From 3859ca20905142c599e48baa066ea3bad240d6f2 Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Sat, 2 Oct 2021 10:46:02 +0200 Subject: [PATCH] PR comments --- src/fri/mod.rs | 6 ++++ src/fri/recursive_verifier.rs | 7 ++--- src/fri/verifier.rs | 6 ++-- src/plonk/circuit_builder.rs | 7 +---- src/plonk/circuit_data.rs | 4 +++ src/plonk/proof.rs | 8 ++--- src/plonk/recursive_verifier.rs | 10 ++---- src/util/serialization.rs | 56 +++++++++++++++------------------ 8 files changed, 49 insertions(+), 55 deletions(-) diff --git a/src/fri/mod.rs b/src/fri/mod.rs index 716260a3..5e8936fa 100644 --- a/src/fri/mod.rs +++ b/src/fri/mod.rs @@ -17,3 +17,9 @@ pub struct FriConfig { /// Number of query rounds to perform. pub num_query_rounds: usize, } + +impl FriConfig { + pub(crate) fn total_arities(&self) -> usize { + self.reduction_arity_bits.iter().sum() + } +} diff --git a/src/fri/recursive_verifier.rs b/src/fri/recursive_verifier.rs index 2c0d009f..142d1e24 100644 --- a/src/fri/recursive_verifier.rs +++ b/src/fri/recursive_verifier.rs @@ -81,15 +81,14 @@ impl, const D: usize> CircuitBuilder { common_data: &CommonCircuitData, ) { let config = &common_data.config; - let total_arities = config.fri_config.reduction_arity_bits.iter().sum::(); debug_assert_eq!( - common_data.degree_bits, - log2_strict(proof.final_poly.len()) + total_arities, + common_data.final_poly_len(), + proof.final_poly.len(), "Final polynomial has wrong degree." ); // Size of the LDE domain. - let n = proof.final_poly.len() << (total_arities + config.rate_bits); + let n = 1 << (common_data.degree_bits + config.rate_bits); challenger.observe_opening_set(os); diff --git a/src/fri/verifier.rs b/src/fri/verifier.rs index 6662830a..efbd733b 100644 --- a/src/fri/verifier.rs +++ b/src/fri/verifier.rs @@ -64,14 +64,14 @@ pub(crate) fn verify_fri_proof, const D: usize>( common_data: &CommonCircuitData, ) -> Result<()> { let config = &common_data.config; - let total_arities = config.fri_config.reduction_arity_bits.iter().sum::(); + let total_arities = config.fri_config.total_arities(); ensure!( - common_data.degree_bits == log2_strict(proof.final_poly.len()) + total_arities, + common_data.final_poly_len() == proof.final_poly.len(), "Final polynomial has wrong degree." ); // Size of the LDE domain. - let n = proof.final_poly.len() << (total_arities + config.rate_bits); + let n = 1 << (common_data.degree_bits + config.rate_bits); // Check PoW. fri_verify_proof_of_work(challenges.fri_pow_response, &config.fri_config)?; diff --git a/src/plonk/circuit_builder.rs b/src/plonk/circuit_builder.rs index 035a6d90..18f84681 100644 --- a/src/plonk/circuit_builder.rs +++ b/src/plonk/circuit_builder.rs @@ -579,12 +579,7 @@ impl, const D: usize> CircuitBuilder { info!("Degree after blinding & padding: {}", degree); let degree_bits = log2_strict(degree); assert!( - self.config - .fri_config - .reduction_arity_bits - .iter() - .sum::() - <= degree_bits, + self.config.fri_config.total_arities() <= degree_bits, "FRI total reduction arity is too large." ); diff --git a/src/plonk/circuit_data.rs b/src/plonk/circuit_data.rs index 644ab370..f8bb0b6a 100644 --- a/src/plonk/circuit_data.rs +++ b/src/plonk/circuit_data.rs @@ -252,6 +252,10 @@ impl, const D: usize> CommonCircuitData { pub fn partial_products_range(&self) -> RangeFrom { self.config.num_challenges.. } + + pub fn final_poly_len(&self) -> usize { + 1 << (self.degree_bits - self.config.fri_config.total_arities()) + } } /// The `Target` version of `VerifierCircuitData`, for use inside recursive circuits. Note that this diff --git a/src/plonk/proof.rs b/src/plonk/proof.rs index 8ee20bc7..d26e5fb1 100644 --- a/src/plonk/proof.rs +++ b/src/plonk/proof.rs @@ -10,7 +10,7 @@ use crate::hash::hash_types::{HashOut, MerkleCapTarget}; use crate::hash::hashing::hash_n_to_hash; use crate::hash::merkle_tree::MerkleCap; use crate::iop::target::Target; -use crate::plonk::circuit_data::{CircuitConfig, CommonCircuitData}; +use crate::plonk::circuit_data::CommonCircuitData; use crate::util::serialization::Buffer; #[derive(Serialize, Deserialize, Clone, Debug, Eq, PartialEq)] @@ -94,10 +94,9 @@ impl, const D: usize> ProofWithPublicInputs { pub fn from_bytes( bytes: Vec, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> anyhow::Result { let mut buffer = Buffer::new(bytes); - let proof = buffer.read_proof_with_public_inputs(common_data, config)?; + let proof = buffer.read_proof_with_public_inputs(common_data)?; Ok(proof) } } @@ -175,10 +174,9 @@ impl, const D: usize> CompressedProofWithPublicInpu pub fn from_bytes( bytes: Vec, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> anyhow::Result { let mut buffer = Buffer::new(bytes); - let proof = buffer.read_compressed_proof_with_public_inputs(common_data, config)?; + let proof = buffer.read_compressed_proof_with_public_inputs(common_data)?; Ok(proof) } } diff --git a/src/plonk/recursive_verifier.rs b/src/plonk/recursive_verifier.rs index a2351700..5a485495 100644 --- a/src/plonk/recursive_verifier.rs +++ b/src/plonk/recursive_verifier.rs @@ -486,8 +486,7 @@ mod tests { let recursive_proof = data.prove(pw)?; let proof_bytes = recursive_proof.to_bytes()?; info!("Proof length: {} bytes", proof_bytes.len()); - let proof_from_bytes = - ProofWithPublicInputs::from_bytes(proof_bytes, &data.common, &config)?; + let proof_from_bytes = ProofWithPublicInputs::from_bytes(proof_bytes, &data.common)?; assert_eq!(recursive_proof, proof_from_bytes); let now = std::time::Instant::now(); let compressed_recursive_proof = recursive_proof.clone().compress(&data.common)?; @@ -497,11 +496,8 @@ mod tests { "Compressed proof length: {} bytes", compressed_proof_bytes.len() ); - let compressed_proof_from_bytes = CompressedProofWithPublicInputs::from_bytes( - compressed_proof_bytes, - &data.common, - &config, - )?; + let compressed_proof_from_bytes = + CompressedProofWithPublicInputs::from_bytes(compressed_proof_bytes, &data.common)?; assert_eq!(compressed_recursive_proof, compressed_proof_from_bytes); verify(recursive_proof, &data.verifier_only, &data.common) } diff --git a/src/util/serialization.rs b/src/util/serialization.rs index bfc0473e..b3737363 100644 --- a/src/util/serialization.rs +++ b/src/util/serialization.rs @@ -13,7 +13,7 @@ use crate::fri::proof::{ use crate::hash::hash_types::HashOut; use crate::hash::merkle_proofs::MerkleProof; use crate::hash::merkle_tree::MerkleCap; -use crate::plonk::circuit_data::{CircuitConfig, CommonCircuitData}; +use crate::plonk::circuit_data::CommonCircuitData; use crate::plonk::proof::{ CompressedProof, CompressedProofWithPublicInputs, OpeningSet, Proof, ProofWithPublicInputs, }; @@ -154,8 +154,8 @@ impl Buffer { fn read_opening_set, const D: usize>( &mut self, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> Result> { + let config = &common_data.config; let constants = self.read_field_ext_vec::(common_data.num_constants)?; let plonk_sigmas = self.read_field_ext_vec::(config.num_routed_wires)?; let wires = self.read_field_ext_vec::(config.num_wires)?; @@ -212,8 +212,8 @@ impl Buffer { fn read_fri_initial_proof, const D: usize>( &mut self, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> Result> { + let config = &common_data.config; let mut evals_proofs = Vec::with_capacity(4); let constants_sigmas_v = @@ -272,11 +272,11 @@ impl Buffer { fn read_fri_query_rounds, const D: usize>( &mut self, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> Result>> { + let config = &common_data.config; let mut fqrs = Vec::with_capacity(config.fri_config.num_query_rounds); for _ in 0..config.fri_config.num_query_rounds { - let initial_trees_proof = self.read_fri_initial_proof(common_data, config)?; + let initial_trees_proof = self.read_fri_initial_proof(common_data)?; let steps = config .fri_config .reduction_arity_bits @@ -305,16 +305,14 @@ impl Buffer { fn read_fri_proof, const D: usize>( &mut self, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> Result> { + let config = &common_data.config; let commit_phase_merkle_caps = (0..config.fri_config.reduction_arity_bits.len()) .map(|_| self.read_merkle_cap(config.cap_height)) .collect::>>()?; - let query_round_proofs = self.read_fri_query_rounds(common_data, config)?; - let