From 9ee47ab745f1e06e91ebe721b159f5259a6a6a87 Mon Sep 17 00:00:00 2001 From: Robin Salen Date: Sat, 1 Apr 2023 09:34:13 -0400 Subject: [PATCH] Move HashConfig into GenericConfig associated types --- evm/src/arithmetic/arithmetic_stark.rs | 20 +- evm/src/cpu/cpu_stark.rs | 12 +- evm/src/cross_table_lookup.rs | 10 +- evm/src/fixed_recursive_verifier.rs | 181 +++++++-------- evm/src/get_challenges.rs | 53 ++--- evm/src/keccak/keccak_stark.rs | 22 +- evm/src/keccak_sponge/keccak_sponge_stark.rs | 12 +- evm/src/logic.rs | 12 +- evm/src/memory/memory_stark.rs | 12 +- evm/src/proof.rs | 72 ++---- evm/src/prover.rs | 96 ++++---- evm/src/recursive_verifier.rs | 125 +++++------ evm/src/stark_testing.rs | 10 +- evm/src/verifier.rs | 32 +-- evm/tests/add11_yml.rs | 6 +- evm/tests/basic_smart_contract.rs | 6 +- evm/tests/empty_txn_list.rs | 8 +- evm/tests/simple_transfer.rs | 6 +- plonky2/examples/bench_recursion.rs | 82 +++---- plonky2/examples/factorial.rs | 8 +- plonky2/examples/fibonacci.rs | 8 +- plonky2/examples/square_root.rs | 8 +- plonky2/src/fri/challenges.rs | 10 +- plonky2/src/fri/oracle.rs | 34 +-- plonky2/src/fri/prover.rs | 102 +++------ plonky2/src/fri/recursive_verifier.rs | 26 +-- plonky2/src/fri/validate_shape.rs | 9 +- plonky2/src/fri/verifier.rs | 42 ++-- plonky2/src/gadgets/arithmetic_extension.rs | 29 +-- plonky2/src/gadgets/interpolation.rs | 10 +- plonky2/src/gadgets/random_access.rs | 10 +- plonky2/src/gadgets/select.rs | 10 +- plonky2/src/gadgets/split_base.rs | 14 +- plonky2/src/gates/arithmetic_base.rs | 8 +- plonky2/src/gates/arithmetic_extension.rs | 8 +- plonky2/src/gates/base_sum.rs | 8 +- plonky2/src/gates/constant.rs | 8 +- plonky2/src/gates/coset_interpolation.rs | 16 +- plonky2/src/gates/exponentiation.rs | 14 +- plonky2/src/gates/gate_testing.rs | 12 +- plonky2/src/gates/multiplication_extension.rs | 8 +- plonky2/src/gates/noop.rs | 8 +- plonky2/src/gates/poseidon.rs | 14 +- plonky2/src/gates/poseidon_mds.rs | 12 +- plonky2/src/gates/public_input.rs | 8 +- plonky2/src/gates/random_access.rs | 14 +- plonky2/src/gates/reducing.rs | 8 +- plonky2/src/gates/reducing_extension.rs | 8 +- plonky2/src/hash/merkle_proofs.rs | 17 +- plonky2/src/hash/merkle_tree.rs | 32 +-- plonky2/src/hash/path_compression.rs | 15 +- plonky2/src/iop/challenger.rs | 36 +-- plonky2/src/iop/generator.rs | 7 +- plonky2/src/iop/witness.rs | 33 +-- plonky2/src/plonk/circuit_builder.rs | 44 ++-- plonky2/src/plonk/circuit_data.rs | 140 +++++------- plonky2/src/plonk/config.rs | 18 +- plonky2/src/plonk/get_challenges.rs | 109 ++++----- plonky2/src/plonk/proof.rs | 143 +++++------- plonky2/src/plonk/prover.rs | 73 +++--- plonky2/src/plonk/validate_shape.rs | 17 +- plonky2/src/plonk/verifier.rs | 32 +-- .../conditional_recursive_verifier.rs | 50 ++--- plonky2/src/recursion/cyclic_recursion.rs | 87 +++----- plonky2/src/recursion/dummy_circuit.rs | 77 +++---- plonky2/src/recursion/recursive_verifier.rs | 187 ++++++---------- plonky2/src/util/reducing.rs | 18 +- plonky2/src/util/serialization.rs | 209 +++++++----------- starky/src/fibonacci_stark.rs | 57 ++--- starky/src/get_challenges.rs | 68 +++--- starky/src/proof.rs | 56 ++--- starky/src/prover.rs | 26 +-- starky/src/recursive_verifier.rs | 54 ++--- starky/src/stark_testing.rs | 10 +- starky/src/verifier.rs | 34 ++- 75 files changed, 1094 insertions(+), 1806 deletions(-) diff --git a/evm/src/arithmetic/arithmetic_stark.rs b/evm/src/arithmetic/arithmetic_stark.rs index 397bceb4..0a89f3c6 100644 --- a/evm/src/arithmetic/arithmetic_stark.rs +++ b/evm/src/arithmetic/arithmetic_stark.rs @@ -171,7 +171,7 @@ mod tests { use anyhow::Result; use ethereum_types::U256; use plonky2::field::types::{Field, PrimeField64}; - use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use rand::{Rng, SeedableRng}; use rand_chacha::ChaCha8Rng; @@ -183,9 +183,7 @@ mod tests { fn degree() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = ArithmeticStark; let stark = S { @@ -198,24 +196,20 @@ mod tests { fn circuit() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = ArithmeticStark; let stark = S { f: Default::default(), }; - test_stark_circuit_constraints::(stark) + test_stark_circuit_constraints::(stark) } #[test] fn basic_trace() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = ArithmeticStark; let stark = S { @@ -301,9 +295,7 @@ mod tests { fn big_traces() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = ArithmeticStark; let stark = S { diff --git a/evm/src/cpu/cpu_stark.rs b/evm/src/cpu/cpu_stark.rs index e6891bba..d922c473 100644 --- a/evm/src/cpu/cpu_stark.rs +++ b/evm/src/cpu/cpu_stark.rs @@ -199,7 +199,7 @@ impl, const D: usize> Stark for CpuStark Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = CpuStark; let stark = S { @@ -223,14 +221,12 @@ mod tests { fn test_stark_circuit() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = CpuStark; let stark = S { f: Default::default(), }; - test_stark_circuit_constraints::(stark) + test_stark_circuit_constraints::(stark) } } diff --git a/evm/src/cross_table_lookup.rs b/evm/src/cross_table_lookup.rs index 75dd1025..28dae98c 100644 --- a/evm/src/cross_table_lookup.rs +++ b/evm/src/cross_table_lookup.rs @@ -323,18 +323,14 @@ where impl<'a, F: RichField + Extendable, const D: usize> CtlCheckVars<'a, F, F::Extension, F::Extension, D> { - pub(crate) fn from_proofs< - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - >( - proofs: &[StarkProofWithMetadata; NUM_TABLES], + pub(crate) fn from_proofs>( + proofs: &[StarkProofWithMetadata; NUM_TABLES], cross_table_lookups: &'a [CrossTableLookup], ctl_challenges: &'a GrandProductChallengeSet, num_permutation_zs: &[usize; NUM_TABLES], ) -> [Vec; NUM_TABLES] where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { let mut ctl_zs = proofs .iter() diff --git a/evm/src/fixed_recursive_verifier.rs b/evm/src/fixed_recursive_verifier.rs index c64edbb4..d6c22080 100644 --- a/evm/src/fixed_recursive_verifier.rs +++ b/evm/src/fixed_recursive_verifier.rs @@ -45,33 +45,29 @@ const THRESHOLD_DEGREE_BITS: usize = 13; /// `degree_bits`, this contains a chain of recursive circuits for shrinking that STARK from /// `degree_bits` to a constant `THRESHOLD_DEGREE_BITS`. It also contains a special root circuit /// for combining each STARK's shrunk wrapper proof into a single proof. -pub struct AllRecursiveCircuits +pub struct AllRecursiveCircuits where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - [(); HCO::WIDTH]:, + C: GenericConfig, + [(); C::HCO::WIDTH]:, { /// The EVM root circuit, which aggregates the (shrunk) per-table recursive proofs. - pub root: RootCircuitData, - pub aggregation: AggregationCircuitData, + pub root: RootCircuitData, + pub aggregation: AggregationCircuitData, /// The block circuit, which verifies an aggregation root proof and a previous block proof. - pub block: BlockCircuitData, + pub block: BlockCircuitData, /// Holds chains of circuits for each table and for each initial `degree_bits`. - by_table: [RecursiveCircuitsForTable; NUM_TABLES], + by_table: [RecursiveCircuitsForTable; NUM_TABLES], } /// Data for the EVM root circuit, which is used to combine each STARK's shrunk wrapper proof /// into a single proof. -pub struct RootCircuitData +pub struct RootCircuitData where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { - circuit: CircuitData, + circuit: CircuitData, proof_with_pis: [ProofWithPublicInputsTarget; NUM_TABLES], /// For each table, various inner circuits may be used depending on the initial table size. /// This target holds the index of the circuit (within `final_circuits()`) that was used. @@ -83,14 +79,12 @@ where /// Data for the aggregation circuit, which is used to compress two proofs into one. Each inner /// proof can be either an EVM root proof or another aggregation proof. -pub struct AggregationCircuitData +pub struct AggregationCircuitData where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { - circuit: CircuitData, + circuit: CircuitData, lhs: AggregationChildTarget, rhs: AggregationChildTarget, cyclic_vk: VerifierCircuitTarget, @@ -102,35 +96,31 @@ pub struct AggregationChildTarget { evm_proof: ProofWithPublicInputsTarget, } -pub struct BlockCircuitData +pub struct BlockCircuitData where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { - circuit: CircuitData, + circuit: CircuitData, has_parent_block: BoolTarget, parent_block_proof: ProofWithPublicInputsTarget, agg_root_proof: ProofWithPublicInputsTarget, cyclic_vk: VerifierCircuitTarget, } -impl AllRecursiveCircuits +impl AllRecursiveCircuits where F: RichField + Extendable, - HCO: HashConfig + 'static, - HCI: HashConfig + 'static, - C: GenericConfig + 'static, - C::Hasher: AlgebraicHasher, + C: GenericConfig + 'static, + C::Hasher: AlgebraicHasher, [(); C::Hasher::HASH_SIZE]:, [(); CpuStark::::COLUMNS]:, [(); KeccakStark::::COLUMNS]:, [(); KeccakSpongeStark::::COLUMNS]:, [(); LogicStark::::COLUMNS]:, [(); MemoryStark::::COLUMNS]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { /// Preprocess all recursive circuits used by the system. pub fn new( @@ -187,9 +177,9 @@ where } fn create_root_circuit( - by_table: &[RecursiveCircuitsForTable; NUM_TABLES], + by_table: &[RecursiveCircuitsForTable; NUM_TABLES], stark_config: &StarkConfig, - ) -> RootCircuitData { + ) -> RootCircuitData { let inner_common_data: [_; NUM_TABLES] = core::array::from_fn(|i| &by_table[i].final_circuits()[0].common); @@ -197,11 +187,14 @@ where let recursive_proofs = core::array::from_fn(|i| builder.add_virtual_proof_with_pis(inner_common_data[i])); let pis: [_; NUM_TABLES] = core::array::from_fn(|i| { - PublicInputs::::from_vec(&recursive_proofs[i].public_inputs, stark_config) + PublicInputs::::from_vec( + &recursive_proofs[i].public_inputs, + stark_config, + ) }); let index_verifier_data = core::array::from_fn(|_i| builder.add_virtual_target()); - let mut challenger = RecursiveChallenger::::new(&mut builder); + let mut challenger = RecursiveChallenger::::new(&mut builder); for pi in &pis { for h in &pi.trace_cap { challenger.observe_elements(h); @@ -227,12 +220,12 @@ where } let state = challenger.compact(&mut builder); - for k in 0..HCO::WIDTH { + for k in 0..C::HCO::WIDTH { builder.connect(state[k], pis[0].challenger_state_before[k]); } // Check that the challenger state is consistent between proofs. for i in 1..NUM_TABLES { - for k in 0..HCO::WIDTH { + for k in 0..C::HCO::WIDTH { builder.connect( pis[i].challenger_state_before[k], pis[i - 1].challenger_state_after[k], @@ -268,7 +261,7 @@ where let inner_verifier_data = builder.random_access_verifier_data(index_verifier_data[i], possible_vks); - builder.verify_proof::( + builder.verify_proof::( &recursive_proofs[i], &inner_verifier_data, inner_common_data[i], @@ -280,7 +273,7 @@ where let cyclic_vk = builder.add_verifier_data_public_inputs(); RootCircuitData { - circuit: builder.build::(), + circuit: builder.build::(), proof_with_pis: recursive_proofs, index_verifier_data, cyclic_vk, @@ -288,8 +281,8 @@ where } fn create_aggregation_circuit( - root: &RootCircuitData, - ) -> AggregationCircuitData { + root: &RootCircuitData, + ) -> AggregationCircuitData { let mut builder = CircuitBuilder::::new(root.circuit.common.config.clone()); let cyclic_vk = builder.add_verifier_data_public_inputs(); let lhs = Self::add_agg_child(&mut builder, root); @@ -300,7 +293,7 @@ where builder.add_gate(NoopGate, vec![]); } - let circuit = builder.build::(); + let circuit = builder.build::(); AggregationCircuitData { circuit, lhs, @@ -311,7 +304,7 @@ where fn add_agg_child( builder: &mut CircuitBuilder, - root: &RootCircuitData, + root: &RootCircuitData, ) -> AggregationChildTarget { let common = &root.circuit.common; let root_vk = builder.constant_verifier_data(&root.circuit.verifier_only); @@ -319,7 +312,7 @@ where let agg_proof = builder.add_virtual_proof_with_pis(common); let evm_proof = builder.add_virtual_proof_with_pis(common); builder - .conditionally_verify_cyclic_proof::( + .conditionally_verify_cyclic_proof::( is_agg, &agg_proof, &evm_proof, &root_vk, common, ) .expect("Failed to build cyclic recursion circuit"); @@ -330,9 +323,7 @@ where } } - fn create_block_circuit( - agg: &AggregationCircuitData, - ) -> BlockCircuitData { + fn create_block_circuit(agg: &AggregationCircuitData) -> BlockCircuitData { // The block circuit is similar to the agg circuit; both verify two inner proofs. // We need to adjust a few things, but it's easier than making a new CommonCircuitData. let expected_common_data = CommonCircuitData { @@ -350,7 +341,7 @@ where let cyclic_vk = builder.add_verifier_data_public_inputs(); builder - .conditionally_verify_cyclic_proof_or_dummy::( + .conditionally_verify_cyclic_proof_or_dummy::( has_parent_block, &parent_block_proof, &expected_common_data, @@ -358,13 +349,9 @@ where .expect("Failed to build cyclic recursion circuit"); let agg_verifier_data = builder.constant_verifier_data(&agg.circuit.verifier_only); - builder.verify_proof::( - &agg_root_proof, - &agg_verifier_data, - &agg.circuit.common, - ); + builder.verify_proof::(&agg_root_proof, &agg_verifier_data, &agg.circuit.common); - let circuit = builder.build::(); + let circuit = builder.build::(); BlockCircuitData { circuit, has_parent_block, @@ -381,8 +368,8 @@ where config: &StarkConfig, generation_inputs: GenerationInputs, timing: &mut TimingTree, - ) -> anyhow::Result> { - let all_proof = prove::(all_stark, config, generation_inputs, timing)?; + ) -> anyhow::Result> { + let all_proof = prove::(all_stark, config, generation_inputs, timing)?; let mut root_inputs = PartialWitness::new(); for table in 0..NUM_TABLES { @@ -411,20 +398,17 @@ where self.root.circuit.prove(root_inputs) } - pub fn verify_root( - &self, - agg_proof: ProofWithPublicInputs, - ) -> anyhow::Result<()> { + pub fn verify_root(&self, agg_proof: ProofWithPublicInputs) -> anyhow::Result<()> { self.root.circuit.verify(agg_proof) } pub fn prove_aggregation( &self, lhs_is_agg: bool, - lhs_proof: &ProofWithPublicInputs, + lhs_proof: &ProofWithPublicInputs, rhs_is_agg: bool, - rhs_proof: &ProofWithPublicInputs, - ) -> anyhow::Result> { + rhs_proof: &ProofWithPublicInputs, + ) -> anyhow::Result> { let mut agg_inputs = PartialWitness::new(); agg_inputs.set_bool_target(self.aggregation.lhs.is_agg, lhs_is_agg); @@ -445,7 +429,7 @@ where pub fn verify_aggregation( &self, - agg_proof: &ProofWithPublicInputs, + agg_proof: &ProofWithPublicInputs, ) -> anyhow::Result<()> { self.aggregation.circuit.verify(agg_proof.clone())?; check_cyclic_proof_verifier_data( @@ -457,9 +441,9 @@ where pub fn prove_block( &self, - opt_parent_block_proof: Option<&ProofWithPublicInputs>, - agg_root_proof: &ProofWithPublicInputs, - ) -> anyhow::Result> { + opt_parent_block_proof: Option<&ProofWithPublicInputs>, + agg_root_proof: &ProofWithPublicInputs, + ) -> anyhow::Result> { let mut block_inputs = PartialWitness::new(); block_inputs.set_bool_target( @@ -479,10 +463,7 @@ where self.block.circuit.prove(block_inputs) } - pub fn verify_block( - &self, - block_proof: &ProofWithPublicInputs, - ) -> anyhow::Result<()> { + pub fn verify_block(&self, block_proof: &ProofWithPublicInputs) -> anyhow::Result<()> { self.block.circuit.verify(block_proof.clone())?; check_cyclic_proof_verifier_data( block_proof, @@ -492,29 +473,25 @@ where } } -struct RecursiveCircuitsForTable +struct RecursiveCircuitsForTable where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - [(); HCO::WIDTH]:, + C: GenericConfig, + [(); C::HCO::WIDTH]:, { /// A map from `log_2(height)` to a chain of shrinking recursion circuits starting at that /// height. - by_stark_size: BTreeMap>, + by_stark_size: BTreeMap>, } -impl RecursiveCircuitsForTable +impl RecursiveCircuitsForTable where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - C::Hasher: AlgebraicHasher, + C: GenericConfig, + C::Hasher: AlgebraicHasher, [(); C::Hasher::HASH_SIZE]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { fn new>( table: Table, @@ -545,7 +522,7 @@ where /// For each initial `degree_bits`, get the final circuit at the end of that shrinking chain. /// Each of these final circuits should have degree `THRESHOLD_DEGREE_BITS`. - fn final_circuits(&self) -> Vec<&CircuitData> { + fn final_circuits(&self) -> Vec<&CircuitData> { self.by_stark_size .values() .map(|chain| { @@ -561,28 +538,24 @@ where /// A chain of shrinking wrapper circuits, ending with a final circuit with `degree_bits` /// `THRESHOLD_DEGREE_BITS`. -struct RecursiveCircuitsForTableSize +struct RecursiveCircuitsForTableSize where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - [(); HCO::WIDTH]:, + C: GenericConfig, + [(); C::HCO::WIDTH]:, { - initial_wrapper: StarkWrapperCircuit, - shrinking_wrappers: Vec>, + initial_wrapper: StarkWrapperCircuit, + shrinking_wrappers: Vec>, } -impl RecursiveCircuitsForTableSize +impl RecursiveCircuitsForTableSize where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - C::Hasher: AlgebraicHasher, + C: GenericConfig, + C::Hasher: AlgebraicHasher, [(); C::Hasher::HASH_SIZE]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { fn new>( table: Table, @@ -609,7 +582,7 @@ where loop { let last = shrinking_wrappers .last() - .map(|wrapper: &PlonkWrapperCircuit| &wrapper.circuit) + .map(|wrapper: &PlonkWrapperCircuit| &wrapper.circuit) .unwrap_or(&initial_wrapper.circuit); let last_degree_bits = last.common.degree_bits(); assert!(last_degree_bits >= THRESHOLD_DEGREE_BITS); @@ -620,10 +593,10 @@ where let mut builder = CircuitBuilder::new(shrinking_config()); let proof_with_pis_target = builder.add_virtual_proof_with_pis(&last.common); let last_vk = builder.constant_verifier_data(&last.verifier_only); - builder.verify_proof::(&proof_with_pis_target, &last_vk, &last.common); + builder.verify_proof::(&proof_with_pis_target, &last_vk, &last.common); builder.register_public_inputs(&proof_with_pis_target.public_inputs); // carry PIs forward add_common_recursion_gates(&mut builder); - let circuit = builder.build::(); + let circuit = builder.build::(); assert!