circuit_data::CircuitConfig; + use crate::plonk::verifier::verify; #[test] fn test_split_base() -> Result<()> { diff --git a/src/gadgets/split_join.rs b/src/gadgets/split_join.rs index 2cf5b9b2..78518245 100644 --- a/src/gadgets/split_join.rs +++ b/src/gadgets/split_join.rs @@ -1,12 +1,12 @@ -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::base_sum::BaseSumGate; -use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; -use crate::target::Target; +use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; use crate::util::ceil_div_usize; -use crate::wire::Wire; -use crate::witness::PartialWitness; impl, const D: usize> CircuitBuilder { /// Split the given integer into a list of virtual targets, where each one represents a bit of diff --git a/src/gates/arithmetic.rs b/src/gates/arithmetic.rs index 4964fbd0..1a68bf83 100644 --- a/src/gates/arithmetic.rs +++ b/src/gates/arithmetic.rs @@ -1,14 +1,14 @@ use std::ops::Range; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; use crate::field::extension_field::FieldExtension; use crate::gates::gate::Gate; -use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; -use crate::target::Target; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; -use crate::witness::PartialWitness; +use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::target::Target; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; /// A gate which can a linear combination `c0*x*y+c1*z` twice with the same `x`. #[derive(Debug)] diff --git a/src/gates/base_sum.rs b/src/gates/base_sum.rs index 723cc84f..9885f270 100644 --- a/src/gates/base_sum.rs +++ b/src/gates/base_sum.rs @@ -1,15 +1,15 @@ use std::ops::Range; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::gate::Gate; -use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; -use crate::plonk_common::{reduce_with_powers, reduce_with_powers_ext_recursive}; -use crate::target::Target; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; -use crate::witness::PartialWitness; +use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::target::Target; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::plonk_common::{reduce_with_powers, reduce_with_powers_ext_recursive}; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; /// A gate which can decompose a number into base B little-endian limbs, /// and compute the limb-reversed (i.e. big-endian) sum. diff --git a/src/gates/constant.rs b/src/gates/constant.rs index 11592c90..826fc2c3 100644 --- a/src/gates/constant.rs +++ b/src/gates/constant.rs @@ -1,13 +1,13 @@ -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::gate::Gate; -use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; -use crate::target::Target; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; -use crate::wire::Wire; -use crate::witness::PartialWitness; +use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; /// A gate which takes a single constant parameter and outputs that value. pub struct ConstantGate; diff --git a/src/gates/exponentiation.rs b/src/gates/exponentiation.rs index 2f33e5d9..a1a7d5cd 100644 --- a/src/gates/exponentiation.rs +++ b/src/gates/exponentiation.rs @@ -1,16 +1,16 @@ use std::marker::PhantomData; -use crate::circuit_builder::CircuitBuilder; -use crate::circuit_data::CircuitConfig; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::gate::Gate; -use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; -use crate::target::Target; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; -use crate::wire::Wire; -use crate::witness::PartialWitness; +use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::circuit_data::CircuitConfig; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; /// A gate for raising a value to a power. #[derive(Clone, Debug)] @@ -263,17 +263,16 @@ mod tests { use rand::Rng; - use crate::circuit_data::CircuitConfig; use crate::field::crandall_field::CrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; - use crate::field::field::Field; - use crate::fri::FriConfig; + use crate::field::field_types::Field; use crate::gates::exponentiation::ExponentiationGate; use crate::gates::gate::Gate; use crate::gates::gate_testing::test_low_degree; - use crate::proof::Hash; + use crate::hash::hash_types::HashOut; + use crate::plonk::circuit_data::CircuitConfig; + use crate::plonk::vars::EvaluationVars; use crate::util::log2_ceil; - use crate::vars::EvaluationVars; const MAX_POWER_BITS: usize = 17; @@ -359,7 +358,7 @@ mod tests { let vars = EvaluationVars { local_constants: &[], local_wires: &get_wires(base, power as u64), - public_inputs_hash: &Hash::rand(), + public_inputs_hash: &HashOut::rand(), }; assert!( gate.eval_unfiltered(vars).iter().all(|x| x.is_zero()), diff --git a/src/gates/gate.rs b/src/gates/gate.rs index d961fb58..e21dc16e 100644 --- a/src/gates/gate.rs +++ b/src/gates/gate.rs @@ -2,13 +2,13 @@ use std::fmt::{Debug, Error, Formatter}; use std::hash::{Hash, Hasher}; use std::sync::Arc; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::{Extendable, FieldExtension}; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::gate_tree::Tree; -use crate::generator::WitnessGenerator; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; +use crate::iop::generator::WitnessGenerator; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; /// A custom gate. pub trait Gate, const D: usize>: 'static + Send + Sync { diff --git a/src/gates/gate_testing.rs b/src/gates/gate_testing.rs index e0b72477..d85ce784 100644 --- a/src/gates/gate_testing.rs +++ b/src/gates/gate_testing.rs @@ -1,10 +1,10 @@ use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::gate::Gate; +use crate::hash::hash_types::HashOut; +use crate::plonk::vars::EvaluationVars; use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues}; -use crate::proof::Hash; use crate::util::{log2_ceil, transpose}; -use crate::vars::EvaluationVars; const WITNESS_SIZE: usize = 1 << 5; const WITNESS_DEGREE: usize = WITNESS_SIZE - 1; @@ -17,7 +17,7 @@ pub(crate) fn test_low_degree, G: Gate, const D: usize>(g let wire_ldes = random_low_degree_matrix::(gate.num_wires(), rate_bits); let constant_ldes = random_low_degree_matrix::(gate.num_constants(), rate_bits); assert_eq!(wire_ldes.len(), constant_ldes.len()); - let public_inputs_hash = &Hash::rand(); + let public_inputs_hash = &HashOut::rand(); let constraint_evals = wire_ldes .iter() diff --git a/src/gates/gate_tree.rs b/src/gates/gate_tree.rs index 50a6f39e..6402f7cd 100644 --- a/src/gates/gate_tree.rs +++ b/src/gates/gate_tree.rs @@ -228,7 +228,7 @@ mod tests { use crate::gates::gmimc::GMiMCGate; use crate::gates::interpolation::InterpolationGate; use crate::gates::noop::NoopGate; - use crate::hash::GMIMC_ROUNDS; + use crate::hash::hashing::GMIMC_ROUNDS; #[test] fn test_prefix_generation() { diff --git a/src/gates/gmimc.rs b/src/gates/gmimc.rs index ec2aab6c..04ee42bb 100644 --- a/src/gates/gmimc.rs +++ b/src/gates/gmimc.rs @@ -1,16 +1,16 @@ use std::sync::Arc; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::gate::Gate; -use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; -use crate::gmimc::gmimc_automatic_constants; -use crate::target::Target; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; -use crate::wire::Wire; -use crate::witness::PartialWitness; +use crate::hash::gmimc::gmimc_automatic_constants; +use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; /// The width of the permutation, in field elements. const W: usize = 12; @@ -329,21 +329,21 @@ mod tests { use anyhow::Result; - use crate::circuit_builder::CircuitBuilder; - use crate::circuit_data::CircuitConfig; use crate::field::crandall_field::CrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; - use crate::field::field::Field; + use crate::field::field_types::Field; use crate::gates::gate::Gate; use crate::gates::gate_testing::test_low_degree; use crate::gates::gmimc::{GMiMCGate, W}; - use crate::generator::generate_partial_witness; - use crate::gmimc::gmimc_permute_naive; - use crate::proof::Hash; - use crate::vars::{EvaluationTargets, EvaluationVars}; - use crate::verifier::verify; - use crate::wire::Wire; - use crate::witness::PartialWitness; + use crate::hash::gmimc::gmimc_permute_naive; + use