From 668957176a6e5d74e3aabe900f5323e0b1dbbe43 Mon Sep 17 00:00:00 2001
From: wborgeaud <williamborgeaud@gmail.com>
Date: Mon, 3 Oct 2022 11:44:52 +0200
Subject: [PATCH] PR feedback

---
 evm/src/all_stark.rs          | 10 +++++--
 evm/src/cross_table_lookup.rs |  1 +
 evm/src/generation/mod.rs     |  2 +-
 evm/src/proof.rs              |  4 ---
 evm/src/recursive_verifier.rs | 55 ++++++++++++++++++-----------------
 plonky2/src/fri/mod.rs        |  4 +++
 plonky2/src/iop/challenger.rs |  2 +-
 7 files changed, 44 insertions(+), 34 deletions(-)

diff --git a/evm/src/all_stark.rs b/evm/src/all_stark.rs
index b160a425..164c60fc 100644
--- a/evm/src/all_stark.rs
+++ b/evm/src/all_stark.rs
@@ -221,7 +221,7 @@ mod tests {
         keccak_memory_stark: &KeccakMemoryStark<F, D>,
         config: &StarkConfig,
     ) -> Vec<PolynomialValues<F>> {
-        keccak_memory_stark.generate_trace(vec![], 1 << config.fri_config.cap_height)
+        keccak_memory_stark.generate_trace(vec![], config.fri_config.num_cap_elements())
     }
 
     fn make_logic_trace<R: Rng>(
@@ -764,7 +764,13 @@ mod tests {
         let circuit_config = CircuitConfig::standard_recursion_config();
         let mut builder = CircuitBuilder::<F, D>::new(circuit_config);
         let mut pw = PartialWitness::new();
-        recursive_all_proof.verify_circuit(&mut builder, &mut pw, &verifier_data, inner_config);
+        recursive_all_proof.verify_circuit(
+            &mut builder,
+            &mut pw,
+            &verifier_data,
+            inner_all_stark.cross_table_lookups,
+            inner_config,
+        );
 
         let data = builder.build::<C>();
         let proof = data.prove(pw)?;
diff --git a/evm/src/cross_table_lookup.rs b/evm/src/cross_table_lookup.rs
index b5223e50..a1fd3ce7 100644
--- a/evm/src/cross_table_lookup.rs
+++ b/evm/src/cross_table_lookup.rs
@@ -509,6 +509,7 @@ impl<'a, F: Field, const D: usize> CtlCheckVarsTarget<'a, F, D> {
                 }
             }
         }
+        assert!(ctl_zs.next().is_none());
         ctl_vars
     }
 }
diff --git a/evm/src/generation/mod.rs b/evm/src/generation/mod.rs
index 5b0b3c8f..f9ec0b3c 100644
--- a/evm/src/generation/mod.rs
+++ b/evm/src/generation/mod.rs
@@ -95,7 +95,7 @@ pub(crate) fn generate_traces<F: RichField + Extendable<D>, const D: usize>(
     let keccak_trace = all_stark.keccak_stark.generate_trace(keccak_inputs);
     let keccak_memory_trace = all_stark
         .keccak_memory_stark
-        .generate_trace(keccak_memory_inputs, 1 << config.fri_config.cap_height);
+        .generate_trace(keccak_memory_inputs, config.fri_config.num_cap_elements());
     let logic_trace = all_stark.logic_stark.generate_trace(logic_ops);
     let memory_trace = all_stark.memory_stark.generate_trace(memory.log);
     let traces = [
diff --git a/evm/src/proof.rs b/evm/src/proof.rs
index 2b75017a..28560a6c 100644
--- a/evm/src/proof.rs
+++ b/evm/src/proof.rs
@@ -28,10 +28,6 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> A
     pub fn degree_bits(&self, config: &StarkConfig) -> [usize; NUM_TABLES] {
         std::array::from_fn(|i| self.stark_proofs[i].recover_degree_bits(config))
     }
-
-    pub fn nums_ctl_zs(&self) -> [usize; NUM_TABLES] {
-        std::array::from_fn(|i| self.stark_proofs[i].num_ctl_zs())
-    }
 }
 
