Little refactor (#178)

2026-01-10 09:43:09 +00:00 · 2021-08-14 08:47:03 -07:00 · 2021-08-14 08:47:03 -07:00 · 9c42fef997
commit 9c42fef997
parent 47e9f5461e
7 changed files with 17 additions and 85 deletions
--- a/src/fri/mod.rs
+++ b/src/fri/mod.rs
@ -4,10 +4,6 @@ pub mod prover;
 pub mod recursive_verifier;
 pub mod verifier;

-/// Somewhat arbitrary. Smaller values will increase delta, but with diminishing returns,
-/// while increasing L, potentially requiring more challenge points.
-const EPSILON: f64 = 0.01;
-
 #[derive(Debug, Clone, Eq, PartialEq)]
 pub struct FriConfig {
    pub proof_of_work_bits: u32,
@ -23,26 +19,3 @@ pub struct FriConfig {

    pub cap_height: usize,
 }
-
-fn fri_delta(rate_log: usize, conjecture: bool) -> f64 {
-    let rate = (1 << rate_log) as f64;
-    if conjecture {
-        // See Conjecture 2.3 in DEEP-FRI.
-        1.0 - rate - EPSILON
-    } else {
-        // See the Johnson radius.
-        1.0 - rate.sqrt() - EPSILON
-    }
-}
-
-fn fri_l(codeword_len: usize, rate_log: usize, conjecture: bool) -> f64 {
-    let rate = (1 << rate_log) as f64;
-    if conjecture {
-        // See Conjecture 2.3 in DEEP-FRI.
-        // We assume the conjecture holds with a constant of 1 (as do other STARK implementations).
-        (codeword_len as f64) / EPSILON
-    } else {
-        // See the Johnson bound.
-        1.0 / (2.0 * EPSILON * rate.sqrt())
-    }
-}
--- a/src/fri/recursive_verifier.rs
+++ b/src/fri/recursive_verifier.rs
@ -22,18 +22,18 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
        x: Target,
        x_index_within_coset_bits: &[Target],
        arity_bits: usize,
-        last_evals: &[ExtensionTarget<D>],
+        evals: &[ExtensionTarget<D>],
        beta: ExtensionTarget<D>,
    ) -> ExtensionTarget<D> {
        let arity = 1 << arity_bits;
-        debug_assert_eq!(last_evals.len(), arity);
+        debug_assert_eq!(evals.len(), arity);

        let g = F::primitive_root_of_unity(arity_bits);
        let g_inv = g.exp((arity as u64) - 1);
        let g_inv_t = self.constant(g_inv);

        // The evaluation vector needs to be reordered first.
-        let mut evals = last_evals.to_vec();
+        let mut evals = evals.to_vec();
        reverse_index_bits_in_place(&mut evals);
        // Want `g^(arity - rev_x_index_within_coset)` as in the out-of-circuit version. Compute it
        // as `(g^-1)^rev_x_index_within_coset`.
--- a/src/fri/verifier.rs
+++ b/src/fri/verifier.rs
@ -21,24 +21,24 @@ fn compute_evaluation<F: Field + Extendable<D>, const D: usize>(
    x: F,
    x_index_within_coset: usize,
    arity_bits: usize,
-    last_evals: &[F::Extension],
+    evals: &[F::Extension],
    beta: F::Extension,
 ) -> F::Extension {
    let arity = 1 << arity_bits;
-    debug_assert_eq!(last_evals.len(), arity);
+    debug_assert_eq!(evals.len(), arity);

    let g = F::primitive_root_of_unity(arity_bits);

    // The evaluation vector needs to be reordered first.
-    let mut evals = last_evals.to_vec();
+    let mut evals = evals.to_vec();
    reverse_index_bits_in_place(&mut evals);
    let rev_x_index_within_coset = reverse_bits(x_index_within_coset, arity_bits);
    let coset_start = x * g.exp((arity - rev_x_index_within_coset) as u64);
    // The answer is gotten by interpolating {(x*g^i, P(x*g^i))} and evaluating at beta.
    let points = g
        .powers()
+        .map(|y| (coset_start * y).into())
        .zip(evals)
-        .map(|(y, e)| ((coset_start * y).into(), e))
        .collect::<Vec<_>>();
    let barycentric_weights = barycentric_weights(&points);
    interpolate(&points, beta, &barycentric_weights)
--- a/src/gadgets/split_join.rs
+++ b/src/gadgets/split_join.rs
@ -1,29 +1,13 @@
 use crate::field::extension_field::Extendable;
 use crate::field::field_types::Field;
 use crate::gates::base_sum::BaseSumGate;
-use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
+use crate::iop::generator::{GeneratedValues, SimpleGenerator};
 use crate::iop::target::Target;
-use crate::iop::wire::Wire;
 use crate::iop::witness::PartialWitness;
 use crate::plonk::circuit_builder::CircuitBuilder;
 use crate::util::ceil_div_usize;

 impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
-    /// Split the given integer into a list of virtual targets, where each one represents a bit of
-    /// the integer, with little-endian ordering.
-    ///
-    /// Note that this only handles witness generation; it does not enforce that the decomposition
-    /// is correct. The output should be treated as a "purported" decomposition which must be
-    /// enforced elsewhere.
-    pub(crate) fn split_le_virtual(&mut self, integer: Target, num_bits: usize) -> Vec<Target> {
-        let bit_targets = self.add_virtual_targets(num_bits);
-        self.add_generator(SplitGenerator {
-            integer,
-            bits: bit_targets.clone(),
-        });
-        bit_targets
-    }
-
    /// Split the given integer into a list of wires, where each one represents a
    /// bit of the integer, with little-endian ordering.
    /// Verifies that the decomposition is correct by using `k` `BaseSum<2>` gates
@ -72,33 +56,6 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
    }
 }

-/// Generator for a little-endian split.
-#[must_use]
-pub fn split_le_generator<F: Field>(
-    integer: Target,
-    bits: Vec<Target>,
-) -> Box<dyn WitnessGenerator<F>> {
-    Box::new(SplitGenerator { integer, bits })
-}
-
-/// Generator for a little-endian split.
-#[must_use]
-pub fn split_le_generator_local_wires<F: Field>(
-    gate: usize,
-    integer_input_index: usize,
-    bit_input_indices: &[usize],
-) -> Box<dyn WitnessGenerator<F>> {
-    let integer = Target::Wire(Wire {
-        gate,
-        input: integer_input_index,
-    });
-    let bits = bit_input_indices
-        .iter()
-        .map(|&input| Target::Wire(Wire { gate, input }))
-        .collect();
-    Box::new(SplitGenerator { integer, bits })
-}
-
 #[derive(Debug)]
 struct SplitGenerator {
    integer: Target,
--- a/src/gates/exponentiation.rs
+++ b/src/gates/exponentiation.rs
@ -322,14 +322,14 @@ mod tests {

            let num_power_bits = power_bits.len();

-            let power_bits_F: Vec<_> = power_bits
+            let power_bits_f: Vec<_> = power_bits
                .iter()
                .map(|b| F::from_canonical_u64(*b))
                .collect();

            let mut v = Vec::new();
            v.push(base);
-            v.extend(power_bits_F.clone());
+            v.extend(power_bits_f.clone());

            let mut intermediate_values = Vec::new();
            let mut current_intermediate_value = F::ONE;
--- a/src/hash/merkle_tree.rs
+++ b/src/hash/merkle_tree.rs
@ -13,6 +13,12 @@ use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place};
 #[serde(bound = "")]
 pub struct MerkleCap<F: Field>(pub Vec<HashOut<F>>);

+impl<F: Field> MerkleCap<F> {
+    pub fn flatten(&self) -> Vec<F> {
+        self.0.iter().flat_map(|h| h.elements).collect()
+    }
+}
+
 #[derive(Clone, Debug)]
 pub struct MerkleTree<F: Field> {
    /// The data in the leaves of the Merkle tree.
--- a/src/plonk/circuit_builder.rs
+++ b/src/plonk/circuit_builder.rs
@ -602,11 +602,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {

        // TODO: This should also include an encoding of gate constraints.
        let circuit_digest_parts = [
-            constants_sigmas_cap
-                .0
-                .into_iter()
-                .flat_map(|h| h.elements)
-                .collect::<Vec<_>>(),
+            constants_sigmas_cap.flatten(),
            vec![/* Add other circuit data here */],
        ];
        let circuit_digest = hash_n_to_hash(circuit_digest_parts.concat(), false);