crate::hash::hash_types::HashOut; + use crate::iop::generator::generate_partial_witness; + use crate::iop::wire::Wire; + use crate::iop::witness::PartialWitness; + use crate::plonk::circuit_builder::CircuitBuilder; + use crate::plonk::circuit_data::CircuitConfig; + use crate::plonk::vars::{EvaluationTargets, EvaluationVars}; + use crate::plonk::verifier::verify; #[test] fn generated_output() { @@ -410,7 +410,7 @@ mod tests { let gate = Gate::new(constants); let wires = FF::rand_vec(Gate::end()); - let public_inputs_hash = &Hash::rand(); + let public_inputs_hash = &HashOut::rand(); let vars = EvaluationVars { local_constants: &[], local_wires: &wires, diff --git a/src/gates/insertion.rs b/src/gates/insertion.rs index 41e3e6e9..0337c36b 100644 --- a/src/gates/insertion.rs +++ b/src/gates/insertion.rs @@ -2,16 +2,16 @@ use std::convert::TryInto; use std::marker::PhantomData; use std::ops::Range; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::{Extendable, FieldExtension}; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::gate::Gate; -use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; -use crate::target::Target; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; -use crate::wire::Wire; -use crate::witness::PartialWitness; +use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; /// A gate for inserting a value into a list at a non-deterministic location. #[derive(Clone, Debug)] @@ -321,12 +321,12 @@ mod tests { use crate::field::crandall_field::CrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; - use crate::field::field::Field; + use crate::field::field_types::Field; use crate::gates::gate::Gate; use crate::gates::gate_testing::test_low_degree; use crate::gates::insertion::InsertionGate; - use crate::proof::Hash; - use crate::vars::EvaluationVars; + use crate::hash::hash_types::HashOut; + use crate::plonk::vars::EvaluationVars; #[test] fn wire_indices() { @@ -403,7 +403,7 @@ mod tests { let vars = EvaluationVars { local_constants: &[], local_wires: &get_wires(orig_vec, insertion_index, element_to_insert), - public_inputs_hash: &Hash::rand(), + public_inputs_hash: &HashOut::rand(), }; assert!( diff --git a/src/gates/interpolation.rs b/src/gates/interpolation.rs index 36e90c53..88fb7d22 100644 --- a/src/gates/interpolation.rs +++ b/src/gates/interpolation.rs @@ -2,19 +2,19 @@ use std::convert::TryInto; use std::marker::PhantomData; use std::ops::Range; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::algebra::PolynomialCoeffsAlgebra; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::{Extendable, FieldExtension}; use crate::field::interpolation::interpolant; use crate::gadgets::polynomial::PolynomialCoeffsExtAlgebraTarget; use crate::gates::gate::Gate; -use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; use crate::polynomial::polynomial::PolynomialCoeffs; -use crate::target::Target; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; -use crate::wire::Wire; -use crate::witness::PartialWitness; /// Evaluates the interpolant of some given elements from a field extension. /// @@ -288,13 +288,13 @@ mod tests { use crate::field::crandall_field::CrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; - use crate::field::field::Field; + use crate::field::field_types::Field; use crate::gates::gate::Gate; use crate::gates::gate_testing::test_low_degree; use crate::gates::interpolation::InterpolationGate; + use crate::hash::hash_types::HashOut; + use crate::plonk::vars::EvaluationVars; use crate::polynomial::polynomial::PolynomialCoeffs; - use crate::proof::Hash; - use crate::vars::EvaluationVars; #[test] fn wire_indices() { @@ -358,7 +358,7 @@ mod tests { let vars = EvaluationVars { local_constants: &[], local_wires: &get_wires(2, coeffs, points, eval_point), - public_inputs_hash: &Hash::rand(), + public_inputs_hash: &HashOut::rand(), }; assert!( diff --git a/src/gates/noop.rs b/src/gates/noop.rs index 3245f7b7..df97a449 100644 --- a/src/gates/noop.rs +++ b/src/gates/noop.rs @@ -1,9 +1,9 @@ -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; use crate::gates::gate::Gate; -use crate::generator::WitnessGenerator; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; +use crate::iop::generator::WitnessGenerator; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; /// A gate which does nothing. pub struct NoopGate; diff --git a/src/gates/public_input.rs b/src/gates/public_input.rs index ae9d2377..3d3626e6 100644 --- a/src/gates/public_input.rs +++ b/src/gates/public_input.rs @@ -1,11 +1,11 @@ use std::ops::Range; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; use crate::gates::gate::Gate; -use crate::generator::WitnessGenerator; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; +use crate::iop::generator::WitnessGenerator; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; /// A gate whose first four wires will be equal to a hash of public inputs. pub struct PublicInputGate; diff --git a/src/gates/reducing.rs b/src/gates/reducing.rs index cea7267a..896bbd78 100644 --- a/src/gates/reducing.rs +++ b/src/gates/reducing.rs @@ -1,14 +1,14 @@ use std::ops::Range; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; use crate::field::extension_field::FieldExtension; use crate::gates::gate::Gate; -use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; -use crate::target::Target; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; -use crate::witness::PartialWitness; +use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::target::Target; +use crate::iop::witness::PartialWitness; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; /// Computes `sum alpha^i c_i` for a vector `c_i` of `num_coeffs` elements of the base field. #[derive(Debug, Clone)] diff --git a/src/gmimc.rs b/src/hash/gmimc.rs similarity index 95% rename from src/gmimc.rs rename to src/hash/gmimc.rs index db80f19a..f97ef0fd 100644 --- a/src/gmimc.rs +++ b/src/hash/gmimc.rs @@ -4,7 +4,7 @@ use rand::SeedableRng; use rand_chacha::ChaCha8Rng; use unroll::unroll_for_loops; -use crate::field::field::Field; +use crate::field::field_types::Field; pub(crate) fn gmimc_automatic_constants() -> [F; R] { let mut rng = ChaCha8Rng::seed_from_u64(0); @@ -109,8 +109,8 @@ mod tests { use std::sync::Arc; use crate::field::crandall_field::CrandallField; - use crate::field::field::Field; - use crate::gmimc::{gmimc_permute, gmimc_permute_naive}; + use crate::field::field_types::Field; + use crate::hash::gmimc::{gmimc_permute, gmimc_permute_naive}; #[test] fn consistency() { diff --git a/src/hash/hash_types.rs b/src/hash/hash_types.rs new file mode 100644 index 00000000..663b8cd1 --- /dev/null +++ b/src/hash/hash_types.rs @@ -0,0 +1,63 @@ +use std::convert::TryInto; + +use serde::{Deserialize, Serialize}; + +use crate::field::field_types::Field; +use crate::iop::target::Target; + +/// Represents a ~256 bit hash output. +#[derive(Copy, Clone, Debug, Eq, PartialEq, Serialize, Deserialize)] +#[serde(bound = "")] +pub struct HashOut { + pub(crate) elements: [F; 4], +} + +impl HashOut { + pub(crate) fn from_vec(elements: Vec) -> Self { + debug_assert!(elements.len() == 4); + Self { + elements: elements.try_into().unwrap(), + } + } + + pub(crate) fn from_partial(mut elements: Vec) -> Self { + debug_assert!(elements.len() <= 4); + while elements.len() < 4 { + elements.push(F::ZERO); + } + Self { + elements: [elements[0], elements[1], elements[2], elements[3]], + } + } + + pub(crate) fn rand() -> Self { + Self { + elements: [F::rand(), F::rand(), F::rand(), F::rand()], + } + } +} + +/// Represents a ~256 bit hash output. +#[derive(Copy, Clone, Debug)] +pub struct HashOutTarget { + pub(crate) elements: [Target; 4], +} + +impl HashOutTarget { + pub(crate) fn from_vec(elements: Vec) -> Self { + debug_assert!(elements.len() == 4); + Self { + elements: elements.try_into().unwrap(), + } + } + + pub(crate) fn from_partial(mut elements: Vec, zero: Target) -> Self { + debug_assert!