( circuit.common.degree_bits() < last_degree_bits, @@ -645,9 +618,9 @@ where fn shrink( &self, - stark_proof_with_metadata: &StarkProofWithMetadata, + stark_proof_with_metadata: &StarkProofWithMetadata, ctl_challenges: &GrandProductChallengeSet, - ) -> anyhow::Result> { + ) -> anyhow::Result> { let mut proof = self .initial_wrapper .prove(stark_proof_with_metadata, ctl_challenges)?; diff --git a/evm/src/get_challenges.rs b/evm/src/get_challenges.rs index 6d441634..6bccb48d 100644 --- a/evm/src/get_challenges.rs +++ b/evm/src/get_challenges.rs @@ -14,15 +14,9 @@ use crate::permutation::{ }; use crate::proof::*; -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > AllProof +impl, C: GenericConfig, const D: usize> AllProof where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { /// Computes all Fiat-Shamir challenges used in the STARK proof. pub(crate) fn get_challenges( @@ -31,10 +25,10 @@ where config: &StarkConfig, ) -> AllProofChallenges where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { - let mut challenger = Challenger::::new(); + let mut challenger = Challenger::::new(); for proof in &self.stark_proofs { challenger.observe_cap(&proof.proof.trace_cap); @@ -67,12 +61,12 @@ where &self, all_stark: &AllStark, config: &StarkConfig, - ) -> AllChallengerState + ) -> AllChallengerState where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { - let mut challenger = Challenger::::new(); + let mut challenger = Challenger::::new(); for proof in &self.stark_proofs { challenger.observe_cap(&proof.proof.trace_cap); @@ -104,24 +98,22 @@ where } } -impl StarkProof +impl StarkProof where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { /// Computes all Fiat-Shamir challenges used in the STARK proof. pub(crate) fn get_challenges( &self, - challenger: &mut Challenger, + challenger: &mut Challenger, stark_use_permutation: bool, stark_permutation_batch_size: usize, config: &StarkConfig, ) -> StarkProofChallenges where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let degree_bits = self.recover_degree_bits(config); @@ -162,7 +154,7 @@ where permutation_challenge_sets, stark_alphas, stark_zeta, - fri_challenges: challenger.fri_challenges::( + fri_challenges: challenger.fri_challenges::( commit_phase_merkle_caps, final_poly, *pow_witness, @@ -174,23 +166,18 @@ where } impl StarkProofTarget { - pub(crate) fn get_challenges< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - >( + pub(crate) fn get_challenges, C: GenericConfig>( &self, builder: &mut CircuitBuilder, - challenger: &mut RecursiveChallenger, + challenger: &mut RecursiveChallenger, stark_use_permutation: bool, stark_permutation_batch_size: usize, config: &StarkConfig, ) -> StarkProofChallengesTarget where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let StarkProofTarget { permutation_ctl_zs_cap, diff --git a/evm/src/keccak/keccak_stark.rs b/evm/src/keccak/keccak_stark.rs index 34d68d11..c8fe8086 100644 --- a/evm/src/keccak/keccak_stark.rs +++ b/evm/src/keccak/keccak_stark.rs @@ -607,7 +607,7 @@ mod tests { use plonky2::field::types::{Field, PrimeField64}; use plonky2::fri::oracle::PolynomialBatch; use plonky2::iop::challenger::Challenger; - use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use plonky2::timed; use plonky2::util::timing::TimingTree; use tiny_keccak::keccakf; @@ -624,9 +624,7 @@ mod tests { fn test_stark_degree() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = KeccakStark; let stark = S { @@ -639,15 +637,13 @@ mod tests { fn test_stark_circuit() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = KeccakStark; let stark = S { f: Default::default(), }; - test_stark_circuit_constraints::(stark) + test_stark_circuit_constraints::(stark) } #[test] @@ -656,9 +652,7 @@ mod tests { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = KeccakStark; let stark = S { @@ -691,9 +685,7 @@ mod tests { const NUM_PERMS: usize = 85; const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = KeccakStark; let stark = S::default(); let config = StarkConfig::standard_fast_config(); @@ -716,7 +708,7 @@ mod tests { let trace_commitments = timed!( timing, "compute trace commitment", - PolynomialBatch::::from_values( + PolynomialBatch::::from_values( cloned_trace_poly_values, config.fri_config.rate_bits, false, diff --git a/evm/src/keccak_sponge/keccak_sponge_stark.rs b/evm/src/keccak_sponge/keccak_sponge_stark.rs index 57033b52..3fe59f74 100644 --- a/evm/src/keccak_sponge/keccak_sponge_stark.rs +++ b/evm/src/keccak_sponge/keccak_sponge_stark.rs @@ -411,7 +411,7 @@ mod tests { use keccak_hash::keccak; use plonky2::field::goldilocks_field::GoldilocksField; use plonky2::field::types::PrimeField64; - use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use crate::keccak_sponge::columns::KeccakSpongeColumnsView; use crate::keccak_sponge::keccak_sponge_stark::{KeccakSpongeOp, KeccakSpongeStark}; @@ -423,9 +423,7 @@ mod tests { fn test_stark_degree() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = KeccakSpongeStark; let stark = S::default(); @@ -436,13 +434,11 @@ mod tests { fn test_stark_circuit() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = KeccakSpongeStark; let stark = S::default(); - test_stark_circuit_constraints::(stark) + test_stark_circuit_constraints::(stark) } #[test] diff --git a/evm/src/logic.rs b/evm/src/logic.rs index f007eb2c..b7429610 100644 --- a/evm/src/logic.rs +++ b/evm/src/logic.rs @@ -303,7 +303,7 @@ impl, const D: usize> Stark for LogicStark Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = LogicStark; let stark = S { @@ -327,14 +325,12 @@ mod tests { fn test_stark_circuit() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = LogicStark; let stark = S { f: Default::default(), }; - test_stark_circuit_constraints::(stark) + test_stark_circuit_constraints::(stark) } } diff --git a/evm/src/memory/memory_stark.rs b/evm/src/memory/memory_stark.rs index 4fed6ac4..a0481029 100644 --- a/evm/src/memory/memory_stark.rs +++ b/evm/src/memory/memory_stark.rs @@ -462,7 +462,7 @@ impl, const D: usize> Stark for MemoryStark Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = MemoryStark; let stark = S { @@ -486,14 +484,12 @@ pub(crate) mod tests { fn test_stark_circuit() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = MemoryStark; let stark = S { f: Default::default(), }; - test_stark_circuit_constraints::(stark) + test_stark_circuit_constraints::(stark) } } diff --git a/evm/src/proof.rs b/evm/src/proof.rs index f1464cb2..b243c9be 100644 --- a/evm/src/proof.rs +++ b/evm/src/proof.rs @@ -21,29 +21,18 @@ use crate::permutation::GrandProductChallengeSet; /// A STARK proof for each table, plus some metadata used to create recursive wrapper proofs. #[derive(Debug, Clone)] -pub struct AllProof< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, -> where - [(); HCO::WIDTH]:, +pub struct AllProof, C: GenericConfig, const D: usize> +where + [(); C::HCO::WIDTH]:, { - pub stark_proofs: [StarkProofWithMetadata; NUM_TABLES], + pub stark_proofs: [StarkProofWithMetadata; NUM_TABLES], pub(crate) ctl_challenges: GrandProductChallengeSet, pub public_values: PublicValues, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > AllProof +impl, C: GenericConfig, const D: usize> AllProof where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { pub fn degree_bits(&self, config: &StarkConfig) -> [usize; NUM_TABLES] { core::array::from_fn(|i| self.stark_proofs[i].proof.recover_degree_bits(config)) @@ -117,48 +106,33 @@ pub struct BlockMetadataTarget { } #[derive(Debug, Clone)] -pub struct StarkProof< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, -> { +pub struct StarkProof, C: GenericConfig, const D: usize> { /// Merkle cap of LDEs of trace values. - pub trace_cap: MerkleCap, + pub trace_cap: MerkleCap, /// Merkle cap of LDEs of permutation Z values. - pub permutation_ctl_zs_cap: MerkleCap, + pub permutation_ctl_zs_cap: MerkleCap, /// Merkle cap of LDEs of trace values. - pub quotient_polys_cap: MerkleCap, + pub quotient_polys_cap: MerkleCap, /// Purported values of each polynomial at the challenge point. pub openings: StarkOpeningSet, /// A batch FRI argument for all openings. - pub opening_proof: FriProof, + pub opening_proof: FriProof, } /// A `StarkProof` along with some metadata about the initial Fiat-Shamir state, which is used when /// creating a recursive wrapper proof around a STARK proof. #[derive(Debug, Clone)] -pub struct StarkProofWithMetadata +pub struct StarkProofWithMetadata where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - [(); HCO::WIDTH]:, + C: GenericConfig, + [(); C::HCO::WIDTH]:, { - pub(crate) init_challenger_state: [F; HCO::WIDTH], - pub(crate) proof: StarkProof, + pub(crate) init_challenger_state: [F; C::HCO::WIDTH], + pub(crate) proof: StarkProof, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > StarkProof -{ +impl, C: GenericConfig, const D: usize> StarkProof { /// Recover the length of the trace from a STARK proof and a STARK config. pub fn recover_degree_bits(&self, config: &StarkConfig) -> usize { let initial_merkle_proof = &self.opening_proof.query_round_proofs[0] @@ -232,22 +206,22 @@ pub struct StarkOpeningSet, const D: usize> { } impl, const D: usize> StarkOpeningSet { - pub fn new>( + pub fn new>( zeta: F::Extension, g: F, - trace_commitment: &PolynomialBatch, - permutation_ctl_zs_commitment: &PolynomialBatch, - quotient_commitment: &PolynomialBatch, + trace_commitment: &PolynomialBatch, + permutation_ctl_zs_commitment: &PolynomialBatch, + quotient_commitment: &PolynomialBatch, degree_bits: usize, num_permutation_zs: usize, ) -> Self { - let eval_commitment = |z: F::Extension, c: &PolynomialBatch| { + let eval_commitment = |z: F::Extension, c: &PolynomialBatch| { c.polynomials .par_iter() .map(|p| p.to_extension().eval(z)) .collect::>() }; - let eval_commitment_base = |z: F, c: &PolynomialBatch| { + let eval_commitment_base = |z: F, c: &PolynomialBatch| { c.polynomials .par_iter() .map(|p| p.eval(z)) diff --git a/evm/src/prover.rs b/evm/src/prover.rs index bed796fd..63e44b3b 100644 --- a/evm/src/prover.rs +++ b/evm/src/prover.rs @@ -42,25 +42,23 @@ use crate::vanishing_poly::eval_vanishing_poly; use crate::vars::StarkEvaluationVars; /// Generate traces, then create all STARK proofs. -pub fn prove( +pub fn prove( all_stark: &AllStark, config: &StarkConfig, inputs: GenerationInputs, timing: &mut TimingTree, -) -> Result> +) -> Result> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, [(); CpuStark::::COLUMNS]:, [(); KeccakStark::::COLUMNS]:, [(); KeccakSpongeStark::::COLUMNS]:, [(); LogicStark::::COLUMNS]:, [(); MemoryStark::::COLUMNS]:, [(); C::Hasher::HASH_SIZE]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let (proof, _outputs) = prove_with_outputs(all_stark, config, inputs, timing)?; Ok(proof) @@ -68,25 +66,23 @@ where /// Generate traces, then create all STARK proofs. Returns information about the post-state, /// intended for debugging, in addition to the proof. -pub fn prove_with_outputs( +pub fn prove_with_outputs( all_stark: &AllStark, config: &StarkConfig, inputs: GenerationInputs, timing: &mut TimingTree, -) -> Result<(AllProof, GenerationOutputs)> +) -> Result<(AllProof, GenerationOutputs)> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, [(); C::Hasher::HASH_SIZE]:, [(); CpuStark::::COLUMNS]:, [(); KeccakStark::::COLUMNS]:, [(); KeccakSpongeStark::::COLUMNS]:, [(); LogicStark::::COLUMNS]:, [(); MemoryStark::::COLUMNS]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { timed!(timing, "build kernel", Lazy::force(&KERNEL)); let (traces, public_values, outputs) = timed!( @@ -99,26 +95,24 @@ where } /// Compute all STARK proofs. -pub(crate) fn prove_with_traces( +pub(crate) fn prove_with_traces( all_stark: &AllStark, config: &StarkConfig, trace_poly_values: [Vec>; NUM_TABLES], public_values: PublicValues, timing: &mut TimingTree, -) -> Result> +) -> Result> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, [(); CpuStark::::COLUMNS]:, [(); KeccakStark::::COLUMNS]:, [(); KeccakSpongeStark::::COLUMNS]:, [(); LogicStark::::COLUMNS]:, [(); MemoryStark::::COLUMNS]:, [(); C::Hasher::HASH_SIZE]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let rate_bits = config.fri_config.rate_bits; let cap_height = config.fri_config.cap_height; @@ -133,7 +127,7 @@ where timed!( timing, &format!("compute trace commitment for {:?}", table), - PolynomialBatch::::from_values( + PolynomialBatch::::from_values( // TODO: Cloning this isn't great; consider having `from_values` accept a reference, // or having `compute_permutation_z_polys` read trace values from the `PolynomialBatch`. trace.clone(), @@ -152,7 +146,7 @@ where .iter() .map(|c| c.merkle_tree.cap.clone()) .collect::>(); - let mut challenger = Challenger::::new(); + let mut challenger = Challenger::::new(); for cap in &trace_caps { challenger.observe_cap(cap); } @@ -189,28 +183,26 @@ where }) } -fn prove_with_commitments( +fn prove_with_commitments( all_stark: &AllStark, config: &StarkConfig, trace_poly_values: [Vec>; NUM_TABLES], - trace_commitments: Vec>, + trace_commitments: Vec>, ctl_data_per_table: [CtlData; NUM_TABLES], - challenger: &mut Challenger, + challenger: &mut Challenger, timing: &mut TimingTree, -) -> Result<[StarkProofWithMetadata; NUM_TABLES]> +) -> Result<[StarkProofWithMetadata; NUM_TABLES]> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, [(); C::Hasher::HASH_SIZE]:, [(); CpuStark::::COLUMNS]:, [(); KeccakStark::::COLUMNS]:, [(); KeccakSpongeStark::::COLUMNS]:, [(); LogicStark::::COLUMNS]:, [(); MemoryStark::::COLUMNS]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let cpu_proof = timed!( timing, @@ -287,24 +279,22 @@ where } /// Compute proof for a single STARK table. -pub(crate) fn prove_single_table( +pub(crate) fn prove_single_table( stark: &S, config: &StarkConfig, trace_poly_values: &[PolynomialValues], - trace_commitment: &PolynomialBatch, + trace_commitment: &PolynomialBatch, ctl_data: &CtlData, - challenger: &mut Challenger, + challenger: &mut Challenger, timing: &mut TimingTree, -) -> Result> +) -> Result> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, [(); S::COLUMNS]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let degree = trace_poly_values[0].len(); let degree_bits = log2_strict(degree); @@ -377,7 +367,7 @@ where let quotient_polys = timed!( timing, "compute quotient polys", - compute_quotient_polys::::Packing, HCO, HCI, C, S, D>( + compute_quotient_polys::::Packing, C, S, D>( stark, trace_commitment, &permutation_ctl_zs_commitment, @@ -474,10 +464,10 @@ where /// Computes the quotient polynomials `(sum alpha^i C_i(x)) / Z_H(x)` for `alpha` in `alphas`, /// where the `C_i`s are the Stark constraints. -fn compute_quotient_polys<'a, F, P, HCO, HCI, C, S, const D: usize>( +fn compute_quotient_polys<'a, F, P, C, S, const D: usize>( stark: &S, - trace_commitment: &'a PolynomialBatch, - permutation_ctl_zs_commitment: &'a PolynomialBatch, + trace_commitment: &'a PolynomialBatch, + permutation_ctl_zs_commitment: &'a PolynomialBatch, permutation_challenges: Option<&'a Vec>>, ctl_data: &CtlData, alphas: Vec, @@ -488,9 +478,7 @@ fn compute_quotient_polys<'a, F, P, HCO, HCI, C, S, const D: usize>( where F: RichField + Extendable, P: PackedField, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, [(); S::COLUMNS]:, { @@ -613,10 +601,10 @@ where /// Check that all constraints evaluate to zero on `H`. /// Can also be used to check the degree of the constraints by evaluating on a larger subgroup. -fn check_constraints<'a, F, HCO, HCI, C, S, const D: usize>( +fn check_constraints<'a, F, C, S, const D: usize>( stark: &S, - trace_commitment: &'a PolynomialBatch, - permutation_ctl_zs_commitment: &'a PolynomialBatch, + trace_commitment: &'a PolynomialBatch, + permutation_ctl_zs_commitment: &'a PolynomialBatch, permutation_challenges: Option<&'a Vec>>, ctl_data: &CtlData, alphas: Vec, @@ -625,9 +613,7 @@ fn check_constraints<'a, F, HCO, HCI, C, S, const D: usize>( config: &StarkConfig, ) where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, [(); S::COLUMNS]:, { @@ -645,7 +631,7 @@ fn check_constraints<'a, F, HCO, HCI, C, S, const D: usize>( let subgroup = F::two_adic_subgroup(degree_bits + rate_bits); // Get the evaluations of a batch of polynomials over our subgroup. - let get_subgroup_evals = |comm: &PolynomialBatch| -> Vec> { + let get_subgroup_evals = |comm: &PolynomialBatch| -> Vec> { let values = comm .polynomials .par_iter() diff --git a/evm/src/recursive_verifier.rs b/evm/src/recursive_verifier.rs index ea6f9b47..14e31341 100644 --- a/evm/src/recursive_verifier.rs +++ b/evm/src/recursive_verifier.rs @@ -43,12 +43,10 @@ use crate::vars::StarkEvaluationTargets; /// Table-wise recursive proofs of an `AllProof`. pub struct RecursiveAllProof< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, > { - pub recursive_proofs: [ProofWithPublicInputs; NUM_TABLES], + pub recursive_proofs: [ProofWithPublicInputs; NUM_TABLES], } pub(crate) struct PublicInputs @@ -102,30 +100,28 @@ where } } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > RecursiveAllProof +impl, C: GenericConfig, const D: usize> + RecursiveAllProof { /// Verify every recursive proof. pub fn verify( self, - verifier_data: &[VerifierCircuitData; NUM_TABLES], + verifier_data: &[VerifierCircuitData; NUM_TABLES], cross_table_lookups: Vec>, inner_config: &StarkConfig, ) -> Result<()> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let pis: [_; NUM_TABLES] = core::array::from_fn(|i| { - PublicInputs::::from_vec(&self.recursive_proofs[i].public_inputs, inner_config) + PublicInputs::::from_vec( + &self.recursive_proofs[i].public_inputs, + inner_config, + ) }); - let mut challenger = Challenger::::new(); + let mut challenger = Challenger::::new(); for pi in &pis { for h in &pi.trace_cap { challenger.observe_elements(h); @@ -161,36 +157,32 @@ impl< } /// Represents a circuit which recursively verifies a STARK proof. -pub(crate) struct StarkWrapperCircuit +pub(crate) struct StarkWrapperCircuit where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - [(); HCO::WIDTH]:, + C: GenericConfig, + [(); C::HCO::WIDTH]:, { - pub(crate) circuit: CircuitData, + pub(crate) circuit: CircuitData, pub(crate) stark_proof_target: StarkProofTarget, pub(crate) ctl_challenges_target: GrandProductChallengeSet, - pub(crate) init_challenger_state_target: [Target; HCO::WIDTH], + pub(crate) init_challenger_state_target: [Target; C::HCO::WIDTH], pub(crate) zero_target: Target, } -impl StarkWrapperCircuit +impl StarkWrapperCircuit where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C: GenericConfig, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { pub(crate) fn prove( &self, - proof_with_metadata: &StarkProofWithMetadata, + proof_with_metadata: &StarkProofWithMetadata, ctl_challenges: &GrandProductChallengeSet, - ) -> Result> { + ) -> Result> { let mut inputs = PartialWitness::new(); set_stark_proof_target( @@ -220,31 +212,27 @@ where } /// Represents a circuit which recursively verifies a PLONK proof. -pub(crate) struct PlonkWrapperCircuit +pub(crate) struct PlonkWrapperCircuit where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { - pub(crate) circuit: CircuitData, + pub(crate) circuit: CircuitData, pub(crate) proof_with_pis_target: ProofWithPublicInputsTarget, } -impl PlonkWrapperCircuit +impl PlonkWrapperCircuit where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C: GenericConfig, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { pub(crate) fn prove( &self, - proof: &ProofWithPublicInputs, - ) -> Result> { + proof: &ProofWithPublicInputs, + ) -> Result> { let mut inputs = PartialWitness::new(); inputs.set_proof_with_pis_target(&self.proof_with_pis_target, proof); self.circuit.prove(inputs) @@ -254,9 +242,7 @@ where /// Returns the recursive Stark circuit. pub(crate) fn recursive_stark_circuit< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( @@ -267,12 +253,12 @@ pub(crate) fn recursive_stark_circuit< inner_config: &StarkConfig, circuit_config: &CircuitConfig, min_degree_bits: usize, -) -> StarkWrapperCircuit +) -> StarkWrapperCircuit where [(); S::COLUMNS]:, - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let mut builder = CircuitBuilder::::new(circuit_config.clone()); let zero_target = builder.zero(); @@ -311,8 +297,8 @@ where let init_challenger_state_target = core::array::from_fn(|_| builder.add_virtual_public_input()); let mut challenger = - RecursiveChallenger::::from_state(init_challenger_state_target); - let challenges = proof_target.get_challenges::( + RecursiveChallenger::::from_state(init_challenger_state_target); + let challenges = proof_target.get_challenges::( &mut builder, &mut challenger, num_permutation_zs > 0, @@ -324,7 +310,7 @@ where builder.register_public_inputs(&proof_target.openings.ctl_zs_last); - verify_stark_proof_with_challenges_circuit::( + verify_stark_proof_with_challenges_circuit::( &mut builder, stark, &proof_target, @@ -340,7 +326,7 @@ where builder.add_gate(NoopGate, vec![]); } - let circuit = builder.build::(); + let circuit = builder.build::(); StarkWrapperCircuit { circuit, stark_proof_target: proof_target, @@ -364,9 +350,7 @@ pub(crate) fn add_common_recursion_gates, const D: /// Recursively verifies an inner proof. fn verify_stark_proof_with_challenges_circuit< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( @@ -377,9 +361,9 @@ fn verify_stark_proof_with_challenges_circuit< ctl_vars: &[CtlCheckVarsTarget], inner_config: &StarkConfig, ) where - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, [(); S::COLUMNS]:, - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { let zero = builder.zero(); let one = builder.one_extension(); @@ -463,7 +447,7 @@ fn verify_stark_proof_with_challenges_circuit< ctl_zs_last.len(), inner_config, ); - builder.verify_fri_proof::( + builder.verify_fri_proof::( &fri_instance, &proof.openings.to_fri_openings(zero), &challenges.fri_challenges, @@ -591,23 +575,14 @@ fn add_virtual_stark_opening_set, S: Stark, c } } -pub(crate) fn set_stark_proof_target< - F, - HCO, - HCI, - C: GenericConfig, - W, - const D: usize, ->( +pub(crate) fn set_stark_proof_target, W, const D: usize>( witness: &mut W, proof_target: &StarkProofTarget, - proof: &StarkProof, + proof: &StarkProof, zero: Target, ) where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, W: Witness, { witness.set_cap_target(&proof_target.trace_cap, &proof.trace_cap); diff --git a/evm/src/stark_testing.rs b/evm/src/stark_testing.rs index e1c36f9d..c8d5fed5 100644 --- a/evm/src/stark_testing.rs +++ b/evm/src/stark_testing.rs @@ -79,9 +79,7 @@ where /// Tests that the circuit constraints imposed by the given STARK are coherent with the native constraints. pub fn test_stark_circuit_constraints< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( @@ -89,8 +87,8 @@ pub fn test_stark_circuit_constraints< ) -> Result<()> where [(); S::COLUMNS]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { // Compute native constraint evaluation on random values. let vars = StarkEvaluationVars { @@ -148,7 +146,7 @@ where let native_eval_t = builder.constant_extension(native_eval); builder.connect_extension(circuit_eval, native_eval_t); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; data.verify(proof) } diff --git a/evm/src/verifier.rs b/evm/src/verifier.rs index 850fb51b..eb91cfe9 100644 --- a/evm/src/verifier.rs +++ b/evm/src/verifier.rs @@ -26,15 +26,9 @@ use crate::stark::Stark; use crate::vanishing_poly::eval_vanishing_poly; use crate::vars::StarkEvaluationVars; -pub fn verify_proof< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, ->( +pub fn verify_proof, C: GenericConfig, const D: usize>( all_stark: &AllStark, - all_proof: AllProof, + all_proof: AllProof, config: &StarkConfig, ) -> Result<()> where @@ -43,8 +37,8 @@ where [(); KeccakSpongeStark::::COLUMNS]:, [(); LogicStark::::COLUMNS]:, [(); MemoryStark::::COLUMNS]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let AllProofChallenges { stark_challenges, @@ -114,21 +108,19 @@ where pub(crate) fn verify_stark_proof_with_challenges< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( stark: &S, - proof: &StarkProof, + proof: &StarkProof, challenges: &StarkProofChallenges, ctl_vars: &[CtlCheckVars], config: &StarkConfig, ) -> Result<()> where [(); S::COLUMNS]:, - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { log::debug!("Checking proof: {}", type_name::()); validate_proof_shape(stark, proof, config, ctl_vars.len())?; @@ -199,7 +191,7 @@ where proof.quotient_polys_cap.clone(), ]; - verify_fri_proof::( + verify_fri_proof::( &stark.fri_instance( challenges.stark_zeta, F::primitive_root_of_unity(degree_bits), @@ -217,17 +209,15 @@ where Ok(()) } -fn validate_proof_shape( +fn validate_proof_shape( stark: &S, - proof: &StarkProof, + proof: &StarkProof, config: &StarkConfig, num_ctl_zs: usize, ) -> anyhow::Result<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, [(); S::COLUMNS]:, { diff --git a/evm/tests/add11_yml.rs b/evm/tests/add11_yml.rs index 7b9fbc99..983d5468 100644 --- a/evm/tests/add11_yml.rs +++ b/evm/tests/add11_yml.rs @@ -10,7 +10,7 @@ use ethereum_types::Address; use hex_literal::hex; use keccak_hash::keccak; use plonky2::field::goldilocks_field::GoldilocksField; -use plonky2::plonk::config::{PoseidonGoldilocksConfig, PoseidonHashConfig}; +use plonky2::plonk::config::PoseidonGoldilocksConfig; use plonky2::util::timing::TimingTree; use plonky2_evm::all_stark::AllStark; use plonky2_evm::config::StarkConfig; @@ -24,8 +24,6 @@ use plonky2_evm::Node; type F = GoldilocksField; const D: usize = 2; type C = PoseidonGoldilocksConfig; -type HCO = PoseidonHashConfig; -type HCI = HCO; /// The `add11_yml` test case from https://github.com/ethereum/tests #[test] @@ -100,7 +98,7 @@ fn add11_yml() -> anyhow::Result<()> { }; let mut timing = TimingTree::new("prove", log::Level::Debug); - let proof = prove::(&all_stark, &config, inputs, &mut timing)?; + let proof = prove::(&all_stark, &config, inputs, &mut timing)?; timing.filter(Duration::from_millis(100)).print(); let beneficiary_account_after = AccountRlp { diff --git a/evm/tests/basic_smart_contract.rs b/evm/tests/basic_smart_contract.rs index 0ced7334..b93f48ec 100644 --- a/evm/tests/basic_smart_contract.rs +++ b/evm/tests/basic_smart_contract.rs @@ -10,7 +10,7 @@ use ethereum_types::{Address, U256}; use hex_literal::hex; use keccak_hash::keccak; use plonky2::field::goldilocks_field::GoldilocksField; -use plonky2::plonk::config::{PoseidonGoldilocksConfig, PoseidonHashConfig}; +use plonky2::plonk::config::PoseidonGoldilocksConfig; use plonky2::util::timing::TimingTree; use plonky2_evm::all_stark::AllStark; use plonky2_evm::config::StarkConfig; @@ -25,8 +25,6 @@ use plonky2_evm::Node; type F = GoldilocksField; const D: usize = 2; type C = PoseidonGoldilocksConfig; -type HCO = PoseidonHashConfig; -type HCI = HCO; /// Test a simple token transfer to a new address. #[test] @@ -114,7 +112,7 @@ fn test_basic_smart_contract() -> anyhow::Result<()> { }; let mut timing = TimingTree::new("prove", log::Level::Debug); - let proof = prove::(&all_stark, &config, inputs, &mut timing)?; + let proof = prove::(&all_stark, &config, inputs, &mut timing)?; timing.filter(Duration::from_millis(100)).print(); let expected_state_trie_after: HashedPartialTrie = { diff --git a/evm/tests/empty_txn_list.rs b/evm/tests/empty_txn_list.rs index 2adadc8a..9a4eb5e0 100644 --- a/evm/tests/empty_txn_list.rs +++ b/evm/tests/empty_txn_list.rs @@ -7,7 +7,7 @@ use env_logger::{try_init_from_env, Env, DEFAULT_FILTER_ENV}; use eth_trie_utils::partial_trie::{HashedPartialTrie, PartialTrie}; use keccak_hash::keccak; use plonky2::field::goldilocks_field::GoldilocksField; -use plonky2::plonk::config::{PoseidonGoldilocksConfig, PoseidonHashConfig}; +use plonky2::plonk::config::PoseidonGoldilocksConfig; use plonky2::util::timing::TimingTree; use plonky2_evm::all_stark::AllStark; use plonky2_evm::config::StarkConfig; @@ -21,8 +21,6 @@ use plonky2_evm::Node; type F = GoldilocksField; const D: usize = 2; type C = PoseidonGoldilocksConfig; -type HCO = PoseidonHashConfig; -type HCI = HCO; /// Execute the empty list of transactions, i.e. a no-op. #[test] @@ -64,7 +62,7 @@ fn test_empty_txn_list() -> anyhow::Result<()> { // TODO: This is redundant; prove_root below calls this prove method internally. // Just keeping it for now because the root proof returned by prove_root doesn't contain public // values yet, and we want those for the assertions below. - let proof = prove::(&all_stark, &config, inputs.clone(), &mut timing)?; + let proof = prove::(&all_stark, &config, inputs.clone(), &mut timing)?; timing.filter(Duration::from_millis(100)).print(); assert_eq!( @@ -94,7 +92,7 @@ fn test_empty_txn_list() -> anyhow::Result<()> { verify_proof(&all_stark, proof, &config)?; - let all_circuits = AllRecursiveCircuits::::new(&all_stark, 9..19, &config); + let all_circuits = AllRecursiveCircuits::::new(&all_stark, 9..19, &config); let root_proof = all_circuits.prove_root(&all_stark, &config, inputs, &mut timing)?; all_circuits.verify_root(root_proof.clone())?; diff --git a/evm/tests/simple_transfer.rs b/evm/tests/simple_transfer.rs index fb1635d8..250631e3 100644 --- a/evm/tests/simple_transfer.rs +++ b/evm/tests/simple_transfer.rs @@ -10,7 +10,7 @@ use ethereum_types::{Address, U256}; use hex_literal::hex; use keccak_hash::keccak; use plonky2::field::goldilocks_field::GoldilocksField; -use plonky2::plonk::config::{PoseidonGoldilocksConfig, PoseidonHashConfig}; +use plonky2::plonk::config::PoseidonGoldilocksConfig; use plonky2::util::timing::TimingTree; use plonky2_evm::all_stark::AllStark; use plonky2_evm::config::StarkConfig; @@ -24,8 +24,6 @@ use plonky2_evm::Node; type F = GoldilocksField; const D: usize = 2; type C = PoseidonGoldilocksConfig; -type HCO = PoseidonHashConfig; -type HCI = HCO; /// Test a simple token transfer to a new address. #[test] @@ -89,7 +87,7 @@ fn test_simple_transfer() -> anyhow::Result<()> { }; let mut timing = TimingTree::new("prove", log::Level::Debug); - let proof = prove::(&all_stark, &config, inputs, &mut timing)?; + let proof = prove::(&all_stark, &config, inputs, &mut timing)?; timing.filter(Duration::from_millis(100)).print(); let expected_state_trie_after: HashedPartialTrie = { diff --git a/plonky2/examples/bench_recursion.rs b/plonky2/examples/bench_recursion.rs index 1afaf930..bb1ff9d1 100644 --- a/plonky2/examples/bench_recursion.rs +++ b/plonky2/examples/bench_recursion.rs @@ -18,9 +18,7 @@ use plonky2::hash::hashing::HashConfig; use plonky2::iop::witness::{PartialWitness, WitnessWrite}; use plonky2::plonk::circuit_builder::CircuitBuilder; use plonky2::plonk::circuit_data::{CircuitConfig, CommonCircuitData, VerifierOnlyCircuitData}; -use plonky2::plonk::config::{ - AlgebraicHasher, GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig, -}; +use plonky2::plonk::config::{AlgebraicHasher, GenericConfig, PoseidonGoldilocksConfig}; use plonky2::plonk::proof::{CompressedProofWithPublicInputs, ProofWithPublicInputs}; use plonky2::plonk::prover::prove; use plonky2::util::timing::TimingTree; @@ -31,9 +29,9 @@ use rand::{RngCore, SeedableRng}; use rand_chacha::ChaCha8Rng; use structopt::StructOpt; -type ProofTuple = ( - ProofWithPublicInputs, - VerifierOnlyCircuitData, +type ProofTuple = ( + ProofWithPublicInputs, + VerifierOnlyCircuitData, CommonCircuitData, ); @@ -65,19 +63,13 @@ struct Options { } /// Creates a dummy proof which should have `2 ** log2_size` rows. -fn dummy_proof< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, ->( +fn dummy_proof, C: GenericConfig, const D: usize>( config: &CircuitConfig, log2_size: usize, -) -> Result> +) -> Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { // 'size' is in degree, but we want number of noop gates. A non-zero amount of padding will be added and size will be rounded to the next power of two. To hit our target size, we go just under the previous power of two and hope padding is less than half the proof. let num_dummy_gates = match log2_size { @@ -93,11 +85,11 @@ where } builder.print_gate_counts(0); - let data = builder.build::(); + let data = builder.build::(); let inputs = PartialWitness::new(); let mut timing = TimingTree::new("prove", Level::Debug); - let proof = prove::(&data.prover_only, &data.common, inputs, &mut timing)?; + let proof = prove::(&data.prover_only, &data.common, inputs, &mut timing)?; timing.print(); data.verify(proof.clone())?; @@ -106,24 +98,20 @@ where fn recursive_proof< F: RichField + Extendable, - HCOO: HashConfig, - HCOI: HashConfig, - HCIO: HashConfig, - HCII: HashConfig, - C: GenericConfig, - InnerC: GenericConfig, + C: GenericConfig, + InnerC: GenericConfig, const D: usize, >( - inner: &ProofTuple, + inner: &ProofTuple, config: &CircuitConfig, min_degree_bits: Option, -) -> Result> +) -> Result> where - InnerC::Hasher: AlgebraicHasher, - [(); HCOO::WIDTH]:, - [(); HCOI::WIDTH]:, - [(); HCIO::WIDTH]:, - [(); HCII::WIDTH]:, + InnerC::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, + [(); InnerC::HCO::WIDTH]:, + [(); InnerC::HCI::WIDTH]:, { let (inner_proof, inner_vd, inner_cd) = inner; let mut builder = CircuitBuilder::::new(config.clone()); @@ -131,7 +119,7 @@ where let inner_data = builder.add_virtual_verifier_data(inner_cd.config.fri_config.cap_height); - builder.verify_proof::(&pt, &inner_data, inner_cd); + builder.verify_proof::(&pt, &inner_data, inner_cd); builder.print_gate_counts(0); if let Some(min_degree_bits) = min_degree_bits { @@ -145,14 +133,14 @@ where } } - let data = builder.build::(); + let data = builder.build::(); let mut pw = PartialWitness::new(); pw.set_proof_with_pis_target(&pt, inner_proof); pw.set_verifier_data_target(&inner_data, inner_vd); let mut timing = TimingTree::new("prove", Level::Debug); - let proof = prove::(&data.prover_only, &data.common, pw, &mut timing)?; + let proof = prove::(&data.prover_only, &data.common, pw, &mut timing)?; timing.print(); data.verify(proof.clone())?; @@ -161,20 +149,14 @@ where } /// Test serialization and print some size info. -fn test_serialization< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, ->( - proof: &ProofWithPublicInputs, - vd: &VerifierOnlyCircuitData, +fn test_serialization, C: GenericConfig, const D: usize>( + proof: &ProofWithPublicInputs, + vd: &VerifierOnlyCircuitData, cd: &CommonCircuitData, ) -> Result<()> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let proof_bytes = proof.to_bytes(); info!("Proof length: {} bytes", proof_bytes.len()); @@ -204,12 +186,10 @@ where fn benchmark(config: &CircuitConfig, log2_inner_size: usize) -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; // Start with a dummy proof of specified size - let inner = dummy_proof::(config, log2_inner_size)?; + let inner = dummy_proof::(config, log2_inner_size)?; let (_, _, cd) = &inner; info!( "Initial proof degree {} = 2^{}", @@ -218,7 +198,7 @@ fn benchmark(config: &CircuitConfig, log2_inner_size: usize) -> Result<()> { ); // Recursively verify the proof - let middle = recursive_proof::(&inner, config, None)?; + let middle = recursive_proof::(&inner, config, None)?; let (_, _, cd) = &middle; info!( "Single recursion proof degree {} = 2^{}", @@ -227,7 +207,7 @@ fn benchmark(config: &CircuitConfig, log2_inner_size: usize) -> Result<()> { ); // Add a second layer of recursion to shrink the proof size further - let outer = recursive_proof::(&middle, config, None)?; + let outer = recursive_proof::(&middle, config, None)?; let (proof, vd, cd) = &outer; info!( "Double recursion proof degree {} = 2^{}", diff --git a/plonky2/examples/factorial.rs b/plonky2/examples/factorial.rs index cde1d0d7..7be28bd6 100644 --- a/plonky2/examples/factorial.rs +++ b/plonky2/examples/factorial.rs @@ -5,7 +5,7 @@ use plonky2::field::types::Field; use plonky2::iop::witness::{PartialWitness, WitnessWrite}; use plonky2::plonk::circuit_builder::CircuitBuilder; use plonky2::plonk::circuit_data::CircuitConfig; -use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; +use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; /// An example of using Plonky2 to prove a statement of the form /// "I know n * (n + 1) * ... * (n + 99)". @@ -13,9 +13,7 @@ use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHa fn main() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_config(); let mut builder = CircuitBuilder::::new(config); @@ -35,7 +33,7 @@ fn main() -> Result<()> { let mut pw = PartialWitness::new(); pw.set_target(initial, F::ONE); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; println!( diff --git a/plonky2/examples/fibonacci.rs b/plonky2/examples/fibonacci.rs index cc7ffd05..e3d865b9 100644 --- a/plonky2/examples/fibonacci.rs +++ b/plonky2/examples/fibonacci.rs @@ -5,7 +5,7 @@ use plonky2::field::types::Field; use plonky2::iop::witness::{PartialWitness, WitnessWrite}; use plonky2::plonk::circuit_builder::CircuitBuilder; use plonky2::plonk::circuit_data::CircuitConfig; -use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; +use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; /// An example of using Plonky2 to prove a statement of the form /// "I know the 100th element of the Fibonacci sequence, starting with constants a and b." @@ -13,9 +13,7 @@ use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHa fn main() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_config(); let mut builder = CircuitBuilder::::new(config); @@ -41,7 +39,7 @@ fn main() -> Result<()> { pw.set_target(initial_a, F::ZERO); pw.set_target(initial_b, F::ONE); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; println!