diff --git a/field/src/field_types.rs b/field/src/field_types.rs index 845d8e83..0d7b314f 100644 --- a/field/src/field_types.rs +++ b/field/src/field_types.rs @@ -389,7 +389,6 @@ pub trait Field: /// Representative `g` of the coset used in FRI, so that LDEs in FRI are done over `gH`. fn coset_shift() -> Self { Self::MULTIPLICATIVE_GROUP_GENERATOR - // Self::ONE } /// Equivalent to *self + x * y, but may be cheaper. diff --git a/plonky2/src/fri/proof.rs b/plonky2/src/fri/proof.rs index bca7b8db..1f9e6b16 100644 --- a/plonky2/src/fri/proof.rs +++ b/plonky2/src/fri/proof.rs @@ -16,7 +16,7 @@ use crate::iop::ext_target::ExtensionTarget; use crate::iop::target::Target; use crate::plonk::config::{GenericConfig, Hasher}; use crate::plonk::plonk_common::salt_size; -use crate::plonk::proof::{FriChallenges, FriInferredElements, ProofChallenges}; +use crate::plonk::proof::{FriInferredElements, ProofChallenges}; /// Evaluations and Merkle proof produced by the prover in a FRI query step. #[derive(Serialize, Deserialize, Clone, Debug, Eq, PartialEq)] @@ -362,3 +362,16 @@ impl, H: Hasher, const D: usize> CompressedFriPr } } } + +pub struct FriChallenges, const D: usize> { + // Scaling factor to combine polynomials. + pub fri_alpha: F::Extension, + + // Betas used in the FRI commit phase reductions. + pub fri_betas: Vec, + + pub fri_pow_response: F, + + // Indices at which the oracle is queried in FRI. + pub fri_query_indices: Vec, +} diff --git a/plonky2/src/fri/verifier.rs b/plonky2/src/fri/verifier.rs index 3e70c025..47f10b8a 100644 --- a/plonky2/src/fri/verifier.rs +++ b/plonky2/src/fri/verifier.rs @@ -4,14 +4,13 @@ use plonky2_field::field_types::Field; use plonky2_field::interpolation::{barycentric_weights, interpolate}; use plonky2_util::{log2_strict, reverse_index_bits_in_place}; -use crate::fri::proof::{FriInitialTreeProof, FriProof, FriQueryRound}; +use crate::fri::proof::{FriChallenges, FriInitialTreeProof, FriProof, FriQueryRound}; use crate::fri::structure::{FriBatchInfo, FriInstanceInfo, FriOpenings}; use crate::fri::{FriConfig, FriParams}; use crate::hash::hash_types::RichField; use crate::hash::merkle_proofs::verify_merkle_proof; use crate::hash::merkle_tree::MerkleCap; use crate::plonk::config::{GenericConfig, Hasher}; -use crate::plonk::proof::{FriChallenges, OpeningSet, ProofChallenges}; use crate::util::reducing::ReducingFactor; use crate::util::reverse_bits; diff --git a/plonky2/src/iop/challenger.rs b/plonky2/src/iop/challenger.rs index b8ca4fb7..d7583646 100644 --- a/plonky2/src/iop/challenger.rs +++ b/plonky2/src/iop/challenger.rs @@ -2,7 +2,10 @@ use std::convert::TryInto; use std::marker::PhantomData; use plonky2_field::extension_field::{Extendable, FieldExtension}; +use plonky2_field::polynomial::PolynomialCoeffs; +use crate::fri::proof::FriChallenges; +use crate::fri::FriConfig; use crate::hash::hash_types::RichField; use crate::hash::hash_types::{HashOut, HashOutTarget, MerkleCapTarget}; use crate::hash::hashing::{PlonkyPermutation, SPONGE_RATE, SPONGE_WIDTH}; @@ -10,7 +13,7 @@ use crate::hash::merkle_tree::MerkleCap; use crate::iop::ext_target::ExtensionTarget; use crate::iop::target::Target; use crate::plonk::circuit_builder::CircuitBuilder; -use crate::plonk::config::{AlgebraicHasher, GenericHashOut, Hasher}; +use crate::plonk::config::{AlgebraicHasher, GenericConfig, GenericHashOut, Hasher}; use crate::plonk::proof::{OpeningSet, OpeningSetTarget}; /// Observes prover messages, and generates challenges by hashing the transcript, a la Fiat-Shamir. @@ -152,6 +155,57 @@ impl> Challenger { .collect() } + pub fn fri_challenges, const D: usize>( + &mut self, + commit_phase_merkle_caps: &[MerkleCap], + final_poly: &PolynomialCoeffs, + pow_witness: F, + degree_bits: usize, + config: &FriConfig, + ) -> FriChallenges + where + F: RichField + Extendable, + { + let num_fri_queries = config.num_query_rounds; + let lde_size = 1 << (degree_bits + config.rate_bits); + // Scaling factor to combine polynomials. + let fri_alpha = self.get_extension_challenge::(); + + // Recover the random betas used in the FRI reductions. + let fri_betas = commit_phase_merkle_caps + .iter() + .map(|cap| { + self.observe_cap(cap); + self.get_extension_challenge::() + }) + .collect(); + + self.observe_extension_elements(&final_poly.coeffs); + + let