 pub(crate) struct AllProofChallenges<F: RichField + Extendable<D>, const D: usize> {
diff --git a/evm/src/recursive_verifier.rs b/evm/src/recursive_verifier.rs
index 6a94feb9..ae3bd27f 100644
--- a/evm/src/recursive_verifier.rs
+++ b/evm/src/recursive_verifier.rs
@@ -52,7 +52,6 @@ pub struct RecursiveAllProof<
     const D: usize,
 > {
     pub recursive_proofs: [ProofWithPublicInputs<F, C, D>; NUM_TABLES],
-    pub cross_table_lookups: Vec<CrossTableLookup<F>>,
 }
 
 struct PublicInputs<T: Copy + Eq + PartialEq + Debug> {
@@ -63,30 +62,32 @@ struct PublicInputs<T: Copy + Eq + PartialEq + Debug> {
     challenger_state_after: [T; SPONGE_WIDTH],
 }
 
+/// Similar to the unstable `Iterator::next_chunk`. Could be replaced with that when it's stable.
+fn next_chunk<T: Debug, const N: usize>(iter: &mut impl Iterator<Item = T>) -> [T; N] {
+    (0..N)
+        .flat_map(|_| iter.next())
+        .collect_vec()
+        .try_into()
+        .expect("Not enough elements")
+}
+
 impl<T: Copy + Eq + PartialEq + Debug> PublicInputs<T> {
     fn from_vec(v: &[T], config: &StarkConfig) -> Self {
-        let mut start = 0;
-        let trace_cap = v[start..4 * (1 << config.fri_config.cap_height)]
-            .chunks(4)
-            .map(|chunk| chunk.to_vec())
+        let mut iter = v.iter().copied();
+        let trace_cap = (0..1 << config.fri_config.cap_height)
+            .map(|_| next_chunk::<_, 4>(&mut iter).to_vec())
             .collect();
-        start += 4 * (1 << config.fri_config.cap_height);
         let ctl_challenges = GrandProductChallengeSet {
             challenges: (0..config.num_challenges)
-                .map(|i| GrandProductChallenge {
-                    beta: v[start + 2 * i],
-                    gamma: v[start + 2 * i + 1],
+                .map(|_| GrandProductChallenge {
+                    beta: iter.next().unwrap(),
+                    gamma: iter.next().unwrap(),
                 })
                 .collect(),
         };
-        start += 2 * config.num_challenges;
-        let challenger_state_before = v[start..start + SPONGE_WIDTH].try_into().unwrap();
-        let challenger_state_after = v[start + SPONGE_WIDTH..start + 2 * SPONGE_WIDTH]
-            .try_into()
-            .unwrap();
-
-        start += 2 * SPONGE_WIDTH;
-        let ctl_zs_last = v[start..].to_vec();
+        let challenger_state_before = next_chunk(&mut iter);
+        let challenger_state_after = next_chunk(&mut iter);
+        let ctl_zs_last = iter.collect();
 