( diff --git a/plonky2/examples/square_root.rs b/plonky2/examples/square_root.rs index d26ef8b4..9c253b69 100644 --- a/plonky2/examples/square_root.rs +++ b/plonky2/examples/square_root.rs @@ -10,7 +10,7 @@ use plonky2::iop::target::Target; use plonky2::iop::witness::{PartialWitness, PartitionWitness, Witness, WitnessWrite}; use plonky2::plonk::circuit_builder::CircuitBuilder; use plonky2::plonk::circuit_data::CircuitConfig; -use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; +use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use plonky2_field::extension::Extendable; /// A generator used by the prover to calculate the square root (`x`) of a given value @@ -44,9 +44,7 @@ impl, const D: usize> SimpleGenerator fn main() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_config(); @@ -75,7 +73,7 @@ fn main() -> Result<()> { let mut pw = PartialWitness::new(); pw.set_target(x_squared, x_squared_value); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw.clone())?; let x_squared_actual = proof.public_inputs[0]; diff --git a/plonky2/src/fri/challenges.rs b/plonky2/src/fri/challenges.rs index 23c0d1c4..984b7093 100644 --- a/plonky2/src/fri/challenges.rs +++ b/plonky2/src/fri/challenges.rs @@ -26,9 +26,9 @@ where } } - pub fn fri_challenges, const D: usize>( + pub fn fri_challenges, const D: usize>( &mut self, - commit_phase_merkle_caps: &[MerkleCap], + commit_phase_merkle_caps: &[MerkleCap], final_poly: &PolynomialCoeffs, pow_witness: F, degree_bits: usize, @@ -36,8 +36,8 @@ where ) -> FriChallenges where F: RichField + Extendable, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let num_fri_queries = config.num_query_rounds; let lde_size = 1 << (degree_bits + config.rate_bits); @@ -48,7 +48,7 @@ where let fri_betas = commit_phase_merkle_caps .iter() .map(|cap| { - self.observe_cap::(cap); + self.observe_cap::(cap); self.get_extension_challenge::() }) .collect(); diff --git a/plonky2/src/fri/oracle.rs b/plonky2/src/fri/oracle.rs index eed0a449..7855167a 100644 --- a/plonky2/src/fri/oracle.rs +++ b/plonky2/src/fri/oracle.rs @@ -27,27 +27,17 @@ use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place, transp pub const SALT_SIZE: usize = 4; /// Represents a FRI oracle, i.e. a batch of polynomials which have been Merklized. -pub struct PolynomialBatch< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, -> { +pub struct PolynomialBatch, C: GenericConfig, const D: usize> +{ pub polynomials: Vec>, - pub merkle_tree: MerkleTree, + pub merkle_tree: MerkleTree, pub degree_log: usize, pub rate_bits: usize, pub blinding: bool, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > PolynomialBatch +impl, C: GenericConfig, const D: usize> + PolynomialBatch { /// Creates a list polynomial commitment for the polynomials interpolating the values in `values`. pub fn from_values( @@ -59,7 +49,7 @@ impl< fft_root_table: Option<&FftRootTable>, ) -> Self where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { let coeffs = timed!( timing, @@ -87,7 +77,7 @@ impl< fft_root_table: Option<&FftRootTable>, ) -> Self where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { let degree = polynomials[0].len(); let lde_values = timed!( @@ -178,13 +168,13 @@ impl< pub fn prove_openings( instance: &FriInstanceInfo, oracles: &[&Self], - challenger: &mut Challenger, + challenger: &mut Challenger, fri_params: &FriParams, timing: &mut TimingTree, - ) -> FriProof + ) -> FriProof where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { assert!(D > 1, "Not implemented for D=1."); let alpha = challenger.get_extension_challenge::(); @@ -223,7 +213,7 @@ impl< lde_final_poly.coset_fft(F::coset_shift().into()) ); - let fri_proof = fri_proof::( + let fri_proof = fri_proof::( &oracles .par_iter() .map(|c| &c.merkle_tree) diff --git a/plonky2/src/fri/prover.rs b/plonky2/src/fri/prover.rs index a2a27c18..b7ed8af5 100644 --- a/plonky2/src/fri/prover.rs +++ b/plonky2/src/fri/prover.rs @@ -17,25 +17,19 @@ use crate::util::reverse_index_bits_in_place; use crate::util::timing::TimingTree; /// Builds a FRI proof. -pub fn fri_proof< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, ->( - initial_merkle_trees: &[&MerkleTree], +pub fn fri_proof, C: GenericConfig, const D: usize>( + initial_merkle_trees: &[&MerkleTree], // Coefficients of the polynomial on which the LDT is performed. Only the first `1/rate` coefficients are non-zero. lde_polynomial_coeffs: PolynomialCoeffs, // Evaluation of the polynomial on the large domain. lde_polynomial_values: PolynomialValues, - challenger: &mut Challenger, + challenger: &mut Challenger, fri_params: &FriParams, timing: &mut TimingTree, -) -> FriProof +) -> FriProof where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let n = lde_polynomial_values.len(); assert_eq!(lde_polynomial_coeffs.len(), n); @@ -44,7 +38,7 @@ where let (trees, final_coeffs) = timed!( timing, "fold codewords in the commitment phase", - fri_committed_trees::( + fri_committed_trees::( lde_polynomial_coeffs, lde_polynomial_values, challenger, @@ -56,17 +50,12 @@ where let pow_witness = timed!( timing, "find proof-of-work witness", - fri_proof_of_work::(challenger, &fri_params.config) + fri_proof_of_work::(challenger, &fri_params.config) ); // Query phase - let query_round_proofs = fri_prover_query_rounds::( - initial_merkle_trees, - &trees, - challenger, - n, - fri_params, - ); + let query_round_proofs = + fri_prover_query_rounds::(initial_merkle_trees, &trees, challenger, n, fri_params); FriProof { commit_phase_merkle_caps: trees.iter().map(|t| t.cap.clone()).collect(), @@ -76,25 +65,19 @@ where } } -type FriCommitedTrees = ( - Vec>::Hasher>>, +type FriCommitedTrees = ( + Vec>::HCO, >::Hasher>>, PolynomialCoeffs<>::Extension>, ); -fn fri_committed_trees< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, ->( +fn fri_committed_trees, C: GenericConfig, const D: usize>( mut coeffs: PolynomialCoeffs, mut values: PolynomialValues, - challenger: &mut Challenger, + challenger: &mut Challenger, fri_params: &FriParams, -) -> FriCommitedTrees +) -> FriCommitedTrees where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { let mut trees = Vec::new(); @@ -109,7 +92,7 @@ where .map(|chunk: &[F::Extension]| flatten(chunk)) .collect(); let tree = - MerkleTree::::new(chunked_values, fri_params.config.cap_height); + MerkleTree::::new(chunked_values, fri_params.config.cap_height); challenger.observe_cap(&tree.cap); trees.push(tree); @@ -137,19 +120,13 @@ where } /// Performs the proof-of-work (a.k.a. grinding) step of the FRI protocol. Returns the PoW witness. -fn fri_proof_of_work< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, ->( - challenger: &mut Challenger, +fn fri_proof_of_work, C: GenericConfig, const D: usize>( + challenger: &mut Challenger, config: &FriConfig, ) -> F where - [(); HCI::WIDTH]:, - [(); HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, { let min_leading_zeros = config.proof_of_work_bits + (64 - F::order().bits()) as u32; @@ -181,10 +158,10 @@ where let mut duplex_state = duplex_intermediate_state; duplex_state[witness_input_pos] = F::from_canonical_u64(candidate); duplex_state = - <>::Hasher as Hasher>::Permutation::permute( + <>::Hasher as Hasher>::Permutation::permute( duplex_state, ); - let pow_response = duplex_state[HCO::RATE - 1]; + let pow_response = duplex_state[C::HCO::RATE - 1]; let leading_zeros = pow_response.to_canonical_u64().leading_zeros(); leading_zeros >= min_leading_zeros }) @@ -201,49 +178,40 @@ where fn fri_prover_query_rounds< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( - initial_merkle_trees: &[&MerkleTree], - trees: &[MerkleTree], - challenger: &mut Challenger, + initial_merkle_trees: &[&MerkleTree], + trees: &[MerkleTree], + challenger: &mut Challenger, n: usize, fri_params: &FriParams, -) -> Vec> +) -> Vec> where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { challenger .get_n_challenges(fri_params.config.num_query_rounds) .into_par_iter() .map(|rand| { let x_index = rand.to_canonical_u64() as usize % n; - fri_prover_query_round::( - initial_merkle_trees, - trees, - x_index, - fri_params, - ) + fri_prover_query_round::(initial_merkle_trees, trees, x_index, fri_params) }) .collect() } fn fri_prover_query_round< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( - initial_merkle_trees: &[&MerkleTree], - trees: &[MerkleTree], + initial_merkle_trees: &[&MerkleTree], + trees: &[MerkleTree], mut x_index: usize, fri_params: &FriParams, -) -> FriQueryRound +) -> FriQueryRound where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { let mut query_steps = Vec::new(); let initial_proof = initial_merkle_trees diff --git a/plonky2/src/fri/recursive_verifier.rs b/plonky2/src/fri/recursive_verifier.rs index 033eeb30..d456b2a4 100644 --- a/plonky2/src/fri/recursive_verifier.rs +++ b/plonky2/src/fri/recursive_verifier.rs @@ -99,11 +99,7 @@ impl, const D: usize> CircuitBuilder { ); } - pub fn verify_fri_proof< - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - >( + pub fn verify_fri_proof>( &mut self, instance: &FriInstanceInfoTarget, openings: &FriOpeningsTarget, @@ -112,8 +108,8 @@ impl, const D: usize> CircuitBuilder { proof: &FriProofTarget, params: &FriParams, ) where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, { if let Some(max_arity_bits) = params.max_arity_bits() { self.check_recursion_config(max_arity_bits); @@ -166,7 +162,7 @@ impl, const D: usize> CircuitBuilder { self, level, &format!("verify one (of {num_queries}) query rounds"), - self.fri_verifier_query_round::( + self.fri_verifier_query_round::( instance, challenges, &precomputed_reduced_evals, @@ -254,11 +250,7 @@ impl, const D: usize> CircuitBuilder { sum } - fn fri_verifier_query_round< - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - >( + fn fri_verifier_query_round>( &mut self, instance: &FriInstanceInfoTarget, challenges: &FriChallengesTarget, @@ -270,8 +262,8 @@ impl, const D: usize> CircuitBuilder { round_proof: &FriQueryRoundTarget, params: &FriParams, ) where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, { let n_log = log2_strict(n); @@ -285,7 +277,7 @@ impl, const D: usize> CircuitBuilder { with_context!( self, "check FRI initial proof", - self.fri_verify_initial_proof::( + self.fri_verify_initial_proof::( &x_index_bits, &round_proof.initial_trees_proof, initial_merkle_caps, @@ -345,7 +337,7 @@ impl, const D: usize> CircuitBuilder { with_context!( self, "verify FRI round Merkle proof.", - self.verify_merkle_proof_to_cap_with_cap_index::( + self.verify_merkle_proof_to_cap_with_cap_index::( flatten_target(evals), &coset_index_bits, cap_index, diff --git a/plonky2/src/fri/validate_shape.rs b/plonky2/src/fri/validate_shape.rs index e15a2c75..6a4e7cc5 100644 --- a/plonky2/src/fri/validate_shape.rs +++ b/plonky2/src/fri/validate_shape.rs @@ -5,20 +5,17 @@ use crate::fri::proof::{FriProof, FriQueryRound, FriQueryStep}; use crate::fri::structure::FriInstanceInfo; use crate::fri::FriParams; use crate::hash::hash_types::RichField; -use crate::hash::hashing::HashConfig; use crate::plonk::config::GenericConfig; use crate::plonk::plonk_common::salt_size; -pub(crate) fn validate_fri_proof_shape( - proof: &FriProof, +pub(crate) fn validate_fri_proof_shape( + proof: &FriProof, instance: &FriInstanceInfo, params: &FriParams, ) -> anyhow::Result<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let FriProof { commit_phase_merkle_caps, diff --git a/plonky2/src/fri/verifier.rs b/plonky2/src/fri/verifier.rs index e37866e8..2e30214e 100644 --- a/plonky2/src/fri/verifier.rs +++ b/plonky2/src/fri/verifier.rs @@ -59,24 +59,18 @@ pub(crate) fn fri_verify_proof_of_work, const D: us Ok(()) } -pub fn verify_fri_proof< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, ->( +pub fn verify_fri_proof, C: GenericConfig, const D: usize>( instance: &FriInstanceInfo, openings: &FriOpenings, challenges: &FriChallenges, - initial_merkle_caps: &[MerkleCap], - proof: &FriProof, + initial_merkle_caps: &[MerkleCap], + proof: &FriProof, params: &FriParams, ) -> Result<()> where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { - validate_fri_proof_shape::(proof, instance, params)?; + validate_fri_proof_shape::(proof, instance, params)?; // Size of the LDE domain. let n = params.lde_size(); @@ -97,7 +91,7 @@ where .iter() .zip(&proof.query_round_proofs) { - fri_verifier_query_round::( + fri_verifier_query_round::( instance, challenges, &precomputed_reduced_evals, @@ -130,13 +124,11 @@ where pub(crate) fn fri_combine_initial< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( instance: &FriInstanceInfo, - proof: &FriInitialTreeProof, + proof: &FriInitialTreeProof, alpha: F::Extension, subgroup_x: F, precomputed_reduced_evals: &PrecomputedReducedOpenings, @@ -173,25 +165,23 @@ pub(crate) fn fri_combine_initial< fn fri_verifier_query_round< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( instance: &FriInstanceInfo, challenges: &FriChallenges, precomputed_reduced_evals: &PrecomputedReducedOpenings, - initial_merkle_caps: &[MerkleCap], - proof: &FriProof, + initial_merkle_caps: &[MerkleCap], + proof: &FriProof, mut x_index: usize, n: usize, - round_proof: &FriQueryRound, + round_proof: &FriQueryRound, params: &FriParams, ) -> Result<()> where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { - fri_verify_initial_proof::( + fri_verify_initial_proof::( x_index, &round_proof.initial_trees_proof, initial_merkle_caps, @@ -203,7 +193,7 @@ where // old_eval is the last derived evaluation; it will be checked for consistency with its // committed "parent" value in the next iteration. - let mut old_eval = fri_combine_initial::( + let mut old_eval = fri_combine_initial::( instance, &round_proof.initial_trees_proof, challenges.fri_alpha, @@ -232,7 +222,7 @@ where challenges.fri_betas[i], ); - verify_merkle_proof_to_cap::( + verify_merkle_proof_to_cap::( flatten(evals), coset_index, &proof.commit_phase_merkle_caps[i], diff --git a/plonky2/src/gadgets/arithmetic_extension.rs b/plonky2/src/gadgets/arithmetic_extension.rs index c3ded869..6fcab718 100644 --- a/plonky2/src/gadgets/arithmetic_extension.rs +++ b/plonky2/src/gadgets/arithmetic_extension.rs @@ -576,20 +576,15 @@ mod tests { use crate::iop::witness::{PartialWitness, WitnessWrite}; use crate::plonk::circuit_builder::CircuitBuilder; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{ - GenericConfig, KeccakGoldilocksConfig, KeccakHashConfig, PoseidonGoldilocksConfig, - PoseidonHashConfig, - }; + use crate::plonk::config::{GenericConfig, KeccakGoldilocksConfig, PoseidonGoldilocksConfig}; use crate::plonk::verifier::verify; #[test] fn test_mul_many() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; let config = CircuitConfig::standard_recursion_config(); @@ -614,7 +609,7 @@ mod tests { builder.connect_extension(mul0, mul1); builder.connect_extension(mul1, mul2); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; verify(proof, &data.verifier_only, &data.common) @@ -624,10 +619,8 @@ mod tests { fn test_div_extension() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; let config = CircuitConfig::standard_recursion_zk_config(); @@ -643,7 +636,7 @@ mod tests { let comp_zt = builder.div_extension(xt, yt); builder.connect_extension(zt, comp_zt); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; verify(proof, &data.verifier_only, &data.common) @@ -653,10 +646,8 @@ mod tests { fn test_mul_algebra() -> Result<()> { const D: usize = 2; type C = KeccakGoldilocksConfig; - type HCO = KeccakHashConfig; - type HCI = PoseidonHashConfig; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; let config = CircuitConfig::standard_recursion_config(); @@ -683,7 +674,7 @@ mod tests { pw.set_extension_target(zt.0[i], z.0[i]); } - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; verify(proof, &data.verifier_only, &data.common) diff --git a/plonky2/src/gadgets/interpolation.rs b/plonky2/src/gadgets/interpolation.rs index d31e7393..daf51d21 100644 --- a/plonky2/src/gadgets/interpolation.rs +++ b/plonky2/src/gadgets/interpolation.rs @@ -47,17 +47,15 @@ mod tests { use crate::iop::witness::PartialWitness; use crate::plonk::circuit_builder::CircuitBuilder; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use crate::plonk::verifier::verify; #[test] fn test_interpolate() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; let config = CircuitConfig::standard_recursion_config(); let pw = PartialWitness::new(); let mut builder = CircuitBuilder::::new(config); @@ -104,7 +102,7 @@ mod tests { builder.connect_extension(eval_coset_gate, true_eval_target); } - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; verify(proof, &data.verifier_only, &data.common) diff --git a/plonky2/src/gadgets/random_access.rs b/plonky2/src/gadgets/random_access.rs index 39e8af87..85d2c714 100644 --- a/plonky2/src/gadgets/random_access.rs +++ b/plonky2/src/gadgets/random_access.rs @@ -107,16 +107,14 @@ mod tests { use crate::field::types::{Field, Sample}; use crate::iop::witness::PartialWitness; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use crate::plonk::verifier::verify; fn test_random_access_given_len(len_log: usize) -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; let len = 1 << len_log; let config = CircuitConfig::standard_recursion_config(); let pw = PartialWitness::new(); @@ -131,7 +129,7 @@ mod tests { builder.connect_extension(elem, res); } - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; verify(proof, &data.verifier_only, &data.common) diff --git a/plonky2/src/gadgets/select.rs b/plonky2/src/gadgets/select.rs index 7526fe9a..b34092ed 100644 --- a/plonky2/src/gadgets/select.rs +++ b/plonky2/src/gadgets/select.rs @@ -44,17 +44,15 @@ mod tests { use crate::iop::witness::{PartialWitness, WitnessWrite}; use crate::plonk::circuit_builder::CircuitBuilder; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use crate::plonk::verifier::verify; #[test] fn test_select() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; let config = CircuitConfig::standard_recursion_config(); let mut pw = PartialWitness::::new(); let mut builder = CircuitBuilder::::new(config); @@ -74,7 +72,7 @@ mod tests { builder.connect_extension(should_be_x, xt); builder.connect_extension(should_be_y, yt); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; verify(proof, &data.verifier_only, &data.common) diff --git a/plonky2/src/gadgets/split_base.rs b/plonky2/src/gadgets/split_base.rs index fa073fae..dd0edf5d 100644 --- a/plonky2/src/gadgets/split_base.rs +++ b/plonky2/src/gadgets/split_base.rs @@ -113,16 +113,14 @@ mod tests { use super::*; use crate::iop::witness::PartialWitness; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use crate::plonk::verifier::verify; #[test] fn test_split_base() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_config(); let pw = PartialWitness::new(); let mut builder = CircuitBuilder::::new(config); @@ -139,7 +137,7 @@ mod tests { builder.connect(limbs[3], one); builder.assert_leading_zeros(xt, 64 - 9); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; @@ -150,9 +148,7 @@ mod tests { fn test_base_sum() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_config(); let pw = PartialWitness::new(); let mut builder = CircuitBuilder::::new(config); @@ -176,7 +172,7 @@ mod tests { builder.connect(x, y); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; diff --git a/plonky2/src/gates/arithmetic_base.rs b/plonky2/src/gates/arithmetic_base.rs index efd932e2..13b4a2c5 100644 --- a/plonky2/src/gates/arithmetic_base.rs +++ b/plonky2/src/gates/arithmetic_base.rs @@ -218,7 +218,7 @@ mod tests { use crate::gates::arithmetic_base::ArithmeticGate; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { @@ -230,10 +230,8 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let gate = ArithmeticGate::new_from_config(&CircuitConfig::standard_recursion_config()); - test_eval_fns::(gate) + test_eval_fns::(gate) } } diff --git a/plonky2/src/gates/arithmetic_extension.rs b/plonky2/src/gates/arithmetic_extension.rs index 442e41e7..4632dbd4 100644 --- a/plonky2/src/gates/arithmetic_extension.rs +++ b/plonky2/src/gates/arithmetic_extension.rs @@ -211,7 +211,7 @@ mod tests { use crate::gates::arithmetic_extension::ArithmeticExtensionGate; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { @@ -224,11 +224,9 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let gate = ArithmeticExtensionGate::new_from_config(&CircuitConfig::standard_recursion_config()); - test_eval_fns::(gate) + test_eval_fns::(gate) } } diff --git a/plonky2/src/gates/base_sum.rs b/plonky2/src/gates/base_sum.rs index ba0b13dd..5883d71c 100644 --- a/plonky2/src/gates/base_sum.rs +++ b/plonky2/src/gates/base_sum.rs @@ -204,7 +204,7 @@ mod tests { use crate::field::goldilocks_field::GoldilocksField; use crate::gates::base_sum::BaseSumGate; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { @@ -215,9 +215,7 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - test_eval_fns::(BaseSumGate::<6>::new(11)) + type F = >::F; + test_eval_fns::(BaseSumGate::<6>::new(11)) } } diff --git a/plonky2/src/gates/constant.rs b/plonky2/src/gates/constant.rs index fe54596e..bf365b04 100644 --- a/plonky2/src/gates/constant.rs +++ b/plonky2/src/gates/constant.rs @@ -122,7 +122,7 @@ mod tests { use crate::gates::constant::ConstantGate; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { @@ -135,11 +135,9 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let num_consts = CircuitConfig::standard_recursion_config().num_constants; let gate = ConstantGate { num_consts }; - test_eval_fns::(gate) + test_eval_fns::(gate) } } diff --git a/plonky2/src/gates/coset_interpolation.rs b/plonky2/src/gates/coset_interpolation.rs index e7d8b14a..da94d1c0 100644 --- a/plonky2/src/gates/coset_interpolation.rs +++ b/plonky2/src/gates/coset_interpolation.rs @@ -606,7 +606,7 @@ mod tests { use crate::field::types::{Field, Sample}; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::hash::hash_types::HashOut; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn test_degree_and_wires_minimized() { @@ -747,13 +747,9 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; for degree in 2..