Move stuff around (#135)

No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check).
2026-01-07 16:23:12 +00:00 · 2021-07-29 22:00:29 -07:00 · 2021-07-29 22:00:29 -07:00 · 018fb005f8
commit 018fb005f8
parent c02d48036e
82 changed files with 727 additions and 694 deletions
--- a/src/bin/bench_field_mul.rs
+++ b/src/bin/bench_field_mul.rs
@ -3,7 +3,7 @@
 use std::time::Instant;
 use plonky2::field::crandall_field::CrandallField;
-use plonky2::field::field::Field;
+use plonky2::field::field_types::Field;
 type F = CrandallField;
--- a/src/bin/bench_field_mul_interleaved.rs
+++ b/src/bin/bench_field_mul_interleaved.rs
@ -3,7 +3,7 @@
 use std::time::Instant;
 use plonky2::field::crandall_field::CrandallField;
-use plonky2::field::field::Field;
+use plonky2::field::field_types::Field;
 type F = CrandallField;
--- a/src/bin/bench_gmimc.rs
+++ b/src/bin/bench_gmimc.rs
@ -3,9 +3,9 @@ use std::thread;
 use std::time::Instant;
 use plonky2::field::crandall_field::CrandallField;
-use plonky2::field::field::Field;
+use plonky2::field::field_types::Field;
-use plonky2::gmimc::gmimc_permute_array;
+use plonky2::hash::gmimc::gmimc_permute_array;
-use plonky2::hash::{GMIMC_CONSTANTS, GMIMC_ROUNDS};
+use plonky2::hash::hashing::{GMIMC_CONSTANTS, GMIMC_ROUNDS};
 type F = CrandallField;
--- a/src/bin/bench_ldes.rs
+++ b/src/bin/bench_ldes.rs
@ -1,7 +1,7 @@
 use std::time::Instant;
 use plonky2::field::crandall_field::CrandallField;
-use plonky2::field::field::Field;
+use plonky2::field::field_types::Field;
 use plonky2::polynomial::polynomial::PolynomialValues;
 use rayon::prelude::*;
--- a/src/bin/bench_recursion.rs
+++ b/src/bin/bench_recursion.rs
@ -1,13 +1,13 @@
 use anyhow::Result;
 use env_logger::Env;
 use log::info;
 use plonky2::circuit_builder::CircuitBuilder;
 use plonky2::circuit_data::CircuitConfig;
 use plonky2::field::crandall_field::CrandallField;
 use plonky2::field::extension_field::Extendable;
-use plonky2::field::field::Field;
+use plonky2::field::field_types::Field;
 use plonky2::fri::FriConfig;
-use plonky2::witness::PartialWitness;
+use plonky2::iop::witness::PartialWitness;
 use plonky2::plonk::circuit_builder::CircuitBuilder;
 use plonky2::plonk::circuit_data::CircuitConfig;
 fn main() -> Result<()> {
    // Set the default log filter. This can be overridden using the `RUST_LOG` environment variable,
--- a/src/bin/bench_rescue.rs
+++ b/src/bin/bench_rescue.rs
@ -3,8 +3,8 @@ use std::thread;
 use std::time::Instant;
 use plonky2::field::crandall_field::CrandallField;
-use plonky2::field::field::Field;
+use plonky2::field::field_types::Field;
-use plonky2::rescue::rescue;
+use plonky2::hash::rescue::rescue;
 type F = CrandallField;
--- a/src/field/cosets.rs
+++ b/src/field/cosets.rs
@ -1,6 +1,6 @@
 use num::bigint::BigUint;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 /// Finds a set of shifts that result in unique cosets for the multiplicative subgroup of size
 /// `2^subgroup_bits`.
@ -27,7 +27,7 @@ mod tests {
    use crate::field::cosets::get_unique_coset_shifts;
    use crate::field::crandall_field::CrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    #[test]
    fn distinct_cosets() {
--- a/src/field/crandall_field.rs
+++ b/src/field/crandall_field.rs
@ -12,7 +12,7 @@ use serde::{Deserialize, Serialize};
 use crate::field::extension_field::quadratic::QuadraticCrandallField;
 use crate::field::extension_field::quartic::QuarticCrandallField;
 use crate::field::extension_field::{Extendable, Frobenius};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 const FIELD_ORDER: u64 = 18446744071293632513;
--- a/src/field/extension_field/algebra.rs
+++ b/src/field/extension_field/algebra.rs
@ -160,7 +160,7 @@ mod tests {
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::algebra::ExtensionAlgebra;
    use crate::field::extension_field::{Extendable, FieldExtension};
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    /// Tests that the multiplication on the extension algebra lifts that of the field extension.
    fn test_extension_algebra<F: Extendable<D>, const D: usize>() {
--- a/src/field/extension_field/mod.rs
+++ b/src/field/extension_field/mod.rs
@ -1,6 +1,6 @@
 use std::convert::TryInto;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 pub mod algebra;
 pub mod quadratic;
--- a/src/field/extension_field/quadratic.rs
+++ b/src/field/extension_field/quadratic.rs
@ -1,5 +1,4 @@
 use std::fmt::{Debug, Display, Formatter};
 use std::hash::Hash;
 use std::iter::{Product, Sum};
 use std::ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign};
@ -9,7 +8,7 @@ use serde::{Deserialize, Serialize};
 use crate::field::crandall_field::CrandallField;
 use crate::field::extension_field::{FieldExtension, Frobenius, OEF};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 #[derive(Copy, Clone, Eq, PartialEq, Hash, Serialize, Deserialize)]
 pub struct QuadraticCrandallField([CrandallField; 2]);
@ -220,7 +219,7 @@ impl DivAssign for QuadraticCrandallField {
 mod tests {
    use crate::field::extension_field::quadratic::QuadraticCrandallField;
    use crate::field::extension_field::{FieldExtension, Frobenius};
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    use crate::test_field_arithmetic;
    #[test]
--- a/src/field/extension_field/quartic.rs
+++ b/src/field/extension_field/quartic.rs
@ -1,5 +1,4 @@
 use std::fmt::{Debug, Display, Formatter};
 use std::hash::Hash;
 use std::iter::{Product, Sum};
 use std::ops::{Add, AddAssign, Div, DivAssign, Mul, MulAssign, Neg, Sub, SubAssign};
@ -10,7 +9,7 @@ use serde::{Deserialize, Serialize};
 use crate::field::crandall_field::CrandallField;
 use crate::field::extension_field::{FieldExtension, Frobenius, OEF};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 /// A quartic extension of `CrandallField`.
 #[derive(Copy, Clone, Eq, PartialEq, Hash, Serialize, Deserialize)]
@ -287,7 +286,7 @@ impl DivAssign for QuarticCrandallField {
 mod tests {
    use crate::field::extension_field::quartic::QuarticCrandallField;
    use crate::field::extension_field::{FieldExtension, Frobenius};
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    use crate::test_field_arithmetic;
    fn exp_naive<F: Field>(x: F, power: u128) -> F {
--- a/src/field/extension_field/target.rs
+++ b/src/field/extension_field/target.rs
@ -1,11 +1,11 @@
 use std::convert::{TryFrom, TryInto};
 use std::ops::Range;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::algebra::ExtensionAlgebra;
 use crate::field::extension_field::{Extendable, FieldExtension, OEF};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
-use crate::target::Target;
+use crate::iop::target::Target;
 use crate::plonk::circuit_builder::CircuitBuilder;
 /// `Target`s representing an element of an extension field.
 #[derive(Copy, Clone, Debug)]
--- a/src/field/fft.rs
+++ b/src/field/fft.rs
@ -1,6 +1,6 @@
 use std::option::Option;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues};
 use crate::util::{log2_strict, reverse_index_bits};
@ -306,7 +306,7 @@ fn fft_unrolled<F: Field>(input: &[F], r_orig: usize, root_table: FftRootTable<F
 mod tests {
    use crate::field::crandall_field::CrandallField;
    use crate::field::fft::{fft, fft_with_options, ifft};
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues};
    use crate::util::{log2_ceil, log2_strict};
--- a/src/field/field_testing.rs
+++ b/src/field/field_testing.rs
@ -1,6 +1,6 @@
 use num::{bigint::BigUint, Zero};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::util::ceil_div_usize;
 /// Generates a series of non-negative integers less than
@ -153,7 +153,7 @@ macro_rules! test_field_arithmetic {
            use num::{bigint::BigUint, One, Zero};
            use rand::Rng;
-            use crate::field::field::Field;
+            use crate::field::field_types::Field;
            #[test]
            fn batch_inversion() {
@ -268,7 +268,7 @@ macro_rules! test_prime_field_arithmetic {
            use num::{bigint::BigUint, One, Zero};
-            use crate::field::field::Field;
+            use crate::field::field_types::Field;
            // Can be 32 or 64; doesn't have to be computer's actual word
            // bits. Choosing 32 gives more tests...
--- a/src/field/field_types.rs
+++ b/src/field/field_types.rs
--- a/src/field/interpolation.rs
+++ b/src/field/interpolation.rs
@ -1,5 +1,5 @@
 use crate::field::fft::ifft;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues};
 use crate::util::log2_ceil;
@ -79,7 +79,7 @@ mod tests {
    use super::*;
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    use crate::polynomial::polynomial::PolynomialCoeffs;
    #[test]
--- a/src/field/mod.rs
+++ b/src/field/mod.rs
@ -2,7 +2,7 @@ pub(crate) mod cosets;
 pub mod crandall_field;
 pub mod extension_field;
 pub mod fft;
-pub mod field;
+pub mod field_types;
 pub(crate) mod interpolation;
 #[cfg(test)]
--- a/src/polynomial/commitment.rs
+++ b/src/polynomial/commitment.rs
@ -2,17 +2,19 @@ use anyhow::Result;
 use rayon::prelude::*;
 use serde::{Deserialize, Serialize};
 use crate::circuit_builder::CircuitBuilder;
 use crate::circuit_data::CommonCircuitData;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::fri::proof::{FriProof, FriProofTarget};
 use crate::fri::{prover::fri_proof, verifier::verify_fri_proof};
-use crate::merkle_tree::MerkleTree;
+use crate::hash::hash_types::{HashOut, HashOutTarget};
-use crate::plonk_challenger::{Challenger, RecursiveChallenger};
+use crate::hash::merkle_tree::MerkleTree;
-use crate::plonk_common::PlonkPolynomials;
+use crate::iop::challenger::{Challenger, RecursiveChallenger};
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::circuit_data::CommonCircuitData;
 use crate::plonk::plonk_common::PlonkPolynomials;
 use crate::plonk::proof::{OpeningSet, OpeningSetTarget};
 use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues};
 use crate::proof::{FriProof, FriProofTarget, Hash, HashTarget, OpeningSet, OpeningSetTarget};
 use crate::timed;
 use crate::util::reducing::ReducingFactor;
 use crate::util::{log2_ceil, log2_strict, reverse_bits, reverse_index_bits_in_place, transpose};
@ -21,7 +23,8 @@ use crate::with_context;
 /// Two (~64 bit) field elements gives ~128 bit security.
 pub const SALT_SIZE: usize = 2;
-pub struct ListPolynomialCommitment<F: Field> {
+/// Represents a batch FRI based commitment to a list of polynomials.
 pub struct PolynomialBatchCommitment<F: Field> {
    pub polynomials: Vec<PolynomialCoeffs<F>>,
    pub merkle_tree: MerkleTree<F>,
    pub degree: usize,
@ -30,7 +33,7 @@ pub struct ListPolynomialCommitment<F: Field> {
    pub blinding: bool,
 }
-impl<F: Field> ListPolynomialCommitment<F> {
+impl<F: Field> PolynomialBatchCommitment<F> {
    /// Creates a list polynomial commitment for the polynomials interpolating the values in `values`.
