logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-05 07:13:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove D=1 case

Browse Source
This commit is contained in:
wborgeaud 2021-06-01 21:55:05 +02:00
parent 60e9464416
commit 9eb35c3c82
2 changed files with 68 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
src/fri/verifier.rs
View File

@ -148,6 +148,7 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
subgroup_x: F,
config: &FriConfig,
) -> F::Extension {
assert!(D > 1, "Not implemented for D=1.");
let degree_log = proof.evals_proofs[0].1.siblings.len() - config.rate_bits;
let mut cur_alpha = F::Extension::ONE;
@ -155,35 +156,22 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
let mut poly_count = 0;
let mut e = F::Extension::ZERO;
let ev = if D == 1 {
vec![0, 1, 2, 4]
} else {
vec![0, 1, 4]
}
.iter()
.flat_map(|&i| {
let v = &proof.evals_proofs[i].0;
&v[..v.len() - if config.blinding[i] { SALT_SIZE } else { 0 }]
})
.rev()
.fold(F::Extension::ZERO, |acc, &e| {
poly_count += 1;
alpha * acc + e.into()
});
let composition_eval = if D == 1 {
vec![
&os.constants,
&os.plonk_sigmas,
&os.wires,
&os.quotient_polys,
]
} else {
vec![&os.constants, &os.plonk_sigmas, &os.quotient_polys]
}
.iter()
.flat_map(|v| v.iter())
.rev()
.fold(F::Extension::ZERO, |acc, &e| acc * alpha + e);
let ev = vec![0, 1, 4]
.iter()
.flat_map(|&i| {
let v = &proof.evals_proofs[i].0;
&v[..v.len() - if config.blinding[i] { SALT_SIZE } else { 0 }]
})
.rev()
.fold(F::Extension::ZERO, |acc, &e| {
poly_count += 1;
alpha * acc + e.into()
});
let composition_eval = [&os.constants, &os.plonk_sigmas, &os.quotient_polys]
.iter()
.flat_map(|v| v.iter())
.rev()
.fold(F::Extension::ZERO, |acc, &e| acc * alpha + e);
let numerator = ev - composition_eval;
let denominator = F::Extension::from_basefield(subgroup_x) - zeta;
e += cur_alpha * numerator / denominator;
@ -208,26 +196,24 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
e += cur_alpha * numerator / denominator;
cur_alpha = alpha.exp(poly_count);
if D > 1 {
let ev = proof.evals_proofs[2].0
[..proof.evals_proofs[2].0.len() - if config.blinding[2] { SALT_SIZE } else { 0 }]
.iter()
.rev()
.fold(F::Extension::ZERO, |acc, &e| {
poly_count += 1;
alpha * acc + e.into()
});
let zeta_frob = zeta.frobenius();
let wire_evals_frob = os.wires.iter().map(|e| e.frobenius()).collect::<Vec<_>>();
let wires_interpol = interpolant(&[
(zeta, reduce_with_powers(&os.wires, alpha)),
(zeta_frob, reduce_with_powers(&wire_evals_frob, alpha)),
]);
let numerator = ev - wires_interpol.eval(subgroup_x.into());
let denominator = (F::Extension::from_basefield(subgroup_x) - zeta)
* (F::Extension::from_basefield(subgroup_x) - zeta_frob);
e += cur_alpha * numerator / denominator;
}
let ev = proof.evals_proofs[2].0
[..proof.evals_proofs[2].0.len() - if config.blinding[2] { SALT_SIZE } else { 0 }]
.iter()
.rev()
.fold(F::Extension::ZERO, |acc, &e| {
poly_count += 1;
alpha * acc + e.into()
});
let zeta_frob = zeta.frobenius();
let wire_evals_frob = os.wires.iter().map(|e| e.frobenius()).collect::<Vec<_>>();
let wires_interpol = interpolant(&[
(zeta, reduce_with_powers(&os.wires, alpha)),
(zeta_frob, reduce_with_powers(&wire_evals_frob, alpha)),
]);
let numerator = ev - wires_interpol.eval(subgroup_x.into());
let denominator = (F::Extension::from_basefield(subgroup_x) - zeta)
* (F::Extension::from_basefield(subgroup_x) - zeta_frob);
e += cur_alpha * numerator / denominator;
e
}

