diff --git a/plonky2/src/iop/witness.rs b/plonky2/src/iop/witness.rs index 29ad513e..efe4d911 100644 --- a/plonky2/src/iop/witness.rs +++ b/plonky2/src/iop/witness.rs @@ -1,9 +1,11 @@ use std::collections::HashMap; +use itertools::Itertools; use num::{BigUint, FromPrimitive, Zero}; use plonky2_field::extension_field::{Extendable, FieldExtension}; use plonky2_field::field_types::Field; +use crate::fri::proof::{FriProof, FriProofTarget}; use crate::gadgets::arithmetic_u32::U32Target; use crate::gadgets::biguint::BigUintTarget; use crate::gadgets::nonnative::NonNativeTarget; @@ -14,7 +16,8 @@ use crate::hash::merkle_tree::MerkleCap; use crate::iop::ext_target::ExtensionTarget; use crate::iop::target::{BoolTarget, Target}; use crate::iop::wire::Wire; -use crate::plonk::config::AlgebraicHasher; +use crate::plonk::config::{AlgebraicHasher, GenericConfig}; +use crate::plonk::proof::{Proof, ProofTarget, ProofWithPublicInputs, ProofWithPublicInputsTarget}; /// A witness holds information on the values of targets in a circuit. pub trait Witness { @@ -155,6 +158,171 @@ pub trait Witness { } } + /// Set the targets in a `ProofWithPublicInputsTarget` to their corresponding values in a + /// `ProofWithPublicInputs`. + fn set_proof_with_pis_target, const D: usize>( + &mut self, + proof_with_pis: &ProofWithPublicInputs, + proof_with_pis_target: &ProofWithPublicInputsTarget, + ) where + F: RichField + Extendable, + C::Hasher: AlgebraicHasher, + { + let ProofWithPublicInputs { + proof, + public_inputs, + } = proof_with_pis; + let ProofWithPublicInputsTarget { + proof: pt, + public_inputs: pi_targets, + } = proof_with_pis_target; + + // Set public inputs. + for (&pi_t, &pi) in pi_targets.iter().zip_eq(public_inputs) { + self.set_target(pi_t, pi); + } + + self.set_proof_target(proof, pt); + } + + /// Set the targets in a `ProofTarget` to their corresponding values in a `Proof`. + fn set_proof_target, const D: usize>( + &mut self, + proof: &Proof, + proof_target: &ProofTarget, + ) where + F: RichField + Extendable, + C::Hasher: AlgebraicHasher, + { + self.set_cap_target(&proof_target.wires_cap, &proof.wires_cap); + self.set_cap_target( + &proof_target.plonk_zs_partial_products_cap, + &proof.plonk_zs_partial_products_cap, + ); + self.set_cap_target(&proof_target.quotient_polys_cap, &proof.quotient_polys_cap); + + for (&t, &x) in proof_target + .openings + .wires + .iter() + .zip_eq(&proof.openings.wires) + { + self.set_extension_target(t, x); + } + for (&t, &x) in proof_target + .openings + .constants + .iter() + .zip_eq(&proof.openings.constants) + { + self.set_extension_target(t, x); + } + for (&t, &x) in proof_target + .openings + .plonk_sigmas + .iter() + .zip_eq(&proof.openings.plonk_sigmas) + { + self.set_extension_target(t, x); + } + for (&t, &x) in proof_target + .openings + .plonk_zs + .iter() + .zip_eq(&proof.openings.plonk_zs) + { + self.set_extension_target(t, x); + } + for (&t, &x) in proof_target + .openings + .plonk_zs_right + .iter() + .zip_eq(&proof.openings.plonk_zs_right) + { + self.set_extension_target(t, x); + } + for (&t, &x) in proof_target + .openings + .partial_products + .iter() + .zip_eq(&proof.openings.partial_products) + { + self.set_extension_target(t, x); + } + for (&t, &x) in proof_target + .openings + .quotient_polys + .iter() + .zip_eq(&proof.openings.quotient_polys) + { + self.set_extension_target(t, x); + } + + self.set_fri_proof_target(&proof.opening_proof, &proof_target.opening_proof); + } + + /// Set the targets in a `FriProofTarget` to their corresponding values in a `FriProof`. + fn set_fri_proof_target, const D: usize>( + &mut self, + fri_proof: &FriProof, + fri_proof_target: &FriProofTarget, + ) where + F: RichField + Extendable, + { + self.set_target(fri_proof_target.pow_witness, fri_proof.pow_witness); + + for (&t, &x) in fri_proof_target + .final_poly + .0 + .iter() + .zip_eq(&fri_proof.final_poly.coeffs) + { + self.set_extension_target(t, x); + } + + for (t, x) in fri_proof_target + .commit_phase_merkle_caps + .iter() + .zip_eq(&fri_proof.commit_phase_merkle_caps) + { + self.set_cap_target(t, x); + } + + for (qt, q) in fri_proof_target + .query_round_proofs + .iter() + .zip_eq(&fri_proof.query_round_proofs) + { + for (at, a) in qt + .initial_trees_proof + .evals_proofs + .iter() + .zip_eq(&q.initial_trees_proof.evals_proofs) + { + for (&t, &x) in at.0.iter().zip_eq(&a.0) { + self.set_target(t, x); + } + for (&t, &x) in at.1.siblings.iter().zip_eq(&a.1.siblings) { + self.set_hash_target(t, x); + } + } + + for (st, s) in qt.steps.iter().zip_eq(&q.steps) { + for (&t, &x) in st.evals.iter().zip_eq(&s.evals) { + self.set_extension_target(t, x); + } + for (&t, &x) in st + .merkle_proof + .siblings + .iter() + .zip_eq(&s.merkle_proof.siblings) + { + self.set_hash_target(t, x); + } + } + } + } + fn set_wire(&mut self, wire: Wire, value: F) { self.set_target(Target::Wire(wire), value) } diff --git a/plonky2/src/plonk/recursive_verifier.rs b/plonky2/src/plonk/recursive_verifier.rs index 6b3b6b0c..fbe1ad53 100644 --- a/plonky2/src/plonk/recursive_verifier.rs +++ b/plonky2/src/plonk/recursive_verifier.rs @@ -204,7 +204,6 @@ impl, const D: usize> CircuitBuilder { #[cfg(test)] mod tests { use anyhow::Result; - use itertools::Itertools; use log::{info, Level}; use super::*; @@ -220,134 +219,6 @@ mod tests { use crate::plonk::prover::prove; use crate::util::timing::TimingTree; - // Set the targets in a `ProofTarget` to their corresponding values in a `Proof`. - fn set_proof_target, C: GenericConfig, const D: usize>( - proof: &ProofWithPublicInputs, - pt: &ProofWithPublicInputsTarget, - pw: &mut PartialWitness, - ) where - C::Hasher: AlgebraicHasher, - { - let ProofWithPublicInputs { - proof, - public_inputs, - } = proof; - let ProofWithPublicInputsTarget { - proof: pt, - public_inputs: pi_targets, - } = pt; - - // Set public inputs. - for (&pi_t, &pi) in pi_targets.iter().zip_eq(public_inputs) { - pw.set_target(pi_t, pi); - } - - pw.set_cap_target(&pt.wires_cap, &proof.wires_cap); - pw.set_cap_target( - &pt.plonk_zs_partial_products_cap, - &proof.plonk_zs_partial_products_cap, - ); - pw.set_cap_target(&pt.quotient_polys_cap, &proof.quotient_polys_cap); - - for (&t, &x) in pt.openings.wires.iter().zip_eq(&proof.openings.wires) { - pw.set_extension_target(t, x); - } - for (&t, &x) in pt - .openings - .constants - .iter() - .zip_eq(&proof.openings.constants) - { - pw.set_extension_target(t, x); - } - for (&t, &x) in pt - .openings - .plonk_sigmas - .iter() - .zip_eq(&proof.openings.plonk_sigmas) - { - pw.set_extension_target(t, x); - } - for (&t, &x) in pt.openings.plonk_zs.iter().zip_eq(&proof.openings.plonk_zs) { - pw.set_extension_target(t, x); - } - for (&t, &x) in pt - .openings - .plonk_zs_right - .iter() - .zip_eq(&proof.openings.plonk_zs_right) - { - pw.set_extension_target(t, x); - } - for (&t, &x) in pt - .openings - .partial_products - .iter() - .zip_eq(&proof.openings.partial_products) - { - pw.set_extension_target(t, x); - } - for (&t, &x) in pt - .openings - .quotient_polys - .iter() - .zip_eq(&proof.openings.quotient_polys) - { - pw.set_extension_target(t, x); - } - - let fri_proof = &proof.opening_proof; - let fpt = &pt.opening_proof; - - pw.set_target(fpt.pow_witness, fri_proof.pow_witness); - - for (&t, &x) in fpt.final_poly.0.iter().zip_eq(&fri_proof.final_poly.coeffs) { - pw.set_extension_target(t, x); - } - - for (t, x) in fpt - .commit_phase_merkle_caps - .iter() - .zip_eq(&fri_proof.commit_phase_merkle_caps) - { - pw.set_cap_target(t, x); - } - - for (qt, q) in fpt - .query_round_proofs - .iter() - .zip_eq(&fri_proof.query_round_proofs) - { - for (at, a) in qt - .initial_trees_proof - .evals_proofs - .iter() - .zip_eq(&q.initial_trees_proof.evals_proofs) - { - for (&t, &x) in at.0.iter().zip_eq(&a.0) { - pw.set_target(t, x); - } - for (&t, &x) in at.1.siblings.iter().zip_eq(&a.1.siblings) { - pw.set_hash_target(t, x); - } - } - - for (st, s) in qt.steps.iter().zip_eq(&q.steps) { - for (&t, &x) in st.evals.iter().zip_eq(&s.evals) { - pw.set_extension_target(t, x); - } - for (&t, &x) in st - .merkle_proof - .siblings - .iter() - .zip_eq(&s.merkle_proof.siblings) - { - pw.set_hash_target(t, x); - } - } - } - } - #[test] #[ignore] fn test_recursive_verifier() -> Result<()> { @@ -554,7 +425,7 @@ mod tests { let mut builder = CircuitBuilder::::new(config.clone()); let mut pw = PartialWitness::new(); let pt = builder.add_virtual_proof_with_pis(&inner_cd); - set_proof_target(&inner_proof, &pt, &mut pw); + pw.set_proof_with_pis_target(&inner_proof, &pt); let inner_data = VerifierCircuitTarget { constants_sigmas_cap: builder.add_virtual_cap(inner_config.fri_config.cap_height),