    pub fn new(values: Vec<PolynomialValues<F>>, rate_bits: usize, blinding: bool) -> Self {
        let degree = values[0].len();
@ -244,7 +247,7 @@ impl<F: Extendable<D>, const D: usize> OpeningProof<F, D> {
        &self,
        zeta: F::Extension,
        os: &OpeningSet<F, D>,
-        merkle_roots: &[Hash<F>],
+        merkle_roots: &[HashOut<F>],
        challenger: &mut Challenger<F>,
        common_data: &CommonCircuitData<F, D>,
    ) -> Result<()> {
@ -274,7 +277,7 @@ impl<const D: usize> OpeningProofTarget<D> {
        &self,
        zeta: ExtensionTarget<D>,
        os: &OpeningSetTarget<D>,
-        merkle_roots: &[HashTarget],
+        merkle_roots: &[HashOutTarget],
        challenger: &mut RecursiveChallenger,
        common_data: &CommonCircuitData<F, D>,
        builder: &mut CircuitBuilder<F, D>,
@ -305,9 +308,8 @@ mod tests {
    use anyhow::Result;
    use super::*;
    use crate::circuit_data::CircuitConfig;
    use crate::fri::FriConfig;
-    use crate::plonk_common::PlonkPolynomials;
+    use crate::plonk::circuit_data::CircuitConfig;
    fn gen_random_test_case<F: Field + Extendable<D>, const D: usize>(
        k: usize,
@ -355,12 +357,12 @@ mod tests {
            num_constants: 4,
            k_is: vec![F::ONE; 6],
            num_partial_products: (0, 0),
-            circuit_digest: Hash::from_partial(vec![]),
+            circuit_digest: HashOut::from_partial(vec![]),
        };
        let lpcs = (0..4)
            .map(|i| {
-                ListPolynomialCommitment::<F>::new(
+                PolynomialBatchCommitment::<F>::new(
                    gen_random_test_case(ks[i], degree_log),
                    common_data.config.rate_bits,
                    PlonkPolynomials::polynomials(i).blinding,
@ -369,7 +371,7 @@ mod tests {
            .collect::<Vec<_>>();
        let zeta = gen_random_point::<F, D>(degree_log);
-        let (proof, os) = ListPolynomialCommitment::open_plonk::<D>(
+        let (proof, os) = PolynomialBatchCommitment::open_plonk::<D>(
            &[&lpcs[0], &lpcs[1], &lpcs[2], &lpcs[3]],
            zeta,
            &mut Challenger::new(),
--- a/src/fri/mod.rs
+++ b/src/fri/mod.rs
@ -1,5 +1,7 @@
 pub mod commitment;
 pub mod proof;
 pub mod prover;
-mod recursive_verifier;
+pub mod recursive_verifier;
 pub mod verifier;
 /// Somewhat arbitrary. Smaller values will increase delta, but with diminishing returns,
--- a/src/fri/proof.rs
+++ b/src/fri/proof.rs
@ -0,0 +1,94 @@
 use serde::{Deserialize, Serialize};
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::field::field_types::Field;
 use crate::gadgets::polynomial::PolynomialCoeffsExtTarget;
 use crate::hash::hash_types::{HashOut, HashOutTarget};
 use crate::hash::merkle_proofs::{MerkleProof, MerkleProofTarget};
 use crate::iop::target::Target;
 use crate::plonk::plonk_common::PolynomialsIndexBlinding;
 use crate::polynomial::polynomial::PolynomialCoeffs;
 /// Evaluations and Merkle proof produced by the prover in a FRI query step.
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct FriQueryStep<F: Extendable<D>, const D: usize> {
    pub evals: Vec<F::Extension>,
    pub merkle_proof: MerkleProof<F>,
 }
 #[derive(Clone)]
 pub struct FriQueryStepTarget<const D: usize> {
    pub evals: Vec<ExtensionTarget<D>>,
    pub merkle_proof: MerkleProofTarget,
 }
 /// Evaluations and Merkle proofs of the original set of polynomials,
 /// before they are combined into a composition polynomial.
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct FriInitialTreeProof<F: Field> {
    pub evals_proofs: Vec<(Vec<F>, MerkleProof<F>)>,
 }
 impl<F: Field> FriInitialTreeProof<F> {
    pub(crate) fn unsalted_evals(
        &self,
        polynomials: PolynomialsIndexBlinding,
        zero_knowledge: bool,
    ) -> &[F] {
        let evals = &self.evals_proofs[polynomials.index].0;
        &evals[..evals.len() - polynomials.salt_size(zero_knowledge)]
    }
 }
 #[derive(Clone)]
 pub struct FriInitialTreeProofTarget {
    pub evals_proofs: Vec<(Vec<Target>, MerkleProofTarget)>,
 }
 impl FriInitialTreeProofTarget {
    pub(crate) fn unsalted_evals(
        &self,
        polynomials: PolynomialsIndexBlinding,
        zero_knowledge: bool,
    ) -> &[Target] {
        let evals = &self.evals_proofs[polynomials.index].0;
        &evals[..evals.len() - polynomials.salt_size(zero_knowledge)]
    }
 }
 /// Proof for a FRI query round.
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct FriQueryRound<F: Extendable<D>, const D: usize> {
    pub initial_trees_proof: FriInitialTreeProof<F>,
    pub steps: Vec<FriQueryStep<F, D>>,
 }
 #[derive(Clone)]
 pub struct FriQueryRoundTarget<const D: usize> {
    pub initial_trees_proof: FriInitialTreeProofTarget,
    pub steps: Vec<FriQueryStepTarget<D>>,
 }
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct FriProof<F: Extendable<D>, const D: usize> {
    /// A Merkle root for each reduced polynomial in the commit phase.
    pub commit_phase_merkle_roots: Vec<HashOut<F>>,
    /// Query rounds proofs
    pub query_round_proofs: Vec<FriQueryRound<F, D>>,
    /// The final polynomial in coefficient form.
    pub final_poly: PolynomialCoeffs<F::Extension>,
    /// Witness showing that the prover did PoW.
    pub pow_witness: F,
 }
 pub struct FriProofTarget<const D: usize> {
    pub commit_phase_merkle_roots: Vec<HashOutTarget>,
    pub query_round_proofs: Vec<FriQueryRoundTarget<D>>,
    pub final_poly: PolynomialCoeffsExtTarget<D>,
    pub pow_witness: Target,
 }
--- a/src/fri/prover.rs
+++ b/src/fri/prover.rs
@ -1,14 +1,15 @@
 use rayon::prelude::*;
 use crate::field::extension_field::{flatten, unflatten, Extendable};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::fri::proof::{FriInitialTreeProof, FriProof, FriQueryRound, FriQueryStep};
 use crate::fri::FriConfig;
-use crate::hash::hash_n_to_1;
+use crate::hash::hash_types::HashOut;
-use crate::merkle_tree::MerkleTree;
+use crate::hash::hashing::hash_n_to_1;
-use crate::plonk_challenger::Challenger;
+use crate::hash::merkle_tree::MerkleTree;
-use crate::plonk_common::reduce_with_powers;
+use crate::iop::challenger::Challenger;
 use crate::plonk::plonk_common::reduce_with_powers;
 use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues};
 use crate::proof::{FriInitialTreeProof, FriProof, FriQueryRound, FriQueryStep, Hash};
 use crate::timed;
 use crate::util::reverse_index_bits_in_place;
@ -96,7 +97,7 @@ fn fri_committed_trees<F: Field + Extendable<D>, const D: usize>(
    (trees, coeffs)
 }
-fn fri_proof_of_work<F: Field>(current_hash: Hash<F>, config: &FriConfig) -> F {
+fn fri_proof_of_work<F: Field>(current_hash: HashOut<F>, config: &FriConfig) -> F {
    (0..u64::MAX)
        .into_par_iter()
        .find_any(|&i| {
--- a/src/fri/recursive_verifier.rs
+++ b/src/fri/recursive_verifier.rs
@ -1,15 +1,15 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::circuit_data::CommonCircuitData;
 use crate::field::extension_field::target::{flatten_target, ExtensionTarget};
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::fri::proof::{FriInitialTreeProofTarget, FriProofTarget, FriQueryRoundTarget};
 use crate::fri::FriConfig;
-use crate::plonk_challenger::RecursiveChallenger;
+use crate::hash::hash_types::HashOutTarget;
-use crate::plonk_common::PlonkPolynomials;
+use crate::iop::challenger::RecursiveChallenger;
-use crate::proof::{
+use crate::iop::target::Target;
-    FriInitialTreeProofTarget, FriProofTarget, FriQueryRoundTarget, HashTarget, OpeningSetTarget,
+use crate::plonk::circuit_builder::CircuitBuilder;
-};
+use crate::plonk::circuit_data::CommonCircuitData;
-use crate::target::Target;
+use crate::plonk::plonk_common::PlonkPolynomials;
 use crate::plonk::proof::OpeningSetTarget;
 use crate::util::reducing::ReducingFactorTarget;
 use crate::util::{log2_strict, reverse_index_bits_in_place};
 use crate::with_context;
@ -77,7 +77,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        zeta: ExtensionTarget<D>,
        // Scaling factor to combine polynomials.
        alpha: ExtensionTarget<D>,
-        initial_merkle_roots: &[HashTarget],
+        initial_merkle_roots: &[HashOutTarget],
        proof: &FriProofTarget<D>,
        challenger: &mut RecursiveChallenger,
        common_data: &CommonCircuitData<F, D>,
@ -165,7 +165,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        &mut self,
        x_index_bits: &[Target],
        proof: &FriInitialTreeProofTarget,
-        initial_merkle_roots: &[HashTarget],
+        initial_merkle_roots: &[HashOutTarget],
    ) {
        for (i, ((evals, merkle_proof), &root)) in proof
            .evals_proofs
@ -260,7 +260,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        zeta: ExtensionTarget<D>,
        alpha: ExtensionTarget<D>,
        precomputed_reduced_evals: PrecomputedReducedEvalsTarget<D>,
-        initial_merkle_roots: &[HashTarget],
+        initial_merkle_roots: &[HashOutTarget],
        proof: &FriProofTarget<D>,
        challenger: &mut RecursiveChallenger,
        n: usize,
--- a/src/fri/verifier.rs
+++ b/src/fri/verifier.rs
@ -1,15 +1,17 @@
 use anyhow::{ensure, Result};
 use crate::circuit_data::CommonCircuitData;
 use crate::field::extension_field::{flatten, Extendable, FieldExtension};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::field::interpolation::{barycentric_weights, interpolate, interpolate2};
 use crate::fri::proof::{FriInitialTreeProof, FriProof, FriQueryRound};
 use crate::fri::FriConfig;
-use crate::hash::hash_n_to_1;
+use crate::hash::hash_types::HashOut;
-use crate::merkle_proofs::verify_merkle_proof;
+use crate::hash::hashing::hash_n_to_1;
-use crate::plonk_challenger::Challenger;
+use crate::hash::merkle_proofs::verify_merkle_proof;
-use crate::plonk_common::PlonkPolynomials;
+use crate::iop::challenger::Challenger;
-use crate::proof::{FriInitialTreeProof, FriProof, FriQueryRound, Hash, OpeningSet};
+use crate::plonk::circuit_data::CommonCircuitData;
 use crate::plonk::plonk_common::PlonkPolynomials;
 use crate::plonk::proof::OpeningSet;
 use crate::util::reducing::ReducingFactor;
 use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place};
@ -74,7 +76,7 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
    zeta: F::Extension,
    // Scaling factor to combine polynomials.
    alpha: F::Extension,
-    initial_merkle_roots: &[Hash<F>],
+    initial_merkle_roots: &[HashOut<F>],
    proof: &FriProof<F, D>,
    challenger: &mut Challenger<F>,
    common_data: &CommonCircuitData<F, D>,
@ -135,7 +137,7 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
 fn fri_verify_initial_proof<F: Field>(
    x_index: usize,
    proof: &FriInitialTreeProof<F>,
-    initial_merkle_roots: &[Hash<F>],
+    initial_merkle_roots: &[HashOut<F>],
 ) -> Result<()> {
    for ((evals, merkle_proof), &root) in proof.evals_proofs.iter().zip(initial_merkle_roots) {
        verify_merkle_proof(evals.clone(), x_index, root, merkle_proof, false)?;
@ -240,7 +242,7 @@ fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>(
    zeta: F::Extension,
    alpha: F::Extension,
    precomputed_reduced_evals: PrecomputedReducedEvals<F, D>,
-    initial_merkle_roots: &[Hash<F>],
+    initial_merkle_roots: &[HashOut<F>],
    proof: &FriProof<F, D>,
    challenger: &mut Challenger<F>,
    n: usize,
--- a/src/gadgets/arithmetic.rs
+++ b/src/gadgets/arithmetic.rs
@ -1,9 +1,9 @@
 use std::borrow::Borrow;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::Extendable;
 use crate::gates::exponentiation::ExponentiationGate;
-use crate::target::Target;
+use crate::iop::target::Target;
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::util::log2_ceil;
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
--- a/src/gadgets/arithmetic_extension.rs
+++ b/src/gadgets/arithmetic_extension.rs
@ -3,14 +3,14 @@ use std::convert::TryInto;
 use itertools::Itertools;
 use num::Integer;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::{ExtensionAlgebraTarget, ExtensionTarget};
 use crate::field::extension_field::{Extendable, OEF};
 use crate::gates::arithmetic::ArithmeticExtensionGate;
-use crate::generator::{GeneratedValues, SimpleGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator};
-use crate::target::Target;
+use crate::iop::target::Target;
 use crate::iop::witness::PartialWitness;
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::util::bits_u64;
 use crate::witness::PartialWitness;
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
    pub fn double_arithmetic_extension(
@ -505,13 +505,13 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
 mod tests {
    use anyhow::Result;
    use crate::circuit_builder::CircuitBuilder;
    use crate::circuit_data::CircuitConfig;
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
-    use crate::verifier::verify;
+    use crate::iop::witness::PartialWitness;
-    use crate::witness::PartialWitness;
+    use crate::plonk::circuit_builder::CircuitBuilder;
    use crate::plonk::circuit_data::CircuitConfig;
    use crate::plonk::verifier::verify;
    #[test]
    fn test_mul_many() -> Result<()> {
--- a/src/gadgets/hash.rs
+++ b/src/gadgets/hash.rs
@ -1,11 +1,11 @@
 use std::convert::TryInto;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::Extendable;
 use crate::gates::gmimc::GMiMCGate;
-use crate::hash::GMIMC_ROUNDS;
+use crate::hash::hashing::GMIMC_ROUNDS;
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::wire::Wire;
+use crate::iop::wire::Wire;
 use crate::plonk::circuit_builder::CircuitBuilder;
 // TODO: Move to be next to native `permute`?