=4 { - test_eval_fns::(CosetInterpolationGate::with_max_degree( - 2, degree, - ))?; + test_eval_fns::(CosetInterpolationGate::with_max_degree(2, degree))?; } Ok(()) } @@ -762,10 +758,8 @@ mod tests { fn test_gate_constraint() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; /// Returns the local wires for an interpolation gate for given coeffs, points and eval point. fn get_wires(shift: F, values: PolynomialValues, eval_point: FF) -> Vec { diff --git a/plonky2/src/gates/exponentiation.rs b/plonky2/src/gates/exponentiation.rs index 5a09fe78..218f77e8 100644 --- a/plonky2/src/gates/exponentiation.rs +++ b/plonky2/src/gates/exponentiation.rs @@ -294,7 +294,7 @@ mod tests { use crate::field::types::Sample; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::hash::hash_types::HashOut; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use crate::util::log2_ceil; const MAX_POWER_BITS: usize = 17; @@ -329,10 +329,8 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - test_eval_fns::(ExponentiationGate::new_from_config( + type F = >::F; + test_eval_fns::(ExponentiationGate::new_from_config( &CircuitConfig::standard_recursion_config(), )) } @@ -341,10 +339,8 @@ mod tests { fn test_gate_constraint() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; /// Returns the local wires for an exponentiation gate given the base, power, and power bit /// values. diff --git a/plonky2/src/gates/gate_testing.rs b/plonky2/src/gates/gate_testing.rs index 181cba5d..2fa982bb 100644 --- a/plonky2/src/gates/gate_testing.rs +++ b/plonky2/src/gates/gate_testing.rs @@ -89,17 +89,15 @@ fn random_low_degree_values(rate_bits: usize) -> Vec { pub fn test_eval_fns< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, G: Gate, const D: usize, >( gate: G, ) -> Result<()> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { // Test that `eval_unfiltered` and `eval_unfiltered_base` are coherent. let wires_base = F::rand_vec(gate.num_wires()); @@ -164,7 +162,7 @@ where let evals_t = gate.eval_unfiltered_circuit(&mut builder, vars_t); pw.set_extension_targets(&evals_t, &evals); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; - verify::(proof, &data.verifier_only, &data.common) + verify::(proof, &data.verifier_only, &data.common) } diff --git a/plonky2/src/gates/multiplication_extension.rs b/plonky2/src/gates/multiplication_extension.rs index 8db53870..1f900441 100644 --- a/plonky2/src/gates/multiplication_extension.rs +++ b/plonky2/src/gates/multiplication_extension.rs @@ -187,7 +187,7 @@ mod tests { use super::*; use crate::field::goldilocks_field::GoldilocksField; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { @@ -199,10 +199,8 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let gate = MulExtensionGate::new_from_config(&CircuitConfig::standard_recursion_config()); - test_eval_fns::(gate) + test_eval_fns::(gate) } } diff --git a/plonky2/src/gates/noop.rs b/plonky2/src/gates/noop.rs index e2111564..f6f9853a 100644 --- a/plonky2/src/gates/noop.rs +++ b/plonky2/src/gates/noop.rs @@ -60,7 +60,7 @@ mod tests { use crate::field::goldilocks_field::GoldilocksField; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::gates::noop::NoopGate; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { @@ -71,9 +71,7 @@ mod tests { fn eval_fns() -> anyhow::Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - test_eval_fns::(NoopGate) + type F = >::F; + test_eval_fns::(NoopGate) } } diff --git a/plonky2/src/gates/poseidon.rs b/plonky2/src/gates/poseidon.rs index d5db9390..80184797 100644 --- a/plonky2/src/gates/poseidon.rs +++ b/plonky2/src/gates/poseidon.rs @@ -515,7 +515,7 @@ mod tests { use crate::iop::witness::{PartialWitness, Witness, WitnessWrite}; use crate::plonk::circuit_builder::CircuitBuilder; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn wire_indices() { @@ -543,9 +543,7 @@ mod tests { fn generated_output() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig { num_wires: 143, @@ -555,7 +553,7 @@ mod tests { type Gate = PoseidonGate; let gate = Gate::new(); let row = builder.add_gate(gate, vec![]); - let circuit = builder.build_prover::(); + let circuit = builder.build_prover::(); let permutation_inputs = (0..SPONGE_WIDTH) .map(F::from_canonical_usize) @@ -603,10 +601,8 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let gate = PoseidonGate::::new(); - test_eval_fns::(gate) + test_eval_fns::(gate) } } diff --git a/plonky2/src/gates/poseidon_mds.rs b/plonky2/src/gates/poseidon_mds.rs index 7958d1b4..cddd0f9e 100644 --- a/plonky2/src/gates/poseidon_mds.rs +++ b/plonky2/src/gates/poseidon_mds.rs @@ -243,15 +243,13 @@ impl + Poseidon, const D: usize> SimpleGenerator mod tests { use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::gates::poseidon_mds::PoseidonMdsGate; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let gate = PoseidonMdsGate::::new(); test_low_degree(gate) } @@ -260,10 +258,8 @@ mod tests { fn eval_fns() -> anyhow::Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let gate = PoseidonMdsGate::::new(); - test_eval_fns::(gate) + test_eval_fns::(gate) } } diff --git a/plonky2/src/gates/public_input.rs b/plonky2/src/gates/public_input.rs index c8d2cfbe..10c42f00 100644 --- a/plonky2/src/gates/public_input.rs +++ b/plonky2/src/gates/public_input.rs @@ -104,7 +104,7 @@ mod tests { use crate::field::goldilocks_field::GoldilocksField; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::gates::public_input::PublicInputGate; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { @@ -115,9 +115,7 @@ mod tests { fn eval_fns() -> anyhow::Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - test_eval_fns::(PublicInputGate) + type F = >::F; + test_eval_fns::(PublicInputGate) } } diff --git a/plonky2/src/gates/random_access.rs b/plonky2/src/gates/random_access.rs index e8c29713..80874505 100644 --- a/plonky2/src/gates/random_access.rs +++ b/plonky2/src/gates/random_access.rs @@ -389,7 +389,7 @@ mod tests { use crate::field::types::Sample; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::hash::hash_types::HashOut; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { @@ -400,20 +400,16 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - test_eval_fns::(RandomAccessGate::new(4, 4, 1)) + type F = >::F; + test_eval_fns::(RandomAccessGate::new(4, 4, 1)) } #[test] fn test_gate_constraint() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; /// Returns the local wires for a random access gate given the vectors, elements to compare, /// and indices. diff --git a/plonky2/src/gates/reducing.rs b/plonky2/src/gates/reducing.rs index ad14a7fc..9bdadce8 100644 --- a/plonky2/src/gates/reducing.rs +++ b/plonky2/src/gates/reducing.rs @@ -216,7 +216,7 @@ mod tests { use crate::field::goldilocks_field::GoldilocksField; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::gates::reducing::ReducingGate; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { @@ -227,9 +227,7 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - test_eval_fns::(ReducingGate::new(22)) + type F = >::F; + test_eval_fns::(ReducingGate::new(22)) } } diff --git a/plonky2/src/gates/reducing_extension.rs b/plonky2/src/gates/reducing_extension.rs index 2b37e5b5..0ad48bb0 100644 --- a/plonky2/src/gates/reducing_extension.rs +++ b/plonky2/src/gates/reducing_extension.rs @@ -210,7 +210,7 @@ mod tests { use crate::field::goldilocks_field::GoldilocksField; use crate::gates::gate_testing::{test_eval_fns, test_low_degree}; use crate::gates::reducing_extension::ReducingExtensionGate; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn low_degree() { @@ -221,9 +221,7 @@ mod tests { fn eval_fns() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - test_eval_fns::(ReducingExtensionGate::new(22)) + type F = >::F; + test_eval_fns::(ReducingExtensionGate::new(22)) } } diff --git a/plonky2/src/hash/merkle_proofs.rs b/plonky2/src/hash/merkle_proofs.rs index 7798bd16..3d523312 100644 --- a/plonky2/src/hash/merkle_proofs.rs +++ b/plonky2/src/hash/merkle_proofs.rs @@ -187,7 +187,7 @@ mod tests { use crate::iop::witness::{PartialWitness, WitnessWrite}; use crate::plonk::circuit_builder::CircuitBuilder; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use crate::plonk::verifier::verify; fn random_data(n: usize, k: usize) -> Vec> { @@ -198,9 +198,7 @@ mod tests { fn test_recursive_merkle_proof() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_config(); let mut pw = PartialWitness::new(); let mut builder = CircuitBuilder::::new(config); @@ -209,9 +207,10 @@ mod tests { let n = 1 << log_n; let cap_height = 1; let leaves = random_data::(n, 7); - let tree = MerkleTree::>::Hasher>::new( - leaves, cap_height, - ); + let tree = + MerkleTree::>::HCO, >::Hasher>::new( + leaves, cap_height, + ); let i: usize = OsRng.gen_range(0..n); let proof = tree.prove(i); @@ -233,11 +232,11 @@ mod tests { pw.set_target(data[j], tree.leaves[i][j]); } - builder.verify_merkle_proof_to_cap::>::InnerHasher>( + builder.verify_merkle_proof_to_cap::<>::HCI, >::InnerHasher>( data, &i_bits, &cap_t, &proof_t, ); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; verify(proof, &data.verifier_only, &data.common) diff --git a/plonky2/src/hash/merkle_tree.rs b/plonky2/src/hash/merkle_tree.rs index 25055fdb..f49d9f19 100644 --- a/plonky2/src/hash/merkle_tree.rs +++ b/plonky2/src/hash/merkle_tree.rs @@ -223,26 +223,20 @@ mod tests { use super::*; use crate::field::extension::Extendable; use crate::hash::merkle_proofs::verify_merkle_proof_to_cap; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; fn random_data(n: usize, k: usize) -> Vec> { (0..n).map(|_| F::rand_vec(k)).collect() } - fn verify_all_leaves< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - >( + fn verify_all_leaves, C: GenericConfig, const D: usize>( leaves: Vec>, cap_height: usize, ) -> Result<()> where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { - let tree = MerkleTree::::new(leaves.clone(), cap_height); + let tree = MerkleTree::::new(leaves.clone(), cap_height); for (i, leaf) in leaves.into_iter().enumerate() { let proof = tree.prove(i); verify_merkle_proof_to_cap(leaf, i, &tree.cap, &proof)?; @@ -255,15 +249,13 @@ mod tests { fn test_cap_height_too_big() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let log_n = 8; let cap_height = log_n + 1; // Should panic if `cap_height > len_n`. let leaves = random_data::(1 << log_n, 7); - let _ = MerkleTree::>::Hasher>::new( + let _ = MerkleTree::>::HCO, >::Hasher>::new( leaves, cap_height, ); } @@ -272,15 +264,13 @@ mod tests { fn test_cap_height_eq_log2_len() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let log_n = 8; let n = 1 << log_n; let leaves = random_data::(n, 7); - verify_all_leaves::(leaves, log_n)?; + verify_all_leaves::(leaves, log_n)?; Ok(()) } @@ -289,15 +279,13 @@ mod tests { fn test_merkle_trees() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let log_n = 8; let n = 1 << log_n; let leaves = random_data::(n, 7); - verify_all_leaves::(leaves, 1)?; + verify_all_leaves::(leaves, 1)?; Ok(()) } diff --git a/plonky2/src/hash/path_compression.rs b/plonky2/src/hash/path_compression.rs index de507641..853ffc85 100644 --- a/plonky2/src/hash/path_compression.rs +++ b/plonky2/src/hash/path_compression.rs @@ -124,22 +124,21 @@ mod tests { use super::*; use crate::field::types::Sample; use crate::hash::merkle_tree::MerkleTree; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn test_path_compression() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let h = 10; let cap_height = 3; let vs = (0..1 << h).map(|_| vec![F::rand()]).collect::>(); - let mt = MerkleTree::>::Hasher>::new( - vs.clone(), - cap_height, - ); + let mt = + MerkleTree::>::HCO, >::Hasher>::new( + vs.clone(), + cap_height, + ); let mut rng = OsRng; let k = rng.gen_range(1..=1 << h); diff --git a/plonky2/src/iop/challenger.rs b/plonky2/src/iop/challenger.rs index 07b99981..499538a9 100644 --- a/plonky2/src/iop/challenger.rs +++ b/plonky2/src/iop/challenger.rs @@ -390,17 +390,18 @@ mod tests { use crate::iop::witness::{PartialWitness, Witness}; use crate::plonk::circuit_builder::CircuitBuilder; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; #[test] fn no_duplicate_challenges() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - let mut challenger = - Challenger::>::InnerHasher>::new(); + type F = >::F; + let mut challenger = Challenger::< + F, + >::HCI, + >::InnerHasher, + >::new(); let mut challenges = Vec::new(); for i in 1..10 { @@ -421,9 +422,7 @@ mod tests { fn test_consistency() { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; // These are mostly arbitrary, but we want to test some rounds with enough inputs/outputs to // trigger multiple absorptions/squeezes. @@ -436,8 +435,11 @@ mod tests { .map(|&n| F::rand_vec(n)) .collect(); - let mut challenger = - Challenger::>::InnerHasher>::new(); + let mut challenger = Challenger::< + F, + >::HCI, + >::InnerHasher, + >::new(); let mut outputs_per_round: Vec> = Vec::new(); for (r, inputs) in inputs_per_round.iter().enumerate() { challenger.observe_elements(inputs); @@ -446,10 +448,12 @@ mod tests { let config = CircuitConfig::standard_recursion_config(); let mut builder = CircuitBuilder::::new(config); - let mut recursive_challenger = - RecursiveChallenger::>::InnerHasher, D>::new( - &mut builder, - ); + let mut recursive_challenger = RecursiveChallenger::< + F, + >::HCI, + >::InnerHasher, + D, + >::new(&mut builder); let mut recursive_outputs_per_round: Vec> = Vec::new(); for (r, inputs) in inputs_per_round.iter().enumerate() { recursive_challenger.observe_elements(&builder.constants(inputs)); @@ -457,7 +461,7 @@ mod tests { recursive_challenger.get_n_challenges(&mut builder, num_outputs_per_round[r]), ); } - let circuit = builder.build::(); + let circuit = builder.build::(); let inputs = PartialWitness::new(); let witness = generate_partial_witness(inputs, &circuit.prover_only, &circuit.common); let recursive_output_values_per_round: Vec> = recursive_outputs_per_round diff --git a/plonky2/src/iop/generator.rs b/plonky2/src/iop/generator.rs index b2ddd2ce..a65d1748 100644 --- a/plonky2/src/iop/generator.rs +++ b/plonky2/src/iop/generator.rs @@ -6,7 +6,6 @@ use core::marker::PhantomData; use crate::field::extension::Extendable; use crate::field::types::Field; use crate::hash::hash_types::RichField; -use crate::hash::hashing::HashConfig; use crate::iop::ext_target::ExtensionTarget; use crate::iop::target::Target; use crate::iop::wire::Wire; @@ -19,13 +18,11 @@ use crate::plonk::config::GenericConfig; pub(crate) fn generate_partial_witness< 'a, F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( inputs: PartialWitness, - prover_data: &'a ProverOnlyCircuitData, + prover_data: &'a ProverOnlyCircuitData, common_data: &'a CommonCircuitData, ) -> PartitionWitness<'a, F> { let config = &common_data.config; diff --git a/plonky2/src/iop/witness.rs b/plonky2/src/iop/witness.rs index 9879be0b..21531d71 100644 --- a/plonky2/src/iop/witness.rs +++ b/plonky2/src/iop/witness.rs @@ -72,18 +72,13 @@ pub trait WitnessWrite { /// Set the targets in a `ProofWithPublicInputsTarget` to their corresponding values in a /// `ProofWithPublicInputs`. - fn set_proof_with_pis_target< - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - >( + fn set_proof_with_pis_target, const D: usize>( &mut self, proof_with_pis_target: &ProofWithPublicInputsTarget, - proof_with_pis: &ProofWithPublicInputs, + proof_with_pis: &ProofWithPublicInputs, ) where F: RichField + Extendable, - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, { let ProofWithPublicInputs { proof, @@ -103,18 +98,13 @@ pub trait WitnessWrite { } /// Set the targets in a `ProofTarget` to their corresponding values in a `Proof`. - fn set_proof_target< - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - >( + fn set_proof_target, const D: usize>( &mut self, proof_target: &ProofTarget, - proof: &Proof, + proof: &Proof, ) where F: RichField + Extendable, - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, { self.set_cap_target(&proof_target.wires_cap, &proof.wires_cap); self.set_cap_target( @@ -147,18 +137,13 @@ pub trait WitnessWrite { } } - fn set_verifier_data_target< - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - >( + fn set_verifier_data_target, const D: usize>( &mut self, vdt: &VerifierCircuitTarget, - vd: &VerifierOnlyCircuitData, + vd: &VerifierOnlyCircuitData, ) where F: RichField + Extendable, - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, { self.set_cap_target(&vdt.constants_sigmas_cap, &vd.constants_sigmas_cap); self.set_hash_target(vdt.circuit_digest, vd.circuit_digest); diff --git a/plonky2/src/plonk/circuit_builder.rs b/plonky2/src/plonk/circuit_builder.rs index 67c31df9..15c01ab0 100644 --- a/plonky2/src/plonk/circuit_builder.rs +++ b/plonky2/src/plonk/circuit_builder.rs @@ -442,14 +442,12 @@ impl, const D: usize> CircuitBuilder { MerkleCapTarget(cap.0.iter().map(|h| self.constant_hash(*h)).collect()) } - pub fn constant_verifier_data>( + pub fn constant_verifier_data>( &mut self, - verifier_data: &VerifierOnlyCircuitData, + verifier_data: &VerifierOnlyCircuitData, ) -> VerifierCircuitTarget where - HCO: HashConfig, - HCI: HashConfig, - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, { VerifierCircuitTarget { constants_sigmas_cap: self.constant_merkle_cap(&verifier_data.constants_sigmas_cap), @@ -740,12 +738,10 @@ impl, const D: usize> CircuitBuilder { } /// Builds a "full circuit", with both prover and verifier data. - pub fn build>( - mut self, - ) -> CircuitData + pub fn build>(mut self) -> CircuitData where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let mut timing = TimingTree::new("preprocess", Level::Trace); #[cfg(feature = "std")] @@ -757,7 +753,7 @@ impl, const D: usize> CircuitBuilder { // those hash wires match the claimed public inputs. let num_public_inputs = self.public_inputs.len(); let public_inputs_hash = - self.hash_n_to_hash_no_pad::(self.public_inputs.clone()); + self.hash_n_to_hash_no_pad::(self.public_inputs.clone()); let pi_gate = self.add_gate(PublicInputGate, vec![]); for (&hash_part, wire) in public_inputs_hash .elements @@ -834,7 +830,7 @@ impl, const D: usize> CircuitBuilder { let fft_root_table = fft_root_table(max_fft_points); let constants_sigmas_vecs = [constant_vecs, sigma_vecs.clone()].concat(); - let constants_sigmas_commitment = PolynomialBatch::::from_values( + let constants_sigmas_commitment = PolynomialBatch::::from_values( constants_sigmas_vecs, rate_bits, PlonkOracle::CONSTANTS_SIGMAS.blinding, @@ -922,7 +918,7 @@ impl, const D: usize> CircuitBuilder { assert_eq!