From 9c42fef99757b542e899b47df9d618c0eee24e6d Mon Sep 17 00:00:00 2001 From: Daniel Lubarov Date: Sat, 14 Aug 2021 08:47:03 -0700 Subject: [PATCH] Little refactor (#178) --- src/fri/mod.rs | 27 --------------------- src/fri/recursive_verifier.rs | 6 ++--- src/fri/verifier.rs | 8 +++---- src/gadgets/split_join.rs | 45 +---------------------------------- src/gates/exponentiation.rs | 4 ++-- src/hash/merkle_tree.rs | 6 +++++ src/plonk/circuit_builder.rs | 6 +---- 7 files changed, 17 insertions(+), 85 deletions(-) diff --git a/src/fri/mod.rs b/src/fri/mod.rs index 29d99d61..55a41abd 100644 --- a/src/fri/mod.rs +++ b/src/fri/mod.rs @@ -4,10 +4,6 @@ pub mod prover; pub mod recursive_verifier; pub mod verifier; -/// Somewhat arbitrary. Smaller values will increase delta, but with diminishing returns, -/// while increasing L, potentially requiring more challenge points. -const EPSILON: f64 = 0.01; - #[derive(Debug, Clone, Eq, PartialEq)] pub struct FriConfig { pub proof_of_work_bits: u32, @@ -23,26 +19,3 @@ pub struct FriConfig { pub cap_height: usize, } - -fn fri_delta(rate_log: usize, conjecture: bool) -> f64 { - let rate = (1 << rate_log) as f64; - if conjecture { - // See Conjecture 2.3 in DEEP-FRI. - 1.0 - rate - EPSILON - } else { - // See the Johnson radius. - 1.0 - rate.sqrt() - EPSILON - } -} - -fn fri_l(codeword_len: usize, rate_log: usize, conjecture: bool) -> f64 { - let rate = (1 << rate_log) as f64; - if conjecture { - // See Conjecture 2.3 in DEEP-FRI. - // We assume the conjecture holds with a constant of 1 (as do other STARK implementations). - (codeword_len as f64) / EPSILON - } else { - // See the Johnson bound. - 1.0 / (2.0 * EPSILON * rate.sqrt()) - } -} diff --git a/src/fri/recursive_verifier.rs b/src/fri/recursive_verifier.rs index 503cdaf6..a8bd5d94 100644 --- a/src/fri/recursive_verifier.rs +++ b/src/fri/recursive_verifier.rs @@ -22,18 +22,18 @@ impl, const D: usize> CircuitBuilder { x: Target, x_index_within_coset_bits: &[Target], arity_bits: usize, - last_evals: &[ExtensionTarget], + evals: &[ExtensionTarget], beta: ExtensionTarget, ) -> ExtensionTarget { let arity = 1 << arity_bits; - debug_assert_eq!(last_evals.len(), arity); + debug_assert_eq!(evals.len(), arity); let g = F::primitive_root_of_unity(arity_bits); let g_inv = g.exp((arity as u64) - 1); let g_inv_t = self.constant(g_inv); // The evaluation vector needs to be reordered first. - let mut evals = last_evals.to_vec(); + let mut evals = evals.to_vec(); reverse_index_bits_in_place(&mut evals); // Want `g^(arity - rev_x_index_within_coset)` as in the out-of-circuit version. Compute it // as `(g^-1)^rev_x_index_within_coset`. diff --git a/src/fri/verifier.rs b/src/fri/verifier.rs index 63359cd4..ff5dc87d 100644 --- a/src/fri/verifier.rs +++ b/src/fri/verifier.rs @@ -21,24 +21,24 @@ fn compute_evaluation, const D: usize>( x: F, x_index_within_coset: usize, arity_bits: usize, - last_evals: &[F::Extension], + evals: &[F::Extension], beta: F::Extension, ) -> F::Extension { let arity = 1 << arity_bits; - debug_assert_eq!(last_evals.len(), arity); + debug_assert_eq!(evals.len(), arity); let g = F::primitive_root_of_unity(arity_bits); // The evaluation vector needs to be reordered first. - let mut evals = last_evals.to_vec(); + let mut evals = evals.to_vec(); reverse_index_bits_in_place(&mut evals); let rev_x_index_within_coset = reverse_bits(x_index_within_coset, arity_bits); let coset_start = x * g.exp((arity - rev_x_index_within_coset) as u64); // The answer is gotten by interpolating {(x*g^i, P(x*g^i))} and evaluating at beta. let points = g .powers() + .map(|y| (coset_start * y).into()) .zip(evals) - .map(|(y, e)| ((coset_start * y).into(), e)) .collect::>(); let barycentric_weights = barycentric_weights(&points); interpolate(&points, beta, &barycentric_weights) diff --git