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
--- a/src/gadgets/insert.rs
+++ b/src/gadgets/insert.rs
@ -1,8 +1,8 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::gates::insertion::InsertionGate;
-use crate::target::Target;
+use crate::iop::target::Target;
 use crate::plonk::circuit_builder::CircuitBuilder;
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
    /// Inserts a `Target` in a vector at a non-deterministic index.
@ -42,12 +42,12 @@ mod tests {
    use anyhow::Result;
    use super::*;
    use crate::circuit_data::CircuitConfig;
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
-    use crate::verifier::verify;
+    use crate::iop::witness::PartialWitness;
-    use crate::witness::PartialWitness;
+    use crate::plonk::circuit_data::CircuitConfig;
    use crate::plonk::verifier::verify;
    fn real_insert<const D: usize>(
        index: usize,
--- a/src/gadgets/interpolation.rs
+++ b/src/gadgets/interpolation.rs
@ -1,8 +1,8 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::gates::interpolation::InterpolationGate;
-use crate::target::Target;
+use crate::iop::target::Target;
 use crate::plonk::circuit_builder::CircuitBuilder;
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
    /// Interpolate two points. No need for an `InterpolationGate` since the coefficients
@ -55,15 +55,15 @@ mod tests {
    use anyhow::Result;
    use super::*;
    use crate::circuit_data::CircuitConfig;
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
    use crate::field::extension_field::FieldExtension;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    use crate::field::interpolation::interpolant;
-    use crate::verifier::verify;
+    use crate::iop::witness::PartialWitness;
-    use crate::witness::PartialWitness;
+    use crate::plonk::circuit_builder::CircuitBuilder;
    use crate::plonk::circuit_data::CircuitConfig;
    use crate::plonk::verifier::verify;
    #[test]
    fn test_interpolate() -> Result<()> {
--- a/src/gadgets/polynomial.rs
+++ b/src/gadgets/polynomial.rs
@ -1,7 +1,7 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::{ExtensionAlgebraTarget, ExtensionTarget};
 use crate::field::extension_field::Extendable;
-use crate::target::Target;
+use crate::iop::target::Target;
 use crate::plonk::circuit_builder::CircuitBuilder;
 pub struct PolynomialCoeffsExtTarget<const D: usize>(pub Vec<ExtensionTarget<D>>);
--- a/src/gadgets/range_check.rs
+++ b/src/gadgets/range_check.rs
@ -1,10 +1,10 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::base_sum::BaseSumGate;
-use crate::generator::{GeneratedValues, SimpleGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator};
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::witness::PartialWitness;
+use crate::iop::witness::PartialWitness;
 use crate::plonk::circuit_builder::CircuitBuilder;
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
    /// Checks that `x < 2^n_log` using a `BaseSumGate`.
--- a/src/gadgets/select.rs
+++ b/src/gadgets/select.rs
@ -1,8 +1,8 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::gates::arithmetic::ArithmeticExtensionGate;
-use crate::target::Target;
+use crate::iop::target::Target;
 use crate::plonk::circuit_builder::CircuitBuilder;
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
    /// Selects `x` or `y` based on `b`, which is assumed to be binary, i.e., this returns `if b { x } else { y }`.
@ -35,13 +35,13 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
 mod tests {
    use anyhow::Result;
    use super::*;
    use crate::circuit_data::CircuitConfig;
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
-    use crate::verifier::verify;
+    use crate::iop::witness::PartialWitness;
-    use crate::witness::PartialWitness;
+    use crate::plonk::circuit_builder::CircuitBuilder;
    use crate::plonk::circuit_data::CircuitConfig;
    use crate::plonk::verifier::verify;
    #[test]
    fn test_select() -> Result<()> {
--- a/src/gadgets/split_base.rs
+++ b/src/gadgets/split_base.rs
@ -1,12 +1,12 @@
 use std::borrow::Borrow;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::base_sum::BaseSumGate;
-use crate::generator::{GeneratedValues, SimpleGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator};
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::witness::PartialWitness;
+use crate::iop::witness::PartialWitness;
 use crate::plonk::circuit_builder::CircuitBuilder;
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
    /// Split the given element into a list of targets, where each one represents a
@ -96,12 +96,12 @@ mod tests {
    use anyhow::Result;
    use rand::{thread_rng, Rng};
    use super::*;
    use crate::circuit_data::CircuitConfig;
    use crate::field::crandall_field::CrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
-    use crate::verifier::verify;
+    use crate::iop::witness::PartialWitness;
-    use crate::witness::PartialWitness;
+    use crate::plonk::circuit_builder::CircuitBuilder;
    use crate::plonk::circuit_data::CircuitConfig;
    use crate::plonk::verifier::verify;
    #[test]
    fn test_split_base() -> Result<()> {
--- a/src/gadgets/split_join.rs
+++ b/src/gadgets/split_join.rs
@ -1,12 +1,12 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::base_sum::BaseSumGate;
-use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
-use crate::target::Target;
+use crate::iop::target::Target;
 use crate::iop::wire::Wire;
 use crate::iop::witness::PartialWitness;
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::util::ceil_div_usize;
 use crate::wire::Wire;
 use crate::witness::PartialWitness;
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
    /// Split the given integer into a list of virtual targets, where each one represents a bit of
--- a/src/gates/arithmetic.rs
+++ b/src/gates/arithmetic.rs
@ -1,14 +1,14 @@
 use std::ops::Range;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::field::extension_field::FieldExtension;
 use crate::gates::gate::Gate;
-use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
+use crate::iop::witness::PartialWitness;
-use crate::witness::PartialWitness;
+use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 /// A gate which can a linear combination `c0*x*y+c1*z` twice with the same `x`.
 #[derive(Debug)]
--- a/src/gates/base_sum.rs
+++ b/src/gates/base_sum.rs
@ -1,15 +1,15 @@
 use std::ops::Range;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::gate::Gate;
-use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
-use crate::plonk_common::{reduce_with_powers, reduce_with_powers_ext_recursive};
+use crate::iop::target::Target;
-use crate::target::Target;
+use crate::iop::witness::PartialWitness;
-use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
+use crate::plonk::circuit_builder::CircuitBuilder;
-use crate::witness::PartialWitness;
+use crate::plonk::plonk_common::{reduce_with_powers, reduce_with_powers_ext_recursive};
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 /// A gate which can decompose a number into base B little-endian limbs,
 /// and compute the limb-reversed (i.e. big-endian) sum.
--- a/src/gates/constant.rs
+++ b/src/gates/constant.rs
@ -1,13 +1,13 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::gate::Gate;
-use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
+use crate::iop::wire::Wire;
-use crate::wire::Wire;
+use crate::iop::witness::PartialWitness;
-use crate::witness::PartialWitness;
+use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 /// A gate which takes a single constant parameter and outputs that value.
 pub struct ConstantGate;
--- a/src/gates/exponentiation.rs
+++ b/src/gates/exponentiation.rs
@ -1,16 +1,16 @@
 use std::marker::PhantomData;
 use crate::circuit_builder::CircuitBuilder;
 use crate::circuit_data::CircuitConfig;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::gate::Gate;
-use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
+use crate::iop::wire::Wire;
-use crate::wire::Wire;
+use crate::iop::witness::PartialWitness;
-use crate::witness::PartialWitness;
+use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::circuit_data::CircuitConfig;
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 /// A gate for raising a value to a power.
 #[derive(Clone, Debug)]
@ -263,17 +263,16 @@ mod tests {
    use rand::Rng;
    use crate::circuit_data::CircuitConfig;
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    use crate::fri::FriConfig;
    use crate::gates::exponentiation::ExponentiationGate;
    use crate::gates::gate::Gate;
    use crate::gates::gate_testing::test_low_degree;
-    use crate::proof::Hash;
+    use crate::hash::hash_types::HashOut;
    use crate::plonk::circuit_data::CircuitConfig;
    use crate::plonk::vars::EvaluationVars;
    use crate::util::log2_ceil;
    use crate::vars::EvaluationVars;
    const MAX_POWER_BITS: usize = 17;
@ -359,7 +358,7 @@ mod tests {
        let vars = EvaluationVars {
            local_constants: &[],
            local_wires: &get_wires(base, power as u64),
-            public_inputs_hash: &Hash::rand(),
+            public_inputs_hash: &HashOut::rand(),
        };
        assert!(
            gate.eval_unfiltered(vars).iter().all(|x| x.is_zero()),
--- a/src/gates/gate.rs
+++ b/src/gates/gate.rs
@ -2,13 +2,13 @@ use std::fmt::{Debug, Error, Formatter};
 use std::hash::{Hash, Hasher};
 use std::sync::Arc;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::{Extendable, FieldExtension};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::gate_tree::Tree;
-use crate::generator::WitnessGenerator;
+use crate::iop::generator::WitnessGenerator;
-use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
+use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 /// A custom gate.
 pub trait Gate<F: Extendable<D>, const D: usize>: 'static + Send + Sync {
--- a/src/gates/gate_testing.rs
+++ b/src/gates/gate_testing.rs
@ -1,10 +1,10 @@
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::gate::Gate;
 use crate::hash::hash_types::HashOut;
 use crate::plonk::vars::EvaluationVars;
 use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues};
 use crate::proof::Hash;
 use crate::util::{log2_ceil, transpose};
 use crate::vars::EvaluationVars;
 const WITNESS_SIZE: usize = 1 << 5;
 const WITNESS_DEGREE: usize = WITNESS_SIZE - 1;
@ -17,7 +17,7 @@ pub(crate) fn test_low_degree<F: Extendable<D>, G: Gate<F, D>, const D: usize>(g
    let wire_ldes = random_low_degree_matrix::<F::Extension>(gate.num_wires(), rate_bits);
    let constant_ldes = random_low_degree_matrix::<F::Extension>(gate.num_constants(), rate_bits);
    assert_eq!(wire_ldes.len(), constant_ldes.len());
-    let public_inputs_hash = &Hash::rand();
+    let public_inputs_hash = &HashOut::rand();
    let constraint_evals = wire_ldes
        .iter()
--- a/src/gates/gate_tree.rs
+++ b/src/gates/gate_tree.rs
@ -228,7 +228,7 @@ mod tests {
    use crate::gates::gmimc::GMiMCGate;
    use crate::gates::interpolation::InterpolationGate;
    use crate::gates::noop::NoopGate;
-    use crate::hash::GMIMC_ROUNDS;
+    use crate::hash::hashing::GMIMC_ROUNDS;
    #[test]
    fn test_prefix_generation() {
--- a/src/gates/gmimc.rs
+++ b/src/gates/gmimc.rs
@ -1,16 +1,16 @@
 use std::sync::Arc;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::gate::Gate;
-use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
+use crate::hash::gmimc::gmimc_automatic_constants;
-use crate::gmimc::gmimc_automatic_constants;
+use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
+use crate::iop::wire::Wire;
-use crate::wire::Wire;
+use crate::iop::witness::PartialWitness;
-use crate::witness::PartialWitness;
+use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 /// The width of the permutation, in field elements.
 const W: usize = 12;
@ -329,21 +329,21 @@ mod tests {
    use anyhow::Result;
    use crate::circuit_builder::CircuitBuilder;
    use crate::circuit_data::CircuitConfig;
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    use crate::gates::gate::Gate;
    use crate::gates::gate_testing::test_low_degree;
    use crate::gates::gmimc::{GMiMCGate, W};
-    use crate::generator::generate_partial_witness;
+    use crate::hash::gmimc::gmimc_permute_naive;
-    use crate::gmimc::gmimc_permute_naive;
+    use crate::hash::hash_types::HashOut;
-    use crate::proof::Hash;
+    use crate::iop::generator::generate_partial_witness;
-    use crate::vars::{EvaluationTargets, EvaluationVars};
+    use crate::iop::wire::Wire;
-    use crate::verifier::verify;
+    use crate::iop::witness::PartialWitness;
-    use crate::wire::Wire;
+    use crate::plonk::circuit_builder::CircuitBuilder;
-    use crate::witness::PartialWitness;
+    use crate::plonk::circuit_data::CircuitConfig;
    use crate::plonk::vars::{EvaluationTargets, EvaluationVars};
    use crate::plonk::verifier::verify;
    #[test]
    fn generated_output() {
@ -410,7 +410,7 @@ mod tests {
        let gate = Gate::new(constants);
        let wires = FF::rand_vec(Gate::end());
-        let public_inputs_hash = &Hash::rand();
+        let public_inputs_hash = &HashOut::rand();
        let vars = EvaluationVars {
            local_constants: &[],
            local_wires: &wires,
--- a/src/gates/insertion.rs
+++ b/src/gates/insertion.rs
@ -2,16 +2,16 @@ use std::convert::TryInto;
 use std::marker::PhantomData;
 use std::ops::Range;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::{Extendable, FieldExtension};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::gate::Gate;
-use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
+use crate::iop::wire::Wire;
-use crate::wire::Wire;
+use crate::iop::witness::PartialWitness;
-use crate::witness::PartialWitness;
+use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 /// A gate for inserting a value into a list at a non-deterministic location.