(elements.len() <= 4); + while elements.len() < 4 { + elements.push(zero); + } + Self { + elements: [elements[0], elements[1], elements[2], elements[3]], + } + } +} diff --git a/src/hash.rs b/src/hash/hashing.rs similarity index 90% rename from src/hash.rs rename to src/hash/hashing.rs index 2c7bad64..4c304a5d 100644 --- a/src/hash.rs +++ b/src/hash/hashing.rs @@ -1,11 +1,11 @@ //! Concrete instantiation of a hash function. -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::Extendable; -use crate::field::field::Field; -use crate::gmimc::gmimc_permute_array; -use crate::proof::{Hash, HashTarget}; -use crate::target::Target; +use crate::field::field_types::Field; +use crate::hash::gmimc::gmimc_permute_array; +use crate::hash::hash_types::{HashOut, HashOutTarget}; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; pub(crate) const SPONGE_RATE: usize = 8; pub(crate) const SPONGE_CAPACITY: usize = 4; @@ -119,26 +119,26 @@ pub const GMIMC_CONSTANTS: [u64; GMIMC_ROUNDS] = [ /// Hash the vector if necessary to reduce its length to ~256 bits. If it already fits, this is a /// no-op. -pub fn hash_or_noop(inputs: Vec) -> Hash { +pub fn hash_or_noop(inputs: Vec) -> HashOut { if inputs.len() <= 4 { - Hash::from_partial(inputs) + HashOut::from_partial(inputs) } else { hash_n_to_hash(inputs, false) } } impl, const D: usize> CircuitBuilder { - pub fn hash_or_noop(&mut self, inputs: Vec) -> HashTarget { + pub fn hash_or_noop(&mut self, inputs: Vec) -> HashOutTarget { let zero = self.zero(); if inputs.len() <= 4 { - HashTarget::from_partial(inputs, zero) + HashOutTarget::from_partial(inputs, zero) } else { self.hash_n_to_hash(inputs, false) } } - pub fn hash_n_to_hash(&mut self, inputs: Vec, pad: bool) -> HashTarget { - HashTarget::from_vec(self.hash_n_to_m(inputs, 4, pad)) + pub fn hash_n_to_hash(&mut self, inputs: Vec, pad: bool) -> HashOutTarget { + HashOutTarget::from_vec(self.hash_n_to_m(inputs, 4, pad)) } pub fn hash_n_to_m( @@ -184,7 +184,7 @@ impl, const D: usize> CircuitBuilder { } /// A one-way compression function which takes two ~256 bit inputs and returns a ~256 bit output. -pub fn compress(x: Hash, y: Hash) -> Hash { +pub fn compress(x: HashOut, y: HashOut) -> HashOut { let mut inputs = Vec::with_capacity(8); inputs.extend(&x.elements); inputs.extend(&y.elements); @@ -230,8 +230,8 @@ pub fn hash_n_to_m(mut inputs: Vec, num_outputs: usize, pad: bool) } } -pub fn hash_n_to_hash(inputs: Vec, pad: bool) -> Hash { - Hash::from_vec(hash_n_to_m(inputs, 4, pad)) +pub fn hash_n_to_hash(inputs: Vec, pad: bool) -> HashOut { + HashOut::from_vec(hash_n_to_m(inputs, 4, pad)) } pub fn hash_n_to_1(inputs: Vec, pad: bool) -> F { diff --git a/src/merkle_proofs.rs b/src/hash/merkle_proofs.rs similarity index 84% rename from src/merkle_proofs.rs rename to src/hash/merkle_proofs.rs index 6a352dec..9af1cb58 100644 --- a/src/merkle_proofs.rs +++ b/src/hash/merkle_proofs.rs @@ -1,27 +1,26 @@ use anyhow::{ensure, Result}; use serde::{Deserialize, Serialize}; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::gmimc::GMiMCGate; -use crate::hash::GMIMC_ROUNDS; -use crate::hash::{compress, hash_or_noop}; -use crate::proof::{Hash, HashTarget}; -use crate::target::Target; -use crate::wire::Wire; +use crate::hash::hash_types::{HashOut, HashOutTarget}; +use crate::hash::hashing::{compress, hash_or_noop, GMIMC_ROUNDS}; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::plonk::circuit_builder::CircuitBuilder; #[derive(Clone, Debug, Serialize, Deserialize)] #[serde(bound = "")] pub struct MerkleProof { /// The Merkle digest of each sibling subtree, staying from the bottommost layer. - pub siblings: Vec>, + pub siblings: Vec>, } #[derive(Clone)] pub struct MerkleProofTarget { /// The Merkle digest of each sibling subtree, staying from the bottommost layer. - pub siblings: Vec, + pub siblings: Vec, } /// Verifies that the given leaf data is present at the given index in the Merkle tree with the @@ -29,7 +28,7 @@ pub struct MerkleProofTarget { pub(crate) fn verify_merkle_proof( leaf_data: Vec, leaf_index: usize, - merkle_root: Hash, + merkle_root: HashOut, proof: &MerkleProof, reverse_bits: bool, ) -> Result<()> { @@ -64,12 +63,12 @@ impl, const D: usize> CircuitBuilder { &mut self, leaf_data: Vec, leaf_index_bits: &[Target], - merkle_root: HashTarget, + merkle_root: HashOutTarget, proof: &MerkleProofTarget, ) { let zero = self.zero(); - let mut state: HashTarget = self.hash_or_noop(leaf_data); + let mut state: HashOutTarget = self.hash_or_noop(leaf_data); for (&bit, &sibling) in leaf_index_bits.iter().zip(&proof.siblings) { let gate_type = GMiMCGate::::new_automatic_constants(); @@ -97,7 +96,7 @@ impl, const D: usize> CircuitBuilder { self.route(zero, input_wires[8 + i]); } - state = HashTarget::from_vec( + state = HashOutTarget::from_vec( (0..4) .map(|i| { Target::Wire(Wire { @@ -112,13 +111,18 @@ impl, const D: usize> CircuitBuilder { self.named_assert_hashes_equal(state, merkle_root, "check Merkle root".into()) } - pub(crate) fn assert_hashes_equal(&mut self, x: HashTarget, y: HashTarget) { + pub(crate) fn assert_hashes_equal(&mut self, x: HashOutTarget, y: HashOutTarget) { for i in 0..4 { self.assert_equal(x.elements[i], y.elements[i]); } } - pub(crate) fn named_assert_hashes_equal(&mut self, x: HashTarget, y: HashTarget, name: String) { + pub(crate) fn named_assert_hashes_equal( + &mut self, + x: HashOutTarget, + y: HashOutTarget, + name: String, + ) { for i in 0..4 { self.named_assert_equal( x.elements[i], @@ -135,11 +139,12 @@ mod tests { use rand::{thread_rng, Rng}; use super::*; - use crate::circuit_data::CircuitConfig; use crate::field::crandall_field::CrandallField; - use crate::merkle_tree::MerkleTree; - use crate::verifier::verify; - use crate::witness::PartialWitness; + use crate::hash::merkle_tree::MerkleTree; + use crate::iop::witness::PartialWitness; + use crate::plonk::circuit_builder::CircuitBuilder; + use crate::plonk::circuit_data::CircuitConfig; + use crate::plonk::verifier::verify; fn random_data(n: usize, k: usize) -> Vec> { (0..n).map(|_| F::rand_vec(k)).collect() diff --git a/src/merkle_tree.rs b/src/hash/merkle_tree.rs similarity index 91% rename from src/merkle_tree.rs rename to src/hash/merkle_tree.rs index d6fa8694..c4e2a194 100644 --- a/src/merkle_tree.rs +++ b/src/hash/merkle_tree.rs @@ -1,9 +1,9 @@ use rayon::prelude::*; -use crate::field::field::Field; -use crate::hash::{compress, hash_or_noop}; -use crate::merkle_proofs::MerkleProof; -use crate::proof::Hash; +use crate::field::field_types::Field; +use crate::hash::hash_types::HashOut; +use crate::hash::hashing::{compress, hash_or_noop}; +use crate::hash::merkle_proofs::MerkleProof; use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place}; #[derive(Clone, Debug)] @@ -12,10 +12,10 @@ pub struct MerkleTree { pub leaves: Vec>, /// The layers of hashes in the tree. The first layer is the one at the bottom. - pub layers: Vec>>, + pub layers: Vec>>, /// The Merkle root. - pub root: Hash, + pub root: HashOut, /// If true, the indices are in bit-reversed form, so that the leaf at index `i` /// contains the leaf originally at index `reverse_bits(i)`. @@ -86,7 +86,7 @@ mod tests { use super::*; use crate::field::crandall_field::CrandallField; - use crate::merkle_proofs::verify_merkle_proof; + use crate::hash::merkle_proofs::verify_merkle_proof; fn random_data(n: usize, k: usize) -> Vec> { (0..n).map(|_| F::rand_vec(k)).collect() diff --git a/src/hash/mod.rs b/src/hash/mod.rs new file mode 100644 index 00000000..613ddbd8 --- /dev/null +++ b/src/hash/mod.rs @@ -0,0 +1,6 @@ +pub mod gmimc; +pub mod hash_types; +pub mod hashing; +pub mod merkle_proofs; +pub mod merkle_tree; +pub mod rescue; diff --git a/src/rescue.rs b/src/hash/rescue.rs similarity index 99% rename from src/rescue.rs rename to src/hash/rescue.rs index 9aa12bc5..0a73fdc5 100644 --- a/src/rescue.rs +++ b/src/hash/rescue.rs @@ -2,7 +2,7 @@ use unroll::unroll_for_loops; -use crate::field::field::Field; +use crate::field::field_types::Field; const ROUNDS: usize = 8; diff --git a/src/plonk_challenger.rs b/src/iop/challenger.rs similarity index 93% rename from src/plonk_challenger.rs rename to src/iop/challenger.rs index 4799007e..d15eab30 100644 --- a/src/plonk_challenger.rs +++ b/src/iop/challenger.rs @@ -1,14 +1,15 @@ use std::convert::TryInto; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::{Extendable, FieldExtension}; -use crate::field::field::Field; -use crate::hash::{permute, SPONGE_RATE, SPONGE_WIDTH}; -use