diff --git a/src/fri/recursive_verifier.rs b/src/fri/recursive_verifier.rs index b268e831..ce3f475e 100644 --- a/src/fri/recursive_verifier.rs +++ b/src/fri/recursive_verifier.rs @@ -59,7 +59,7 @@ impl, const D: usize> CircuitBuilder { /// Make sure we have enough wires and routed wires to do the FRI checks efficiently. This check /// isn't required -- without it we'd get errors elsewhere in the stack -- but just gives more /// helpful errors. - fn check_config(&self, max_fri_arity: usize) { + fn check_recursion_config(&self, max_fri_arity: usize) { let random_access = RandomAccessGate::::new_from_config( &self.config, max_fri_arity.max(1 << self.config.cap_height), @@ -118,7 +118,7 @@ impl, const D: usize> CircuitBuilder { let config = &common_data.config; if let Some(max_arity) = common_data.fri_params.max_arity() { - self.check_config(max_arity); + self.check_recursion_config(max_arity); } debug_assert_eq!( diff --git a/src/plonk/circuit_builder.rs b/src/plonk/circuit_builder.rs index ac8f01f1..a13a117d 100644 --- a/src/plonk/circuit_builder.rs +++ b/src/plonk/circuit_builder.rs @@ -9,9 +9,9 @@ use crate::field::cosets::get_unique_coset_shifts; use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::{Extendable, FieldExtension}; use crate::field::fft::fft_root_table; -use crate::field::field_types::RichField; +use crate::field::field_types::{Field, RichField}; use crate::fri::commitment::PolynomialBatchCommitment; -use crate::fri::FriParams; +use crate::fri::{FriConfig, FriParams}; use crate::gates::arithmetic::ArithmeticExtensionGate; use crate::gates::constant::ConstantGate; use crate::gates::gate::{Gate, GateInstance, GateRef, PrefixedGate}; @@ -86,7 +86,7 @@ pub struct CircuitBuilder, const D: usize> { impl, const D: usize> CircuitBuilder { pub fn new(config: CircuitConfig) -> Self { - CircuitBuilder { + let builder = CircuitBuilder { config, gates: HashSet::new(), gate_instances: Vec::new(), @@ -101,7 +101,32 @@ impl, const D: usize> CircuitBuilder { free_arithmetic: HashMap::new(), free_random_access: HashMap::new(), current_switch_gates: Vec::new(), - } + }; + builder.check_config(); + builder + } + + fn check_config(&self) { + let &CircuitConfig { + security_bits, + rate_bits, + fri_config: + FriConfig { + proof_of_work_bits, + num_query_rounds, + .. + }, + .. + } = &self.config; + + // Conjectured FRI security; see the ethSTARK paper. + let fri_field_bits = F::Extension::order().bits() as usize; + let fri_query_security_bits = num_query_rounds * rate_bits + proof_of_work_bits as usize; + let fri_security_bits = fri_field_bits.min(fri_query_security_bits); + assert!( + fri_security_bits >= security_bits, + "FRI params fall short of target security" + ); } pub fn num_gates(&self) -> usize { diff --git a/src/plonk/circuit_data.rs b/src/plonk/circuit_data.rs index f1257860..391e5c2f 100644 --- a/src/plonk/circuit_data.rs +++ b/src/plonk/circuit_data.rs @@ -38,20 +38,7 @@ pub struct CircuitConfig { impl Default for CircuitConfig { fn default() -> Self { - CircuitConfig { - num_wires: 4, - num_routed_wires: 4, - security_bits: 128, - rate_bits: 3, - num_challenges: 3, - zero_knowledge: true, - cap_height: 1, - fri_config: FriConfig { - proof_of_work_bits: 1, - reduction_strategy: FriReductionStrategy::ConstantArityBits(3, 5), - num_query_rounds: 1, - }, - } + CircuitConfig::standard_recursion_config() } } @@ -64,10 +51,10 @@ impl CircuitConfig { pub(crate) fn standard_recursion_config() -> Self { Self { num_wires: 143, - num_routed_wires: 64, - security_bits: 128, + num_routed_wires: 28, + security_bits: 100, rate_bits: 3, - num_challenges: 3, + num_challenges: 2, zero_knowledge: false, cap_height: 3, fri_config: FriConfig { @@ -83,7 +70,7 @@ impl CircuitConfig { Self { num_wires: 143, num_routed_wires: 64, - security_bits: 128, + security_bits: 4, rate_bits: 3, num_challenges: 3, zero_knowledge: false,