 #[derive(Clone, Debug)]
@ -321,12 +321,12 @@ mod tests {
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    use crate::gates::gate::Gate;
    use crate::gates::gate_testing::test_low_degree;
    use crate::gates::insertion::InsertionGate;
-    use crate::proof::Hash;
+    use crate::hash::hash_types::HashOut;
-    use crate::vars::EvaluationVars;
+    use crate::plonk::vars::EvaluationVars;
    #[test]
    fn wire_indices() {
@ -403,7 +403,7 @@ mod tests {
        let vars = EvaluationVars {
            local_constants: &[],
            local_wires: &get_wires(orig_vec, insertion_index, element_to_insert),
-            public_inputs_hash: &Hash::rand(),
+            public_inputs_hash: &HashOut::rand(),
        };
        assert!(
--- a/src/gates/interpolation.rs
+++ b/src/gates/interpolation.rs
@ -2,19 +2,19 @@ use std::convert::TryInto;
 use std::marker::PhantomData;
 use std::ops::Range;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::algebra::PolynomialCoeffsAlgebra;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::{Extendable, FieldExtension};
 use crate::field::interpolation::interpolant;
 use crate::gadgets::polynomial::PolynomialCoeffsExtAlgebraTarget;
 use crate::gates::gate::Gate;
-use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
 use crate::iop::target::Target;
 use crate::iop::wire::Wire;
 use crate::iop::witness::PartialWitness;
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 use crate::polynomial::polynomial::PolynomialCoeffs;
 use crate::target::Target;
 use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 use crate::wire::Wire;
 use crate::witness::PartialWitness;
 /// Evaluates the interpolant of some given elements from a field extension.
 ///
@ -288,13 +288,13 @@ mod tests {
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    use crate::gates::gate::Gate;
    use crate::gates::gate_testing::test_low_degree;
    use crate::gates::interpolation::InterpolationGate;
    use crate::hash::hash_types::HashOut;
    use crate::plonk::vars::EvaluationVars;
    use crate::polynomial::polynomial::PolynomialCoeffs;
    use crate::proof::Hash;
    use crate::vars::EvaluationVars;
    #[test]
    fn wire_indices() {
@ -358,7 +358,7 @@ mod tests {
        let vars = EvaluationVars {
            local_constants: &[],
            local_wires: &get_wires(2, coeffs, points, eval_point),
-            public_inputs_hash: &Hash::rand(),
+            public_inputs_hash: &HashOut::rand(),
        };
        assert!(
--- a/src/gates/noop.rs
+++ b/src/gates/noop.rs
@ -1,9 +1,9 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::gates::gate::Gate;
-use crate::generator::WitnessGenerator;
+use crate::iop::generator::WitnessGenerator;
-use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
+use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 /// A gate which does nothing.
 pub struct NoopGate;
--- a/src/gates/public_input.rs
+++ b/src/gates/public_input.rs
@ -1,11 +1,11 @@
 use std::ops::Range;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::gates::gate::Gate;
-use crate::generator::WitnessGenerator;
+use crate::iop::generator::WitnessGenerator;
-use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
+use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 /// A gate whose first four wires will be equal to a hash of public inputs.
 pub struct PublicInputGate;
--- a/src/gates/reducing.rs
+++ b/src/gates/reducing.rs
@ -1,14 +1,14 @@
 use std::ops::Range;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::field::extension_field::FieldExtension;
 use crate::gates::gate::Gate;
-use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
+use crate::iop::witness::PartialWitness;
-use crate::witness::PartialWitness;
+use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 /// Computes `sum alpha^i c_i` for a vector `c_i` of `num_coeffs` elements of the base field.
 #[derive(Debug, Clone)]
--- a/src/hash/gmimc.rs
+++ b/src/hash/gmimc.rs
@ -4,7 +4,7 @@ use rand::SeedableRng;
 use rand_chacha::ChaCha8Rng;
 use unroll::unroll_for_loops;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 pub(crate) fn gmimc_automatic_constants<F: Field, const R: usize>() -> [F; R] {
    let mut rng = ChaCha8Rng::seed_from_u64(0);
@ -109,8 +109,8 @@ mod tests {
    use std::sync::Arc;
    use crate::field::crandall_field::CrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
-    use crate::gmimc::{gmimc_permute, gmimc_permute_naive};
+    use crate::hash::gmimc::{gmimc_permute, gmimc_permute_naive};
    #[test]
    fn consistency() {
--- a/src/hash/hash_types.rs
+++ b/src/hash/hash_types.rs
@ -0,0 +1,63 @@
 use std::convert::TryInto;
 use serde::{Deserialize, Serialize};
 use crate::field::field_types::Field;
 use crate::iop::target::Target;
 /// Represents a ~256 bit hash output.
 #[derive(Copy, Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
 #[serde(bound = "")]
 pub struct HashOut<F: Field> {
    pub(crate) elements: [F; 4],
 }
 impl<F: Field> HashOut<F> {
    pub(crate) fn from_vec(elements: Vec<F>) -> Self {
        debug_assert!(elements.len() == 4);
        Self {
            elements: elements.try_into().unwrap(),
        }
    }
    pub(crate) fn from_partial(mut elements: Vec<F>) -> Self {
        debug_assert!(elements.len() <= 4);
        while elements.len() < 4 {
            elements.push(F::ZERO);
        }
        Self {
            elements: [elements[0], elements[1], elements[2], elements[3]],
        }
    }
    pub(crate) fn rand() -> Self {
        Self {
            elements: [F::rand(), F::rand(), F::rand(), F::rand()],
        }
    }
 }
 /// Represents a ~256 bit hash output.
 #[derive(Copy, Clone, Debug)]
 pub struct HashOutTarget {
    pub(crate) elements: [Target; 4],
 }
 impl HashOutTarget {
    pub(crate) fn from_vec(elements: Vec<Target>) -> Self {
        debug_assert!(elements.len() == 4);
        Self {
            elements: elements.try_into().unwrap(),
        }
    }
    pub(crate) fn from_partial(mut elements: Vec<Target>, zero: Target) -> Self {
        debug_assert!(elements.len() <= 4);
        while elements.len() < 4 {
            elements.push(zero);
        }
        Self {
            elements: [elements[0], elements[1], elements[2], elements[3]],
        }
    }
 }
--- a/src/hash/hashing.rs
+++ b/src/hash/hashing.rs
@ -1,11 +1,11 @@
 //! Concrete instantiation of a hash function.
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
-use crate::gmimc::gmimc_permute_array;
+use crate::hash::gmimc::gmimc_permute_array;
-use crate::proof::{Hash, HashTarget};
+use crate::hash::hash_types::{HashOut, HashOutTarget};
-use crate::target::Target;
+use crate::iop::target::Target;
 use crate::plonk::circuit_builder::CircuitBuilder;
 pub(crate) const SPONGE_RATE: usize = 8;
 pub(crate) const SPONGE_CAPACITY: usize = 4;
@ -119,26 +119,26 @@ pub const GMIMC_CONSTANTS: [u64; GMIMC_ROUNDS] = [
 /// Hash the vector if necessary to reduce its length to ~256 bits. If it already fits, this is a
 /// no-op.
-pub fn hash_or_noop<F: Field>(inputs: Vec<F>) -> Hash<F> {
+pub fn hash_or_noop<F: Field>(inputs: Vec<F>) -> HashOut<F> {
    if inputs.len() <= 4 {
-        Hash::from_partial(inputs)
+        HashOut::from_partial(inputs)
    } else {
        hash_n_to_hash(inputs, false)
    }
 }
 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
-    pub fn hash_or_noop(&mut self, inputs: Vec<Target>) -> HashTarget {
+    pub fn hash_or_noop(&mut self, inputs: Vec<Target>) -> HashOutTarget {
        let zero = self.zero();
        if inputs.len() <= 4 {
-            HashTarget::from_partial(inputs, zero)
+            HashOutTarget::from_partial(inputs, zero)
        } else {
            self.hash_n_to_hash(inputs, false)
        }
    }
-    pub fn hash_n_to_hash(&mut self, inputs: Vec<Target>, pad: bool) -> HashTarget {
+    pub fn hash_n_to_hash(&mut self, inputs: Vec<Target>, pad: bool) -> HashOutTarget {
-        HashTarget::from_vec(self.hash_n_to_m(inputs, 4, pad))
+        HashOutTarget::from_vec(self.hash_n_to_m(inputs, 4, pad))
    }
    pub fn hash_n_to_m(
@ -184,7 +184,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
 }
 /// A one-way compression function which takes two ~256 bit inputs and returns a ~256 bit output.
-pub fn compress<F: Field>(x: Hash<F>, y: Hash<F>) -> Hash<F> {
+pub fn compress<F: Field>(x: HashOut<F>, y: HashOut<F>) -> HashOut<F> {
    let mut inputs = Vec::with_capacity(8);
    inputs.extend(&x.elements);
    inputs.extend(&y.elements);
@ -230,8 +230,8 @@ pub fn hash_n_to_m<F: Field>(mut inputs: Vec<F>, num_outputs: usize, pad: bool)
    }
 }
-pub fn hash_n_to_hash<F: Field>(inputs: Vec<F>, pad: bool) -> Hash<F> {
+pub fn hash_n_to_hash<F: Field>(inputs: Vec<F>, pad: bool) -> HashOut<F> {
-    Hash::from_vec(hash_n_to_m(inputs, 4, pad))
+    HashOut::from_vec(hash_n_to_m(inputs, 4, pad))
 }
 pub fn hash_n_to_1<F: Field>(inputs: Vec<F>, pad: bool) -> F {
--- a/src/hash/merkle_proofs.rs
+++ b/src/hash/merkle_proofs.rs
@ -1,27 +1,26 @@
 use anyhow::{ensure, Result};
 use serde::{Deserialize, Serialize};
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::gmimc::GMiMCGate;
-use crate::hash::GMIMC_ROUNDS;
+use crate::hash::hash_types::{HashOut, HashOutTarget};
-use crate::hash::{compress, hash_or_noop};
+use crate::hash::hashing::{compress, hash_or_noop, GMIMC_ROUNDS};
-use crate::proof::{Hash, HashTarget};
+use crate::iop::target::Target;
-use crate::target::Target;
+use crate::iop::wire::Wire;
-use crate::wire::Wire;
+use crate::plonk::circuit_builder::CircuitBuilder;
 #[derive(Clone, Debug, Serialize, Deserialize)]
 #[serde(bound = "")]
 pub struct MerkleProof<F: Field> {
    /// The Merkle digest of each sibling subtree, staying from the bottommost layer.
-    pub siblings: Vec<Hash<F>>,
+    pub siblings: Vec<HashOut<F>>,
 }
 #[derive(Clone)]
 pub struct MerkleProofTarget {
    /// The Merkle digest of each sibling subtree, staying from the bottommost layer.
