logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-07 16:23:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Attempt at simplification

Browse Source
This commit is contained in:
Daniel Lubarov 2021-06-01 19:13:22 -07:00
parent 9eb35c3c82
commit 7334341cfa
6 changed files with 80 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Cargo.toml
View File

@ -14,6 +14,7 @@ default-run = "bench_recursion"
[dependencies] [dependencies]
env_logger = "0.8.3" env_logger = "0.8.3"
log = "0.4.14" log = "0.4.14"
itertools = "0.10.0"
num = "0.3" num = "0.3"
rand = "0.7.3" rand = "0.7.3"
rand_chacha = "0.2.2" rand_chacha = "0.2.2"

1
src/field/field.rs
View File

@ -268,6 +268,7 @@ pub trait Field:
} }
/// An iterator over the powers of a certain base element `b`: `b^0, b^1, b^2, ...`. /// An iterator over the powers of a certain base element `b`: `b^0, b^1, b^2, ...`.
#[derive(Clone)]
pub struct Powers<F: Field> { pub struct Powers<F: Field> {
base: F, base: F,
current: F, current: F,

12
src/fri/mod.rs
View File

@ -1,3 +1,5 @@
use crate::polynomial::commitment::SALT_SIZE;
pub mod prover; pub mod prover;
pub mod verifier; pub mod verifier;
@ -25,6 +27,16 @@ pub struct FriConfig {
pub blinding: Vec<bool>, pub blinding: Vec<bool>,
} }
impl FriConfig {
pub(crate) fn salt_size(&self, i: usize) -> usize {
if self.blinding[i] {
SALT_SIZE
} else {
0
}
}
}
fn fri_delta(rate_log: usize, conjecture: bool) -> f64 { fn fri_delta(rate_log: usize, conjecture: bool) -> f64 {
let rate = (1 << rate_log) as f64; let rate = (1 << rate_log) as f64;
if conjecture { if conjecture {

100
src/fri/verifier.rs
View File

@ -1,3 +1,6 @@
use anyhow::{ensure, Result};
use itertools::izip;
use crate::field::extension_field::{flatten, Extendable, FieldExtension, OEF}; use crate::field::extension_field::{flatten, Extendable, FieldExtension, OEF};
use crate::field::field::Field; use crate::field::field::Field;
use crate::field::lagrange::{barycentric_weights, interpolant, interpolate}; use crate::field::lagrange::{barycentric_weights, interpolant, interpolate};
@ -5,11 +8,9 @@ use crate::fri::FriConfig;
use crate::hash::hash_n_to_1; use crate::hash::hash_n_to_1;
use crate::merkle_proofs::verify_merkle_proof; use crate::merkle_proofs::verify_merkle_proof;
use crate::plonk_challenger::Challenger; use crate::plonk_challenger::Challenger;
use crate::plonk_common::reduce_with_powers; use crate::plonk_common::reduce_with_iter;
use crate::polynomial::commitment::SALT_SIZE;
use crate::proof::{FriInitialTreeProof, FriProof, FriQueryRound, Hash, OpeningSet}; use crate::proof::{FriInitialTreeProof, FriProof, FriQueryRound, Hash, OpeningSet};
use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place}; use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place};
use anyhow::{ensure, Result};
/// Computes P'(x^arity) from {P(x*g^i)}_(i=0..arity), where g is a `arity`-th root of unity /// Computes P'(x^arity) from {P(x*g^i)}_(i=0..arity), where g is a `arity`-th root of unity
/// and P' is the FRI reduced polynomial. /// and P' is the FRI reduced polynomial.
@ -150,72 +151,65 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
) -> F::Extension { ) -> F::Extension {
assert!(D > 1, "Not implemented for D=1."); assert!(D > 1, "Not implemented for D=1.");
let degree_log = proof.evals_proofs[0].1.siblings.len() - config.rate_bits; let degree_log = proof.evals_proofs[0].1.siblings.len() - config.rate_bits;
let subgroup_x = F::Extension::from_basefield(subgroup_x);
let mut alpha_powers = alpha.powers();
let mut sum = F::Extension::ZERO;
let mut cur_alpha = F::Extension::ONE; // We will add three terms to `sum`:
// - one for polynomials opened at `x` only
// - one for polynomials opened at `x` and `g x`
// - one for polynomials opened at `x` and its conjugate
let mut poly_count = 0; let evals = [0, 1, 4]
let mut e = F::Extension::ZERO;
let ev = vec![0, 1, 4]
.iter() .iter()
.flat_map(|&i| { .flat_map(|&i| proof.unsalted_evals(i, config))
let v = &proof.evals_proofs[i].0; .map(|&e| F::Extension::from_basefield(e));
&v[..v.len() - if config.blinding[i] { SALT_SIZE } else { 0 }] let openings = os
}) .constants
.rev()
.fold(F::Extension::ZERO, |acc, &e| {
poly_count += 1;
alpha * acc + e.into()
});
let composition_eval = [&os.constants, &os.plonk_sigmas, &os.quotient_polys]
.iter() .iter()
.flat_map(|v| v.iter()) .chain(&os.plonk_sigmas)
.rev() .chain(&os.quotient_polys);
.fold(F::Extension::ZERO, |acc, &e| acc * alpha + e); let numerator = izip!(evals, openings, &mut alpha_powers)
let numerator = ev - composition_eval; .map(|(e, &o, a)| a * (e - o))
let denominator = F::Extension::from_basefield(subgroup_x) - zeta; .sum::<F::Extension>();
e += cur_alpha * numerator / denominator; let denominator = subgroup_x - zeta;
cur_alpha = alpha.exp(poly_count); sum += numerator / denominator;
let ev = proof.evals_proofs[3].0 let ev: F::Extension = proof
[..proof.evals_proofs[3].0.len() - if config.blinding[3] { SALT_SIZE } else { 0 }] .unsalted_evals(3, config)
.iter() .iter()
.rev() .zip(alpha_powers.clone())
.fold(F::Extension::ZERO, |acc, &e| { .map(|(&e, a)| a * e.into())
poly_count += 1; .sum();
alpha * acc + e.into()
});
let zeta_right = F::Extension::primitive_root_of_unity(degree_log) * zeta; let zeta_right = F::Extension::primitive_root_of_unity(degree_log) * zeta;
let zs_interpol = interpolant(&[ let zs_interpol = interpolant(&[
(zeta, reduce_with_powers(&os.plonk_zs, alpha)), (zeta, reduce_with_iter(&os.plonk_zs, alpha_powers.clone())),
(zeta_right, reduce_with_powers(&os.plonk_zs_right, alpha)), (
zeta_right,
reduce_with_iter(&os.plonk_zs_right, &mut alpha_powers),
),
]); ]);
let numerator = ev - zs_interpol.eval(subgroup_x.into()); let numerator = ev - zs_interpol.eval(subgroup_x);
let denominator = (F::Extension::from_basefield(subgroup_x) - zeta) let denominator = (subgroup_x - zeta) * (subgroup_x - zeta_right);
* (F::Extension::from_basefield(subgroup_x) - zeta_right); sum += numerator / denominator;
e += cur_alpha * numerator / denominator;
cur_alpha = alpha.exp(poly_count);
let ev = proof.evals_proofs[2].0 let ev: F::Extension = proof
[..proof.evals_proofs[2].0.len() - if config.blinding[2] { SALT_SIZE } else { 0 }] .unsalted_evals(2, config)
.iter() .iter()
.rev() .zip(alpha_powers.clone())
.fold(F::Extension::ZERO, |acc, &e| { .map(|(&e, a)| a * e.into())
poly_count += 1; .sum();
alpha * acc + e.into()
});
let zeta_frob = zeta.frobenius(); let zeta_frob = zeta.frobenius();
let wire_evals_frob = os.wires.iter().map(|e| e.frobenius()).collect::<Vec<_>>(); let wire_evals_frob = os.wires.iter().map(|e| e.frobenius()).collect::<Vec<_>>();
let wires_interpol = interpolant(&[ let wires_interpol = interpolant(&[
(zeta, reduce_with_powers(&os.wires, alpha)), (zeta, reduce_with_iter(&os.wires, alpha_powers.clone())),
(zeta_frob, reduce_with_powers(&wire_evals_frob, alpha)), (zeta_frob, reduce_with_iter(&wire_evals_frob, alpha_powers)),
]); ]);
let numerator = ev - wires_interpol.eval(subgroup_x.into()); let numerator = ev - wires_interpol.eval(subgroup_x);
let denominator = (F::Extension::from_basefield(subgroup_x) - zeta) let denominator = (subgroup_x - zeta) * (subgroup_x - zeta_frob);
* (F::Extension::from_basefield(subgroup_x) - zeta_frob); sum += numerator / denominator;
e += cur_alpha * numerator / denominator;
e sum
} }
fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>( fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>(

