Merge branch 'main' into codex

LICENSE-APACHE

@@ -186,7 +186,7 @@ APPENDIX: How to apply the Apache License to your work.
    same "printed page" as the copyright notice for easier
    identification within third-party archives.
 
-Copyright [yyyy] [name of copyright owner]
+Copyright [2022-2025] The Plonky2 Authors
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

LICENSE-MIT

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2022 The Plonky2 Authors
+Copyright (c) 2022-2025 The Plonky2 Authors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

README.md

@@ -102,7 +102,10 @@ at your option.
 
 ## Security
 
-This code has not yet been audited, and should not be used in any production systems.
+This code has been audited prior to the `v1.0.0` release. The audits reports and findings are available in the [audits](./audits/) folder of this repository.
+An audited codebase isn't necessarily free of bugs and security exploits, hence we recommend care when using `plonky2` in production settings.
+
+If you find a security issue in the codebase, please refer to our [Security guidelines](./SECURITY.md) for private disclosure.
 
 While Plonky2 is configurable, its defaults generally target 100 bits of security. The default FRI configuration targets 100 bits of *conjectured* security based on the conjecture in [ethSTARK](https://eprint.iacr.org/2021/582).
 
@@ -111,12 +114,7 @@ Plonky2's default hash function is Poseidon, configured with 8 full rounds, 22 p
 
 ## Links
 
-#### Actively maintained
-
 - [Polygon Zero's zkEVM](https://github.com/0xPolygonZero/zk_evm), an efficient Type 1 zkEVM built on top of Starky and plonky2
-
-#### No longer maintained
-
 - [System Zero](https://github.com/0xPolygonZero/system-zero), a zkVM built on top of Starky
 - [Waksman](https://github.com/0xPolygonZero/plonky2-waksman), Plonky2 gadgets for permutation checking using Waksman networks
 - [Insertion](https://github.com/0xPolygonZero/plonky2-insertion), Plonky2 gadgets for insertion into a list

SECURITY.md

@@ -1,5 +1,11 @@
 # Polygon Technology Security Information
 
+For findings related to plonky2 repository, please contact us with relevant information privately 
+through our security contact details: security@polygon.technology.
+
+Depending on the severity of the findings, the team may reserve the rights to keep the information private
+while addressing it internally, and disclose it along a new release after having informed relevant parties.
+
 ## Link to vulnerability disclosure details (Bug Bounty).
 - Websites and Applications: https://hackerone.com/polygon-technology
 - Smart Contracts: https://immunefi.com/bounty/polygon

field/src/fft.rs

@@ -222,7 +222,7 @@ mod tests {
         // "random", the last degree_padded-degree of them are zero.
         let coeffs = (0..degree)
             .map(|i| F::from_canonical_usize(i * 1337 % 100))
-            .chain(core::iter::repeat(F::ZERO).take(degree_padded - degree))
+            .chain(core::iter::repeat_n(F::ZERO, degree_padded - degree))
             .collect::<Vec<_>>();
         assert_eq!(coeffs.len(), degree_padded);
         let coefficients = PolynomialCoeffs { coeffs };

field/src/prime_field_testing.rs

@@ -160,7 +160,7 @@ macro_rules! test_prime_field_arithmetic {
             fn subtraction_double_wraparound() {
                 type F = $field;
 
-                let (a, b) = (F::from_canonical_u64((F::ORDER + 1u64) / 2u64), F::TWO);
+                let (a, b) = (F::from_canonical_u64(F::ORDER.div_ceil(2u64)), F::TWO);
                 let x = a * b;
                 assert_eq!(x, F::ONE);
                 assert_eq!(F::ZERO - x, F::NEG_ONE);

plonky2/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "plonky2"
 description = "Recursive SNARKs based on PLONK and FRI"
-version = "1.0.1"
+version = "1.0.2"
 authors = ["Daniel Lubarov <daniel@lubarov.com>", "William Borgeaud <williamborgeaud@gmail.com>", "Nicholas Ward <npward@berkeley.edu>"]
 readme = "README.md"
 edition.workspace = true

plonky2/src/plonk/prover.rs

@@ -100,7 +100,6 @@ pub fn set_lookup_wires<
             multiplicities[0] += 1;
         }
 
-        // We don't need to pad the last `LookupTableGate`; extra wires are set to 0 by default, which satisfies the constraints.
         for lut_entry in 0..lut_len {
             let row = first_lut_gate - lut_entry / num_lut_entries;
             let col = lut_entry % num_lut_entries;

plonky2/src/plonk/vanishing_poly.rs

@@ -36,8 +36,8 @@ pub(crate) fn get_lut_poly<F: RichField + Extendable<D>, const D: usize>(
     let b = deltas[LookupChallenges::ChallengeB as usize];
     let mut coeffs = Vec::with_capacity(common_data.luts[lut_index].len());
     let n = common_data.luts[lut_index].len();
-    let nb_padded_elts = LookupTableGate::num_slots(&common_data.config)
-        - n % LookupTableGate::num_slots(&common_data.config);
+    let nb_slots = LookupTableGate::num_slots(&common_data.config);
+    let nb_padded_elts = (nb_slots - n % nb_slots) % nb_slots;
     let (padding_inp, padding_out) = common_data.luts[lut_index][0];
     for (input, output) in common_data.luts[lut_index].iter() {
         coeffs.push(F::from_canonical_u16(*input) + b * F::from_canonical_u16(*output));
@@ -763,8 +763,8 @@ pub(crate) fn get_lut_poly_circuit<F: RichField + Extendable<D>, const D: usize>
     let b = deltas[LookupChallenges::ChallengeB as usize];
     let delta = deltas[LookupChallenges::ChallengeDelta as usize];
     let n = common_data.luts[lut_index].len();
-    let nb_padded_elts = LookupTableGate::num_slots(&common_data.config)
-        - n % LookupTableGate::num_slots(&common_data.config);
+    let nb_slots = LookupTableGate::num_slots(&common_data.config);
+    let nb_padded_elts = (nb_slots - n % nb_slots) % nb_slots;
     let (padding_inp, padding_out) = common_data.luts[lut_index][0];
     let mut coeffs: Vec<Target> = common_data.luts[lut_index]
         .iter()

starky/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "starky"
 description = "Implementation of STARKs"
-version = "1.0.1"
+version = "1.0.2"
 authors = ["Daniel Lubarov <daniel@lubarov.com>", "William Borgeaud <williamborgeaud@gmail.com>"]
 readme = "README.md"
 edition.workspace = true
@@ -27,7 +27,7 @@ serde = { workspace = true, features = ["rc"] }
 num-bigint = { version = "0.4.3", default-features = false }
 
 # Local dependencies
-plonky2 = { version = "1.0.1", path = "../plonky2", default-features = false }
+plonky2 = { version = "1.0.2", path = "../plonky2", default-features = false }
 plonky2_maybe_rayon = { version = "1.0.0", path = "../maybe_rayon", default-features = false }
 plonky2_util = { version = "1.0.0", path = "../util", default-features = false }