a/src/gadgets/split_join.rs b/src/gadgets/split_join.rs index 45422d5d..1fe25dbe 100644 --- a/src/gadgets/split_join.rs +++ b/src/gadgets/split_join.rs @@ -1,29 +1,13 @@ use crate::field::extension_field::Extendable; use crate::field::field_types::Field; use crate::gates::base_sum::BaseSumGate; -use crate::iop::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator}; +use crate::iop::generator::{GeneratedValues, SimpleGenerator}; use crate::iop::target::Target; -use crate::iop::wire::Wire; use crate::iop::witness::PartialWitness; use crate::plonk::circuit_builder::CircuitBuilder; use crate::util::ceil_div_usize; impl, const D: usize> CircuitBuilder { - /// Split the given integer into a list of virtual targets, where each one represents a bit of - /// the integer, with little-endian ordering. - /// - /// Note that this only handles witness generation; it does not enforce that the decomposition - /// is correct. The output should be treated as a "purported" decomposition which must be - /// enforced elsewhere. - pub(crate) fn split_le_virtual(&mut self, integer: Target, num_bits: usize) -> Vec { - let bit_targets = self.add_virtual_targets(num_bits); - self.add_generator(SplitGenerator { - integer, - bits: bit_targets.clone(), - }); - bit_targets - } - /// Split the given integer into a list of wires, where each one represents a /// bit of the integer, with little-endian ordering. /// Verifies that the decomposition is correct by using `k` `BaseSum<2>` gates @@ -72,33 +56,6 @@ impl, const D: usize> CircuitBuilder { } } -/// Generator for a little-endian split. -#[must_use] -pub fn split_le_generator( - integer: Target, - bits: Vec, -) -> Box> { - Box::new(SplitGenerator { integer, bits }) -} - -/// Generator for a little-endian split. -#[must_use] -pub fn split_le_generator_local_wires( - gate: usize, - integer_input_index: usize, - bit_input_indices: &[usize], -) -> Box> { - let integer = Target::Wire(Wire { - gate, - input: integer_input_index, - }); - let bits = bit_input_indices - .iter() - .map(|&input| Target::Wire(Wire { gate, input })) - .collect(); - Box::new(SplitGenerator { integer, bits }) -} - #[derive(Debug)] struct SplitGenerator { integer: Target, diff --git a/src/gates/exponentiation.rs b/src/gates/exponentiation.rs index 5b4075bd..ac3a467a 100644 --- a/src/gates/exponentiation.rs +++ b/src/gates/exponentiation.rs @@ -322,14 +322,14 @@ mod tests { let num_power_bits = power_bits.len(); - let power_bits_F: Vec<_> = power_bits + let power_bits_f: Vec<_> = power_bits .iter() .map(|b| F::from_canonical_u64(*b)) .collect(); let mut v = Vec::new(); v.push(base); - v.extend(power_bits_F.clone()); + v.extend(power_bits_f.clone()); let mut intermediate_values = Vec::new(); let mut current_intermediate_value = F::ONE; diff --git a/src/hash/merkle_tree.rs b/src/hash/merkle_tree.rs index 334e65bf..c96a0c23 100644 --- a/src/hash/merkle_tree.rs +++ b/src/hash/merkle_tree.rs @@ -13,6 +13,12 @@ use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place}; #[serde(bound = "")] pub struct MerkleCap(pub Vec>); +impl MerkleCap { + pub fn flatten(&self) -> Vec { + self.0.iter().flat_map(|h| h.elements).collect() + } +} + #[derive(Clone, Debug)] pub struct MerkleTree { /// The data in the leaves of the Merkle tree. diff --git a/src/plonk/circuit_builder.rs b/src/plonk/circuit_builder.rs index d783d890..1db21fa5 100644 --- a/src/plonk/circuit_builder.rs +++ b/src/plonk/circuit_builder.rs @@ -602,11 +602,7 @@ impl, const D: usize> CircuitBuilder { // TODO: This should also include an encoding of gate constraints. let circuit_digest_parts = [ - constants_sigmas_cap - .0 - .into_iter() - .flat_map(|h| h.elements) - .collect::>(), + constants_sigmas_cap.flatten(), vec![/* Add other circuit data here */], ]; let circuit_digest = hash_n_to_hash(circuit_digest_parts.concat(), false);