mirror of
https://github.com/logos-storage/plonky2.git
synced 2026-01-08 16:53:07 +00:00
Add fri_challenges() to Challenger.
This commit is contained in:
wborgeaud
parent
984f44b281
commit
8ab4f855b2
@ -389,7 +389,6 @@ pub trait Field:
|
||||
/// Representative `g` of the coset used in FRI, so that LDEs in FRI are done over `gH`.
|
||||
fn coset_shift() -> Self {
|
||||
Self::MULTIPLICATIVE_GROUP_GENERATOR
|
||||
// Self::ONE
|
||||
}
|
||||
|
||||
/// Equivalent to *self + x * y, but may be cheaper.
|
||||
|
||||
@ -16,7 +16,7 @@ use crate::iop::ext_target::ExtensionTarget;
|
||||
use crate::iop::target::Target;
|
||||
use crate::plonk::config::{GenericConfig, Hasher};
|
||||
use crate::plonk::plonk_common::salt_size;
|
||||
use crate::plonk::proof::{FriChallenges, FriInferredElements, ProofChallenges};
|
||||
use crate::plonk::proof::{FriInferredElements, ProofChallenges};
|
||||
|
||||
/// Evaluations and Merkle proof produced by the prover in a FRI query step.
|
||||
#[derive(Serialize, Deserialize, Clone, Debug, Eq, PartialEq)]
|
||||
@ -362,3 +362,16 @@ impl<F: RichField + Extendable<D>, H: Hasher<F>, const D: usize> CompressedFriPr
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub struct FriChallenges<F: RichField + Extendable<D>, const D: usize> {
|
||||
// Scaling factor to combine polynomials.
|
||||
pub fri_alpha: F::Extension,
|
||||
|
||||
// Betas used in the FRI commit phase reductions.
|
||||
pub fri_betas: Vec<F::Extension>,
|
||||
|
||||
pub fri_pow_response: F,
|
||||
|
||||
// Indices at which the oracle is queried in FRI.
|
||||
pub fri_query_indices: Vec<usize>,
|
||||
}
|
||||
|
||||
@ -4,14 +4,13 @@ use plonky2_field::field_types::Field;
|
||||
use plonky2_field::interpolation::{barycentric_weights, interpolate};
|
||||
use plonky2_util::{log2_strict, reverse_index_bits_in_place};
|
||||
|
||||
use crate::fri::proof::{FriInitialTreeProof, FriProof, FriQueryRound};
|
||||
use crate::fri::proof::{FriChallenges, FriInitialTreeProof, FriProof, FriQueryRound};
|
||||
use crate::fri::structure::{FriBatchInfo, FriInstanceInfo, FriOpenings};
|
||||
use crate::fri::{FriConfig, FriParams};
|
||||
use crate::hash::hash_types::RichField;
|
||||
use crate::hash::merkle_proofs::verify_merkle_proof;
|
||||
use crate::hash::merkle_tree::MerkleCap;
|
||||
use crate::plonk::config::{GenericConfig, Hasher};
|
||||
use crate::plonk::proof::{FriChallenges, OpeningSet, ProofChallenges};
|
||||
use crate::util::reducing::ReducingFactor;
|
||||
use crate::util::reverse_bits;
|
||||
|
||||
|
||||
@ -2,7 +2,10 @@ use std::convert::TryInto;
|
||||
use std::marker::PhantomData;
|
||||
|
||||
use plonky2_field::extension_field::{Extendable, FieldExtension};
|
||||
use plonky2_field::polynomial::PolynomialCoeffs;
|
||||
|
||||
use crate::fri::proof::FriChallenges;
|
||||
use crate::fri::FriConfig;
|
||||
use crate::hash::hash_types::RichField;
|
||||
use crate::hash::hash_types::{HashOut, HashOutTarget, MerkleCapTarget};
|
||||
use crate::hash::hashing::{PlonkyPermutation, SPONGE_RATE, SPONGE_WIDTH};
|
||||
@ -10,7 +13,7 @@ use crate::hash::merkle_tree::MerkleCap;
|
||||
use crate::iop::ext_target::ExtensionTarget;
|
||||
use crate::iop::target::Target;
|
||||
use crate::plonk::circuit_builder::CircuitBuilder;
|
||||
use crate::plonk::config::{AlgebraicHasher, GenericHashOut, Hasher};
|
||||
use crate::plonk::config::{AlgebraicHasher, GenericConfig, GenericHashOut, Hasher};
|
||||
use crate::plonk::proof::{OpeningSet, OpeningSetTarget};
|
||||
|
||||
/// Observes prover messages, and generates challenges by hashing the transcript, a la Fiat-Shamir.