(goal_data, common, "The expected circuit data passed to cyclic recursion method did not match the actual circuit"); } - let prover_only = ProverOnlyCircuitData:: { + let prover_only = ProverOnlyCircuitData:: { generators: self.generators, generator_indices_by_watches, constants_sigmas_commitment, @@ -934,7 +930,7 @@ impl, const D: usize> CircuitBuilder { circuit_digest, }; - let verifier_only = VerifierOnlyCircuitData:: { + let verifier_only = VerifierOnlyCircuitData:: { constants_sigmas_cap, circuit_digest, }; @@ -950,28 +946,24 @@ impl, const D: usize> CircuitBuilder { } /// Builds a "prover circuit", with data needed to generate proofs but not verify them. - pub fn build_prover>( - self, - ) -> ProverCircuitData + pub fn build_prover>(self) -> ProverCircuitData where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { // TODO: Can skip parts of this. - let circuit_data = self.build::(); + let circuit_data = self.build::(); circuit_data.prover_data() } /// Builds a "verifier circuit", with data needed to verify proofs but not generate them. - pub fn build_verifier>( - self, - ) -> VerifierCircuitData + pub fn build_verifier>(self) -> VerifierCircuitData where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { // TODO: Can skip parts of this. - let circuit_data = self.build::(); + let circuit_data = self.build::(); circuit_data.verifier_data() } } diff --git a/plonky2/src/plonk/circuit_data.rs b/plonky2/src/plonk/circuit_data.rs index 9f0eab71..2346b9db 100644 --- a/plonky2/src/plonk/circuit_data.rs +++ b/plonky2/src/plonk/circuit_data.rs @@ -107,35 +107,21 @@ impl CircuitConfig { } /// Circuit data required by the prover or the verifier. -pub struct CircuitData< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, -> { - pub prover_only: ProverOnlyCircuitData, - pub verifier_only: VerifierOnlyCircuitData, +pub struct CircuitData, C: GenericConfig, const D: usize> { + pub prover_only: ProverOnlyCircuitData, + pub verifier_only: VerifierOnlyCircuitData, pub common: CommonCircuitData, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > CircuitData +impl, C: GenericConfig, const D: usize> + CircuitData { - pub fn prove( - &self, - inputs: PartialWitness, - ) -> Result> + pub fn prove(&self, inputs: PartialWitness) -> Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { - prove::( + prove::( &self.prover_only, &self.common, inputs, @@ -143,48 +129,48 @@ impl< ) } - pub fn verify(&self, proof_with_pis: ProofWithPublicInputs) -> Result<()> + pub fn verify(&self, proof_with_pis: ProofWithPublicInputs) -> Result<()> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { - verify::(proof_with_pis, &self.verifier_only, &self.common) + verify::(proof_with_pis, &self.verifier_only, &self.common) } pub fn verify_compressed( &self, - compressed_proof_with_pis: CompressedProofWithPublicInputs, + compressed_proof_with_pis: CompressedProofWithPublicInputs, ) -> Result<()> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { compressed_proof_with_pis.verify(&self.verifier_only, &self.common) } pub fn compress( &self, - proof: ProofWithPublicInputs, - ) -> Result> + proof: ProofWithPublicInputs, + ) -> Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { proof.compress(&self.verifier_only.circuit_digest, &self.common) } pub fn decompress( &self, - proof: CompressedProofWithPublicInputs, - ) -> Result> + proof: CompressedProofWithPublicInputs, + ) -> Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { proof.decompress(&self.verifier_only.circuit_digest, &self.common) } - pub fn verifier_data(&self) -> VerifierCircuitData { + pub fn verifier_data(&self) -> VerifierCircuitData { let CircuitData { verifier_only, common, @@ -196,7 +182,7 @@ impl< } } - pub fn prover_data(self) -> ProverCircuitData { + pub fn prover_data(self) -> ProverCircuitData { let CircuitData { prover_only, common, @@ -218,32 +204,22 @@ impl< /// construct a more minimal prover structure and convert back and forth. pub struct ProverCircuitData< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, > { - pub prover_only: ProverOnlyCircuitData, + pub prover_only: ProverOnlyCircuitData, pub common: CommonCircuitData, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > ProverCircuitData +impl, C: GenericConfig, const D: usize> + ProverCircuitData { - pub fn prove( - &self, - inputs: PartialWitness, - ) -> Result> + pub fn prove(&self, inputs: PartialWitness) -> Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { - prove::( + prove::( &self.prover_only, &self.common, inputs, @@ -256,38 +232,31 @@ impl< #[derive(Debug)] pub struct VerifierCircuitData< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, > { - pub verifier_only: VerifierOnlyCircuitData, + pub verifier_only: VerifierOnlyCircuitData, pub common: CommonCircuitData, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > VerifierCircuitData +impl, C: GenericConfig, const D: usize> + VerifierCircuitData { - pub fn verify(&self, proof_with_pis: ProofWithPublicInputs) -> Result<()> + pub fn verify(&self, proof_with_pis: ProofWithPublicInputs) -> Result<()> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { - verify::(proof_with_pis, &self.verifier_only, &self.common) + verify::(proof_with_pis, &self.verifier_only, &self.common) } pub fn verify_compressed( &self, - compressed_proof_with_pis: CompressedProofWithPublicInputs, + compressed_proof_with_pis: CompressedProofWithPublicInputs, ) -> Result<()> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { compressed_proof_with_pis.verify(&self.verifier_only, &self.common) } @@ -296,9 +265,7 @@ impl< /// Circuit data required by the prover, but not the verifier. pub struct ProverOnlyCircuitData< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, > { pub generators: Vec>>, @@ -306,7 +273,7 @@ pub struct ProverOnlyCircuitData< /// they watch. pub generator_indices_by_watches: BTreeMap>, /// Commitments to the constants polynomials and sigma polynomials. - pub constants_sigmas_commitment: PolynomialBatch, + pub constants_sigmas_commitment: PolynomialBatch, /// The transpose of the list of sigma polynomials. pub sigmas: Vec>, /// Subgroup of order `degree`. @@ -320,22 +287,17 @@ pub struct ProverOnlyCircuitData< pub fft_root_table: Option>, /// A digest of the "circuit" (i.e. the instance, minus public inputs), which can be used to /// seed Fiat-Shamir. - pub circuit_digest: <>::Hasher as Hasher>::Hash, + pub circuit_digest: <>::Hasher as Hasher>::Hash, } /// Circuit data required by the verifier, but not the prover. #[derive(Debug, Clone, Eq, PartialEq)] -pub struct VerifierOnlyCircuitData< - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, -> { +pub struct VerifierOnlyCircuitData, const D: usize> { /// A commitment to each constant polynomial and each permutation polynomial. - pub constants_sigmas_cap: MerkleCap, + pub constants_sigmas_cap: MerkleCap, /// A digest of the "circuit" (i.e. the instance, minus public inputs), which can be used to /// seed Fiat-Shamir. - pub circuit_digest: <>::Hasher as Hasher>::Hash, + pub circuit_digest: <>::Hasher as Hasher>::Hash, } /// Circuit data required by both the prover and the verifier. diff --git a/plonky2/src/plonk/config.rs b/plonky2/src/plonk/config.rs index c68998f6..60f9a7b8 100644 --- a/plonky2/src/plonk/config.rs +++ b/plonky2/src/plonk/config.rs @@ -93,17 +93,21 @@ pub trait AlgebraicHasher: Hasher: +pub trait GenericConfig: Debug + Clone + Sync + Sized + Send + Eq + PartialEq { /// Main field. type F: RichField + Extendable; /// Field extension of degree D of the main field. type FE: FieldExtension; + /// Hash configuration for this GenericConfig's `Hasher`. + type HCO: HashConfig; + /// Hash configuration for this GenericConfig's `InnerHasher`. + type HCI: HashConfig; /// Hash function used for building Merkle trees. - type Hasher: Hasher; + type Hasher: Hasher; /// Algebraic hash function used for the challenger and hashing public inputs. - type InnerHasher: AlgebraicHasher; + type InnerHasher: AlgebraicHasher; } #[derive(Clone, Debug, Eq, PartialEq)] @@ -115,9 +119,11 @@ impl HashConfig for PoseidonHashConfig { /// Configuration using Poseidon over the Goldilocks field. #[derive(Debug, Copy, Clone, Eq, PartialEq)] pub struct PoseidonGoldilocksConfig; -impl GenericConfig for PoseidonGoldilocksConfig { +impl GenericConfig<2> for PoseidonGoldilocksConfig { type F = GoldilocksField; type FE = QuadraticExtension; + type HCO = PoseidonHashConfig; + type HCI = PoseidonHashConfig; type Hasher = PoseidonHash; type InnerHasher = PoseidonHash; } @@ -131,9 +137,11 @@ impl HashConfig for KeccakHashConfig { /// Configuration using truncated Keccak over the Goldilocks field. #[derive(Debug, Copy, Clone, Eq, PartialEq)] pub struct KeccakGoldilocksConfig; -impl GenericConfig for KeccakGoldilocksConfig { +impl GenericConfig<2> for KeccakGoldilocksConfig { type F = GoldilocksField; type FE = QuadraticExtension; + type HCO = KeccakHashConfig; + type HCI = PoseidonHashConfig; type Hasher = KeccakHash<25>; type InnerHasher = PoseidonHash; } diff --git a/plonky2/src/plonk/get_challenges.rs b/plonky2/src/plonk/get_challenges.rs index 5932b6ff..d0682572 100644 --- a/plonky2/src/plonk/get_challenges.rs +++ b/plonky2/src/plonk/get_challenges.rs @@ -23,45 +23,39 @@ use crate::plonk::proof::{ }; use crate::util::reverse_bits; -fn get_challenges< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, ->( - public_inputs_hash: <>::InnerHasher as Hasher>::Hash, - wires_cap: &MerkleCap, - plonk_zs_partial_products_cap: &MerkleCap, - quotient_polys_cap: &MerkleCap, +fn get_challenges, C: GenericConfig, const D: usize>( + public_inputs_hash: <>::InnerHasher as Hasher>::Hash, + wires_cap: &MerkleCap, + plonk_zs_partial_products_cap: &MerkleCap, + quotient_polys_cap: &MerkleCap, openings: &OpeningSet, - commit_phase_merkle_caps: &[MerkleCap], + commit_phase_merkle_caps: &[MerkleCap], final_poly: &PolynomialCoeffs, pow_witness: F, - circuit_digest: &<>::Hasher as Hasher>::Hash, + circuit_digest: &<>::Hasher as Hasher>::Hash, common_data: &CommonCircuitData, ) -> anyhow::Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let config = &common_data.config; let num_challenges = config.num_challenges; - let mut challenger = Challenger::::new(); + let mut challenger = Challenger::::new(); // Observe the instance. - challenger.observe_hash::(*circuit_digest); - challenger.observe_hash::(public_inputs_hash); + challenger.observe_hash::(*circuit_digest); + challenger.observe_hash::(public_inputs_hash); - challenger.observe_cap::(wires_cap); + challenger.observe_cap::(wires_cap); let plonk_betas = challenger.get_n_challenges(num_challenges); let plonk_gammas = challenger.get_n_challenges(num_challenges); - challenger.observe_cap::(plonk_zs_partial_products_cap); + challenger.observe_cap::(plonk_zs_partial_products_cap); let plonk_alphas = challenger.get_n_challenges(num_challenges); - challenger.observe_cap::(quotient_polys_cap); + challenger.observe_cap::(quotient_polys_cap); let plonk_zeta = challenger.get_extension_challenge::(); challenger.observe_openings(&openings.to_fri_openings()); @@ -71,7 +65,7 @@ where plonk_gammas, plonk_alphas, plonk_zeta, - fri_challenges: challenger.fri_challenges::( + fri_challenges: challenger.fri_challenges::( commit_phase_merkle_caps, final_poly, pow_witness, @@ -81,22 +75,17 @@ where }) } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > ProofWithPublicInputs +impl, C: GenericConfig, const D: usize> + ProofWithPublicInputs { pub(crate) fn fri_query_indices( &self, - circuit_digest: &<>::Hasher as Hasher>::Hash, + circuit_digest: &<>::Hasher as Hasher>::Hash, common_data: &CommonCircuitData, ) -> anyhow::Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { Ok(self .get_challenges(self.get_public_inputs_hash(), circuit_digest, common_data)? @@ -107,13 +96,13 @@ impl< /// Computes all Fiat-Shamir challenges used in the Plonk proof. pub(crate) fn get_challenges( &self, - public_inputs_hash: <>::InnerHasher as Hasher>::Hash, - circuit_digest: &<>::Hasher as Hasher>::Hash, + public_inputs_hash: <>::InnerHasher as Hasher>::Hash, + circuit_digest: &<>::Hasher as Hasher>::Hash, common_data: &CommonCircuitData, ) -> anyhow::Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let Proof { wires_cap, @@ -129,7 +118,7 @@ impl< }, } = &self.proof; - get_challenges::( + get_challenges::( public_inputs_hash, wires_cap, plonk_zs_partial_products_cap, @@ -144,24 +133,19 @@ impl< } } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > CompressedProofWithPublicInputs +impl, C: GenericConfig, const D: usize> + CompressedProofWithPublicInputs { /// Computes all Fiat-Shamir challenges used in the Plonk proof. pub(crate) fn get_challenges( &self, - public_inputs_hash: <>::InnerHasher as Hasher>::Hash, - circuit_digest: &<>::Hasher as Hasher>::Hash, + public_inputs_hash: <>::InnerHasher as Hasher>::Hash, + circuit_digest: &<>::Hasher as Hasher>::Hash, common_data: &CommonCircuitData, ) -> anyhow::Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let CompressedProof { wires_cap, @@ -177,7 +161,7 @@ impl< }, } = &self.proof; - get_challenges::( + get_challenges::( public_inputs_hash, wires_cap, plonk_zs_partial_products_cap, @@ -222,7 +206,7 @@ impl< for &(mut x_index) in fri_query_indices { let mut subgroup_x = F::MULTIPLICATIVE_GROUP_GENERATOR * F::primitive_root_of_unity(log_n).exp_u64(reverse_bits(x_index, log_n) as u64); - let mut old_eval = fri_combine_initial::( + let mut old_eval = fri_combine_initial::( &common_data.get_fri_instance(*plonk_zeta), &self .proof @@ -268,7 +252,7 @@ impl< } impl, const D: usize> CircuitBuilder { - fn get_challenges>( + fn get_challenges>( &mut self, public_inputs_hash: HashOutTarget, wires_cap: &MerkleCapTarget, @@ -282,14 +266,14 @@ impl, const D: usize> CircuitBuilder { inner_common_data: &CommonCircuitData, ) -> ProofChallengesTarget where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let config = &inner_common_data.config; let num_challenges = config.num_challenges; - let mut challenger = RecursiveChallenger::::new(self); + let mut challenger = RecursiveChallenger::::new(self); // Observe the instance. challenger.observe_hash(&inner_circuit_digest); @@ -324,12 +308,7 @@ impl, const D: usize> CircuitBuilder { } impl ProofWithPublicInputsTarget { - pub(crate) fn get_challenges< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - >( + pub(crate) fn get_challenges, C: GenericConfig>( &self, builder: &mut CircuitBuilder, public_inputs_hash: HashOutTarget, @@ -337,9 +316,9 @@ impl ProofWithPublicInputsTarget { inner_common_data: &CommonCircuitData, ) -> ProofChallengesTarget where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let ProofTarget { wires_cap, @@ -355,7 +334,7 @@ impl ProofWithPublicInputsTarget { }, } = &self.proof; - builder.get_challenges::( + builder.get_challenges::( public_inputs_hash, wires_cap, plonk_zs_partial_products_cap, diff --git a/plonky2/src/plonk/proof.rs b/plonky2/src/plonk/proof.rs index 476ff18a..6332252f 100644 --- a/plonky2/src/plonk/proof.rs +++ b/plonky2/src/plonk/proof.rs @@ -28,23 +28,17 @@ use crate::util::serialization::{Buffer, Read}; #[derive(Serialize, Deserialize, Clone, Debug, Eq, PartialEq)] #[serde(bound = "")] -pub struct Proof< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, -> { +pub struct Proof, C: GenericConfig, const D: usize> { /// Merkle cap of LDEs of wire values. - pub wires_cap: MerkleCap, + pub wires_cap: MerkleCap, /// Merkle cap of LDEs of Z, in the context of Plonk's permutation argument. - pub plonk_zs_partial_products_cap: MerkleCap, + pub plonk_zs_partial_products_cap: MerkleCap, /// Merkle cap of LDEs of the quotient polynomial components. - pub quotient_polys_cap: MerkleCap, + pub quotient_polys_cap: MerkleCap, /// Purported values of each polynomial at the challenge point. pub openings: OpeningSet, /// A batch FRI argument for all openings. - pub opening_proof: FriProof, + pub opening_proof: FriProof, } #[derive(Clone, Debug)] @@ -56,20 +50,9 @@ pub struct ProofTarget { pub opening_proof: FriProofTarget, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > Proof -{ +impl, C: GenericConfig, const D: usize> Proof { /// Compress the proof. - pub fn compress( - self, - indices: &[usize], - params: &FriParams, - ) -> CompressedProof { + pub fn compress(self, indices: &[usize], params: &FriParams) -> CompressedProof { let Proof { wires_cap, plonk_zs_partial_products_cap, @@ -92,31 +75,24 @@ impl< #[serde(bound = "")] pub struct ProofWithPublicInputs< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, > { - pub proof: Proof, + pub proof: Proof, pub public_inputs: Vec, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > ProofWithPublicInputs +impl, C: GenericConfig, const D: usize> + ProofWithPublicInputs { pub fn compress( self, - circuit_digest: &<>::Hasher as Hasher>::Hash, + circuit_digest: &<>::Hasher as