From 85c1e1d5e07bfc4c4cb34a85373f09392a18e5c1 Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Mon, 21 Feb 2022 18:00:03 +0100 Subject: [PATCH] Should work (does not) --- starky/src/fibonacci_stark.rs | 29 ++++++++++++++++++++++------- starky/src/prover.rs | 17 +++++++++-------- starky/src/verifier.rs | 16 +++++++++++++++- 3 files changed, 46 insertions(+), 16 deletions(-) diff --git a/starky/src/fibonacci_stark.rs b/starky/src/fibonacci_stark.rs index a0204359..2bbd333f 100644 --- a/starky/src/fibonacci_stark.rs +++ b/starky/src/fibonacci_stark.rs @@ -2,16 +2,21 @@ use std::marker::PhantomData; use plonky2::field::extension_field::{Extendable, FieldExtension}; use plonky2::field::packed_field::PackedField; +use plonky2::fri::structure::{FriInstanceInfo, FriInstanceInfoTarget}; use plonky2::hash::hash_types::RichField; +use plonky2::iop::ext_target::ExtensionTarget; use plonky2::plonk::circuit_builder::CircuitBuilder; +use crate::config::StarkConfig; use crate::constraint_consumer::{ConstraintConsumer, RecursiveConstraintConsumer}; +use crate::permutation::PermutationPair; use crate::stark::Stark; use crate::vars::{StarkEvaluationTargets, StarkEvaluationVars}; /// Toy STARK system used for testing. -/// Computes a Fibonacci sequence with state `[x0, x1]` using the state transition -/// `x0 <- x1, x1 <- x0 + x1`. +/// Computes a Fibonacci sequence with state `[x0, x1, i, j]` using the state transition +/// `x0' <- x1, x1' <- x0 + x1, i' <- i+1, j' <- j+1`. +/// Note: The `i, j` columns are used to test the permutation argument. #[derive(Copy, Clone)] struct FibonacciStark, const D: usize> { num_rows: usize, @@ -34,21 +39,25 @@ impl, const D: usize> FibonacciStark { } } - /// Generate the trace using `x0, x1` as inital state values. + /// Generate the trace using `x0, x1, 0, 1` as initial state values. fn generate_trace(&self, x0: F, x1: F) -> Vec<[F; Self::COLUMNS]> { - (0..self.num_rows) - .scan([x0, x1], |acc, _| { + let mut trace = (0..self.num_rows) + .scan([x0, x1, F::ZERO, F::ONE], |acc, _| { let tmp = *acc; acc[0] = tmp[1]; acc[1] = tmp[0] + tmp[1]; + acc[2] = tmp[2] + F::ONE; + acc[3] = tmp[3] + F::ONE; Some(tmp) }) - .collect() + .collect::>(); + trace[self.num_rows - 1][3] = F::ZERO; + trace } } impl, const D: usize> Stark for FibonacciStark { - const COLUMNS: usize = 2; + const COLUMNS: usize = 4; const PUBLIC_INPUTS: usize = 3; fn eval_packed_generic( @@ -105,6 +114,12 @@ impl, const D: usize> Stark for FibonacciStar fn constraint_degree(&self) -> usize { 2 } + + fn permutation_pairs(&self) -> Vec { + vec![PermutationPair { + column_pairs: vec![(2, 3)], + }] + } } #[cfg(test)] diff --git a/starky/src/prover.rs b/starky/src/prover.rs index 0206cb95..e0c14dde 100644 --- a/starky/src/prover.rs +++ b/starky/src/prover.rs @@ -211,10 +211,10 @@ where /// Computes the quotient polynomials `(sum alpha^i C_i(x)) / Z_H(x)` for `alpha` in `alphas`, /// where the `C_i`s are the Stark constraints. -fn compute_quotient_polys( +fn compute_quotient_polys<'a, F, C, S, const D: usize>( stark: &S, - trace_commitment: &PolynomialBatch, - permutation_zs_commitment_challenges: &Option<( + trace_commitment: &'a PolynomialBatch, + permutation_zs_commitment_challenges: &'a Option<( PolynomialBatch, Vec>, )>, @@ -251,9 +251,8 @@ where let z_h_on_coset = ZeroPolyOnCoset::::new(degree_bits, quotient_degree_bits); // Retrieve the LDE values at index `i`. - let get_at_index = |comm: &PolynomialBatch, i: usize| -> [F; S::COLUMNS] { - comm.get_lde_values(i * step).try_into().unwrap() - }; + let get_at_index = + |comm: &'a PolynomialBatch, i: usize| -> &'a [F] { comm.get_lde_values(i * step) }; // Last element of the subgroup. let last = F::primitive_root_of_unity(degree_bits).inverse(); let size = degree << quotient_degree_bits; @@ -274,8 +273,10 @@ where lagrange_last.values[i], ); let vars = StarkEvaluationVars:: { - local_values: &get_at_index(trace_commitment, i), - next_values: &get_at_index(trace_commitment, (i + next_step) % size), + local_values: &get_at_index(trace_commitment, i).try_into().unwrap(), + next_values: &get_at_index(trace_commitment, (i + next_step) % size) + .try_into() + .unwrap(), public_inputs: &public_inputs, }; let permutation_check_data = permutation_zs_commitment_challenges.as_ref().map( diff --git a/starky/src/verifier.rs b/starky/src/verifier.rs index 686ecd98..1603b208 100644 --- a/starky/src/verifier.rs +++ b/starky/src/verifier.rs @@ -11,8 +11,10 @@ use plonky2::plonk::plonk_common::reduce_with_powers; use crate::config::StarkConfig; use crate::constraint_consumer::ConstraintConsumer; +use crate::permutation::PermutationCheckData; use crate::proof::{StarkOpeningSet, StarkProofChallenges, StarkProofWithPublicInputs}; use crate::stark::Stark; +use crate::vanishing_poly::eval_vanishing_poly; use crate::vars::StarkEvaluationVars; pub fn verify_stark_proof< @@ -88,7 +90,19 @@ where l_1, l_last, ); - stark.eval_ext(vars, &mut consumer); + // stark.eval_ext(vars, &mut consumer); + let permutation_data = stark.uses_permutation_args().then(|| PermutationCheckData { + local_zs: permutation_zs.as_ref().unwrap().clone(), + next_zs: permutation_zs_right.as_ref().unwrap().clone(), + permutation_challenge_sets: challenges.permutation_challenge_sets, + }); + eval_vanishing_poly::( + &stark, + config, + vars, + permutation_data, + &mut consumer, + ); // TODO: Add in constraints for permutation arguments. let vanishing_polys_zeta = consumer.accumulators();