|
||||
@ -152,6 +155,57 @@ impl<F: RichField, H: Hasher<F>> Challenger<F, H> {
|
||||
.collect()
|
||||
}
|
||||
|
||||
pub fn fri_challenges<C: GenericConfig<D, F = F>, const D: usize>(
|
||||
&mut self,
|
||||
commit_phase_merkle_caps: &[MerkleCap<F, C::Hasher>],
|
||||
final_poly: &PolynomialCoeffs<F::Extension>,
|
||||
pow_witness: F,
|
||||
degree_bits: usize,
|
||||
config: &FriConfig,
|
||||
) -> FriChallenges<F, D>
|
||||
where
|
||||
F: RichField + Extendable<D>,
|
||||
{
|
||||
let num_fri_queries = config.num_query_rounds;
|
||||
let lde_size = 1 << (degree_bits + config.rate_bits);
|
||||
// Scaling factor to combine polynomials.
|
||||
let fri_alpha = self.get_extension_challenge::<D>();
|
||||
|
||||
// Recover the random betas used in the FRI reductions.
|
||||
let fri_betas = commit_phase_merkle_caps
|
||||
.iter()
|
||||
.map(|cap| {
|
||||
self.observe_cap(cap);
|
||||
self.get_extension_challenge::<D>()
|
||||
})
|
||||
.collect();
|
||||
|
||||
self.observe_extension_elements(&final_poly.coeffs);
|
||||
|
||||
let fri_pow_response = C::InnerHasher::hash(
|
||||
&self
|
||||
.get_hash()
|
||||
.elements
|
||||
.iter()
|
||||
.copied()
|
||||
.chain(Some(pow_witness))
|
||||
.collect::<Vec<_>>(),
|
||||
false,
|
||||
)
|
||||
.elements[0];
|
||||
|
||||
let fri_query_indices = (0..num_fri_queries)
|
||||
.map(|_| self.get_challenge().to_canonical_u64() as usize % lde_size)
|
||||
.collect();
|
||||
|
||||
FriChallenges {
|
||||
fri_alpha,
|
||||
fri_betas,
|
||||
fri_pow_response,
|
||||
fri_query_indices,
|
||||
}
|
||||
}
|
||||
|
||||
/// Absorb any buffered inputs. After calling this, the input buffer will be empty.
|
||||
fn absorb_buffered_inputs(&mut self) {
|
||||
if self.input_buffer.is_empty() {
|
||||
|
||||
@ -1,10 +1,9 @@
|
||||
use std::collections::HashSet;
|
||||
|
||||
use itertools::Itertools;
|
||||
use plonky2_field::extension_field::Extendable;
|
||||
use plonky2_field::polynomial::PolynomialCoeffs;
|
||||
|
||||
use crate::fri::proof::{CompressedFriProof, FriProof};
|
||||
use crate::fri::proof::{CompressedFriProof, FriChallenges, FriProof};
|
||||
use crate::fri::verifier::{compute_evaluation, fri_combine_initial, PrecomputedReducedOpenings};
|
||||
use crate::hash::hash_types::RichField;
|
||||
use crate::hash::merkle_tree::MerkleCap;
|
||||
@ -12,8 +11,8 @@ use crate::iop::challenger::Challenger;
|
||||
use crate::plonk::circuit_data::CommonCircuitData;
|
||||
use crate::plonk::config::{GenericConfig, Hasher};
|
||||
use crate::plonk::proof::{
|
||||
CompressedProof, CompressedProofWithPublicInputs, FriChallenges, FriInferredElements,
|
||||
OpeningSet, Proof, ProofChallenges, ProofWithPublicInputs,
|
||||
CompressedProof, CompressedProofWithPublicInputs, FriInferredElements, OpeningSet, Proof,
|
||||
ProofChallenges, ProofWithPublicInputs,
|
||||
};
|
||||
use crate::util::reverse_bits;
|
||||
|
||||
@ -30,8 +29,6 @@ fn get_challenges<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, cons
|
||||
) -> anyhow::Result<ProofChallenges<F, D>> {
|
||||
let config = &common_data.config;
|
||||
let num_challenges = config.num_challenges;
|
||||
let num_fri_queries = config.fri_config.num_query_rounds;
|
||||
let lde_size = common_data.lde_size();
|
||||
|
||||
let mut challenger = Challenger::<F, C::Hasher>::new();
|
||||
|
||||
@ -51,47 +48,18 @@ fn get_challenges<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, cons
|
||||
|
||||
challenger.observe_opening_set(openings);
|
||||
|
||||
// Scaling factor to combine polynomials.