-    pub siblings: Vec<HashTarget>,
+    pub siblings: Vec<HashOutTarget>,
 }
 /// Verifies that the given leaf data is present at the given index in the Merkle tree with the
@ -29,7 +28,7 @@ pub struct MerkleProofTarget {
 pub(crate) fn verify_merkle_proof<F: Field>(
    leaf_data: Vec<F>,
    leaf_index: usize,
-    merkle_root: Hash<F>,
+    merkle_root: HashOut<F>,
    proof: &MerkleProof<F>,
    reverse_bits: bool,
 ) -> Result<()> {
@ -64,12 +63,12 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        &mut self,
        leaf_data: Vec<Target>,
        leaf_index_bits: &[Target],
-        merkle_root: HashTarget,
+        merkle_root: HashOutTarget,
        proof: &MerkleProofTarget,
    ) {
        let zero = self.zero();
-        let mut state: HashTarget = self.hash_or_noop(leaf_data);
+        let mut state: HashOutTarget = self.hash_or_noop(leaf_data);
        for (&bit, &sibling) in leaf_index_bits.iter().zip(&proof.siblings) {
            let gate_type = GMiMCGate::<F, D, GMIMC_ROUNDS>::new_automatic_constants();
@ -97,7 +96,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
                self.route(zero, input_wires[8 + i]);
            }
-            state = HashTarget::from_vec(
+            state = HashOutTarget::from_vec(
                (0..4)
                    .map(|i| {
                        Target::Wire(Wire {
@ -112,13 +111,18 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        self.named_assert_hashes_equal(state, merkle_root, "check Merkle root".into())
    }
-    pub(crate) fn assert_hashes_equal(&mut self, x: HashTarget, y: HashTarget) {
+    pub(crate) fn assert_hashes_equal(&mut self, x: HashOutTarget, y: HashOutTarget) {
        for i in 0..4 {
            self.assert_equal(x.elements[i], y.elements[i]);
        }
    }
-    pub(crate) fn named_assert_hashes_equal(&mut self, x: HashTarget, y: HashTarget, name: String) {
+    pub(crate) fn named_assert_hashes_equal(
        &mut self,
        x: HashOutTarget,
        y: HashOutTarget,
        name: String,
    ) {
        for i in 0..4 {
            self.named_assert_equal(
                x.elements[i],
@ -135,11 +139,12 @@ mod tests {
    use rand::{thread_rng, Rng};
    use super::*;
    use crate::circuit_data::CircuitConfig;
    use crate::field::crandall_field::CrandallField;
-    use crate::merkle_tree::MerkleTree;
+    use crate::hash::merkle_tree::MerkleTree;
-    use crate::verifier::verify;
+    use crate::iop::witness::PartialWitness;
-    use crate::witness::PartialWitness;
+    use crate::plonk::circuit_builder::CircuitBuilder;
    use crate::plonk::circuit_data::CircuitConfig;
    use crate::plonk::verifier::verify;
    fn random_data<F: Field>(n: usize, k: usize) -> Vec<Vec<F>> {
        (0..n).map(|_| F::rand_vec(k)).collect()
--- a/src/hash/merkle_tree.rs
+++ b/src/hash/merkle_tree.rs
@ -1,9 +1,9 @@
 use rayon::prelude::*;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
-use crate::hash::{compress, hash_or_noop};
+use crate::hash::hash_types::HashOut;
-use crate::merkle_proofs::MerkleProof;
+use crate::hash::hashing::{compress, hash_or_noop};
-use crate::proof::Hash;
+use crate::hash::merkle_proofs::MerkleProof;
 use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place};
 #[derive(Clone, Debug)]
@ -12,10 +12,10 @@ pub struct MerkleTree<F: Field> {
    pub leaves: Vec<Vec<F>>,
    /// The layers of hashes in the tree. The first layer is the one at the bottom.
-    pub layers: Vec<Vec<Hash<F>>>,
+    pub layers: Vec<Vec<HashOut<F>>>,
    /// The Merkle root.
-    pub root: Hash<F>,
+    pub root: HashOut<F>,
    /// If true, the indices are in bit-reversed form, so that the leaf at index `i`
    /// contains the leaf originally at index `reverse_bits(i)`.
@ -86,7 +86,7 @@ mod tests {
    use super::*;
    use crate::field::crandall_field::CrandallField;
-    use crate::merkle_proofs::verify_merkle_proof;
+    use crate::hash::merkle_proofs::verify_merkle_proof;
    fn random_data<F: Field>(n: usize, k: usize) -> Vec<Vec<F>> {
        (0..n).map(|_| F::rand_vec(k)).collect()
--- a/src/hash/mod.rs
+++ b/src/hash/mod.rs
@ -0,0 +1,6 @@
 pub mod gmimc;
 pub mod hash_types;
 pub mod hashing;
 pub mod merkle_proofs;
 pub mod merkle_tree;
 pub mod rescue;
--- a/src/hash/rescue.rs
+++ b/src/hash/rescue.rs
@ -2,7 +2,7 @@
 use unroll::unroll_for_loops;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 const ROUNDS: usize = 8;
--- a/src/plonk_challenger.rs
+++ b/src/plonk_challenger.rs
@ -1,14 +1,15 @@
 use std::convert::TryInto;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::{Extendable, FieldExtension};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
-use crate::hash::{permute, SPONGE_RATE, SPONGE_WIDTH};
+use crate::hash::hash_types::{HashOut, HashOutTarget};
-use crate::proof::{Hash, HashTarget, OpeningSet, OpeningSetTarget};
+use crate::hash::hashing::{permute, SPONGE_RATE, SPONGE_WIDTH};
-use crate::target::Target;
+use crate::iop::target::Target;
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::proof::{OpeningSet, OpeningSetTarget};
-/// Observes prover messages, and generates challenges by hashing the transcript.
+/// Observes prover messages, and generates challenges by hashing the transcript, a la Fiat-Shamir.
 #[derive(Clone)]
 pub struct Challenger<F: Field> {
    sponge_state: [F; SPONGE_WIDTH],
@ -88,7 +89,7 @@ impl<F: Field> Challenger<F> {
        }
    }
-    pub fn observe_hash(&mut self, hash: &Hash<F>) {
+    pub fn observe_hash(&mut self, hash: &HashOut<F>) {
        self.observe_elements(&hash.elements)
    }
@ -122,8 +123,8 @@ impl<F: Field> Challenger<F> {
        (0..n).map(|_| self.get_challenge()).collect()
    }
-    pub fn get_hash(&mut self) -> Hash<F> {
+    pub fn get_hash(&mut self) -> HashOut<F> {
-        Hash {
+        HashOut {
            elements: [
                self.get_challenge(),
                self.get_challenge(),
@ -234,7 +235,7 @@ impl RecursiveChallenger {
        }
    }
-    pub fn observe_hash(&mut self, hash: &HashTarget) {
+    pub fn observe_hash(&mut self, hash: &HashOutTarget) {
        self.observe_elements(&hash.elements)
    }
@ -294,8 +295,8 @@ impl RecursiveChallenger {
    pub fn get_hash<F: Extendable<D>, const D: usize>(
        &mut self,
        builder: &mut CircuitBuilder<F, D>,
-    ) -> HashTarget {
+    ) -> HashOutTarget {
-        HashTarget {
+        HashOutTarget {
            elements: [
                self.get_challenge(builder),
                self.get_challenge(builder),
@ -341,14 +342,14 @@ impl RecursiveChallenger {
 #[cfg(test)]
 mod tests {
    use crate::circuit_builder::CircuitBuilder;
    use crate::circuit_data::CircuitConfig;
    use crate::field::crandall_field::CrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
-    use crate::generator::generate_partial_witness;
+    use crate::iop::challenger::{Challenger, RecursiveChallenger};
-    use crate::plonk_challenger::{Challenger, RecursiveChallenger};
+    use crate::iop::generator::generate_partial_witness;
-    use crate::target::Target;
+    use crate::iop::target::Target;
-    use crate::witness::PartialWitness;
+    use crate::iop::witness::PartialWitness;
    use crate::plonk::circuit_builder::CircuitBuilder;
    use crate::plonk::circuit_data::CircuitConfig;
    #[test]
    fn no_duplicate_challenges() {
--- a/src/iop/generator.rs
+++ b/src/iop/generator.rs
@ -4,11 +4,11 @@ use std::fmt::Debug;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::{Extendable, FieldExtension};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
-use crate::proof::{Hash, HashTarget};
+use crate::hash::hash_types::{HashOut, HashOutTarget};
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::wire::Wire;
+use crate::iop::wire::Wire;
-use crate::witness::PartialWitness;
+use crate::iop::witness::PartialWitness;
 /// Given a `PartialWitness` that has only inputs set, populates the rest of the witness using the
 /// given set of generators.
@ -124,7 +124,7 @@ impl<F: Field> GeneratedValues<F> {
        self.target_values.push((target, value))
    }
-    pub fn set_hash_target(&mut self, ht: HashTarget, value: Hash<F>) {
+    pub fn set_hash_target(&mut self, ht: HashOutTarget, value: HashOut<F>) {
        ht.elements
            .iter()
            .zip(value.elements)
--- a/src/iop/mod.rs
+++ b/src/iop/mod.rs
@ -0,0 +1,6 @@
 //! Logic common to multiple IOPs.
 pub(crate) mod challenger;
 pub mod generator;
 pub mod target;
 pub mod wire;
 pub mod witness;
--- a/src/iop/target.rs
+++ b/src/iop/target.rs
@ -1,7 +1,7 @@
 use std::ops::Range;
-use crate::circuit_data::CircuitConfig;
+use crate::iop::wire::Wire;
-use crate::wire::Wire;
+use crate::plonk::circuit_data::CircuitConfig;
 /// A location in the witness.
 #[derive(Copy, Clone, Eq, PartialEq, Hash, Debug)]
--- a/src/iop/wire.rs
+++ b/src/iop/wire.rs
@ -1,6 +1,6 @@
 use std::ops::Range;
-use crate::circuit_data::CircuitConfig;
+use crate::plonk::circuit_data::CircuitConfig;
 /// Represents a wire in the circuit.