Hasher>::Hash, common_data: &CommonCircuitData, - ) -> anyhow::Result> + ) -> anyhow::Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let indices = self.fri_query_indices(circuit_digest, common_data)?; let compressed_proof = self.proof.compress(&indices, &common_data.fri_params); @@ -128,9 +104,9 @@ impl< pub(crate) fn get_public_inputs_hash( &self, - ) -> <>::InnerHasher as Hasher>::Hash + ) -> <>::InnerHasher as Hasher>::Hash where - [(); HCI::WIDTH]:, + [(); C::HCI::WIDTH]:, { C::InnerHasher::hash_no_pad(&self.public_inputs) } @@ -158,32 +134,22 @@ impl< #[derive(Serialize, Deserialize, Clone, Debug, Eq, PartialEq)] #[serde(bound = "")] -pub struct CompressedProof< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, -> { +pub struct CompressedProof, C: GenericConfig, const D: usize> +{ /// Merkle cap of LDEs of wire values. - pub wires_cap: MerkleCap, + pub wires_cap: MerkleCap, /// Merkle cap of LDEs of Z, in the context of Plonk's permutation argument. - pub plonk_zs_partial_products_cap: MerkleCap, + pub plonk_zs_partial_products_cap: MerkleCap, /// Merkle cap of LDEs of the quotient polynomial components. - pub quotient_polys_cap: MerkleCap, + pub quotient_polys_cap: MerkleCap, /// Purported values of each polynomial at the challenge point. pub openings: OpeningSet, /// A compressed batch FRI argument for all openings. - pub opening_proof: CompressedFriProof, + pub opening_proof: CompressedFriProof, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > CompressedProof +impl, C: GenericConfig, const D: usize> + CompressedProof { /// Decompress the proof. pub(crate) fn decompress( @@ -191,9 +157,9 @@ impl< challenges: &ProofChallenges, fri_inferred_elements: FriInferredElements, params: &FriParams, - ) -> Proof + ) -> Proof where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { let CompressedProof { wires_cap, @@ -217,31 +183,24 @@ impl< #[serde(bound = "")] pub struct CompressedProofWithPublicInputs< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, > { - pub proof: CompressedProof, + pub proof: CompressedProof, pub public_inputs: Vec, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > CompressedProofWithPublicInputs +impl, C: GenericConfig, const D: usize> + CompressedProofWithPublicInputs { pub fn decompress( self, - circuit_digest: &<>::Hasher as Hasher>::Hash, + circuit_digest: &<>::Hasher as Hasher>::Hash, common_data: &CommonCircuitData, - ) -> anyhow::Result> + ) -> anyhow::Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let challenges = self.get_challenges(self.get_public_inputs_hash(), circuit_digest, common_data)?; @@ -257,12 +216,12 @@ impl< pub(crate) fn verify( self, - verifier_data: &VerifierOnlyCircuitData, + verifier_data: &VerifierOnlyCircuitData, common_data: &CommonCircuitData, ) -> anyhow::Result<()> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { ensure!( self.public_inputs.len() == common_data.num_public_inputs, @@ -278,7 +237,7 @@ impl< let decompressed_proof = self.proof .decompress(&challenges, fri_inferred_elements, &common_data.fri_params); - verify_with_challenges::( + verify_with_challenges::( decompressed_proof, public_inputs_hash, challenges, @@ -289,9 +248,9 @@ impl< pub(crate) fn get_public_inputs_hash( &self, - ) -> <>::InnerHasher as Hasher>::Hash + ) -> <>::InnerHasher as Hasher>::Hash where - [(); HCI::WIDTH]:, + [(); C::HCI::WIDTH]:, { C::InnerHasher::hash_no_pad(&self.public_inputs) } @@ -365,16 +324,16 @@ pub struct OpeningSet, const D: usize> { } impl, const D: usize> OpeningSet { - pub fn new>( + pub fn new>( zeta: F::Extension, g: F::Extension, - constants_sigmas_commitment: &PolynomialBatch, - wires_commitment: &PolynomialBatch, - zs_partial_products_commitment: &PolynomialBatch, - quotient_polys_commitment: &PolynomialBatch, + constants_sigmas_commitment: &PolynomialBatch, + wires_commitment: &PolynomialBatch, + zs_partial_products_commitment: &PolynomialBatch, + quotient_polys_commitment: &PolynomialBatch, common_data: &CommonCircuitData, ) -> Self { - let eval_commitment = |z: F::Extension, c: &PolynomialBatch| { + let eval_commitment = |z: F::Extension, c: &PolynomialBatch| { c.polynomials .par_iter() .map(|p| p.to_extension().eval(z)) @@ -461,16 +420,14 @@ mod tests { use crate::iop::witness::PartialWitness; use crate::plonk::circuit_builder::CircuitBuilder; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use crate::plonk::verifier::verify; #[test] fn test_proof_compression() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let mut config = CircuitConfig::standard_recursion_config(); config.fri_config.reduction_strategy = FriReductionStrategy::Fixed(vec![1, 1]); @@ -491,7 +448,7 @@ mod tests { for _ in 0..100 { builder.add_gate(NoopGate, vec![]); } - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; verify(proof.clone(), &data.verifier_only, &data.common)?; diff --git a/plonky2/src/plonk/prover.rs b/plonky2/src/plonk/prover.rs index a0b6313a..29d9721f 100644 --- a/plonky2/src/plonk/prover.rs +++ b/plonky2/src/plonk/prover.rs @@ -26,23 +26,17 @@ use crate::util::partial_products::{partial_products_and_z_gx, quotient_chunk_pr use crate::util::timing::TimingTree; use crate::util::{ceil_div_usize, log2_ceil, transpose}; -pub fn prove< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, ->( - prover_data: &ProverOnlyCircuitData, +pub fn prove, C: GenericConfig, const D: usize>( + prover_data: &ProverOnlyCircuitData, common_data: &CommonCircuitData, inputs: PartialWitness, timing: &mut TimingTree, -) -> Result> +) -> Result> where - C::Hasher: Hasher, - C::InnerHasher: Hasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: Hasher, + C::InnerHasher: Hasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let config = &common_data.config; let num_challenges = config.num_challenges; @@ -77,7 +71,7 @@ where let wires_commitment = timed!( timing, "compute wires commitment", - PolynomialBatch::::from_values( + PolynomialBatch::::from_values( wires_values, config.fri_config.rate_bits, config.zero_knowledge && PlonkOracle::WIRES.blinding, @@ -87,13 +81,13 @@ where ) ); - let mut challenger = Challenger::::new(); + let mut challenger = Challenger::::new(); // Observe the instance. - challenger.observe_hash::(prover_data.circuit_digest); - challenger.observe_hash::(public_inputs_hash); + challenger.observe_hash::(prover_data.circuit_digest); + challenger.observe_hash::(public_inputs_hash); - challenger.observe_cap::(&wires_commitment.merkle_tree.cap); + challenger.observe_cap::(&wires_commitment.merkle_tree.cap); let betas = challenger.get_n_challenges(num_challenges); let gammas = challenger.get_n_challenges(num_challenges); @@ -117,7 +111,7 @@ where let partial_products_and_zs_commitment = timed!( timing, "commit to partial products and Z's", - PolynomialBatch::::from_values( + PolynomialBatch::::from_values( zs_partial_products, config.fri_config.rate_bits, config.zero_knowledge && PlonkOracle::ZS_PARTIAL_PRODUCTS.blinding, @@ -127,14 +121,15 @@ where ) ); - challenger.observe_cap::(&partial_products_and_zs_commitment.merkle_tree.cap); + challenger + .observe_cap::(&partial_products_and_zs_commitment.merkle_tree.cap); let alphas = challenger.get_n_challenges(num_challenges); let quotient_polys = timed!( timing, "compute quotient polys", - compute_quotient_polys::( + compute_quotient_polys::( common_data, prover_data, &public_inputs_hash, @@ -165,7 +160,7 @@ where let quotient_polys_commitment = timed!( timing, "commit to quotient polys", - PolynomialBatch::::from_coeffs( + PolynomialBatch::::from_coeffs( all_quotient_poly_chunks, config.fri_config.rate_bits, config.zero_knowledge && PlonkOracle::QUOTIENT.blinding, @@ -175,7 +170,7 @@ where ) ); - challenger.observe_cap::("ient_polys_commitment.merkle_tree.cap); + challenger.observe_cap::("ient_polys_commitment.merkle_tree.cap); let zeta = challenger.get_extension_challenge::(); // To avoid leaking witness data, we want to ensure that our opening locations, `zeta` and @@ -190,7 +185,7 @@ where let openings = timed!( timing, "construct the opening set", - OpeningSet::new::( + OpeningSet::new::( zeta, g, &prover_data.constants_sigmas_commitment, @@ -205,7 +200,7 @@ where let opening_proof = timed!( timing, "compute opening proofs", - PolynomialBatch::::prove_openings( + PolynomialBatch::::prove_openings( &common_data.get_fri_instance(zeta), &[ &prover_data.constants_sigmas_commitment, @@ -219,14 +214,14 @@ where ) ); - let proof = Proof:: { + let proof = Proof:: { wires_cap: wires_commitment.merkle_tree.cap, plonk_zs_partial_products_cap: partial_products_and_zs_commitment.merkle_tree.cap, quotient_polys_cap: quotient_polys_commitment.merkle_tree.cap, openings, opening_proof, }; - Ok(ProofWithPublicInputs:: { + Ok(ProofWithPublicInputs:: { proof, public_inputs, }) @@ -235,15 +230,13 @@ where /// Compute the partial products used in the `Z` polynomials. fn all_wires_permutation_partial_products< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( witness: &MatrixWitness, betas: &[F], gammas: &[F], - prover_data: &ProverOnlyCircuitData, + prover_data: &ProverOnlyCircuitData, common_data: &CommonCircuitData, ) -> Vec>> { (0..common_data.config.num_challenges) @@ -264,15 +257,13 @@ fn all_wires_permutation_partial_products< /// where `f, g` are the products in the definition of `Z`: `Z(g^i) = f / g`. fn wires_permutation_partial_products_and_zs< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( witness: &MatrixWitness, beta: F, gamma: F, - prover_data: &ProverOnlyCircuitData, + prover_data: &ProverOnlyCircuitData, common_data: &CommonCircuitData, ) -> Vec> { let degree = common_data.quotient_degree_factor; @@ -328,16 +319,14 @@ const BATCH_SIZE: usize = 32; fn compute_quotient_polys< 'a, F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( common_data: &CommonCircuitData, - prover_data: &'a ProverOnlyCircuitData, - public_inputs_hash: &<>::InnerHasher as Hasher>::Hash, - wires_commitment: &'a PolynomialBatch, - zs_partial_products_commitment: &'a PolynomialBatch, + prover_data: &'a ProverOnlyCircuitData, + public_inputs_hash: &<>::InnerHasher as Hasher>::Hash, + wires_commitment: &'a PolynomialBatch, + zs_partial_products_commitment: &'a PolynomialBatch, betas: &[F], gammas: &[F], alphas: &[F], diff --git a/plonky2/src/plonk/validate_shape.rs b/plonky2/src/plonk/validate_shape.rs index 13005cc5..0b4bf4a8 100644 --- a/plonky2/src/plonk/validate_shape.rs +++ b/plonky2/src/plonk/validate_shape.rs @@ -2,20 +2,17 @@ use anyhow::ensure; use crate::field::extension::Extendable; use crate::hash::hash_types::RichField; -use crate::hash::hashing::HashConfig; use crate::plonk::circuit_data::CommonCircuitData; use crate::plonk::config::GenericConfig; use crate::plonk::proof::{OpeningSet, Proof, ProofWithPublicInputs}; -pub(crate) fn validate_proof_with_pis_shape( - proof_with_pis: &ProofWithPublicInputs, +pub(crate) fn validate_proof_with_pis_shape( + proof_with_pis: &ProofWithPublicInputs, common_data: &CommonCircuitData, ) -> anyhow::Result<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let ProofWithPublicInputs { proof, @@ -29,15 +26,13 @@ where Ok(()) } -fn validate_proof_shape( - proof: &Proof, +fn validate_proof_shape( + proof: &Proof, common_data: &CommonCircuitData, ) -> anyhow::Result<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let config = &common_data.config; let Proof { diff --git a/plonky2/src/plonk/verifier.rs b/plonky2/src/plonk/verifier.rs index 1417aeff..4c4905df 100644 --- a/plonky2/src/plonk/verifier.rs +++ b/plonky2/src/plonk/verifier.rs @@ -13,20 +13,14 @@ use crate::plonk::validate_shape::validate_proof_with_pis_shape; use crate::plonk::vanishing_poly::eval_vanishing_poly; use crate::plonk::vars::EvaluationVars; -pub(crate) fn verify< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, ->( - proof_with_pis: ProofWithPublicInputs, - verifier_data: &VerifierOnlyCircuitData, +pub(crate) fn verify, C: GenericConfig, const D: usize>( + proof_with_pis: ProofWithPublicInputs, + verifier_data: &VerifierOnlyCircuitData, common_data: &CommonCircuitData, ) -> Result<()> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { validate_proof_with_pis_shape(&proof_with_pis, common_data)?; @@ -37,7 +31,7 @@ where common_data, )?; - verify_with_challenges::( + verify_with_challenges::( proof_with_pis.proof, public_inputs_hash, challenges, @@ -48,19 +42,17 @@ where pub(crate) fn verify_with_challenges< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( - proof: Proof, - public_inputs_hash: <>::InnerHasher as Hasher>::Hash, + proof: Proof, + public_inputs_hash: <>::InnerHasher as Hasher>::Hash, challenges: ProofChallenges, - verifier_data: &VerifierOnlyCircuitData, + verifier_data: &VerifierOnlyCircuitData, common_data: &CommonCircuitData, ) -> Result<()> where - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { let local_constants = &proof.openings.constants; let local_wires = &proof.openings.wires; @@ -113,7 +105,7 @@ where proof.quotient_polys_cap, ]; - verify_fri_proof::( + verify_fri_proof::( &common_data.get_fri_instance(challenges.plonk_zeta), &proof.openings.to_fri_openings(), &challenges.fri_challenges, diff --git a/plonky2/src/recursion/conditional_recursive_verifier.rs b/plonky2/src/recursion/conditional_recursive_verifier.rs index 5d7151be..20eaf493 100644 --- a/plonky2/src/recursion/conditional_recursive_verifier.rs +++ b/plonky2/src/recursion/conditional_recursive_verifier.rs @@ -21,11 +21,7 @@ use crate::with_context; impl, const D: usize> CircuitBuilder { /// Verify `proof0` if `condition` else verify `proof1`. /// `proof0` and `proof1` are assumed to use the same `CommonCircuitData`. - pub fn conditionally_verify_proof< - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - >( + pub fn conditionally_verify_proof>( &mut self, condition: BoolTarget, proof_with_pis0: &ProofWithPublicInputsTarget, @@ -34,9 +30,9 @@ impl, const D: usize> CircuitBuilder { inner_verifier_data1: &VerifierCircuitTarget, inner_common_data: &CommonCircuitData, ) where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let selected_proof = self.select_proof_with_pis(condition, proof_with_pis0, proof_with_pis1); @@ -53,19 +49,11 @@ impl, const D: usize> CircuitBuilder { ), }; - self.verify_proof::( - &selected_proof, - &selected_verifier_data, - inner_common_data, - ); + self.verify_proof::(&selected_proof, &selected_verifier_data, inner_common_data); } /// Conditionally verify a proof with a new generated dummy proof. - pub fn conditionally_verify_proof_or_dummy< - HCO, - HCI, - C: GenericConfig + 'static, - >( + pub fn conditionally_verify_proof_or_dummy + 'static>( &mut self, condition: BoolTarget, proof_with_pis: &ProofWithPublicInputsTarget, @@ -73,15 +61,13 @@ impl, const D: usize> CircuitBuilder { inner_common_data: &CommonCircuitData, ) -> anyhow::Result<()> where - HCO: HashConfig + 'static, - HCI: HashConfig + 'static, - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let (dummy_proof_with_pis_target, dummy_verifier_data_target) = - self.dummy_proof_and_vk::(inner_common_data)?; - self.conditionally_verify_proof::( + self.dummy_proof_and_vk::(inner_common_data)?; + self.conditionally_verify_proof::( condition, proof_with_pis, inner_verifier_data, @@ -361,7 +347,7 @@ mod tests { use crate::gates::noop::NoopGate; use crate::iop::witness::{PartialWitness, WitnessWrite}; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use crate::recursion::dummy_circuit::{dummy_circuit, dummy_proof}; #[test] @@ -369,9 +355,7 @@ mod tests { init_logger(); const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_config(); // Generate proof. @@ -384,7 +368,7 @@ mod tests { for _ in 0..64 { builder.add_gate(NoopGate, vec![]); } - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; data.verify(proof.clone())?; @@ -398,7 +382,7 @@ mod tests { let pt = builder.add_virtual_proof_with_pis(&data.common); pw.set_proof_with_pis_target(&pt, &proof); let dummy_pt = builder.add_virtual_proof_with_pis(&data.common); - pw.set_proof_with_pis_target::(&dummy_pt, &dummy_proof); + pw.set_proof_with_pis_target::(&dummy_pt, &dummy_proof); let inner_data = builder.add_virtual_verifier_data(data.common.config.fri_config.cap_height); pw.set_verifier_data_target(&inner_data, &data.verifier_only); @@ -406,7 +390,7 @@ mod tests { builder.add_virtual_verifier_data(data.common.config.fri_config.cap_height); pw.set_verifier_data_target(&dummy_inner_data, &dummy_data.verifier_only); let b = builder.constant_bool(F::rand().0 % 2 == 0); - builder.conditionally_verify_proof::( + builder.conditionally_verify_proof::( b, &pt, &inner_data, @@ -416,7 +400,7 @@ mod tests { ); builder.print_gate_counts(100); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; data.verify(proof) } diff --git a/plonky2/src/recursion/cyclic_recursion.rs b/plonky2/src/recursion/cyclic_recursion.rs index b0f49a8b..c973ba60 100644 --- a/plonky2/src/recursion/cyclic_recursion.rs +++ b/plonky2/src/recursion/cyclic_recursion.rs @@ -14,12 +14,10 @@ use crate::plonk::circuit_data::{ use crate::plonk::config::{AlgebraicHasher, GenericConfig}; use crate::plonk::proof::{ProofWithPublicInputs, ProofWithPublicInputsTarget}; -impl, const D: usize> - VerifierOnlyCircuitData -{ +impl, const D: usize> VerifierOnlyCircuitData { fn from_slice(slice: &[C::F], common_data: &CommonCircuitData) -> Result where - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, { // The structure of the public inputs is `[..., circuit_digest, constants_sigmas_cap]`. let cap_len = common_data.config.fri_config.num_cap_elements(); @@ -82,11 +80,7 @@ impl, const D: usize> CircuitBuilder { /// that the verification key matches. /// /// WARNING: Do not register any public input after calling this! TODO: relax this - pub fn conditionally_verify_cyclic_proof< - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - >( + pub fn conditionally_verify_cyclic_proof>( &mut self, condition: BoolTarget, cyclic_proof_with_pis: &ProofWithPublicInputsTarget, @@ -95,9 +89,9 @@ impl, const D: usize> CircuitBuilder { common_data: &CommonCircuitData, ) -> Result<()> where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let verifier_data = self .verifier_data_public_input @@ -125,7 +119,7 @@ impl, const D: usize> CircuitBuilder { ); // Verify the cyclic proof if `condition` is set to true, otherwise verify the other proof. - self.conditionally_verify_proof::( + self.conditionally_verify_proof::( condition, cyclic_proof_with_pis, &verifier_data, @@ -142,26 +136,20 @@ impl, const D: usize> CircuitBuilder { Ok(()) } - pub fn conditionally_verify_cyclic_proof_or_dummy< - HCO, - HCI, - C: GenericConfig + 'static, - >( + pub fn conditionally_verify_cyclic_proof_or_dummy + 'static>( &mut self, condition: BoolTarget, cyclic_proof_with_pis: &ProofWithPublicInputsTarget, common_data: &CommonCircuitData, ) -> Result<()> where - HCO: HashConfig + 'static, - HCI: HashConfig + 'static, - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let (dummy_proof_with_pis_target, dummy_verifier_data_target) = - self.dummy_proof_and_vk::(common_data)?; - self.conditionally_verify_cyclic_proof::( + self.dummy_proof_and_vk::(common_data)?; + self.conditionally_verify_cyclic_proof::( condition, cyclic_proof_with_pis, &dummy_proof_with_pis_target, @@ -176,22 +164,19 @@ impl, const D: usize> CircuitBuilder { /// Checks that the purported verifier data in the public inputs match the real verifier data. pub fn check_cyclic_proof_verifier_data< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( - proof: &ProofWithPublicInputs, - verifier_data: &VerifierOnlyCircuitData, + proof: &ProofWithPublicInputs, + verifier_data: &VerifierOnlyCircuitData, common_data: &CommonCircuitData, ) -> Result<()> where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { - let pis = - VerifierOnlyCircuitData::::from_slice(&proof.public_inputs, common_data)?; + let pis = VerifierOnlyCircuitData::::from_slice(&proof.public_inputs, common_data)?; ensure!