         Self {
             trace_cap,
@@ -105,6 +106,7 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>
     pub fn verify(
         self,
         verifier_data: &[VerifierCircuitData<F, C, D>; NUM_TABLES],
+        cross_table_lookups: Vec<CrossTableLookup<F>>,
         inner_config: &StarkConfig,
     ) -> Result<()>
     where
@@ -137,7 +139,7 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>
         // Verify the CTL checks.
         let degrees_bits = std::array::from_fn(|i| verifier_data[i].common.degree_bits);
         verify_cross_table_lookups::<F, C, D>(
-            self.cross_table_lookups,
+            cross_table_lookups,
             pis.map(|p| p.ctl_zs_last),
             degrees_bits,
             ctl_challenges,
@@ -157,6 +159,7 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>
         builder: &mut CircuitBuilder<F, D>,
         pw: &mut W,
         verifier_data: &[VerifierCircuitData<F, C, D>; NUM_TABLES],
+        cross_table_lookups: Vec<CrossTableLookup<F>>,
         inner_config: &StarkConfig,
     ) where
         W: Witness<F>,
@@ -226,7 +229,7 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>
         let degrees_bits = std::array::from_fn(|i| verifier_data[i].common.degree_bits);
         verify_cross_table_lookups_circuit::<F, C, D>(
             builder,
-            self.cross_table_lookups,
+            cross_table_lookups,
             pis.map(|p| p.ctl_zs_last),
             degrees_bits,
             ctl_challenges,
@@ -251,7 +254,7 @@ fn recursively_verify_stark_proof<
     proof: &StarkProof<F, C, D>,
     cross_table_lookups: &[CrossTableLookup<F>],
     ctl_challenges: &GrandProductChallengeSet<F>,
-    challenger_state_before: [F; SPONGE_WIDTH],
+    challenger_state_before_vals: [F; SPONGE_WIDTH],
     inner_config: &StarkConfig,
     circuit_config: &CircuitConfig,
 ) -> Result<(ProofWithPublicInputs<F, C, D>, VerifierCircuitData<F, C, D>)>
@@ -309,9 +312,10 @@ where
         num_permutation_zs,
     );
 
-    let challenger_state = std::array::from_fn(|_| builder.add_virtual_public_input());
-    pw.set_target_arr(challenger_state, challenger_state_before);
-    let mut challenger = RecursiveChallenger::<F, C::Hasher, D>::from_state(challenger_state);
+    let challenger_state_before = std::array::from_fn(|_| builder.add_virtual_public_input());
+    pw.set_target_arr(challenger_state_before, challenger_state_before_vals);
+    let mut challenger =
+        RecursiveChallenger::<F, C::Hasher, D>::from_state(challenger_state_before);
     let challenges = proof_target.get_challenges::<F, C>(
         &mut builder,
         &mut challenger,
@@ -319,8 +323,8 @@ where
         num_permutation_batch_size,
         inner_config,
     );
-    let challenger_state = challenger.compact(&mut builder);
-    builder.register_public_inputs(&challenger_state);
+    let challenger_state_after = challenger.compact(&mut builder);
+    builder.register_public_inputs(&challenger_state_after);
 
     builder.register_public_inputs(&proof_target.openings.ctl_zs_last);
 
@@ -563,7 +567,6 @@ where
             )?
             .0,
         ],
-        cross_table_lookups: all_stark.cross_table_lookups.clone(),
     })
 }
 
diff --git a/plonky2/src/fri/mod.rs b/plonky2/src/fri/mod.rs
index 4ed2ea3b..def33a73 100644
--- a/plonky2/src/fri/mod.rs
+++ b/plonky2/src/fri/mod.rs
@@ -45,6 +45,10 @@ impl FriConfig {
             reduction_arity_bits,
         }
     }
+
+    pub fn num_cap_elements(&self) -> usize {
+        1 << self.cap_height
+    }
 }
 
 /// FRI parameters, including generated parameters which are specific to an instance size, in
diff --git a/plonky2/src/iop/challenger.rs b/plonky2/src/iop/challenger.rs
index 84bbad1c..c601ae0f 100644
--- a/plonky2/src/iop/challenger.rs
+++ b/plonky2/src/iop/challenger.rs
@@ -129,7 +129,7 @@ impl<F: RichField, H: Hasher<F>> Challenger<F, H> {
 
     /// Absorb any buffered inputs. After calling this, the input buffer will be empty, and the
     /// output buffer will be full.
-    pub fn duplexing(&mut self) {
+    fn duplexing(&mut self) {
         assert!(self.input_buffer.len() <= SPONGE_RATE);
 
         // Overwrite the first r elements with the inputs. This differs from a standard sponge,