Randomize unused wires of PublicInputGate

2026-01-03 06:13:07 +00:00 · 2022-11-14 14:53:06 -08:00 · 2022-11-14 14:53:06 -08:00 · 7eb0c74166
commit 7eb0c74166
parent 56e291cf4e
1 changed files with 13 additions and 0 deletions
--- a/plonky2/src/plonk/circuit_builder.rs
+++ b/plonky2/src/plonk/circuit_builder.rs
@ -685,6 +685,18 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        }
    }

+    /// In PLONK's permutation argument, there's a slight chance of division by zero. We can
+    /// mitigate this by randomizing some unused witness elements, so if proving fails with
+    /// division by zero, the next attempt will have an (almost) independent chance of success.
+    /// See https://github.com/mir-protocol/plonky2/issues/456
+    fn randomize_unused_pi_wires(&mut self, pi_gate: usize) {
+        for wire in PublicInputGate::wires_public_inputs_hash().end..self.config.num_wires {
+            self.add_simple_generator(RandomValueGenerator {
+                target: Target::wire(pi_gate, wire),
+            });
+        }
+    }
+
    /// Builds a "full circuit", with both prover and verifier data.
    pub fn build<C: GenericConfig<D, F = F>>(mut self) -> CircuitData<F, C, D>
    where
@ -708,6 +720,7 @@ impl<F: RichField + Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        {
            self.connect(hash_part, Target::wire(pi_gate, wire))
        }
+        self.randomize_unused_pi_wires(pi_gate);

        // Make sure we have enough constant generators. If not, add a `ConstantGate`.
        while self.constants_to_targets.len() > self.constant_generators.len() {