|
||||
let fri_alpha = challenger.get_extension_challenge::<D>();
|
||||
|
||||
// Recover the random betas used in the FRI reductions.
|
||||
let fri_betas = commit_phase_merkle_caps
|
||||
.iter()
|
||||
.map(|cap| {
|
||||
challenger.observe_cap(cap);
|
||||
challenger.get_extension_challenge::<D>()
|
||||
})
|
||||
.collect();
|
||||
|
||||
challenger.observe_extension_elements(&final_poly.coeffs);
|
||||
|
||||
let fri_pow_response = C::InnerHasher::hash(
|
||||
&challenger
|
||||
.get_hash()
|
||||
.elements
|
||||
.iter()
|
||||
.copied()
|
||||
.chain(Some(pow_witness))
|
||||
.collect_vec(),
|
||||
false,
|
||||
)
|
||||
.elements[0];
|
||||
|
||||
let fri_query_indices = (0..num_fri_queries)
|
||||
.map(|_| challenger.get_challenge().to_canonical_u64() as usize % lde_size)
|
||||
.collect();
|
||||
|
||||
Ok(ProofChallenges {
|
||||
plonk_betas,
|
||||
plonk_gammas,
|
||||
plonk_alphas,
|
||||
plonk_zeta,
|
||||
fri_challenges: FriChallenges {
|
||||
fri_alpha,
|
||||
fri_betas,
|
||||
fri_pow_response,
|
||||
fri_query_indices,
|
||||
},
|
||||
fri_challenges: challenger.fri_challenges::<C, D>(
|
||||
commit_phase_merkle_caps,
|
||||
final_poly,
|
||||
pow_witness,
|
||||
common_data.degree_bits,
|
||||
&config.fri_config,
|
||||
),
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
use plonky2_field::extension_field::Extendable;
|
||||
use plonky2_field::field_types::Field;
|
||||
use plonky2_field::packed_field::PackedField;
|
||||
use plonky2_util::log2_strict;
|
||||
|
||||
use crate::fri::oracle::SALT_SIZE;
|
||||
use crate::fri::structure::FriOracleInfo;
|
||||
|
||||
@ -3,7 +3,7 @@ use rayon::prelude::*;
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
use crate::fri::oracle::PolynomialBatch;
|
||||
use crate::fri::proof::{CompressedFriProof, FriProof, FriProofTarget};
|
||||
use crate::fri::proof::{CompressedFriProof, FriChallenges, FriProof, FriProofTarget};
|
||||
use crate::fri::structure::{
|
||||
FriOpeningBatch, FriOpeningBatchTarget, FriOpenings, FriOpeningsTarget,
|
||||
};
|
||||
@ -242,19 +242,6 @@ pub(crate) struct ProofChallenges<F: RichField + Extendable<D>, const D: usize>
|
||||
pub fri_challenges: FriChallenges<F, D>,
|
||||
}
|
||||
|
||||
pub struct FriChallenges<F: RichField + Extendable<D>, const D: usize> {
|
||||
// Scaling factor to combine polynomials.
|
||||
pub fri_alpha: F::Extension,
|
||||
|
||||
// Betas used in the FRI commit phase reductions.
|
||||
pub fri_betas: Vec<F::Extension>,
|
||||
|
||||
pub fri_pow_response: F,
|
||||
|
||||
// Indices at which the oracle is queried in FRI.
|
||||
pub fri_query_indices: Vec<usize>,
|
||||
}
|
||||
|
||||
/// Coset elements that can be inferred in the FRI reduction steps.