 #[derive(Copy, Clone, Eq, PartialEq, Hash, Debug)]
--- a/src/iop/witness.rs
+++ b/src/iop/witness.rs
@ -3,15 +3,16 @@ use std::convert::TryInto;
 use anyhow::{ensure, Result};
 use crate::copy_constraint::CopyConstraint;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::{Extendable, FieldExtension};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::gate::GateInstance;
-use crate::generator::GeneratedValues;
+use crate::hash::hash_types::HashOut;
-use crate::proof::{Hash, HashTarget};
+use crate::hash::hash_types::HashOutTarget;
-use crate::target::Target;
+use crate::iop::generator::GeneratedValues;
-use crate::wire::Wire;
+use crate::iop::target::Target;
 use crate::iop::wire::Wire;
 use crate::plonk::copy_constraint::CopyConstraint;
 #[derive(Clone, Debug)]
 pub struct Witness<F: Field> {
@ -57,8 +58,8 @@ impl<F: Field> PartialWitness<F> {
        )
    }
-    pub fn get_hash_target(&self, ht: HashTarget) -> Hash<F> {
+    pub fn get_hash_target(&self, ht: HashOutTarget) -> HashOut<F> {
-        Hash {
+        HashOut {
            elements: self.get_targets(&ht.elements).try_into().unwrap(),
        }
    }
@ -94,7 +95,7 @@ impl<F: Field> PartialWitness<F> {
        }
    }
-    pub fn set_hash_target(&mut self, ht: HashTarget, value: Hash<F>) {
+    pub fn set_hash_target(&mut self, ht: HashOutTarget, value: HashOut<F>) {
        ht.elements
            .iter()
            .zip(value.elements)
--- a/src/lib.rs
+++ b/src/lib.rs
@ -1,30 +1,11 @@
 #![feature(destructuring_assignment)]
 pub mod circuit_builder;
 pub mod circuit_data;
 pub mod context_tree;
 pub mod copy_constraint;
 pub mod field;
 pub mod fri;
 pub mod gadgets;
 pub mod gates;
 pub mod generator;
 pub mod gmimc;
 pub mod hash;
-pub mod merkle_proofs;
+pub mod iop;
-mod merkle_tree;
+pub mod plonk;
 mod permutation_argument;
 pub mod plonk_challenger;
 pub mod plonk_common;
 pub mod polynomial;
 pub mod proof;
 pub mod prover;
 pub mod recursive_verifier;
 pub mod rescue;
 pub mod target;
 pub mod util;
 pub mod vanishing_poly;
 pub mod vars;
 pub mod verifier;
 pub mod wire;
 pub mod witness;
--- a/src/plonk/circuit_builder.rs
+++ b/src/plonk/circuit_builder.rs
@ -4,32 +4,32 @@ use std::time::Instant;
 use log::info;
 use crate::circuit_data::{
    CircuitConfig, CircuitData, CommonCircuitData, ProverCircuitData, ProverOnlyCircuitData,
    VerifierCircuitData, VerifierOnlyCircuitData,
 };
 use crate::context_tree::ContextTree;
 use crate::copy_constraint::CopyConstraint;
 use crate::field::cosets::get_unique_coset_shifts;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::fri::commitment::PolynomialBatchCommitment;
 use crate::gates::constant::ConstantGate;
 use crate::gates::gate::{Gate, GateInstance, GateRef, PrefixedGate};
 use crate::gates::gate_tree::Tree;
 use crate::gates::noop::NoopGate;
 use crate::gates::public_input::PublicInputGate;
-use crate::generator::{CopyGenerator, RandomValueGenerator, WitnessGenerator};
+use crate::hash::hash_types::HashOutTarget;
-use crate::hash::hash_n_to_hash;
+use crate::hash::hashing::hash_n_to_hash;
-use crate::permutation_argument::TargetPartition;
+use crate::iop::generator::{CopyGenerator, RandomValueGenerator, WitnessGenerator};
-use crate::plonk_common::PlonkPolynomials;
+use crate::iop::target::Target;
-use crate::polynomial::commitment::ListPolynomialCommitment;
+use crate::iop::wire::Wire;
 use crate::plonk::circuit_data::{
    CircuitConfig, CircuitData, CommonCircuitData, ProverCircuitData, ProverOnlyCircuitData,
    VerifierCircuitData, VerifierOnlyCircuitData,
 };
 use crate::plonk::copy_constraint::CopyConstraint;
 use crate::plonk::permutation_argument::TargetPartition;
 use crate::plonk::plonk_common::PlonkPolynomials;
 use crate::polynomial::polynomial::PolynomialValues;
-use crate::proof::HashTarget;
+use crate::util::context_tree::ContextTree;
 use crate::target::Target;
 use crate::util::marking::{Markable, MarkedTargets};
 use crate::util::partial_products::num_partial_products;
 use crate::util::{log2_ceil, log2_strict, transpose, transpose_poly_values};
 use crate::wire::Wire;
 pub struct CircuitBuilder<F: Extendable<D>, const D: usize> {
    pub(crate) config: CircuitConfig,
@ -106,11 +106,11 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        (0..n).map(|_i| self.add_virtual_target()).collect()
    }
-    pub fn add_virtual_hash(&mut self) -> HashTarget {
+    pub fn add_virtual_hash(&mut self) -> HashOutTarget {
-        HashTarget::from_vec(self.add_virtual_targets(4))
+        HashOutTarget::from_vec(self.add_virtual_targets(4))
    }
-    pub fn add_virtual_hashes(&mut self, n: usize) -> Vec<HashTarget> {
+    pub fn add_virtual_hashes(&mut self, n: usize) -> Vec<HashOutTarget> {
        (0..n).map(|_i| self.add_virtual_hash()).collect()
    }
@ -535,7 +535,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        let sigma_vecs = self.sigma_vecs(&k_is, &subgroup);
        let constants_sigmas_vecs = [constant_vecs, sigma_vecs.clone()].concat();
-        let constants_sigmas_commitment = ListPolynomialCommitment::new(
+        let constants_sigmas_commitment = PolynomialBatchCommitment::new(
            constants_sigmas_vecs,
            self.config.rate_bits,
            self.config.zero_knowledge & PlonkPolynomials::CONSTANTS_SIGMAS.blinding,
--- a/src/plonk/circuit_data.rs
+++ b/src/plonk/circuit_data.rs
@ -2,19 +2,20 @@ use std::ops::{Range, RangeFrom};
 use anyhow::Result;
 use crate::copy_constraint::CopyConstraint;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::fri::commitment::PolynomialBatchCommitment;
 use crate::fri::FriConfig;
 use crate::gates::gate::{GateInstance, PrefixedGate};
-use crate::generator::WitnessGenerator;
+use crate::hash::hash_types::{HashOut, HashOutTarget};
-use crate::polynomial::commitment::ListPolynomialCommitment;
+use crate::iop::generator::WitnessGenerator;
-use crate::proof::{Hash, HashTarget, ProofWithPublicInputs};
+use crate::iop::target::Target;
-use crate::prover::prove;
+use crate::iop::witness::PartialWitness;
-use crate::target::Target;
+use crate::plonk::copy_constraint::CopyConstraint;
 use crate::plonk::proof::ProofWithPublicInputs;
 use crate::plonk::prover::prove;
 use crate::plonk::verifier::verify;
 use crate::util::marking::MarkedTargets;
 use crate::verifier::verify;
 use crate::witness::PartialWitness;
 #[derive(Clone)]
 pub struct CircuitConfig {
@ -122,7 +123,7 @@ impl<F: Extendable<D>, const D: usize> VerifierCircuitData<F, D> {
 pub(crate) struct ProverOnlyCircuitData<F: Extendable<D>, const D: usize> {
    pub generators: Vec<Box<dyn WitnessGenerator<F>>>,
    /// Commitments to the constants polynomials and sigma polynomials.
-    pub constants_sigmas_commitment: ListPolynomialCommitment<F>,
+    pub constants_sigmas_commitment: PolynomialBatchCommitment<F>,
    /// The transpose of the list of sigma polynomials.
    pub sigmas: Vec<Vec<F>>,
    /// Subgroup of order `degree`.
@ -140,7 +141,7 @@ pub(crate) struct ProverOnlyCircuitData<F: Extendable<D>, const D: usize> {
 /// Circuit data required by the verifier, but not the prover.
 pub(crate) struct VerifierOnlyCircuitData<F: Field> {
    /// A commitment to each constant polynomial and each permutation polynomial.
-    pub(crate) constants_sigmas_root: Hash<F>,
+    pub(crate) constants_sigmas_root: HashOut<F>,
 }
 /// Circuit data required by both the prover and the verifier.
@ -170,7 +171,7 @@ pub struct CommonCircuitData<F: Extendable<D>, const D: usize> {
    /// A digest of the "circuit" (i.e. the instance, minus public inputs), which can be used to
    /// seed Fiat-Shamir.
-    pub(crate) circuit_digest: Hash<F>,
+    pub(crate) circuit_digest: HashOut<F>,
 }
 impl<F: Extendable<D>, const D: usize> CommonCircuitData<F, D> {
@ -230,5 +231,5 @@ impl<F: Extendable<D>, const D: usize> CommonCircuitData<F, D> {
 /// dynamic, at least not without setting a maximum wire count and paying for the worst case.
 pub struct VerifierCircuitTarget {
    /// A commitment to each constant polynomial and each permutation polynomial.
-    pub(crate) constants_sigmas_root: HashTarget,
+    pub(crate) constants_sigmas_root: HashOutTarget,
 }
--- a/src/plonk/copy_constraint.rs
+++ b/src/plonk/copy_constraint.rs
@ -1,4 +1,4 @@
-use crate::target::Target;
+use crate::iop::target::Target;
 /// A named copy constraint.
 pub struct CopyConstraint {
--- a/src/plonk/mod.rs
+++ b/src/plonk/mod.rs
@ -0,0 +1,11 @@
 pub mod circuit_builder;
 pub mod circuit_data;
 pub(crate) mod copy_constraint;
 pub(crate) mod permutation_argument;
 pub(crate) mod plonk_common;
 pub mod proof;
 pub mod prover;
 pub mod recursive_verifier;
 pub(crate) mod vanishing_poly;
 pub mod vars;
 pub mod verifier;
--- a/src/plonk/permutation_argument.rs
+++ b/src/plonk/permutation_argument.rs
@ -4,10 +4,10 @@ use std::hash::Hash;
 use rayon::prelude::*;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::iop::target::Target;
 use crate::iop::wire::Wire;
 use crate::polynomial::polynomial::PolynomialValues;
 use crate::target::Target;
 use crate::wire::Wire;
 /// Node in the Disjoint Set Forest.
 #[derive(Debug, Copy, Clone, Eq, PartialEq)]
--- a/src/plonk/plonk_common.rs
+++ b/src/plonk/plonk_common.rs
@ -1,12 +1,12 @@
 use std::borrow::Borrow;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
-use crate::polynomial::commitment::SALT_SIZE;
+use crate::fri::commitment::SALT_SIZE;
 use crate::iop::target::Target;
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::polynomial::polynomial::PolynomialCoeffs;
 use crate::target::Target;
 /// Holds the Merkle tree index and blinding flag of a set of polynomials used in FRI.
 #[derive(Debug, Copy, Clone)]
@ -23,8 +23,10 @@ impl PolynomialsIndexBlinding {
        }
    }
 }
 /// Holds the indices and blinding flags of the Plonk polynomials.
 pub struct PlonkPolynomials;
 impl PlonkPolynomials {
    pub const CONSTANTS_SIGMAS: PolynomialsIndexBlinding = PolynomialsIndexBlinding {
        index: 0,
@ -72,6 +74,7 @@ pub(crate) struct ZeroPolyOnCoset<F: Field> {
    /// Holds the multiplicative inverses of `evals`.
    inverses: Vec<F>,
 }
 impl<F: Field> ZeroPolyOnCoset<F> {
    pub fn new(n_log: usize, rate_bits: usize) -> Self {
        let g_pow_n = F::coset_shift().exp_power_of_2(n_log);
--- a/src/plonk/proof.rs
+++ b/src/plonk/proof.rs
@ -0,0 +1,100 @@
 use serde::{Deserialize, Serialize};
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::fri::commitment::{OpeningProof, OpeningProofTarget, PolynomialBatchCommitment};
 use crate::hash::hash_types::{HashOut, HashOutTarget};
 use crate::iop::target::Target;
 use crate::plonk::circuit_data::CommonCircuitData;
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct Proof<F: Extendable<D>, const D: usize> {
    /// Merkle root of LDEs of wire values.
    pub wires_root: HashOut<F>,
    /// Merkle root of LDEs of Z, in the context of Plonk's permutation argument.
    pub plonk_zs_partial_products_root: HashOut<F>,
    /// Merkle root of LDEs of the quotient polynomial components.
    pub quotient_polys_root: HashOut<F>,
    /// Purported values of each polynomial at the challenge point.
    pub openings: OpeningSet<F, D>,
    /// A FRI argument for each FRI query.
    pub opening_proof: OpeningProof<F, D>,
 }
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct ProofWithPublicInputs<F: Extendable<D>, const D: usize> {
    pub proof: Proof<F, D>,
    pub public_inputs: Vec<F>,
 }
 pub struct ProofTarget<const D: usize> {
    pub wires_root: HashOutTarget,
    pub plonk_zs_partial_products_root: HashOutTarget,
    pub quotient_polys_root: HashOutTarget,
    pub openings: OpeningSetTarget<D>,
    pub opening_proof: OpeningProofTarget<D>,
 }
 pub struct ProofWithPublicInputsTarget<const D: usize> {
    pub proof: ProofTarget<D>,
    pub public_inputs: Vec<Target>,
 }
 #[derive(Clone, Debug, Serialize, Deserialize)]
 /// The purported values of each polynomial at a single point.
 pub struct OpeningSet<F: Extendable<D>, const D: usize> {
    pub constants: Vec<F::Extension>,
    pub plonk_sigmas: Vec<F::Extension>,
    pub wires: Vec<F::Extension>,
    pub plonk_zs: Vec<F::Extension>,
    pub plonk_zs_right: Vec<F::Extension>,
    pub partial_products: Vec<F::Extension>,
    pub quotient_polys: Vec<F::Extension>,
 }
 impl<F: Extendable<D>, const D: usize> OpeningSet<F, D> {
    pub fn new(
        z: F::Extension,
        g: F::Extension,
        constants_sigmas_commitment: &PolynomialBatchCommitment<F>,
        wires_commitment: &PolynomialBatchCommitment<F>,
        zs_partial_products_commitment: &PolynomialBatchCommitment<F>,
        quotient_polys_commitment: &PolynomialBatchCommitment<F>,
        common_data: &CommonCircuitData<F, D>,
    ) -> Self {
        let eval_commitment = |z: F::Extension, c: &PolynomialBatchCommitment<F>| {
            c.polynomials
                .iter()
                .map(|p| p.to_extension().eval(z))
                .collect::<Vec<_>>()
        };
        let constants_sigmas_eval = eval_commitment(z, constants_sigmas_commitment);
        let zs_partial_products_eval = eval_commitment(z, zs_partial_products_commitment);
        Self {
            constants: constants_sigmas_eval[common_data.constants_range()].to_vec(),
            plonk_sigmas: constants_sigmas_eval[common_data.sigmas_range()].to_vec(),
            wires: eval_commitment(z, wires_commitment),
            plonk_zs: zs_partial_products_eval[common_data.zs_range()].to_vec(),
            plonk_zs_right: eval_commitment(g * z, zs_partial_products_commitment)
                [common_data.zs_range()]
            .to_vec(),
            partial_products: zs_partial_products_eval[common_data.partial_products_range()]
                .to_vec(),
            quotient_polys: eval_commitment(z, quotient_polys_commitment),
        }
    }
 }
 /// The purported values of each polynomial at a single point.