crate::proof::{Hash, HashTarget, OpeningSet, OpeningSetTarget}; -use crate::target::Target; +use crate::field::field_types::Field; +use crate::hash::hash_types::{HashOut, HashOutTarget}; +use crate::hash::hashing::{permute, SPONGE_RATE, SPONGE_WIDTH}; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::proof::{OpeningSet, OpeningSetTarget}; -/// Observes prover messages, and generates challenges by hashing the transcript. +/// Observes prover messages, and generates challenges by hashing the transcript, a la Fiat-Shamir. #[derive(Clone)] pub struct Challenger { sponge_state: [F; SPONGE_WIDTH], @@ -88,7 +89,7 @@ impl Challenger { } } - pub fn observe_hash(&mut self, hash: &Hash) { + pub fn observe_hash(&mut self, hash: &HashOut) { self.observe_elements(&hash.elements) } @@ -122,8 +123,8 @@ impl Challenger { (0..n).map(|_| self.get_challenge()).collect() } - pub fn get_hash(&mut self) -> Hash { - Hash { + pub fn get_hash(&mut self) -> HashOut { + HashOut { elements: [ self.get_challenge(), self.get_challenge(), @@ -234,7 +235,7 @@ impl RecursiveChallenger { } } - pub fn observe_hash(&mut self, hash: &HashTarget) { + pub fn observe_hash(&mut self, hash: &HashOutTarget) { self.observe_elements(&hash.elements) } @@ -294,8 +295,8 @@ impl RecursiveChallenger { pub fn get_hash, const D: usize>( &mut self, builder: &mut CircuitBuilder, - ) -> HashTarget { - HashTarget { + ) -> HashOutTarget { + HashOutTarget { elements: [ self.get_challenge(builder), self.get_challenge(builder), @@ -341,14 +342,14 @@ impl RecursiveChallenger { #[cfg(test)] mod tests { - use crate::circuit_builder::CircuitBuilder; - use crate::circuit_data::CircuitConfig; use crate::field::crandall_field::CrandallField; - use crate::field::field::Field; - use crate::generator::generate_partial_witness; - use crate::plonk_challenger::{Challenger, RecursiveChallenger}; - use crate::target::Target; - use crate::witness::PartialWitness; + use crate::field::field_types::Field; + use crate::iop::challenger::{Challenger, RecursiveChallenger}; + use crate::iop::generator::generate_partial_witness; + use crate::iop::target::Target; + use crate::iop::witness::PartialWitness; + use crate::plonk::circuit_builder::CircuitBuilder; + use crate::plonk::circuit_data::CircuitConfig; #[test] fn no_duplicate_challenges() { diff --git a/src/generator.rs b/src/iop/generator.rs similarity index 96% rename from src/generator.rs rename to src/iop/generator.rs index a7359a7d..248646c1 100644 --- a/src/generator.rs +++ b/src/iop/generator.rs @@ -4,11 +4,11 @@ use std::fmt::Debug; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::{Extendable, FieldExtension}; -use crate::field::field::Field; -use crate::proof::{Hash, HashTarget}; -use crate::target::Target; -use crate::wire::Wire; -use crate::witness::PartialWitness; +use crate::field::field_types::Field; +use crate::hash::hash_types::{HashOut, HashOutTarget}; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::iop::witness::PartialWitness; /// Given a `PartialWitness` that has only inputs set, populates the rest of the witness using the /// given set of generators. @@ -124,7 +124,7 @@ impl GeneratedValues { self.target_values.push((target, value)) } - pub fn set_hash_target(&mut self, ht: HashTarget, value: Hash) { + pub fn set_hash_target(&mut self, ht: HashOutTarget, value: HashOut) { ht.elements .iter() .zip(value.elements) diff --git a/src/iop/mod.rs b/src/iop/mod.rs new file mode 100644 index 00000000..7c4a33d7 --- /dev/null +++ b/src/iop/mod.rs @@ -0,0 +1,6 @@ +//! Logic common to multiple IOPs. +pub(crate) mod challenger; +pub mod generator; +pub mod target; +pub mod wire; +pub mod witness; diff --git a/src/target.rs b/src/iop/target.rs similarity index 92% rename from src/target.rs rename to src/iop/target.rs index 857a4378..50bd6bb6 100644 --- a/src/target.rs +++ b/src/iop/target.rs @@ -1,7 +1,7 @@ use std::ops::Range; -use crate::circuit_data::CircuitConfig; -use crate::wire::Wire; +use crate::iop::wire::Wire; +use crate::plonk::circuit_data::CircuitConfig; /// A location in the witness. #[derive(Copy, Clone, Eq, PartialEq, Hash, Debug)] diff --git a/src/wire.rs b/src/iop/wire.rs similarity index 92% rename from src/wire.rs rename to src/iop/wire.rs index f63a19c1..c159820b 100644 --- a/src/wire.rs +++ b/src/iop/wire.rs @@ -1,6 +1,6 @@ use std::ops::Range; -use crate::circuit_data::CircuitConfig; +use crate::plonk::circuit_data::CircuitConfig; /// Represents a wire in the circuit. #[derive(Copy, Clone, Eq, PartialEq, Hash, Debug)] diff --git a/src/witness.rs b/src/iop/witness.rs similarity index 92% rename from src/witness.rs rename to src/iop/witness.rs index 2ef9d8b3..d004b888 100644 --- a/src/witness.rs +++ b/src/iop/witness.rs @@ -3,15 +3,16 @@ use std::convert::TryInto; use anyhow::{ensure, Result}; -use crate::copy_constraint::CopyConstraint; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::{Extendable, FieldExtension}; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::gate::GateInstance; -use crate::generator::GeneratedValues; -use crate::proof::{Hash, HashTarget}; -use crate::target::Target; -use crate::wire::Wire; +use crate::hash::hash_types::HashOut; +use crate::hash::hash_types::HashOutTarget; +use crate::iop::generator::GeneratedValues; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::plonk::copy_constraint::CopyConstraint; #[derive(Clone, Debug)] pub struct Witness { @@ -57,8 +58,8 @@ impl PartialWitness { ) } - pub fn get_hash_target(&self, ht: HashTarget) -> Hash { - Hash { + pub fn get_hash_target(&self, ht: HashOutTarget) -> HashOut { + HashOut { elements: self.get_targets(&ht.elements).try_into().unwrap(), } } @@ -94,7 +95,7 @@ impl PartialWitness { } } - pub fn set_hash_target(&mut self, ht: HashTarget, value: Hash) { + pub fn set_hash_target(&mut self, ht: HashOutTarget, value: HashOut) { ht.elements .iter() .zip(value.elements) diff --git a/src/lib.rs b/src/lib.rs index 734c539e..1249e9db 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,30 +1,11 @@ #![feature(destructuring_assignment)] -pub mod circuit_builder; -pub mod circuit_data; -pub mod context_tree; -pub mod copy_constraint; pub mod field; pub mod fri; pub mod gadgets; pub mod gates; -pub mod generator; -pub mod gmimc; pub mod hash; -pub mod merkle_proofs; -mod merkle_tree; -mod permutation_argument; -pub mod plonk_challenger; -pub mod plonk_common; +pub mod iop; +pub mod plonk; pub mod polynomial; -pub mod proof; -pub mod prover; -pub mod recursive_verifier; -pub mod rescue; -pub mod target; pub mod util; -pub mod vanishing_poly; -pub mod vars; -pub mod verifier; -pub mod wire; -pub mod witness; diff --git a/src/circuit_builder.rs b/src/plonk/circuit_builder.rs similarity index 96% rename from src/circuit_builder.rs rename to src/plonk/circuit_builder.rs index 57f5b7ac..3a905cf5 100644 --- a/src/circuit_builder.rs +++ b/src/plonk/circuit_builder.rs @@ -4,32 +4,32 @@ use std::time::Instant; use log::info; -use crate::circuit_data::{ - CircuitConfig, CircuitData, CommonCircuitData, ProverCircuitData, ProverOnlyCircuitData, - VerifierCircuitData, VerifierOnlyCircuitData, -}; -use crate::context_tree::ContextTree; -use crate::copy_constraint::CopyConstraint; use crate::field::cosets::get_unique_coset_shifts; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; +use crate::fri::commitment::PolynomialBatchCommitment; use crate::gates::constant::ConstantGate; use crate::gates::gate::{Gate, GateInstance, GateRef, PrefixedGate}; use crate::gates::gate_tree::Tree; use crate::gates::noop::NoopGate; use crate::gates::public_input::PublicInputGate; -use crate::generator::{CopyGenerator, RandomValueGenerator, WitnessGenerator}; -use crate::hash::hash_n_to_hash; -use crate::permutation_argument::TargetPartition; -use crate::plonk_common::PlonkPolynomials; -use crate::polynomial::commitment::ListPolynomialCommitment; +use crate::hash::hash_types::HashOutTarget; +use crate::hash::hashing::hash_n_to_hash; +use crate::iop::generator::{CopyGenerator, RandomValueGenerator, WitnessGenerator}; +use crate::iop::target::Target; +use crate::iop::wire::Wire; +use crate::plonk::circuit_data::{ + CircuitConfig, CircuitData, CommonCircuitData, ProverCircuitData, ProverOnlyCircuitData, + VerifierCircuitData, VerifierOnlyCircuitData, +}; +use