From 59410447bfa61c07cf0c6045ef7601cf16ff09fe Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Thu, 1 Jul 2021 15:41:01 +0200 Subject: [PATCH] Add lengths to `CommonData` --- src/circuit_builder.rs | 5 +++++ src/circuit_data.rs | 4 ++++ src/plonk_common.rs | 28 ++++------------------------ src/polynomial/commitment.rs | 1 + src/prover.rs | 12 ++++++------ src/util/partial_products.rs | 28 ++++++++++++++++++++++------ 6 files changed, 42 insertions(+), 36 deletions(-) diff --git a/src/circuit_builder.rs b/src/circuit_builder.rs index 912fb146..748d937c 100644 --- a/src/circuit_builder.rs +++ b/src/circuit_builder.rs @@ -21,6 +21,7 @@ use crate::plonk_common::PlonkPolynomials; use crate::polynomial::commitment::ListPolynomialCommitment; use crate::polynomial::polynomial::PolynomialValues; use crate::target::Target; +use crate::util::partial_products::num_partial_products; use crate::util::{log2_ceil, log2_strict, transpose, transpose_poly_values}; use crate::wire::Wire; @@ -434,6 +435,9 @@ impl, const D: usize> CircuitBuilder { .max() .expect("No gates?"); + let num_partial_products = + num_partial_products(self.config.num_routed_wires, max_filtered_constraint_degree); + // TODO: This should also include an encoding of gate constraints. let circuit_digest_parts = [ constants_sigmas_root.elements.to_vec(), @@ -449,6 +453,7 @@ impl, const D: usize> CircuitBuilder { num_gate_constraints, num_constants, k_is, + num_partial_products, circuit_digest, }; diff --git a/src/circuit_data.rs b/src/circuit_data.rs index 9741bdc4..0e48b171 100644 --- a/src/circuit_data.rs +++ b/src/circuit_data.rs @@ -157,6 +157,10 @@ pub struct CommonCircuitData, const D: usize> { /// The `{k_i}` valued used in `S_ID_i` in Plonk's permutation argument. pub(crate) k_is: Vec, + /// The number of partial products needed to compute the `Z` polynomials, as well as the number + /// of partial products needed to compute the last product. + pub(crate) num_partial_products: (usize, usize), + /// A digest of the "circuit" (i.e. the instance, minus public inputs), which can be used to /// seed Fiat-Shamir. pub(crate) circuit_digest: Hash, diff --git a/src/plonk_common.rs b/src/plonk_common.rs index b1910175..4b593b75 100644 --- a/src/plonk_common.rs +++ b/src/plonk_common.rs @@ -155,26 +155,8 @@ pub(crate) fn eval_vanishing_poly_base, const D: usize>( wire_value + betas[i] * s_sigma + gammas[i] }) .collect::>(); - let numerator_partial_products = partial_products(&numerator_values, max_degree); - let denominator_partial_products = partial_products(&denominator_values, max_degree); - let num_prods = numerator_partial_products.0.len(); - // dbg!(numerator_partial_products - // .0 - // .iter() - // .chain(&denominator_partial_products.0) - // .zip(&local_partial_products[i * num_prods..(i + 1) * num_prods]) - // .map(|(&a, &b)| a - b) - // .collect::>(),); - // vanishing_partial_products_terms.append( - // &mut numerator_partial_products - // .0 - // .into_iter() - // .chain(denominator_partial_products.0) - // .zip(&local_partial_products[i * num_prods..(i + 1) * num_prods]) - // .map(|(a, &b)| a - b) - // .collect::>(), - // ); + let (num_prods, final_num_prod) = common_data.num_partial_products; vanishing_partial_products_terms.extend(check_partial_products( &numerator_values, &local_partial_products[2 * i * num_prods..(2 * i + 1) * num_prods], @@ -185,16 +167,14 @@ pub(crate) fn eval_vanishing_poly_base, const D: usize>( &local_partial_products[(2 * i + 1) * num_prods..(2 * i + 2) * num_prods], max_degree, )); - // dbg!