 #[derive(Clone, Debug)]
 pub struct OpeningSetTarget<const D: usize> {
    pub constants: Vec<ExtensionTarget<D>>,
    pub plonk_sigmas: Vec<ExtensionTarget<D>>,
    pub wires: Vec<ExtensionTarget<D>>,
    pub plonk_zs: Vec<ExtensionTarget<D>>,
    pub plonk_zs_right: Vec<ExtensionTarget<D>>,
    pub partial_products: Vec<ExtensionTarget<D>>,
    pub quotient_polys: Vec<ExtensionTarget<D>>,
 }
--- a/src/plonk/prover.rs
+++ b/src/plonk/prover.rs
@ -4,21 +4,23 @@ use anyhow::Result;
 use log::info;
 use rayon::prelude::*;
 use crate::circuit_data::{CommonCircuitData, ProverOnlyCircuitData};
 use crate::field::extension_field::Extendable;
-use crate::generator::generate_partial_witness;
+use crate::fri::commitment::PolynomialBatchCommitment;
-use crate::hash::hash_n_to_hash;
+use crate::hash::hash_types::HashOut;
-use crate::plonk_challenger::Challenger;
+use crate::hash::hashing::hash_n_to_hash;
-use crate::plonk_common::{PlonkPolynomials, ZeroPolyOnCoset};
+use crate::iop::challenger::Challenger;
-use crate::polynomial::commitment::ListPolynomialCommitment;
+use crate::iop::generator::generate_partial_witness;
 use crate::iop::witness::{PartialWitness, Witness};
 use crate::plonk::circuit_data::{CommonCircuitData, ProverOnlyCircuitData};
 use crate::plonk::plonk_common::PlonkPolynomials;
 use crate::plonk::plonk_common::ZeroPolyOnCoset;
 use crate::plonk::proof::{Proof, ProofWithPublicInputs};
 use crate::plonk::vanishing_poly::eval_vanishing_poly_base;
 use crate::plonk::vars::EvaluationVarsBase;
 use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues};
 use crate::proof::{Hash, Proof, ProofWithPublicInputs};
 use crate::timed;
 use crate::util::partial_products::partial_products;
 use crate::util::{log2_ceil, transpose};
 use crate::vanishing_poly::eval_vanishing_poly_base;
 use crate::vars::EvaluationVarsBase;
 use crate::witness::{PartialWitness, Witness};
 pub(crate) fn prove<F: Extendable<D>, const D: usize>(
    prover_data: &ProverOnlyCircuitData<F, D>,
@ -69,7 +71,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
    );
    let wires_commitment = timed!(
-        ListPolynomialCommitment::new(
+        PolynomialBatchCommitment::new(
            wires_values,
            config.rate_bits,
            config.zero_knowledge & PlonkPolynomials::WIRES.blinding
@ -106,7 +108,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
    let zs_partial_products = [plonk_z_vecs, partial_products.concat()].concat();
    let zs_partial_products_commitment = timed!(
-        ListPolynomialCommitment::new(
+        PolynomialBatchCommitment::new(
            zs_partial_products,
            config.rate_bits,
            config.zero_knowledge & PlonkPolynomials::ZS_PARTIAL_PRODUCTS.blinding
@ -150,7 +152,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
    );
    let quotient_polys_commitment = timed!(
-        ListPolynomialCommitment::new_from_polys(
+        PolynomialBatchCommitment::new_from_polys(
            all_quotient_poly_chunks,
            config.rate_bits,
            config.zero_knowledge & PlonkPolynomials::QUOTIENT.blinding
@ -163,7 +165,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
    let zeta = challenger.get_extension_challenge();
    let (opening_proof, openings) = timed!(
-        ListPolynomialCommitment::open_plonk(
+        PolynomialBatchCommitment::open_plonk(
            &[
                &prover_data.constants_sigmas_commitment,
                &wires_commitment,
@ -292,9 +294,9 @@ fn compute_z<F: Extendable<D>, const D: usize>(
 fn compute_quotient_polys<'a, F: Extendable<D>, const D: usize>(
    common_data: &CommonCircuitData<F, D>,
    prover_data: &'a ProverOnlyCircuitData<F, D>,
-    public_inputs_hash: &Hash<F>,
+    public_inputs_hash: &HashOut<F>,
-    wires_commitment: &'a ListPolynomialCommitment<F>,
+    wires_commitment: &'a PolynomialBatchCommitment<F>,
-    zs_partial_products_commitment: &'a ListPolynomialCommitment<F>,
+    zs_partial_products_commitment: &'a PolynomialBatchCommitment<F>,
    betas: &[F],
    gammas: &[F],
    alphas: &[F],
@ -318,7 +320,7 @@ fn compute_quotient_polys<'a, F: Extendable<D>, const D: usize>(
    let lde_size = points.len();
    // Retrieve the LDE values at index `i`.
-    let get_at_index = |comm: &'a ListPolynomialCommitment<F>, i: usize| -> &'a [F] {
+    let get_at_index = |comm: &'a PolynomialBatchCommitment<F>, i: usize| -> &'a [F] {
        comm.get_lde_values(i * step)
    };
--- a/src/plonk/recursive_verifier.rs
+++ b/src/plonk/recursive_verifier.rs
@ -1,11 +1,12 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::circuit_data::{CircuitConfig, CommonCircuitData, VerifierCircuitTarget};
 use crate::field::extension_field::Extendable;
-use crate::plonk_challenger::RecursiveChallenger;
+use crate::hash::hash_types::HashOutTarget;
-use crate::proof::{HashTarget, ProofWithPublicInputsTarget};
+use crate::iop::challenger::RecursiveChallenger;
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::plonk::circuit_data::{CircuitConfig, CommonCircuitData, VerifierCircuitTarget};
 use crate::plonk::proof::ProofWithPublicInputsTarget;
 use crate::plonk::vanishing_poly::eval_vanishing_poly_recursively;
 use crate::plonk::vars::EvaluationTargets;
 use crate::util::reducing::ReducingFactorTarget;
 use crate::vanishing_poly::eval_vanishing_poly_recursively;
 use crate::vars::EvaluationTargets;
 use crate::with_context;
 const MIN_WIRES: usize = 120; // TODO: Double check.
@ -37,7 +38,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        let (betas, gammas, alphas, zeta) =
            with_context!(self, "observe proof and generates challenges", {
                // Observe the instance.
-                let digest = HashTarget::from_vec(
+                let digest = HashOutTarget::from_vec(
                    self.constants(&inner_common_data.circuit_digest.elements),
                );
                challenger.observe_hash(&digest);
@ -130,16 +131,16 @@ mod tests {
    use super::*;
    use crate::field::crandall_field::CrandallField;
    use crate::fri::commitment::OpeningProofTarget;
    use crate::fri::proof::{
        FriInitialTreeProofTarget, FriProofTarget, FriQueryRoundTarget, FriQueryStepTarget,
    };
    use crate::fri::FriConfig;
    use crate::gadgets::polynomial::PolynomialCoeffsExtTarget;
-    use crate::merkle_proofs::MerkleProofTarget;
+    use crate::hash::merkle_proofs::MerkleProofTarget;
-    use crate::polynomial::commitment::OpeningProofTarget;
+    use crate::iop::witness::PartialWitness;
-    use crate::proof::{
+    use crate::plonk::proof::{OpeningSetTarget, Proof, ProofTarget, ProofWithPublicInputs};
-        FriInitialTreeProofTarget, FriProofTarget, FriQueryRoundTarget, FriQueryStepTarget,
+    use crate::plonk::verifier::verify;
        OpeningSetTarget, Proof, ProofTarget, ProofWithPublicInputs,
    };
    use crate::verifier::verify;
    use crate::witness::PartialWitness;
    // Construct a `FriQueryRoundTarget` with the same dimensions as the ones in `proof`.
    fn get_fri_query_round<F: Extendable<D>, const D: usize>(
--- a/src/plonk/vanishing_poly.rs
+++ b/src/plonk/vanishing_poly.rs
@ -1,15 +1,15 @@
 use crate::circuit_builder::CircuitBuilder;
 use crate::circuit_data::CommonCircuitData;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::gate::PrefixedGate;
-use crate::plonk_common;
+use crate::iop::target::Target;
-use crate::plonk_common::{eval_l_1_recursively, ZeroPolyOnCoset};
+use crate::plonk::circuit_builder::CircuitBuilder;
-use crate::target::Target;
+use crate::plonk::circuit_data::CommonCircuitData;
 use crate::plonk::plonk_common;
 use crate::plonk::plonk_common::{eval_l_1_recursively, ZeroPolyOnCoset};
 use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 use crate::util::partial_products::{check_partial_products, check_partial_products_recursively};
 use crate::util::reducing::ReducingFactorTarget;
 use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 use crate::with_context;
 /// Evaluate the vanishing polynomial at `x`. In this context, the vanishing polynomial is a random
--- a/src/plonk/vars.rs
+++ b/src/plonk/vars.rs
@ -4,21 +4,21 @@ use std::ops::Range;
 use crate::field::extension_field::algebra::ExtensionAlgebra;
 use crate::field::extension_field::target::{ExtensionAlgebraTarget, ExtensionTarget};
 use crate::field::extension_field::{Extendable, FieldExtension};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
-use crate::proof::{Hash, HashTarget};
+use crate::hash::hash_types::{HashOut, HashOutTarget};
 #[derive(Debug, Copy, Clone)]
 pub struct EvaluationVars<'a, F: Extendable<D>, const D: usize> {
    pub(crate) local_constants: &'a [F::Extension],
    pub(crate) local_wires: &'a [F::Extension],
-    pub(crate) public_inputs_hash: &'a Hash<F>,
+    pub(crate) public_inputs_hash: &'a HashOut<F>,
 }
 #[derive(Debug, Copy, Clone)]
 pub struct EvaluationVarsBase<'a, F: Field> {
    pub(crate) local_constants: &'a [F],
    pub(crate) local_wires: &'a [F],
-    pub(crate) public_inputs_hash: &'a Hash<F>,
+    pub(crate) public_inputs_hash: &'a HashOut<F>,
 }
 impl<'a, F: Extendable<D>, const D: usize> EvaluationVars<'a, F, D> {
@ -61,7 +61,7 @@ impl<'a, const D: usize> EvaluationTargets<'a, D> {
 pub struct EvaluationTargets<'a, const D: usize> {
    pub(crate) local_constants: &'a [ExtensionTarget<D>],
    pub(crate) local_wires: &'a [ExtensionTarget<D>],
-    pub(crate) public_inputs_hash: &'a HashTarget,
+    pub(crate) public_inputs_hash: &'a HashOutTarget,
 }
 impl<'a, const D: usize> EvaluationTargets<'a, D> {
--- a/src/plonk/verifier.rs
+++ b/src/plonk/verifier.rs
@ -1,14 +1,14 @@
 use anyhow::{ensure, Result};
 use crate::circuit_data::{CommonCircuitData, VerifierOnlyCircuitData};
 use crate::field::extension_field::Extendable;
-use crate::field::field::Field;
+use crate::field::field_types::Field;
-use crate::hash::hash_n_to_hash;
+use crate::hash::hashing::hash_n_to_hash;
-use crate::plonk_challenger::Challenger;
+use crate::iop::challenger::Challenger;
-use crate::plonk_common::reduce_with_powers;
+use crate::plonk::circuit_data::{CommonCircuitData, VerifierOnlyCircuitData};
-use crate::proof::ProofWithPublicInputs;
+use crate::plonk::plonk_common::reduce_with_powers;
-use crate::vanishing_poly::eval_vanishing_poly;
+use crate::plonk::proof::ProofWithPublicInputs;
-use crate::vars::EvaluationVars;
+use crate::plonk::vanishing_poly::eval_vanishing_poly;
 use crate::plonk::vars::EvaluationVars;
 pub(crate) fn verify<F: Extendable<D>, const D: usize>(
    proof_with_pis: ProofWithPublicInputs<F, D>,
--- a/src/polynomial/division.rs
+++ b/src/polynomial/division.rs
@ -1,5 +1,5 @@
 use crate::field::fft::{fft, ifft};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::polynomial::polynomial::PolynomialCoeffs;
 use crate::util::{log2_ceil, log2_strict};
@ -186,7 +186,7 @@ mod tests {
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
-    use crate::field::field::Field;
+    use crate::field::field_types::Field;
    use crate::polynomial::polynomial::PolynomialCoeffs;
    #[test]
--- a/src/polynomial/mod.rs
+++ b/src/polynomial/mod.rs
@ -1,3 +1,2 @@
 pub mod commitment;
 pub(crate) mod division;
 pub mod polynomial;
--- a/src/polynomial/polynomial.rs
+++ b/src/polynomial/polynomial.rs
@ -7,7 +7,7 @@ use serde::{Deserialize, Serialize};
 use crate::field::extension_field::Extendable;
 use crate::field::fft::{fft, fft_with_options, ifft};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::util::log2_strict;
 /// A polynomial in point-value form.