crate::plonk::copy_constraint::CopyConstraint; +use crate::plonk::permutation_argument::TargetPartition; +use crate::plonk::plonk_common::PlonkPolynomials; use crate::polynomial::polynomial::PolynomialValues; -use crate::proof::HashTarget; -use crate::target::Target; +use crate::util::context_tree::ContextTree; use crate::util::marking::{Markable, MarkedTargets}; use crate::util::partial_products::num_partial_products; use crate::util::{log2_ceil, log2_strict, transpose, transpose_poly_values}; -use crate::wire::Wire; pub struct CircuitBuilder, const D: usize> { pub(crate) config: CircuitConfig, @@ -106,11 +106,11 @@ impl, const D: usize> CircuitBuilder { (0..n).map(|_i| self.add_virtual_target()).collect() } - pub fn add_virtual_hash(&mut self) -> HashTarget { - HashTarget::from_vec(self.add_virtual_targets(4)) + pub fn add_virtual_hash(&mut self) -> HashOutTarget { + HashOutTarget::from_vec(self.add_virtual_targets(4)) } - pub fn add_virtual_hashes(&mut self, n: usize) -> Vec { + pub fn add_virtual_hashes(&mut self, n: usize) -> Vec { (0..n).map(|_i| self.add_virtual_hash()).collect() } @@ -535,7 +535,7 @@ impl, const D: usize> CircuitBuilder { let sigma_vecs = self.sigma_vecs(&k_is, &subgroup); let constants_sigmas_vecs = [constant_vecs, sigma_vecs.clone()].concat(); - let constants_sigmas_commitment = ListPolynomialCommitment::new( + let constants_sigmas_commitment = PolynomialBatchCommitment::new( constants_sigmas_vecs, self.config.rate_bits, self.config.zero_knowledge & PlonkPolynomials::CONSTANTS_SIGMAS.blinding, diff --git a/src/circuit_data.rs b/src/plonk/circuit_data.rs similarity index 92% rename from src/circuit_data.rs rename to src/plonk/circuit_data.rs index 3087f566..576bedfd 100644 --- a/src/circuit_data.rs +++ b/src/plonk/circuit_data.rs @@ -2,19 +2,20 @@ use std::ops::{Range, RangeFrom}; use anyhow::Result; -use crate::copy_constraint::CopyConstraint; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; +use crate::fri::commitment::PolynomialBatchCommitment; use crate::fri::FriConfig; use crate::gates::gate::{GateInstance, PrefixedGate}; -use crate::generator::WitnessGenerator; -use crate::polynomial::commitment::ListPolynomialCommitment; -use crate::proof::{Hash, HashTarget, ProofWithPublicInputs}; -use crate::prover::prove; -use crate::target::Target; +use crate::hash::hash_types::{HashOut, HashOutTarget}; +use crate::iop::generator::WitnessGenerator; +use crate::iop::target::Target; +use crate::iop::witness::PartialWitness; +use crate::plonk::copy_constraint::CopyConstraint; +use crate::plonk::proof::ProofWithPublicInputs; +use crate::plonk::prover::prove; +use crate::plonk::verifier::verify; use crate::util::marking::MarkedTargets; -use crate::verifier::verify; -use crate::witness::PartialWitness; #[derive(Clone)] pub struct CircuitConfig { @@ -122,7 +123,7 @@ impl, const D: usize> VerifierCircuitData { pub(crate) struct ProverOnlyCircuitData, const D: usize> { pub generators: Vec>>, /// Commitments to the constants polynomials and sigma polynomials. - pub constants_sigmas_commitment: ListPolynomialCommitment, + pub constants_sigmas_commitment: PolynomialBatchCommitment, /// The transpose of the list of sigma polynomials. pub sigmas: Vec>, /// Subgroup of order `degree`. @@ -140,7 +141,7 @@ pub(crate) struct ProverOnlyCircuitData, const D: usize> { /// Circuit data required by the verifier, but not the prover. pub(crate) struct VerifierOnlyCircuitData { /// A commitment to each constant polynomial and each permutation polynomial. - pub(crate) constants_sigmas_root: Hash, + pub(crate) constants_sigmas_root: HashOut, } /// Circuit data required by both the prover and the verifier. @@ -170,7 +171,7 @@ pub struct CommonCircuitData, const D: usize> { /// A digest of the "circuit" (i.e. the instance, minus public inputs), which can be used to /// seed Fiat-Shamir. - pub(crate) circuit_digest: Hash, + pub(crate) circuit_digest: HashOut, } impl, const D: usize> CommonCircuitData { @@ -230,5 +231,5 @@ impl, const D: usize> CommonCircuitData { /// dynamic, at least not without setting a maximum wire count and paying for the worst case. pub struct VerifierCircuitTarget { /// A commitment to each constant polynomial and each permutation polynomial. - pub(crate) constants_sigmas_root: HashTarget, + pub(crate) constants_sigmas_root: HashOutTarget, } diff --git a/src/copy_constraint.rs b/src/plonk/copy_constraint.rs similarity index 92% rename from src/copy_constraint.rs rename to src/plonk/copy_constraint.rs index dc64924a..a838ed37 100644 --- a/src/copy_constraint.rs +++ b/src/plonk/copy_constraint.rs @@ -1,4 +1,4 @@ -use crate::target::Target; +use crate::iop::target::Target; /// A named copy constraint. pub struct CopyConstraint { diff --git a/src/plonk/mod.rs b/src/plonk/mod.rs new file mode 100644 index 00000000..3d569443 --- /dev/null +++ b/src/plonk/mod.rs @@ -0,0 +1,11 @@ +pub mod circuit_builder; +pub mod circuit_data; +pub(crate) mod copy_constraint; +pub(crate) mod permutation_argument; +pub(crate) mod plonk_common; +pub mod proof; +pub mod prover; +pub mod recursive_verifier; +pub(crate) mod vanishing_poly; +pub mod vars; +pub mod verifier; diff --git a/src/permutation_argument.rs b/src/plonk/permutation_argument.rs similarity index 98% rename from src/permutation_argument.rs rename to src/plonk/permutation_argument.rs index 7bad6d8d..08ebcd48 100644 --- a/src/permutation_argument.rs +++ b/src/plonk/permutation_argument.rs @@ -4,10 +4,10 @@ use std::hash::Hash; use rayon::prelude::*; -use crate::field::field::Field; +use crate::field::field_types::Field; +use crate::iop::target::Target; +use crate::iop::wire::Wire; use crate::polynomial::polynomial::PolynomialValues; -use crate::target::Target; -use crate::wire::Wire; /// Node in the Disjoint Set Forest. #[derive(Debug, Copy, Clone, Eq, PartialEq)] diff --git a/src/plonk_common.rs b/src/plonk/plonk_common.rs similarity index 97% rename from src/plonk_common.rs rename to src/plonk/plonk_common.rs index 9caf3746..e31825ad 100644 --- a/src/plonk_common.rs +++ b/src/plonk/plonk_common.rs @@ -1,12 +1,12 @@ use std::borrow::Borrow; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; -use crate::field::field::Field; -use crate::polynomial::commitment::SALT_SIZE; +use crate::field::field_types::Field; +use crate::fri::commitment::SALT_SIZE; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; use crate::polynomial::polynomial::PolynomialCoeffs; -use crate::target::Target; /// Holds the Merkle tree index and blinding flag of a set of polynomials used in FRI. #[derive(Debug, Copy, Clone)] @@ -23,8 +23,10 @@ impl PolynomialsIndexBlinding { } } } + /// Holds the indices and blinding flags of the Plonk polynomials. pub struct PlonkPolynomials; + impl PlonkPolynomials { pub const CONSTANTS_SIGMAS: PolynomialsIndexBlinding = PolynomialsIndexBlinding { index: 0, @@ -72,6 +74,7 @@ pub(crate) struct ZeroPolyOnCoset { /// Holds the multiplicative inverses of `evals`. inverses: Vec, } + impl ZeroPolyOnCoset { pub fn new(n_log: usize, rate_bits: usize) -> Self { let g_pow_n = F::coset_shift().exp_power_of_2(n_log); diff --git a/src/plonk/proof.rs b/src/plonk/proof.rs new file mode 100644 index 00000000..faa5be89 --- /dev/null +++ b/src/plonk/proof.rs @@ -0,0 +1,100 @@ +use serde::{Deserialize, Serialize}; + +use crate::field::extension_field::target::ExtensionTarget; +use crate::field::extension_field::Extendable; +use crate::fri::commitment::{OpeningProof, OpeningProofTarget, PolynomialBatchCommitment}; +use crate::hash::hash_types::{HashOut, HashOutTarget}; +use crate::iop::target::Target; +use crate::plonk::circuit_data::CommonCircuitData; + +#[derive(Serialize, Deserialize, Clone, Debug)] +#[serde(bound = "")] +pub struct Proof, const D: usize> { + /// Merkle root of LDEs of wire values. + pub wires_root: HashOut, + /// Merkle root of LDEs of Z, in the context of Plonk's permutation argument. + pub plonk_zs_partial_products_root: HashOut, + /// Merkle root of LDEs of the quotient polynomial components. + pub quotient_polys_root: HashOut, + /// Purported values of each polynomial at the challenge point. + pub openings: OpeningSet, + /// A FRI