88
src/polynomial/commitment.rs
View File

@ -87,6 +87,7 @@ impl<F: Field> ListPolynomialCommitment<F> {
where
F: Extendable<D>,
{
assert!(D > 1, "Not implemented for D=1.");
let degree_log = log2_strict(commitments[0].degree);
let g = F::Extension::primitive_root_of_unity(degree_log);
for &p in &[zeta, g * zeta] {
@ -117,32 +118,19 @@ impl<F: Field> ListPolynomialCommitment<F> {
let mut poly_count = 0;
// Polynomials opened at a single point.
let composition_poly = if D == 1 {
vec![0, 1, 2, 4]
} else {
vec![0, 1, 4]
}
.iter()
.flat_map(|&i| &commitments[i].polynomials)
.rev()
.fold(PolynomialCoeffs::empty(), |acc, p| {
poly_count += 1;
&(&acc * alpha) + &p.to_extension()
});
let composition_eval = if D == 1 {
vec![
&os.constants,
&os.plonk_sigmas,
&os.wires,
&os.quotient_polys,
]
} else {
vec![&os.constants, &os.plonk_sigmas, &os.quotient_polys]
}
.iter()
.flat_map(|v| v.iter())
.rev()
.fold(F::Extension::ZERO, |acc, &e| acc * alpha + e);
let composition_poly = [0, 1, 4]
.iter()
.flat_map(|&i| &commitments[i].polynomials)
.rev()
.fold(PolynomialCoeffs::empty(), |acc, p| {
poly_count += 1;
&(&acc * alpha) + &p.to_extension()
});
let composition_eval = [&os.constants, &os.plonk_sigmas, &os.quotient_polys]
.iter()
.flat_map(|v| v.iter())
.rev()
.fold(F::Extension::ZERO, |acc, &e| acc * alpha + e);
let quotient = Self::compute_quotient(&[zeta], &[composition_eval], &composition_poly);
final_poly = &final_poly + &(&quotient * cur_alpha);
@ -171,30 +159,30 @@ impl<F: Field> ListPolynomialCommitment<F> {
final_poly = &final_poly + &(&zs_quotient * cur_alpha);
cur_alpha = alpha.exp(poly_count);
// If working in an extension field, need to check that wires are in the base field.
// When working in an extension field, need to check that wires are in the base field.
// Check this by opening the wires polynomials at `zeta` and `zeta.frobenius()` and using the fact that
// a polynomial `f` is over the base field iff `f(z).frobenius()=f(z.frobenius())` with high probability.
if D > 1 {
let wires_composition_poly = commitments[2].polynomials.iter().rev().fold(
PolynomialCoeffs::empty(),
|acc, p| {
let wires_composition_poly =
commitments[2]
.polynomials
.iter()
.rev()
.fold(PolynomialCoeffs::empty(), |acc, p| {
poly_count += 1;
&(&acc * alpha) + &p.to_extension()
},
);
let wire_evals_frob = os.wires.iter().map(|e| e.frobenius()).collect::<Vec<_>>();
let wires_composition_evals = [
reduce_with_powers(&os.wires, alpha),
reduce_with_powers(&wire_evals_frob, alpha),
];
});
let wire_evals_frob = os.wires.iter().map(|e| e.frobenius()).collect::<Vec<_>>();
let wires_composition_evals = [
reduce_with_powers(&os.wires, alpha),
reduce_with_powers(&wire_evals_frob, alpha),
];
let wires_quotient = Self::compute_quotient(
&[zeta, zeta.frobenius()],
&wires_composition_evals,
&wires_composition_poly,
);
final_poly = &final_poly + &(&wires_quotient * cur_alpha);
}
let wires_quotient = Self::compute_quotient(
&[zeta, zeta.frobenius()],
&wires_composition_evals,
&wires_composition_poly,
);
final_poly = &final_poly + &(&wires_quotient * cur_alpha);
let lde_final_poly = final_poly.lde(config.rate_bits);
let lde_final_values = lde_final_poly
@ -370,16 +358,6 @@ mod tests {
)
}
mod base {
use super::*;
use crate::field::crandall_field::CrandallField;
#[test]
fn test_batch_polynomial_commitment() -> Result<()> {
check_batch_polynomial_commitment::<CrandallField, 1>()
}
}
mod quadratic {
use super::*;
use crate::field::crandall_field::CrandallField;