|
||||
pub(crate) struct FriInferredElements<F: RichField + Extendable<D>, const D: usize>(
|
||||
pub Vec<F::Extension>,
|
||||
|
||||
@ -5,8 +5,7 @@ use plonky2::fri::proof::FriProof;
|
||||
use plonky2::hash::hash_types::RichField;
|
||||
use plonky2::hash::merkle_tree::MerkleCap;
|
||||
use plonky2::iop::challenger::Challenger;
|
||||
use plonky2::plonk::config::{GenericConfig, Hasher};
|
||||
use plonky2::plonk::proof::FriChallenges;
|
||||
use plonky2::plonk::config::GenericConfig;
|
||||
|
||||
use crate::config::StarkConfig;
|
||||
use crate::proof::{StarkOpeningSet, StarkProof, StarkProofChallenges, StarkProofWithPublicInputs};
|
||||
@ -35,45 +34,16 @@ fn get_challenges<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, cons
|
||||
|
||||
openings.observe(&mut challenger);
|
||||
|
||||
// Scaling factor to combine polynomials.
|
||||
let fri_alpha = challenger.get_extension_challenge::<D>();
|
||||
|
||||
// Recover the random betas used in the FRI reductions.
|
||||
let fri_betas = commit_phase_merkle_caps
|
||||
.iter()
|
||||
.map(|cap| {
|
||||
challenger.observe_cap(cap);
|
||||
challenger.get_extension_challenge::<D>()
|
||||
})
|
||||
.collect();
|
||||
|
||||
challenger.observe_extension_elements(&final_poly.coeffs);
|
||||
|
||||
let fri_pow_response = C::InnerHasher::hash(
|
||||
&challenger
|
||||
.get_hash()
|
||||
.elements
|
||||
.iter()
|
||||
.copied()
|
||||
.chain(Some(pow_witness))
|
||||
.collect::<Vec<_>>(),
|
||||
false,
|
||||
)
|
||||
.elements[0];
|
||||
|
||||
let fri_query_indices = (0..num_fri_queries)
|
||||
.map(|_| challenger.get_challenge().to_canonical_u64() as usize % lde_size)
|
||||
.collect();
|
||||
|
||||
Ok(StarkProofChallenges {
|
||||
stark_alphas,
|
||||
stark_zeta,
|
||||
fri_challenges: FriChallenges {
|
||||
fri_alpha,
|
||||
fri_betas,
|
||||
fri_pow_response,
|
||||
fri_query_indices,
|
||||
},
|
||||
fri_challenges: challenger.fri_challenges::<C, D>(
|
||||
commit_phase_merkle_caps,
|
||||
final_poly,
|
||||
pow_witness,
|
||||
degree_bits,
|
||||
&config.fri_config,
|
||||
),
|
||||
})
|
||||
}
|
||||
|
||||
|
||||
@ -1,13 +1,11 @@
|
||||
use plonky2::field::extension_field::Extendable;
|
||||
use plonky2::field::field_types::Field;
|
||||
use plonky2::fri::oracle::PolynomialBatch;
|
||||
use plonky2::fri::proof::{CompressedFriProof, FriProof};
|
||||
use plonky2::fri::proof::{CompressedFriProof, FriChallenges, FriProof};
|
||||
use plonky2::fri::structure::{FriOpeningBatch, FriOpenings};
|
||||
use plonky2::hash::hash_types::RichField;
|
||||
use plonky2::hash::merkle_tree::MerkleCap;
|
||||
use plonky2::iop::challenger::Challenger;
|
||||
use plonky2::plonk::config::{GenericConfig, Hasher};
|
||||
use plonky2::plonk::proof::FriChallenges;
|
||||
use rayon::prelude::*;
|
||||
|
||||
pub struct StarkProof<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> {
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
use anyhow::{ensure, Result};
|
||||
use itertools::Itertools;
|
||||
use plonky2::field::extension_field::Extendable;
|
||||
use plonky2::field::extension_field::FieldExtension;
|
||||
use plonky2::field::field_types::Field;
|
||||
use plonky2::field::polynomial::{PolynomialCoeffs, PolynomialValues};
|
||||
use plonky2::field::zero_poly_coset::ZeroPolyOnCoset;
|
||||
|
||||
@ -3,10 +3,8 @@ use plonky2::field::extension_field::{Extendable, FieldExtension};
|
||||
use plonky2::field::field_types::Field;
|
||||
use plonky2::fri::verifier::verify_fri_proof;
|
||||
use plonky2::hash::hash_types::RichField;
|
||||
use plonky2::plonk::circuit_data::CommonCircuitData;
|
||||
use plonky2::plonk::config::GenericConfig;
|
||||
use plonky2::plonk::plonk_common::reduce_with_powers;
|
||||
use plonky2::plonk::proof::ProofWithPublicInputs;
|
||||
use plonky2_util::log2_strict;
|
||||
|
||||
use crate::config::StarkConfig;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user