fri_pow_response = C::InnerHasher::hash( + &self + .get_hash() + .elements + .iter() + .copied() + .chain(Some(pow_witness)) + .collect::>(), + false, + ) + .elements[0]; + + let fri_query_indices = (0..num_fri_queries) + .map(|_| self.get_challenge().to_canonical_u64() as usize % lde_size) + .collect(); + + FriChallenges { + fri_alpha, + fri_betas, + fri_pow_response, + fri_query_indices, + } + } + /// Absorb any buffered inputs. After calling this, the input buffer will be empty. fn absorb_buffered_inputs(&mut self) { if self.input_buffer.is_empty() { diff --git a/plonky2/src/plonk/get_challenges.rs b/plonky2/src/plonk/get_challenges.rs index 440705ce..3167fef7 100644 --- a/plonky2/src/plonk/get_challenges.rs +++ b/plonky2/src/plonk/get_challenges.rs @@ -1,10 +1,9 @@ use std::collections::HashSet; -use itertools::Itertools; use plonky2_field::extension_field::Extendable; use plonky2_field::polynomial::PolynomialCoeffs; -use crate::fri::proof::{CompressedFriProof, FriProof}; +use crate::fri::proof::{CompressedFriProof, FriChallenges, FriProof}; use crate::fri::verifier::{compute_evaluation, fri_combine_initial, PrecomputedReducedOpenings}; use crate::hash::hash_types::RichField; use crate::hash::merkle_tree::MerkleCap; @@ -12,8 +11,8 @@ use crate::iop::challenger::Challenger; use crate::plonk::circuit_data::CommonCircuitData; use crate::plonk::config::{GenericConfig, Hasher}; use crate::plonk::proof::{ - CompressedProof, CompressedProofWithPublicInputs, FriChallenges, FriInferredElements, - OpeningSet, Proof, ProofChallenges, ProofWithPublicInputs, + CompressedProof, CompressedProofWithPublicInputs, FriInferredElements, OpeningSet, Proof, + ProofChallenges, ProofWithPublicInputs, }; use crate::util::reverse_bits; @@ -30,8 +29,6 @@ fn get_challenges, C: GenericConfig, cons ) -> anyhow::Result> { let config = &common_data.config; let num_challenges = config.num_challenges; - let num_fri_queries = config.fri_config.num_query_rounds; - let lde_size = common_data.lde_size(); let mut challenger = Challenger::::new(); @@ -51,47 +48,18 @@ fn get_challenges, C: GenericConfig, cons challenger.observe_opening_set(openings); - // Scaling factor to combine polynomials. - let fri_alpha = challenger.get_extension_challenge::(); - - // Recover the random betas used in the FRI reductions. - let fri_betas = commit_phase_merkle_caps - .iter() - .map(|cap| { - challenger.observe_cap(cap); - challenger.get_extension_challenge::() - }) - .collect(); - - challenger.observe_extension_elements(&final_poly.coeffs); - - let fri_pow_response = C::InnerHasher::hash( - &challenger - .get_hash() - .elements - .iter() - .copied() - .chain(Some(pow_witness)) - .collect_vec(), - false, - ) - .elements[0]; - - let fri_query_indices = (0..num_fri_queries) - .map(|_| challenger.get_challenge().to_canonical_u64() as usize % lde_size) - .collect(); - Ok(ProofChallenges { plonk_betas, plonk_gammas, plonk_alphas, plonk_zeta, - fri_challenges: FriChallenges { - fri_alpha, - fri_betas, - fri_pow_response, - fri_query_indices, - }, + fri_challenges: challenger.fri_challenges::( + commit_phase_merkle_caps, + final_poly, + pow_witness, + common_data.degree_bits, + &config.fri_config, + ), }) } diff --git a/plonky2/src/plonk/plonk_common.rs b/plonky2/src/plonk/plonk_common.rs index 94279d12..519593b3 100644 --- a/plonky2/src/plonk/plonk_common.rs +++ b/plonky2/src/plonk/plonk_common.rs @@ -1,7 +1,6 @@ use plonky2_field::extension_field::Extendable; use plonky2_field::field_types::Field; use plonky2_field::packed_field::PackedField; -use plonky2_util::log2_strict; use crate::fri::oracle::SALT_SIZE; use crate::fri::structure::FriOracleInfo; diff --git a/plonky2/src/plonk/proof.rs b/plonky2/src/plonk/proof.rs index 401b9f52..9d9eaaff 100644 --- a/plonky2/src/plonk/proof.rs +++ b/plonky2/src/plonk/proof.rs @@ -3,7 +3,7 @@ use rayon::prelude::*; use serde::{Deserialize, Serialize}; use crate::fri::oracle::PolynomialBatch; -use crate::fri::proof::{CompressedFriProof, FriProof, FriProofTarget}; +use crate::fri::proof::{CompressedFriProof, FriChallenges, FriProof, FriProofTarget}; use crate::fri::structure::{ FriOpeningBatch, FriOpeningBatchTarget, FriOpenings, FriOpeningsTarget, }; @@ -242,19 +242,6 @@ pub(crate) struct ProofChallenges, const D: usize> pub fri_challenges: FriChallenges, } -pub struct FriChallenges, const D: usize> { - // Scaling factor to combine polynomials. - pub fri_alpha: F::Extension, - - // Betas used in the FRI commit phase reductions. - pub fri_betas: Vec, - - pub fri_pow_response: F, - - // Indices at which the oracle is queried in FRI. - pub fri_query_indices: Vec, -} - /// Coset elements that can be inferred in the FRI reduction steps. pub(crate) struct FriInferredElements, const D: usize>( pub Vec, diff --git a/starky/src/get_challenges.rs b/starky/src/get_challenges.rs index d6a9b562..9d9b808e 100644 --- a/starky/src/get_challenges.rs +++ b/starky/src/get_challenges.rs @@ -5,8 +5,7 @@ use plonky2::fri::proof::FriProof; use plonky2::hash::hash_types::RichField; use plonky2::hash::merkle_tree::MerkleCap; use plonky2::iop::challenger::Challenger; -use plonky2::plonk::config::{GenericConfig, Hasher}; -use plonky2::plonk::proof::FriChallenges; +use plonky2::plonk::config::GenericConfig; use crate::config::StarkConfig; use crate::proof::{StarkOpeningSet, StarkProof, StarkProofChallenges, StarkProofWithPublicInputs}; @@ -35,45 +34,16 @@ fn get_challenges, C: GenericConfig, cons openings.observe(&mut challenger); - // Scaling factor to combine polynomials. - let fri_alpha = challenger.get_extension_challenge::(); - - // Recover the random betas used in the FRI reductions. - let fri_betas = commit_phase_merkle_caps - .iter() - .map(|cap| { - challenger.observe_cap(cap); - challenger.get_extension_challenge::() - }) - .collect(); - - challenger.observe_extension_elements(&final_poly.coeffs); - - let fri_pow_response = C::InnerHasher::hash( - &challenger - .get_hash() - .elements - .iter() - .copied() - .chain(Some(pow_witness)) - .collect::>(), - false, - ) - .elements[0]; - - let fri_query_indices = (0..num_fri_queries) - .map(|_| challenger.get_challenge().to_canonical_u64() as usize % lde_size) - .collect(); - Ok(StarkProofChallenges { stark_alphas, stark_zeta, - fri_challenges: FriChallenges { - fri_alpha, - fri_betas, - fri_pow_response, - fri_query_indices, - }, + fri_challenges: challenger.fri_challenges::( + commit_phase_merkle_caps, + final_poly, + pow_witness, + degree_bits, + &config.fri_config, + ), }) } diff --git a/starky/src/proof.rs b/starky/src/proof.rs index 2d9597d0..c2d2ac67 100644 --- a/starky/src/proof.rs +++ b/starky/src/proof.rs @@ -1,13 +1,11 @@ use plonky2::field::extension_field::Extendable; -use plonky2::field::field_types::Field; use plonky2::fri::oracle::PolynomialBatch; -use plonky2::fri::proof::{CompressedFriProof, FriProof}; +use plonky2::fri::proof::{CompressedFriProof, FriChallenges, FriProof}; use plonky2::fri::structure::{FriOpeningBatch, FriOpenings}; use plonky2::hash::hash_types::RichField; use plonky2::hash::merkle_tree::MerkleCap; use plonky2::iop::challenger::Challenger; use plonky2::plonk::config::{GenericConfig, Hasher}; -use plonky2::plonk::proof::FriChallenges; use rayon::prelude::*; pub struct StarkProof, C: GenericConfig, const D: usize> { diff --git a/starky/src/prover.rs b/starky/src/prover.rs index 352b03f7..1c5310e4 100644 --- a/starky/src/prover.rs +++ b/starky/src/prover.rs @@ -1,7 +1,6 @@ use anyhow::{ensure, Result}; use itertools::Itertools; use plonky2::field::extension_field::Extendable; -use plonky2::field::extension_field::FieldExtension; use plonky2::field::field_types::Field; use plonky2::field::polynomial::{PolynomialCoeffs, PolynomialValues}; use plonky2::field::zero_poly_coset::ZeroPolyOnCoset; diff --git a/starky/src/verifier.rs b/starky/src/verifier.rs index 5317cb5c..298e4797 100644 --- a/starky/src/verifier.rs +++ b/starky/src/verifier.rs @@ -3,10 +3,8 @@ use plonky2::field::extension_field::{Extendable, FieldExtension}; use plonky2::field::field_types::Field; use plonky2::fri::verifier::verify_fri_proof; use plonky2::hash::hash_types::RichField; -use plonky2::plonk::circuit_data::CommonCircuitData; use plonky2::plonk::config::GenericConfig; use plonky2::plonk::plonk_common::reduce_with_powers; -use plonky2::plonk::proof::ProofWithPublicInputs; use plonky2_util::log2_strict; use crate::config::StarkConfig;