11
src/plonk_common.rs
View File

@ -108,3 +108,14 @@ pub(crate) fn reduce_with_powers_recursive<F: Extendable<D>, const D: usize>(
) -> Target { ) -> Target {
todo!() todo!()
} }
pub(crate) fn reduce_with_iter<F: Field, I>(terms: &[F], coeffs: I) -> F
where
I: IntoIterator<Item = F>,
{
let mut sum = F::ZERO;
for (&term, coeff) in terms.iter().zip(coeffs) {
sum += coeff * term;
}
sum
}

8
src/proof.rs
View File

@ -1,5 +1,6 @@
use crate::field::extension_field::Extendable; use crate::field::extension_field::Extendable;
use crate::field::field::Field; use crate::field::field::Field;
use crate::fri::FriConfig;
use crate::merkle_proofs::{MerkleProof, MerkleProofTarget}; use crate::merkle_proofs::{MerkleProof, MerkleProofTarget};
use crate::polynomial::commitment::{ListPolynomialCommitment, OpeningProof}; use crate::polynomial::commitment::{ListPolynomialCommitment, OpeningProof};
use crate::polynomial::polynomial::PolynomialCoeffs; use crate::polynomial::polynomial::PolynomialCoeffs;
@ -99,6 +100,13 @@ pub struct FriInitialTreeProof<F: Field> {
pub evals_proofs: Vec<(Vec<F>, MerkleProof<F>)>, pub evals_proofs: Vec<(Vec<F>, MerkleProof<F>)>,
} }
impl<F: Field> FriInitialTreeProof<F> {
pub(crate) fn unsalted_evals(&self, i: usize, config: &FriConfig) -> &[F] {
let evals = &self.evals_proofs[i].0;
&evals[..evals.len() - config.salt_size(i)]
}
}
/// Proof for a FRI query round. /// Proof for a FRI query round.
// TODO: Implement FriQueryRoundTarget // TODO: Implement FriQueryRoundTarget
pub struct FriQueryRound<F: Field + Extendable<D>, const D: usize> { pub struct FriQueryRound<F: Field + Extendable<D>, const D: usize> {