--- a/src/proof.rs
+++ b/src/proof.rs
@ -1,246 +0,0 @@
 use std::convert::TryInto;
 use serde::{Deserialize, Serialize};
 use crate::circuit_data::CommonCircuitData;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::field::field::Field;
 use crate::gadgets::polynomial::PolynomialCoeffsExtTarget;
 use crate::merkle_proofs::{MerkleProof, MerkleProofTarget};
 use crate::plonk_common::PolynomialsIndexBlinding;
 use crate::polynomial::commitment::{ListPolynomialCommitment, OpeningProof, OpeningProofTarget};
 use crate::polynomial::polynomial::PolynomialCoeffs;
 use crate::target::Target;
 /// Represents a ~256 bit hash output.
 #[derive(Copy, Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
 #[serde(bound = "")]
 pub struct Hash<F: Field> {
    pub(crate) elements: [F; 4],
 }
 impl<F: Field> Hash<F> {
    pub(crate) fn from_vec(elements: Vec<F>) -> Self {
        debug_assert!(elements.len() == 4);
        Self {
            elements: elements.try_into().unwrap(),
        }
    }
    pub(crate) fn from_partial(mut elements: Vec<F>) -> Self {
        debug_assert!(elements.len() <= 4);
        while elements.len() < 4 {
            elements.push(F::ZERO);
        }
        Self {
            elements: [elements[0], elements[1], elements[2], elements[3]],
        }
    }
    pub(crate) fn rand() -> Self {
        Self {
            elements: [F::rand(), F::rand(), F::rand(), F::rand()],
        }
    }
 }
 /// Represents a ~256 bit hash output.
 #[derive(Copy, Clone, Debug)]
 pub struct HashTarget {
    pub(crate) elements: [Target; 4],
 }
 impl HashTarget {
    pub(crate) fn from_vec(elements: Vec<Target>) -> Self {
        debug_assert!(elements.len() == 4);
        Self {
            elements: elements.try_into().unwrap(),
        }
    }
    pub(crate) fn from_partial(mut elements: Vec<Target>, zero: Target) -> Self {
        debug_assert!(elements.len() <= 4);
        while elements.len() < 4 {
            elements.push(zero);
        }
        Self {
            elements: [elements[0], elements[1], elements[2], elements[3]],
        }
    }
 }
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct Proof<F: Extendable<D>, const D: usize> {
    /// Merkle root of LDEs of wire values.
    pub wires_root: Hash<F>,
    /// Merkle root of LDEs of Z, in the context of Plonk's permutation argument.
    pub plonk_zs_partial_products_root: Hash<F>,
    /// Merkle root of LDEs of the quotient polynomial components.
    pub quotient_polys_root: Hash<F>,
    /// Purported values of each polynomial at the challenge point.
    pub openings: OpeningSet<F, D>,
    /// A FRI argument for each FRI query.
    pub opening_proof: OpeningProof<F, D>,
 }
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct ProofWithPublicInputs<F: Extendable<D>, const D: usize> {
    pub proof: Proof<F, D>,
    pub public_inputs: Vec<F>,
 }
 pub struct ProofTarget<const D: usize> {
    pub wires_root: HashTarget,
    pub plonk_zs_partial_products_root: HashTarget,
    pub quotient_polys_root: HashTarget,
    pub openings: OpeningSetTarget<D>,
    pub opening_proof: OpeningProofTarget<D>,
 }
 pub struct ProofWithPublicInputsTarget<const D: usize> {
    pub proof: ProofTarget<D>,
    pub public_inputs: Vec<Target>,
 }
 /// Evaluations and Merkle proof produced by the prover in a FRI query step.
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct FriQueryStep<F: Extendable<D>, const D: usize> {
    pub evals: Vec<F::Extension>,
    pub merkle_proof: MerkleProof<F>,
 }
 #[derive(Clone)]
 pub struct FriQueryStepTarget<const D: usize> {
    pub evals: Vec<ExtensionTarget<D>>,
    pub merkle_proof: MerkleProofTarget,
 }
 /// Evaluations and Merkle proofs of the original set of polynomials,
 /// before they are combined into a composition polynomial.
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct FriInitialTreeProof<F: Field> {
    pub evals_proofs: Vec<(Vec<F>, MerkleProof<F>)>,
 }
 impl<F: Field> FriInitialTreeProof<F> {
    pub(crate) fn unsalted_evals(
        &self,
        polynomials: PolynomialsIndexBlinding,
        zero_knowledge: bool,
    ) -> &[F] {
        let evals = &self.evals_proofs[polynomials.index].0;
        &evals[..evals.len() - polynomials.salt_size(zero_knowledge)]
    }
 }
 #[derive(Clone)]
 pub struct FriInitialTreeProofTarget {
    pub evals_proofs: Vec<(Vec<Target>, MerkleProofTarget)>,
 }
 impl FriInitialTreeProofTarget {
    pub(crate) fn unsalted_evals(
        &self,
        polynomials: PolynomialsIndexBlinding,
        zero_knowledge: bool,
    ) -> &[Target] {
        let evals = &self.evals_proofs[polynomials.index].0;
        &evals[..evals.len() - polynomials.salt_size(zero_knowledge)]
    }
 }
 /// Proof for a FRI query round.
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct FriQueryRound<F: Extendable<D>, const D: usize> {
    pub initial_trees_proof: FriInitialTreeProof<F>,
    pub steps: Vec<FriQueryStep<F, D>>,
 }
 #[derive(Clone)]
 pub struct FriQueryRoundTarget<const D: usize> {
    pub initial_trees_proof: FriInitialTreeProofTarget,
    pub steps: Vec<FriQueryStepTarget<D>>,
 }
 #[derive(Serialize, Deserialize, Clone, Debug)]
 #[serde(bound = "")]
 pub struct FriProof<F: Extendable<D>, const D: usize> {
    /// A Merkle root for each reduced polynomial in the commit phase.
    pub commit_phase_merkle_roots: Vec<Hash<F>>,
    /// Query rounds proofs
    pub query_round_proofs: Vec<FriQueryRound<F, D>>,
    /// The final polynomial in coefficient form.
    pub final_poly: PolynomialCoeffs<F::Extension>,
    /// Witness showing that the prover did PoW.
    pub pow_witness: F,
 }
 pub struct FriProofTarget<const D: usize> {
    pub commit_phase_merkle_roots: Vec<HashTarget>,
    pub query_round_proofs: Vec<FriQueryRoundTarget<D>>,
    pub final_poly: PolynomialCoeffsExtTarget<D>,
    pub pow_witness: Target,
 }
 #[derive(Clone, Debug, Serialize, Deserialize)]
 /// The purported values of each polynomial at a single point.
 pub struct OpeningSet<F: Extendable<D>, const D: usize> {
    pub constants: Vec<F::Extension>,
    pub plonk_sigmas: Vec<F::Extension>,
    pub wires: Vec<F::Extension>,
    pub plonk_zs: Vec<F::Extension>,
    pub plonk_zs_right: Vec<F::Extension>,
    pub partial_products: Vec<F::Extension>,
    pub quotient_polys: Vec<F::Extension>,
 }
 impl<F: Extendable<D>, const D: usize> OpeningSet<F, D> {
    pub fn new(
        z: F::Extension,
        g: F::Extension,
        constants_sigmas_commitment: &ListPolynomialCommitment<F>,
        wires_commitment: &ListPolynomialCommitment<F>,
        zs_partial_products_commitment: &ListPolynomialCommitment<F>,
        quotient_polys_commitment: &ListPolynomialCommitment<F>,
        common_data: &CommonCircuitData<F, D>,
    ) -> Self {
        let eval_commitment = |z: F::Extension, c: &ListPolynomialCommitment<F>| {
            c.polynomials
                .iter()
                .map(|p| p.to_extension().eval(z))
                .collect::<Vec<_>>()
        };
        let constants_sigmas_eval = eval_commitment(z, constants_sigmas_commitment);
        let zs_partial_products_eval = eval_commitment(z, zs_partial_products_commitment);
        Self {
            constants: constants_sigmas_eval[common_data.constants_range()].to_vec(),
            plonk_sigmas: constants_sigmas_eval[common_data.sigmas_range()].to_vec(),
            wires: eval_commitment(z, wires_commitment),
            plonk_zs: zs_partial_products_eval[common_data.zs_range()].to_vec(),
            plonk_zs_right: eval_commitment(g * z, zs_partial_products_commitment)
                [common_data.zs_range()]
            .to_vec(),
            partial_products: zs_partial_products_eval[common_data.partial_products_range()]
                .to_vec(),
            quotient_polys: eval_commitment(z, quotient_polys_commitment),
        }
    }
 }
 /// The purported values of each polynomial at a single point.
 #[derive(Clone, Debug)]
 pub struct OpeningSetTarget<const D: usize> {
    pub constants: Vec<ExtensionTarget<D>>,
    pub plonk_sigmas: Vec<ExtensionTarget<D>>,
    pub wires: Vec<ExtensionTarget<D>>,
    pub plonk_zs: Vec<ExtensionTarget<D>>,
    pub plonk_zs_right: Vec<ExtensionTarget<D>>,
    pub partial_products: Vec<ExtensionTarget<D>>,
    pub quotient_polys: Vec<ExtensionTarget<D>>,
 }
--- a/src/util/context_tree.rs
+++ b/src/util/context_tree.rs
--- a/src/util/marking.rs
+++ b/src/util/marking.rs
@ -1,15 +1,15 @@
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
-use crate::proof::HashTarget;
+use crate::hash::hash_types::HashOutTarget;
-use crate::target::Target;
+use crate::iop::target::Target;
-use crate::witness::PartialWitness;
+use crate::iop::witness::PartialWitness;
 /// Enum representing all types of targets, so that they can be marked.
 #[derive(Clone)]
 pub enum Markable<const D: usize> {
    Target(Target),
    ExtensionTarget(ExtensionTarget<D>),
-    HashTarget(HashTarget),
+    HashTarget(HashOutTarget),
    Vec(Vec<Markable<D>>),
 }
@ -23,8 +23,8 @@ impl<const D: usize> From<ExtensionTarget<D>> for Markable<D> {
        Self::ExtensionTarget(et)
    }
 }
-impl<const D: usize> From<HashTarget> for Markable<D> {
+impl<const D: usize> From<HashOutTarget> for Markable<D> {
-    fn from(ht: HashTarget) -> Self {
+    fn from(ht: HashOutTarget) -> Self {
        Self::HashTarget(ht)
    }
 }
--- a/src/util/mod.rs
+++ b/src/util/mod.rs
@ -1,11 +1,12 @@
-pub mod marking;
+use crate::field::field_types::Field;
 pub mod partial_products;
 pub mod reducing;
 pub(crate) mod timing;
 use crate::field::field::Field;
 use crate::polynomial::polynomial::PolynomialValues;
 pub(crate) mod context_tree;
 pub(crate) mod marking;
 pub(crate) mod partial_products;
 pub(crate) mod reducing;
 pub(crate) mod timing;
 pub(crate) fn bits_u64(n: u64) -> usize {
    (64 - n.leading_zeros()) as usize
 }
--- a/src/util/partial_products.rs
+++ b/src/util/partial_products.rs
@ -1,9 +1,9 @@
 use std::iter::Product;
 use std::ops::Sub;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::Extendable;
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::util::ceil_div_usize;
 /// Compute partial products of the original vector `v` such that all products consist of `max_degree`
--- a/src/util/reducing.rs
+++ b/src/util/reducing.rs
@ -2,14 +2,14 @@ use std::borrow::Borrow;
 use num::Integer;
 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::{Extendable, Frobenius};
-use crate::field::field::Field;
+use crate::field::field_types::Field;
 use crate::gates::arithmetic::ArithmeticExtensionGate;
 use crate::gates::reducing::ReducingGate;
 use crate::iop::target::Target;
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::polynomial::polynomial::PolynomialCoeffs;
 use crate::target::Target;
 /// When verifying the composition polynomial in FRI we have to compute sums of the form
 /// `(sum_0^k a^i * x_i)/d_0 + (sum_k^r a^i * y_i)/d_1`
@ -222,11 +222,11 @@ mod tests {
    use anyhow::Result;
    use super::*;
    use crate::circuit_data::CircuitConfig;
    use crate::field::crandall_field::CrandallField;
    use crate::field::extension_field::quartic::QuarticCrandallField;
-    use crate::verifier::verify;
+    use crate::iop::witness::PartialWitness;
-    use crate::witness::PartialWitness;
+    use crate::plonk::circuit_data::CircuitConfig;
    use crate::plonk::verifier::verify;
    fn test_reduce_gadget_base(n: usize) -> Result<()> {
        type F = CrandallField;