final_poly = PolynomialCoeffs::new(self.read_field_ext_vec::( - 1 << (common_data.degree_bits - - config.fri_config.reduction_arity_bits.iter().sum::()), - )?); + let query_round_proofs = self.read_fri_query_rounds(common_data)?; + let final_poly = + PolynomialCoeffs::new(self.read_field_ext_vec::(common_data.final_poly_len())?); let pow_witness = self.read_field()?; Ok(FriProof { commit_phase_merkle_caps, @@ -337,13 +335,13 @@ impl Buffer { pub fn read_proof, const D: usize>( &mut self, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> Result> { + let config = &common_data.config; let wires_cap = self.read_merkle_cap(config.cap_height)?; let plonk_zs_partial_products_cap = self.read_merkle_cap(config.cap_height)?; let quotient_polys_cap = self.read_merkle_cap(config.cap_height)?; - let openings = self.read_opening_set(common_data, config)?; - let opening_proof = self.read_fri_proof(common_data, config)?; + let openings = self.read_opening_set(common_data)?; + let opening_proof = self.read_fri_proof(common_data)?; Ok(Proof { wires_cap, @@ -368,10 +366,11 @@ impl Buffer { pub fn read_proof_with_public_inputs, const D: usize>( &mut self, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> Result> { - let proof = self.read_proof(common_data, config)?; - let public_inputs = self.read_field_vec(self.len() - self.0.position() as usize)?; + let proof = self.read_proof(common_data)?; + let public_inputs = self.read_field_vec( + (self.len() - self.0.position() as usize) / std::mem::size_of::(), + )?; Ok(ProofWithPublicInputs { proof, @@ -404,8 +403,8 @@ impl Buffer { fn read_compressed_fri_query_rounds, const D: usize>( &mut self, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> Result> { + let config = &common_data.config; let original_indices = (0..config.fri_config.num_query_rounds) .map(|_| self.read_u32().map(|i| i as usize)) .collect::>>()?; @@ -414,7 +413,7 @@ impl Buffer { indices.dedup(); let mut pairs = Vec::new(); for &i in &indices { - pairs.push((i, self.read_fri_initial_proof(common_data, config)?)); + pairs.push((i, self.read_fri_initial_proof(common_data)?)); } let initial_trees_proofs = HashMap::from_iter(pairs); @@ -457,16 +456,14 @@ impl Buffer { fn read_compressed_fri_proof, const D: usize>( &mut self, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> Result> { + let config = &common_data.config; let commit_phase_merkle_caps = (0..config.fri_config.reduction_arity_bits.len()) .map(|_| self.read_merkle_cap(config.cap_height)) .collect::>>()?; - let query_round_proofs = self.read_compressed_fri_query_rounds(common_data, config)?; - let final_poly = PolynomialCoeffs::new(self.read_field_ext_vec::( - 1 << (common_data.degree_bits - - config.fri_config.reduction_arity_bits.iter().sum::()), - )?); + let query_round_proofs = self.read_compressed_fri_query_rounds(common_data)?; + let final_poly = + PolynomialCoeffs::new(self.read_field_ext_vec::(common_data.final_poly_len())?); let pow_witness = self.read_field()?; Ok(CompressedFriProof { commit_phase_merkle_caps, @@ -489,13 +486,13 @@ impl Buffer { pub fn read_compressed_proof, const D: usize>( &mut self, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> Result> { + let config = &common_data.config; let wires_cap = self.read_merkle_cap(config.cap_height)?; let plonk_zs_partial_products_cap = self.read_merkle_cap(config.cap_height)?; let quotient_polys_cap = self.read_merkle_cap(config.cap_height)?; - let openings = self.read_opening_set(common_data, config)?; - let opening_proof = self.read_compressed_fri_proof(common_data, config)?; + let openings = self.read_opening_set(common_data)?; + let opening_proof = self.read_compressed_fri_proof(common_data)?; Ok(CompressedProof { wires_cap, @@ -526,9 +523,8 @@ impl Buffer { >( &mut self, common_data: &CommonCircuitData, - config: &CircuitConfig, ) -> Result> { - let proof = self.read_compressed_proof(common_data, config)?; + let proof = self.read_compressed_proof(common_data)?; let public_inputs = self.read_field_vec(self.len() - self.0.position() as usize)?; Ok(CompressedProofWithPublicInputs {