(common_data.max_filtered_constraint_degree); - // dbg!(numerator_partial_products.1.len()); - // dbg!(denominator_partial_products.1.len()); + let f_prime: F = local_partial_products - [(2 * i + 1) * num_prods - numerator_partial_products.1..(2 * i + 1) * num_prods] + [(2 * i + 1) * num_prods - final_num_prod..(2 * i + 1) * num_prods] .iter() .copied() .product(); let g_prime: F = local_partial_products - [(2 * i + 2) * num_prods - numerator_partial_products.1..(2 * i + 2) * num_prods] + [(2 * i + 2) * num_prods - final_num_prod..(2 * i + 2) * num_prods] .iter() .copied() .product(); diff --git a/src/polynomial/commitment.rs b/src/polynomial/commitment.rs index 9bd3905b..0b9de2a5 100644 --- a/src/polynomial/commitment.rs +++ b/src/polynomial/commitment.rs @@ -331,6 +331,7 @@ mod tests { num_gate_constraints: 0, num_constants: 4, k_is: vec![F::ONE; 6], + num_partial_products: (0, 0), circuit_digest: Hash::from_partial(vec![]), }; diff --git a/src/prover.rs b/src/prover.rs index fd0a093d..8aa1d979 100644 --- a/src/prover.rs +++ b/src/prover.rs @@ -232,13 +232,13 @@ fn wires_permutation_partial_products, const D: usize>( .collect::>(); let numerator_partials = partial_products(&numerator_values, degree); let denominator_partials = partial_products(&denominator_values, degree); - let numerator = numerator_partials.0 - [numerator_partials.0.len() - numerator_partials.1..] + let numerator = numerator_partials + [common_data.num_partial_products.0 - common_data.num_partial_products.1..] .iter() .copied() .product(); - let denominator = denominator_partials.0 - [denominator_partials.0.len() - denominator_partials.1..] + let denominator = denominator_partials + [common_data.num_partial_products.0 - common_data.num_partial_products.1..] .iter() .copied() .product(); @@ -246,8 +246,8 @@ fn wires_permutation_partial_products, const D: usize>( [ vec![numerator], vec![denominator], - numerator_partials.0, - denominator_partials.0, + numerator_partials, + denominator_partials, ] .concat() }) diff --git a/src/util/partial_products.rs b/src/util/partial_products.rs index c5426eea..2d9d33e2 100644 --- a/src/util/partial_products.rs +++ b/src/util/partial_products.rs @@ -1,7 +1,9 @@ use std::iter::Product; use std::ops::Sub; -pub fn partial_products(v: &[T], max_degree: usize) -> (Vec, usize) { +use crate::util::ceil_div_usize; + +pub fn partial_products(v: &[T], max_degree: usize) -> Vec { let mut res = Vec::new(); let mut remainder = v.to_vec(); while remainder.len() >= max_degree { @@ -14,7 +16,19 @@ pub fn partial_products(v: &[T], max_degree: usize) -> (Vec (usize, usize) { + let mut res = 0; + let mut remainder = n; + while remainder >= max_degree { + let new_partials_len = ceil_div_usize(remainder, max_degree); + res += new_partials_len; + remainder = new_partials_len; + } + + (res, remainder) } pub fn check_partial_products>( @@ -47,15 +61,17 @@ mod tests { fn test_partial_products() { let v = vec![1, 2, 3, 4, 5, 6]; let p = partial_products(&v, 2); - assert_eq!(p, (vec![2, 12, 30, 24, 30, 720], 1)); - assert!(check_partial_products(&v, &p.0, 2) + assert_eq!(p, vec![2, 12, 30, 24, 30, 720]); + assert_eq!(p.len(), num_partial_products(v.len(), 2).0); + assert!(check_partial_products(&v, &p, 2) .iter() .all(|x| x.is_zero())); let v = vec![1, 2, 3, 4, 5, 6]; let p = partial_products(&v, 3); - assert_eq!(p, (vec![6, 120], 2)); - assert!(check_partial_products(&v, &p.0, 3) + assert_eq!(p, vec![6, 120]); + assert_eq!(p.len(), num_partial_products(v.len(), 3).0); + assert!(check_partial_products(&v, &p, 3) .iter() .all(|x| x.is_zero())); }