argument for each FRI query. + pub opening_proof: OpeningProof, +} + +#[derive(Serialize, Deserialize, Clone, Debug)] +#[serde(bound = "")] +pub struct ProofWithPublicInputs, const D: usize> { + pub proof: Proof, + pub public_inputs: Vec, +} + +pub struct ProofTarget { + pub wires_root: HashOutTarget, + pub plonk_zs_partial_products_root: HashOutTarget, + pub quotient_polys_root: HashOutTarget, + pub openings: OpeningSetTarget, + pub opening_proof: OpeningProofTarget, +} + +pub struct ProofWithPublicInputsTarget { + pub proof: ProofTarget, + pub public_inputs: Vec, +} + +#[derive(Clone, Debug, Serialize, Deserialize)] +/// The purported values of each polynomial at a single point. +pub struct OpeningSet, const D: usize> { + pub constants: Vec, + pub plonk_sigmas: Vec, + pub wires: Vec, + pub plonk_zs: Vec, + pub plonk_zs_right: Vec, + pub partial_products: Vec, + pub quotient_polys: Vec, +} + +impl, const D: usize> OpeningSet { + pub fn new( + z: F::Extension, + g: F::Extension, + constants_sigmas_commitment: &PolynomialBatchCommitment, + wires_commitment: &PolynomialBatchCommitment, + zs_partial_products_commitment: &PolynomialBatchCommitment, + quotient_polys_commitment: &PolynomialBatchCommitment, + common_data: &CommonCircuitData, + ) -> Self { + let eval_commitment = |z: F::Extension, c: &PolynomialBatchCommitment| { + c.polynomials + .iter() + .map(|p| p.to_extension().eval(z)) + .collect::>() + }; + let constants_sigmas_eval = eval_commitment(z, constants_sigmas_commitment); + let zs_partial_products_eval = eval_commitment(z, zs_partial_products_commitment); + Self { + constants: constants_sigmas_eval[common_data.constants_range()].to_vec(), + plonk_sigmas: constants_sigmas_eval[common_data.sigmas_range()].to_vec(), + wires: eval_commitment(z, wires_commitment), + plonk_zs: zs_partial_products_eval[common_data.zs_range()].to_vec(), + plonk_zs_right: eval_commitment(g * z, zs_partial_products_commitment) + [common_data.zs_range()] + .to_vec(), + partial_products: zs_partial_products_eval[common_data.partial_products_range()] + .to_vec(), + quotient_polys: eval_commitment(z, quotient_polys_commitment), + } + } +} + +/// The purported values of each polynomial at a single point. +#[derive(Clone, Debug)] +pub struct OpeningSetTarget { + pub constants: Vec>, + pub plonk_sigmas: Vec>, + pub wires: Vec>, + pub plonk_zs: Vec>, + pub plonk_zs_right: Vec>, + pub partial_products: Vec>, + pub quotient_polys: Vec>, +} diff --git a/src/prover.rs b/src/plonk/prover.rs similarity index 92% rename from src/prover.rs rename to src/plonk/prover.rs index 865489a0..8e233a71 100644 --- a/src/prover.rs +++ b/src/plonk/prover.rs @@ -4,21 +4,23 @@ use anyhow::Result; use log::info; use rayon::prelude::*; -use crate::circuit_data::{CommonCircuitData, ProverOnlyCircuitData}; use crate::field::extension_field::Extendable; -use crate::generator::generate_partial_witness; -use crate::hash::hash_n_to_hash; -use crate::plonk_challenger::Challenger; -use crate::plonk_common::{PlonkPolynomials, ZeroPolyOnCoset}; -use crate::polynomial::commitment::ListPolynomialCommitment; +use crate::fri::commitment::PolynomialBatchCommitment; +use crate::hash::hash_types::HashOut; +use crate::hash::hashing::hash_n_to_hash; +use crate::iop::challenger::Challenger; +use crate::iop::generator::generate_partial_witness; +use crate::iop::witness::{PartialWitness, Witness}; +use crate::plonk::circuit_data::{CommonCircuitData, ProverOnlyCircuitData}; +use crate::plonk::plonk_common::PlonkPolynomials; +use crate::plonk::plonk_common::ZeroPolyOnCoset; +use crate::plonk::proof::{Proof, ProofWithPublicInputs}; +use crate::plonk::vanishing_poly::eval_vanishing_poly_base; +use crate::plonk::vars::EvaluationVarsBase; use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues}; -use crate::proof::{Hash, Proof, ProofWithPublicInputs}; use crate::timed; use crate::util::partial_products::partial_products; use crate::util::{log2_ceil, transpose}; -use crate::vanishing_poly::eval_vanishing_poly_base; -use crate::vars::EvaluationVarsBase; -use crate::witness::{PartialWitness, Witness}; pub(crate) fn prove, const D: usize>( prover_data: &ProverOnlyCircuitData, @@ -69,7 +71,7 @@ pub(crate) fn prove, const D: usize>( ); let wires_commitment = timed!( - ListPolynomialCommitment::new( + PolynomialBatchCommitment::new( wires_values, config.rate_bits, config.zero_knowledge & PlonkPolynomials::WIRES.blinding @@ -106,7 +108,7 @@ pub(crate) fn prove, const D: usize>( let zs_partial_products = [plonk_z_vecs, partial_products.concat()].concat(); let zs_partial_products_commitment = timed!( - ListPolynomialCommitment::new( + PolynomialBatchCommitment::new( zs_partial_products, config.rate_bits, config.zero_knowledge & PlonkPolynomials::ZS_PARTIAL_PRODUCTS.blinding @@ -150,7 +152,7 @@ pub(crate) fn prove, const D: usize>( ); let quotient_polys_commitment = timed!( - ListPolynomialCommitment::new_from_polys( + PolynomialBatchCommitment::new_from_polys( all_quotient_poly_chunks, config.rate_bits, config.zero_knowledge & PlonkPolynomials::QUOTIENT.blinding @@ -163,7 +165,7 @@ pub(crate) fn prove, const D: usize>( let zeta = challenger.get_extension_challenge(); let (opening_proof, openings) = timed!( - ListPolynomialCommitment::open_plonk( + PolynomialBatchCommitment::open_plonk( &[ &prover_data.constants_sigmas_commitment, &wires_commitment, @@ -292,9 +294,9 @@ fn compute_z, const D: usize>( fn compute_quotient_polys<'a, F: Extendable, const D: usize>( common_data: &CommonCircuitData, prover_data: &'a ProverOnlyCircuitData, - public_inputs_hash: &Hash, - wires_commitment: &'a ListPolynomialCommitment, - zs_partial_products_commitment: &'a ListPolynomialCommitment, + public_inputs_hash: &HashOut, + wires_commitment: &'a PolynomialBatchCommitment, + zs_partial_products_commitment: &'a PolynomialBatchCommitment, betas: &[F], gammas: &[F], alphas: &[F], @@ -318,7 +320,7 @@ fn compute_quotient_polys<'a, F: Extendable, const D: usize>( let lde_size = points.len(); // Retrieve the LDE values at index `i`. - let get_at_index = |comm: &'a ListPolynomialCommitment, i: usize| -> &'a [F] { + let get_at_index = |comm: &'a PolynomialBatchCommitment, i: usize| -> &'a [F] { comm.get_lde_values(i * step) }; diff --git a/src/recursive_verifier.rs b/src/plonk/recursive_verifier.rs similarity index 95% rename from src/recursive_verifier.rs rename to src/plonk/recursive_verifier.rs index 9e96be60..773a695e 100644 --- a/src/recursive_verifier.rs +++ b/src/plonk/recursive_verifier.rs @@ -1,11 +1,12 @@ -use crate::circuit_builder::CircuitBuilder; -use crate::circuit_data::{CircuitConfig, CommonCircuitData, VerifierCircuitTarget}; use crate::field::extension_field::Extendable; -use crate::plonk_challenger::RecursiveChallenger; -use crate::proof::{HashTarget, ProofWithPublicInputsTarget}; +use crate::hash::hash_types::HashOutTarget; +use crate::iop::challenger::RecursiveChallenger; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::circuit_data::{CircuitConfig, CommonCircuitData, VerifierCircuitTarget}; +use crate::plonk::proof::ProofWithPublicInputsTarget; +use crate::plonk::vanishing_poly::eval_vanishing_poly_recursively; +use crate::plonk::vars::EvaluationTargets; use crate::util::reducing::ReducingFactorTarget; -use crate::vanishing_poly::eval_vanishing_poly_recursively; -use crate::vars::EvaluationTargets; use crate::with_context; const MIN_WIRES: usize = 120; // TODO: Double check. @@ -37,7 +38,7 @@ impl, const D: usize> CircuitBuilder { let (betas, gammas, alphas, zeta) = with_context!(self, "observe proof and generates challenges", { // Observe the instance. - let digest = HashTarget::from_vec( + let digest = HashOutTarget::from_vec( self.constants(&inner_common_data.circuit_digest.elements), ); challenger.observe_hash(&digest); @@ -130,16 +131,16 @@ mod tests { use super::*; use crate::field::crandall_field::CrandallField; + use crate::fri::commitment::OpeningProofTarget; + use crate::fri::proof::{ + FriInitialTreeProofTarget, FriProofTarget, FriQueryRoundTarget, FriQueryStepTarget, + }; use crate::fri::FriConfig; use crate::gadgets::polynomial::PolynomialCoeffsExtTarget; - use crate::merkle_proofs::MerkleProofTarget; - use crate::polynomial::commitment::OpeningProofTarget; - use crate::proof::{ - FriInitialTreeProofTarget, FriProofTarget, FriQueryRoundTarget, FriQueryStepTarget, - OpeningSetTarget, Proof, ProofTarget, ProofWithPublicInputs, - }; - use crate::verifier::verify; - use crate::witness::PartialWitness; + use crate::hash::merkle_proofs::MerkleProofTarget; + use crate::iop::witness::PartialWitness; + use crate::plonk::proof::{OpeningSetTarget, Proof, ProofTarget, ProofWithPublicInputs}; + use crate::plonk::verifier::verify; // Construct a `FriQueryRoundTarget` with the same dimensions as the ones in `proof`. fn get_fri_query_round, const D: usize>( diff --git a/src/vanishing_poly.rs b/src/plonk/vanishing_poly.rs similarity index 97% rename from src/vanishing_poly.rs rename to src/plonk/vanishing_poly.rs index 8e6d50d5..c9990d1b 100644 --- a/src/vanishing_poly.rs +++ b/src/plonk/vanishing_poly.rs @@ -1,15 +1,15 @@ -use crate::circuit_builder::CircuitBuilder; -use crate::circuit_data::CommonCircuitData; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::gate::PrefixedGate; -use crate::plonk_common; -use crate::plonk_common::{eval_l_1_recursively, ZeroPolyOnCoset}; -use crate::target::Target; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; +use crate::plonk::circuit_data::CommonCircuitData; +use crate::plonk::plonk_common; +use crate::plonk::plonk_common::{eval_l_1_recursively, ZeroPolyOnCoset}; +use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; use crate::util::partial_products::{check_partial_products, check_partial_products_recursively}; use crate::util::reducing::ReducingFactorTarget; -use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase}; use crate::with_context; /// Evaluate the vanishing polynomial at `x`. In this context, the vanishing polynomial is a random diff --git a/src/vars.rs b/src/plonk/vars.rs similarity index 90% rename from src/vars.rs rename to src/plonk/vars.rs index 66ce2efb..110aa689 100644 --- a/src/vars.rs +++ b/src/plonk/vars.rs @@ -4,21 +4,21 @@ use std::ops::Range; use crate::field::extension_field::algebra::ExtensionAlgebra; use crate::field::extension_field::target::{ExtensionAlgebraTarget, ExtensionTarget}; use crate::field::extension_field::{Extendable, FieldExtension}; -use crate::field::field::Field; -use crate::proof::{Hash, HashTarget}; +use crate::field::field_types::Field; +use crate::hash::hash_types::{HashOut, HashOutTarget}; #[derive(Debug, Copy, Clone)] pub struct EvaluationVars<'a, F: Extendable, const D: usize> { pub(crate) local_constants: &'a [F::Extension], pub(crate) local_wires: &'a [F::Extension], - pub(crate) public_inputs_hash: &'a Hash, + pub(crate) public_inputs_hash: &'a HashOut, } #[derive(Debug, Copy, Clone)] pub struct EvaluationVarsBase<'a, F: Field> { pub(crate) local_constants: &'a [F], pub(crate) local_wires: &'a [F], - pub(crate) public_inputs_hash: &'a Hash, + pub(crate) public_inputs_hash: &'a HashOut, } impl<'a, F: Extendable, const D: usize> EvaluationVars<'a, F, D> { @@ -61,7 +61,7 @@ impl<'a, const D: usize> EvaluationTargets<'a, D> { pub struct EvaluationTargets<'a, const D: usize> { pub(crate) local_constants: &'a [ExtensionTarget], pub(crate) local_wires: &'a [ExtensionTarget], - pub(crate) public_inputs_hash: &'a HashTarget, + pub(crate) public_inputs_hash: &'a HashOutTarget, } impl<'a, const D: usize> EvaluationTargets<'a, D> { diff --git a/src/verifier.rs b/src/plonk/verifier.rs similarity index 89% rename from src/verifier.rs rename to src/plonk/verifier.rs index d8af4cb4..fe86a24b 100644 --- a/src/verifier.rs +++ b/src/plonk/verifier.rs @@ -1,14 +1,14 @@ use anyhow::{ensure, Result}; -use crate::circuit_data::{CommonCircuitData, VerifierOnlyCircuitData}; use crate::field::extension_field::Extendable; -use crate::field::field::Field; -use crate::hash::hash_n_to_hash; -use crate::plonk_challenger::Challenger; -use crate::plonk_common::reduce_with_powers; -use crate::proof::ProofWithPublicInputs; -use crate::vanishing_poly::eval_vanishing_poly; -use crate::vars::EvaluationVars; +use crate::field::field_types::Field; +use crate::hash::hashing::hash_n_to_hash; +use crate::iop::challenger::Challenger; +use crate::plonk::circuit_data::{CommonCircuitData, VerifierOnlyCircuitData}; +use crate::plonk::plonk_common::reduce_with_powers; +use crate::plonk::proof::ProofWithPublicInputs; +use crate::plonk::vanishing_poly::eval_vanishing_poly; +use crate::plonk::vars::EvaluationVars; pub(crate) fn verify, const D: usize>( proof_with_pis: ProofWithPublicInputs, diff --git a/src/polynomial/division.rs b/src/polynomial/division.rs index 6fa636ea..07bf0fe3 100644 --- a/src/polynomial/division.rs +++ b/src/polynomial/division.rs @@ -1,5 +1,5 @@ use crate::field::fft::{fft, ifft}; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::polynomial::polynomial::PolynomialCoeffs; use crate::util::{log2_ceil, log2_strict}; @@ -186,7 +186,7 @@ mod tests { use crate::field::crandall_field::CrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; - use crate::field::field::Field; + use crate::field::field_types::Field; use crate::polynomial::polynomial::PolynomialCoeffs; #[test] diff --git a/src/polynomial/mod.rs b/src/polynomial/mod.rs index 4360d3d4..2c7f7076 100644 --- a/src/polynomial/mod.rs +++ b/src/polynomial/mod.rs @@ -1,3 +1,2 @@ -pub mod commitment; pub(crate) mod division; pub mod polynomial; diff --git a/src/polynomial/polynomial.rs b/src/polynomial/polynomial.rs index 3e11f200..9457385b 100644 --- a/src/polynomial/polynomial.rs +++ b/src/polynomial/polynomial.rs @@ -7,7 +7,7 @@ use serde::{Deserialize, Serialize}; use crate::field::extension_field::Extendable; use crate::field::fft::{fft, fft_with_options, ifft}; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::util::log2_strict; /// A polynomial in point-value form. diff --git a/src/proof.rs b/src/proof.rs deleted file mode 100644 index 47be8569..00000000 --- a/src/proof.rs +++ /dev/null @@ -1,246 +0,0 @@ -use std::convert::TryInto; - -use serde::{Deserialize, Serialize}; - -use crate::circuit_data::CommonCircuitData; -use crate::field::extension_field::target::ExtensionTarget; -use crate::field::extension_field::Extendable; -use crate::field::field::Field; -use crate::gadgets::polynomial::PolynomialCoeffsExtTarget; -use crate::merkle_proofs::{MerkleProof, MerkleProofTarget}; -use crate::plonk_common::PolynomialsIndexBlinding; -use crate::polynomial::commitment::{ListPolynomialCommitment, OpeningProof, OpeningProofTarget}; -use crate::polynomial::polynomial::PolynomialCoeffs; -use crate::target::Target; - -/// Represents a ~256 bit hash output. -#[derive(Copy, Clone, Debug, Eq, PartialEq, Serialize, Deserialize)] -#[serde(bound = "")] -pub struct Hash { - pub(crate) elements: [F; 4], -} - -impl Hash { - pub(crate) fn from_vec(elements: Vec) -> Self { - debug_assert!(elements.len() == 4); - Self { - elements: elements.try_into().unwrap(), - } - } - - pub(crate) fn from_partial(mut elements: Vec) -> Self { - debug_assert!(elements.len() <= 4); - while elements.len() < 4 { - elements.push(F::ZERO); - } - Self { - elements: [elements[0], elements[1], elements[2], elements[3]], - } - } - - pub(crate) fn rand() -> Self { - Self { - elements: [F::rand(), F::rand(), F::rand(), F::rand()], - } - } -} - -/// Represents a ~256 bit hash output. -#[derive(Copy, Clone, Debug)] -pub struct HashTarget { - pub(crate) elements: [Target; 4], -} - -impl HashTarget { - pub(crate) fn from_vec(elements: Vec) -> Self { - debug_assert!(elements.len() == 4); - Self { - elements: elements.try_into().unwrap(), - } - } - - pub(crate) fn from_partial(mut elements: Vec, zero: Target) -> Self { - debug_assert!(elements.len() <= 4); - while elements.len() < 4 { - elements.push(zero); - } - Self { - elements: [elements[0], elements[1], elements[2], elements[3]], - } - } -} - -#[derive(Serialize, Deserialize, Clone, Debug)] -#[serde(bound = "")] -pub struct Proof, const D: usize> { - /// Merkle root of LDEs of wire values. - pub wires_root: Hash, - /// Merkle root of LDEs of Z, in the context of Plonk's permutation argument. - pub plonk_zs_partial_products_root: Hash, - /// Merkle root of LDEs of the quotient polynomial components. - pub quotient_polys_root: Hash, - /// Purported values of each polynomial at the challenge point. - pub openings: OpeningSet, - /// A FRI argument for each FRI query. - pub opening_proof: OpeningProof, -} - -#[derive(Serialize, Deserialize, Clone, Debug)] -#[serde(bound = "")] -pub struct ProofWithPublicInputs, const D: usize> { - pub proof: Proof, - pub public_inputs: Vec, -} - -pub struct ProofTarget { - pub wires_root: HashTarget, - pub plonk_zs_partial_products_root: HashTarget, - pub quotient_polys_root: HashTarget, - pub openings: OpeningSetTarget, - pub opening_proof: OpeningProofTarget, -} - -pub struct ProofWithPublicInputsTarget { - pub proof: ProofTarget, - pub public_inputs: Vec, -} - -/// Evaluations and Merkle proof produced by the prover in a FRI query step. -#[derive(Serialize, Deserialize, Clone, Debug)] -#[serde(bound = "")] -pub struct FriQueryStep, const D: usize> { - pub evals: Vec, - pub merkle_proof: MerkleProof, -} - -#[derive(Clone)] -pub struct FriQueryStepTarget { - pub evals: Vec>, - pub merkle_proof: MerkleProofTarget, -} - -/// Evaluations and Merkle proofs of the original set of polynomials, -/// before they are combined into a composition polynomial. -#[derive(Serialize, Deserialize, Clone, Debug)] -#[serde(bound = "")] -pub struct FriInitialTreeProof { - pub evals_proofs: Vec<(Vec, MerkleProof)>, -} - -impl FriInitialTreeProof { - pub(crate) fn unsalted_evals( - &self, - polynomials: PolynomialsIndexBlinding, - zero_knowledge: bool, - ) -> &[F] { - let evals = &self.evals_proofs[polynomials.index].0; - &evals[..evals.len() - polynomials.salt_size(zero_knowledge)] - } -} - -#[derive(Clone)] -pub struct FriInitialTreeProofTarget { - pub evals_proofs: Vec<(Vec, MerkleProofTarget)>, -} - -impl FriInitialTreeProofTarget { - pub(crate) fn unsalted_evals( - &self, - polynomials: PolynomialsIndexBlinding, - zero_knowledge: bool, - ) -> &[Target] { - let evals = &self.evals_proofs[polynomials.index].0; - &evals[..evals.len() - polynomials.salt_size(zero_knowledge)] - } -} - -/// Proof for a FRI query round. -#[derive(Serialize, Deserialize, Clone, Debug)] -#[serde(bound = "")] -pub struct FriQueryRound, const D: usize> { - pub initial_trees_proof: FriInitialTreeProof, - pub steps: Vec>, -} - -#[derive(Clone)] -pub struct FriQueryRoundTarget { - pub initial_trees_proof: FriInitialTreeProofTarget, - pub steps: Vec>, -} - -#[derive(Serialize, Deserialize, Clone, Debug)] -#[serde(bound = "")] -pub struct FriProof, const D: usize> { - /// A Merkle root for each reduced polynomial in the commit phase. - pub commit_phase_merkle_roots: Vec>, - /// Query rounds proofs - pub query_round_proofs: Vec>, - /// The final polynomial in coefficient form. - pub final_poly: PolynomialCoeffs, - /// Witness showing that the prover did PoW. - pub pow_witness: F, -} - -pub struct FriProofTarget { - pub commit_phase_merkle_roots: Vec, - pub query_round_proofs: Vec>, - pub final_poly: PolynomialCoeffsExtTarget, - pub pow_witness: Target, -} - -#[derive(Clone, Debug, Serialize, Deserialize)] -/// The purported values of each polynomial at a single point. -pub struct OpeningSet, const D: usize> { - pub constants: Vec, - pub plonk_sigmas: Vec, - pub wires: Vec, - pub plonk_zs: Vec, - pub plonk_zs_right: Vec, - pub partial_products: Vec, - pub quotient_polys: Vec, -} - -impl, const D: usize> OpeningSet { - pub fn new( - z: F::Extension, - g: F::Extension, - constants_sigmas_commitment: &ListPolynomialCommitment, - wires_commitment: &ListPolynomialCommitment, - zs_partial_products_commitment: &ListPolynomialCommitment, - quotient_polys_commitment: &ListPolynomialCommitment, - common_data: &CommonCircuitData, - ) -> Self { - let eval_commitment = |z: F::Extension, c: &ListPolynomialCommitment| { - c.polynomials - .iter() - .map(|p| p.to_extension().eval(z)) - .collect::>() - }; - let constants_sigmas_eval = eval_commitment(z, constants_sigmas_commitment); - let zs_partial_products_eval = eval_commitment(z, zs_partial_products_commitment); - Self { - constants: constants_sigmas_eval[common_data.constants_range()].to_vec(), - plonk_sigmas: constants_sigmas_eval[common_data.sigmas_range()].to_vec(), - wires: eval_commitment(z, wires_commitment), - plonk_zs: zs_partial_products_eval[common_data.zs_range()].to_vec(), - plonk_zs_right: eval_commitment(g * z, zs_partial_products_commitment) - [common_data.zs_range()] - .to_vec(), - partial_products: zs_partial_products_eval[common_data.partial_products_range()] - .to_vec(), - quotient_polys: eval_commitment(z, quotient_polys_commitment), - } - } -} - -/// The purported values of each polynomial at a single point. -#[derive(Clone, Debug)] -pub struct OpeningSetTarget { - pub constants: Vec>, - pub plonk_sigmas: Vec>, - pub wires: Vec>, - pub plonk_zs: Vec>, - pub plonk_zs_right: Vec>, - pub partial_products: Vec>, - pub quotient_polys: Vec>, -} diff --git a/src/context_tree.rs b/src/util/context_tree.rs similarity index 100% rename from src/context_tree.rs rename to src/util/context_tree.rs diff --git a/src/util/marking.rs b/src/util/marking.rs index 758d583e..e98f7cbc 100644 --- a/src/util/marking.rs +++ b/src/util/marking.rs @@ -1,15 +1,15 @@ use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; -use crate::proof::HashTarget; -use crate::target::Target; -use crate::witness::PartialWitness; +use crate::hash::hash_types::HashOutTarget; +use crate::iop::target::Target; +use crate::iop::witness::PartialWitness; /// Enum representing all types of targets, so that they can be marked. #[derive(Clone)] pub enum Markable { Target(Target), ExtensionTarget(ExtensionTarget), - HashTarget(HashTarget), + HashTarget(HashOutTarget), Vec(Vec>), } @@ -23,8 +23,8 @@ impl From> for Markable { Self::ExtensionTarget(et) } } -impl From for Markable { - fn from(ht: HashTarget) -> Self { +impl From for Markable { + fn from(ht: HashOutTarget) -> Self { Self::HashTarget(ht) } } diff --git a/src/util/mod.rs b/src/util/mod.rs index 9176563a..4846cd15 100644 --- a/src/util/mod.rs +++ b/src/util/mod.rs @@ -1,11 +1,12 @@ -pub mod marking; -pub mod partial_products; -pub mod reducing; -pub(crate) mod timing; - -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::polynomial::polynomial::PolynomialValues; +pub(crate) mod context_tree; +pub(crate) mod marking; +pub(crate) mod partial_products; +pub(crate) mod reducing; +pub(crate) mod timing; + pub(crate) fn bits_u64(n: u64) -> usize { (64 - n.leading_zeros()) as usize } diff --git a/src/util/partial_products.rs b/src/util/partial_products.rs index ed87002e..dc263bdb 100644 --- a/src/util/partial_products.rs +++ b/src/util/partial_products.rs @@ -1,9 +1,9 @@ use std::iter::Product; use std::ops::Sub; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; +use crate::plonk::circuit_builder::CircuitBuilder; use crate::util::ceil_div_usize; /// Compute partial products of the original vector `v` such that all products consist of `max_degree` diff --git a/src/util/reducing.rs b/src/util/reducing.rs index 6a4a1168..600cf025 100644 --- a/src/util/reducing.rs +++ b/src/util/reducing.rs @@ -2,14 +2,14 @@ use std::borrow::Borrow; use num::Integer; -use crate::circuit_builder::CircuitBuilder; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::{Extendable, Frobenius}; -use crate::field::field::Field; +use crate::field::field_types::Field; use crate::gates::arithmetic::ArithmeticExtensionGate; use crate::gates::reducing::ReducingGate; +use crate::iop::target::Target; +use crate::plonk::circuit_builder::CircuitBuilder; use crate::polynomial::polynomial::PolynomialCoeffs; -use crate::target::Target; /// When verifying the composition polynomial in FRI we have to compute sums of the form /// `(sum_0^k a^i * x_i)/d_0 + (sum_k^r a^i * y_i)/d_1` @@ -222,11 +222,11 @@ mod tests { use anyhow::Result; use super::*; - use crate::circuit_data::CircuitConfig; use crate::field::crandall_field::CrandallField; use crate::field::extension_field::quartic::QuarticCrandallField; - use crate::verifier::verify; - use crate::witness::PartialWitness; + use crate::iop::witness::PartialWitness; + use crate::plonk::circuit_data::CircuitConfig; + use crate::plonk::verifier::verify; fn test_reduce_gadget_base(n: usize) -> Result<()> { type F = CrandallField;