(verifier_data.constants_sigmas_cap == pis.constants_sigmas_cap); ensure!(verifier_data.circuit_digest == pis.circuit_digest); @@ -220,37 +205,35 @@ mod tests { // Generates `CommonCircuitData` usable for recursion. fn common_data_for_recursion< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >() -> CommonCircuitData where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let config = CircuitConfig::standard_recursion_config(); let builder = CircuitBuilder::::new(config); - let data = builder.build::(); + let data = builder.build::(); let config = CircuitConfig::standard_recursion_config(); let mut builder = CircuitBuilder::::new(config); let proof = builder.add_virtual_proof_with_pis(&data.common); let verifier_data = builder.add_virtual_verifier_data(data.common.config.fri_config.cap_height); - builder.verify_proof::(&proof, &verifier_data, &data.common); - let data = builder.build::(); + builder.verify_proof::(&proof, &verifier_data, &data.common); + let data = builder.build::(); let config = CircuitConfig::standard_recursion_config(); let mut builder = CircuitBuilder::::new(config); let proof = builder.add_virtual_proof_with_pis(&data.common); let verifier_data = builder.add_virtual_verifier_data(data.common.config.fri_config.cap_height); - builder.verify_proof::(&proof, &verifier_data, &data.common); + builder.verify_proof::(&proof, &verifier_data, &data.common); while builder.num_gates() < 1 << 12 { builder.add_gate(NoopGate, vec![]); } - builder.build::().common + builder.build::().common } /// Uses cyclic recursion to build a hash chain. @@ -263,9 +246,7 @@ mod tests { fn test_cyclic_recursion() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_config(); let mut builder = CircuitBuilder::::new(config); @@ -281,7 +262,7 @@ mod tests { builder.register_public_inputs(¤t_hash_out.elements); let counter = builder.add_virtual_public_input(); - let mut common_data = common_data_for_recursion::(); + let mut common_data = common_data_for_recursion::(); let verifier_data_target = builder.add_verifier_data_public_inputs(); common_data.num_public_inputs = builder.num_public_inputs(); @@ -308,19 +289,19 @@ mod tests { let new_counter = builder.mul_add(condition.target, inner_cyclic_counter, one); builder.connect(counter, new_counter); - builder.conditionally_verify_cyclic_proof_or_dummy::( + builder.conditionally_verify_cyclic_proof_or_dummy::( condition, &inner_cyclic_proof_with_pis, &common_data, )?; - let cyclic_circuit_data = builder.build::(); + let cyclic_circuit_data = builder.build::(); let mut pw = PartialWitness::new(); let initial_hash = [F::ZERO, F::ONE, F::TWO, F::from_canonical_usize(3)]; let initial_hash_pis = initial_hash.into_iter().enumerate().collect(); pw.set_bool_target(condition, false); - pw.set_proof_with_pis_target::( + pw.set_proof_with_pis_target::( &inner_cyclic_proof_with_pis, &cyclic_base_proof( &common_data, diff --git a/plonky2/src/recursion/dummy_circuit.rs b/plonky2/src/recursion/dummy_circuit.rs index 1de83247..b0536b9c 100644 --- a/plonky2/src/recursion/dummy_circuit.rs +++ b/plonky2/src/recursion/dummy_circuit.rs @@ -23,19 +23,17 @@ use crate::plonk::proof::{ProofWithPublicInputs, ProofWithPublicInputsTarget}; /// public inputs which encode the cyclic verification key must be set properly, and this method /// takes care of that. It also allows the user to specify any other public inputs which should be /// set in this base proof. -pub fn cyclic_base_proof( +pub fn cyclic_base_proof( common_data: &CommonCircuitData, - verifier_data: &VerifierOnlyCircuitData, + verifier_data: &VerifierOnlyCircuitData, mut nonzero_public_inputs: HashMap, -) -> ProofWithPublicInputs +) -> ProofWithPublicInputs where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C: GenericConfig, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let pis_len = common_data.num_public_inputs; let cap_elements = common_data.config.fri_config.num_cap_elements(); @@ -51,8 +49,8 @@ where // TODO: A bit wasteful to build a dummy circuit here. We could potentially use a proof that // just consists of zeros, apart from public inputs. - dummy_proof::( - &dummy_circuit::(common_data), + dummy_proof::( + &dummy_circuit::(common_data), nonzero_public_inputs, ) .unwrap() @@ -63,17 +61,15 @@ where /// The rest will default to zero. pub(crate) fn dummy_proof< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( - circuit: &CircuitData, + circuit: &CircuitData, nonzero_public_inputs: HashMap, -) -> anyhow::Result> +) -> anyhow::Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let mut pw = PartialWitness::new(); for i in 0..circuit.common.num_public_inputs { @@ -86,16 +82,14 @@ where /// Generate a circuit matching a given `CommonCircuitData`. pub(crate) fn dummy_circuit< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( common_data: &CommonCircuitData, -) -> CircuitData +) -> CircuitData where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let config = common_data.config.clone(); assert!( @@ -119,26 +113,23 @@ where builder.add_virtual_public_input(); } - let circuit = builder.build::(); + let circuit = builder.build::(); assert_eq!(&circuit.common, common_data); circuit } impl, const D: usize> CircuitBuilder { - pub(crate) fn dummy_proof_and_vk + 'static>( + pub(crate) fn dummy_proof_and_vk + 'static>( &mut self, common_data: &CommonCircuitData, ) -> anyhow::Result<(ProofWithPublicInputsTarget, VerifierCircuitTarget)> where - HCO: HashConfig + 'static, - HCI: HashConfig + 'static, - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { - let dummy_circuit = dummy_circuit::(common_data); - let dummy_proof_with_pis = - dummy_proof::(&dummy_circuit, HashMap::new())?; + let dummy_circuit = dummy_circuit::(common_data); + let dummy_proof_with_pis = dummy_proof::(&dummy_circuit, HashMap::new())?; let dummy_proof_with_pis_target = self.add_virtual_proof_with_pis(common_data); let dummy_verifier_data_target = self.add_virtual_verifier_data(self.config.fri_config.cap_height); @@ -155,26 +146,22 @@ impl, const D: usize> CircuitBuilder { } #[derive(Debug)] -pub(crate) struct DummyProofGenerator +pub(crate) struct DummyProofGenerator where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { pub(crate) proof_with_pis_target: ProofWithPublicInputsTarget, - pub(crate) proof_with_pis: ProofWithPublicInputs, + pub(crate) proof_with_pis: ProofWithPublicInputs, pub(crate) verifier_data_target: VerifierCircuitTarget, - pub(crate) verifier_data: VerifierOnlyCircuitData, + pub(crate) verifier_data: VerifierOnlyCircuitData, } -impl SimpleGenerator for DummyProofGenerator +impl SimpleGenerator for DummyProofGenerator where F: RichField + Extendable, - HCO: HashConfig + 'static, - HCI: HashConfig + 'static, - C: GenericConfig + 'static, - C::Hasher: AlgebraicHasher, + C: GenericConfig + 'static, + C::Hasher: AlgebraicHasher, { fn dependencies(&self) -> Vec { vec![] diff --git a/plonky2/src/recursion/recursive_verifier.rs b/plonky2/src/recursion/recursive_verifier.rs index e611abb1..240c8c1a 100644 --- a/plonky2/src/recursion/recursive_verifier.rs +++ b/plonky2/src/recursion/recursive_verifier.rs @@ -15,30 +15,30 @@ use crate::with_context; impl, const D: usize> CircuitBuilder { /// Recursively verifies an inner proof. - pub fn verify_proof>( + pub fn verify_proof>( &mut self, proof_with_pis: &ProofWithPublicInputsTarget, inner_verifier_data: &VerifierCircuitTarget, inner_common_data: &CommonCircuitData, ) where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { assert_eq!( proof_with_pis.public_inputs.len(), inner_common_data.num_public_inputs ); - let public_inputs_hash = - self.hash_n_to_hash_no_pad::(proof_with_pis.public_inputs.clone()); - let challenges = proof_with_pis.get_challenges::( + let public_inputs_hash = self + .hash_n_to_hash_no_pad::(proof_with_pis.public_inputs.clone()); + let challenges = proof_with_pis.get_challenges::( self, public_inputs_hash, inner_verifier_data.circuit_digest, inner_common_data, ); - self.verify_proof_with_challenges::( + self.verify_proof_with_challenges::( &proof_with_pis.proof, public_inputs_hash, challenges, @@ -48,11 +48,7 @@ impl, const D: usize> CircuitBuilder { } /// Recursively verifies an inner proof. - fn verify_proof_with_challenges< - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - >( + fn verify_proof_with_challenges>( &mut self, proof: &ProofTarget, public_inputs_hash: HashOutTarget, @@ -60,8 +56,8 @@ impl, const D: usize> CircuitBuilder { inner_verifier_data: &VerifierCircuitTarget, inner_common_data: &CommonCircuitData, ) where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, { let one = self.one_extension(); @@ -123,7 +119,7 @@ impl, const D: usize> CircuitBuilder { with_context!( self, "verify FRI proof", - self.verify_fri_proof::( + self.verify_fri_proof::( &fri_instance, &proof.openings.to_fri_openings(), &challenges.fri_challenges, @@ -195,10 +191,7 @@ mod tests { use crate::gates::noop::NoopGate; use crate::iop::witness::{PartialWitness, WitnessWrite}; use crate::plonk::circuit_data::{CircuitConfig, VerifierOnlyCircuitData}; - use crate::plonk::config::{ - GenericConfig, KeccakGoldilocksConfig, KeccakHashConfig, PoseidonGoldilocksConfig, - PoseidonHashConfig, - }; + use crate::plonk::config::{GenericConfig, KeccakGoldilocksConfig, PoseidonGoldilocksConfig}; use crate::plonk::proof::{CompressedProofWithPublicInputs, ProofWithPublicInputs}; use crate::plonk::prover::prove; use crate::util::timing::TimingTree; @@ -208,15 +201,12 @@ mod tests { init_logger(); const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_zk_config(); - let (proof, vd, cd) = dummy_proof::(&config, 4_000)?; - let (proof, vd, cd) = recursive_proof::( - proof, vd, cd, &config, None, true, true, - )?; + let (proof, vd, cd) = dummy_proof::(&config, 4_000)?; + let (proof, vd, cd) = + recursive_proof::(proof, vd, cd, &config, None, true, true)?; test_serialization(&proof, &vd, &cd)?; Ok(()) @@ -227,32 +217,22 @@ mod tests { init_logger(); const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_config(); // Start with a degree 2^14 proof - let (proof, vd, cd) = dummy_proof::(&config, 16_000)?; + let (proof, vd, cd) = dummy_proof::(&config, 16_000)?; assert_eq!(cd.degree_bits(), 14); // Shrink it to 2^13. - let (proof, vd, cd) = recursive_proof::( - proof, - vd, - cd, - &config, - Some(13), - false, - false, - )?; + let (proof, vd, cd) = + recursive_proof::(proof, vd, cd, &config, Some(13), false, false)?; assert_eq!(cd.degree_bits(), 13); // Shrink it to 2^12. - let (proof, vd, cd) = recursive_proof::( - proof, vd, cd, &config, None, true, true, - )?; + let (proof, vd, cd) = + recursive_proof::(proof, vd, cd, &config, None, true, true)?; assert_eq!(cd.degree_bits(), 12); test_serialization(&proof, &vd, &cd)?; @@ -269,28 +249,17 @@ mod tests { const D: usize = 2; type C = PoseidonGoldilocksConfig; type KC = KeccakGoldilocksConfig; - type HCCO = PoseidonHashConfig; - type HCCI = HCCO; - type HCKCO = KeccakHashConfig; - type HCKCI = HCCI; - type F = >::F; + type F = >::F; let standard_config = CircuitConfig::standard_recursion_config(); // An initial dummy proof. - let (proof, vd, cd) = dummy_proof::(&standard_config, 4_000)?; + let (proof, vd, cd) = dummy_proof::(&standard_config, 4_000)?; assert_eq!(cd.degree_bits(), 12); // A standard recursive proof. - let (proof, vd, cd) = recursive_proof::( - proof, - vd, - cd, - &standard_config, - None, - false, - false, - )?; + let (proof, vd, cd) = + recursive_proof::(proof, vd, cd, &standard_config, None, false, false)?; assert_eq!(cd.degree_bits(), 12); // A high-rate recursive proof, designed to be verifiable with fewer routed wires. @@ -303,15 +272,8 @@ mod tests { }, ..standard_config }; - let (proof, vd, cd) = recursive_proof::( - proof, - vd, - cd, - &high_rate_config, - None, - true, - true, - )?; + let (proof, vd, cd) = + recursive_proof::(proof, vd, cd, &high_rate_config, None, true, true)?; assert_eq!(cd.degree_bits(), 12); // A final proof, optimized for size. @@ -326,15 +288,8 @@ mod tests { }, ..high_rate_config }; - let (proof, vd, cd) = recursive_proof::( - proof, - vd, - cd, - &final_config, - None, - true, - true, - )?; + let (proof, vd, cd) = + recursive_proof::(proof, vd, cd, &final_config, None, true, true)?; assert_eq!(cd.degree_bits(), 12, "final proof too large"); test_serialization(&proof, &vd, &cd)?; @@ -348,55 +303,43 @@ mod tests { const D: usize = 2; type PC = PoseidonGoldilocksConfig; type KC = KeccakGoldilocksConfig; - type HCCO = PoseidonHashConfig; - type HCCI = HCCO; - type HCKCO = KeccakHashConfig; - type HCKCI = HCCI; - type F = >::F; + type F = >::F; let config = CircuitConfig::standard_recursion_config(); - let (proof, vd, cd) = dummy_proof::(&config, 4_000)?; + let (proof, vd, cd) = dummy_proof::(&config, 4_000)?; - let (proof, vd, cd) = recursive_proof::( - proof, vd, cd, &config, None, false, false, - )?; + let (proof, vd, cd) = + recursive_proof::(proof, vd, cd, &config, None, false, false)?; test_serialization(&proof, &vd, &cd)?; - let (proof, vd, cd) = recursive_proof::( - proof, vd, cd, &config, None, false, false, - )?; + let (proof, vd, cd) = + recursive_proof::(proof, vd, cd, &config, None, false, false)?; test_serialization(&proof, &vd, &cd)?; Ok(()) } - type Proof = ( - ProofWithPublicInputs, - VerifierOnlyCircuitData, + type Proof = ( + ProofWithPublicInputs, + VerifierOnlyCircuitData, CommonCircuitData, ); /// Creates a dummy proof which should have roughly `num_dummy_gates` gates. - fn dummy_proof< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - >( + fn dummy_proof, C: GenericConfig, const D: usize>( config: &CircuitConfig, num_dummy_gates: u64, - ) -> Result> + ) -> Result> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let mut builder = CircuitBuilder::::new(config.clone()); for _ in 0..num_dummy_gates { builder.add_gate(NoopGate, vec![]); } - let data = builder.build::(); + let data = builder.build::(); let inputs = PartialWitness::new(); let proof = data.prove(inputs)?; data.verify(proof.clone())?; @@ -406,28 +349,24 @@ mod tests { fn recursive_proof< F: RichField + Extendable, - HCOO: HashConfig, - HCOI: HashConfig, - HCIO: HashConfig, - HCII: HashConfig, - C: GenericConfig, - InnerC: GenericConfig, + C: GenericConfig, + InnerC: GenericConfig, const D: usize, >( - inner_proof: ProofWithPublicInputs, - inner_vd: VerifierOnlyCircuitData, + inner_proof: ProofWithPublicInputs, + inner_vd: VerifierOnlyCircuitData, inner_cd: CommonCircuitData, config: &CircuitConfig, min_degree_bits: Option, print_gate_counts: bool, print_timing: bool, - ) -> Result> + ) -> Result> where - InnerC::Hasher: AlgebraicHasher, - [(); HCOO::WIDTH]:, - [(); HCOI::WIDTH]:, - [(); HCIO::WIDTH]:, - [(); HCII::WIDTH]:, + InnerC::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, + [(); InnerC::HCO::WIDTH]:, + [(); InnerC::HCI::WIDTH]:, { let mut builder = CircuitBuilder::::new(config.clone()); let mut pw = PartialWitness::new(); @@ -441,7 +380,7 @@ mod tests { ); pw.set_hash_target(inner_data.circuit_digest, inner_vd.circuit_digest); - builder.verify_proof::(&pt, &inner_data, &inner_cd); + builder.verify_proof::(&pt, &inner_data, &inner_cd); if print_gate_counts { builder.print_gate_counts(0); @@ -457,7 +396,7 @@ mod tests { } } - let data = builder.build::(); + let data = builder.build::(); let mut timing = TimingTree::new("prove", Level::Debug); let proof = prove(&data.prover_only, &data.common, pw, &mut timing)?; @@ -473,18 +412,16 @@ mod tests { /// Test serialization and print some size info. fn test_serialization< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, >( - proof: &ProofWithPublicInputs, - vd: &VerifierOnlyCircuitData, + proof: &ProofWithPublicInputs, + vd: &VerifierOnlyCircuitData, cd: &CommonCircuitData, ) -> Result<()> where - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let proof_bytes = proof.to_bytes(); info!("Proof length: {} bytes", proof_bytes.len()); diff --git a/plonky2/src/util/reducing.rs b/plonky2/src/util/reducing.rs index 9bf4326b..aaf905d5 100644 --- a/plonky2/src/util/reducing.rs +++ b/plonky2/src/util/reducing.rs @@ -280,16 +280,14 @@ mod tests { use crate::field::types::Sample; use crate::iop::witness::{PartialWitness, WitnessWrite}; use crate::plonk::circuit_data::CircuitConfig; - use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig}; + use crate::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use crate::plonk::verifier::verify; fn test_reduce_gadget_base(n: usize) -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; let config = CircuitConfig::standard_recursion_config(); @@ -311,7 +309,7 @@ mod tests { builder.connect_extension(manual_reduce, circuit_reduce); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; verify(proof, &data.verifier_only, &data.common) @@ -320,10 +318,8 @@ mod tests { fn test_reduce_gadget(n: usize) -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; - type FF = >::FE; + type F = >::F; + type FF = >::FE; let config = CircuitConfig::standard_recursion_config(); @@ -343,7 +339,7 @@ mod tests { builder.connect_extension(manual_reduce, circuit_reduce); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; verify(proof, &data.verifier_only, &data.common) diff --git a/plonky2/src/util/serialization.rs b/plonky2/src/util/serialization.rs index cf33caa5..5ef93835 100644 --- a/plonky2/src/util/serialization.rs +++ b/plonky2/src/util/serialization.rs @@ -149,15 +149,13 @@ pub trait Read { /// Reads a value of type [`OpeningSet`] from `self` with the given `common_data`. #[inline] - fn read_opening_set( + fn read_opening_set( &mut self, common_data: &CommonCircuitData, ) -> IoResult> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let config = &common_data.config; let constants = self.read_field_ext_vec::(common_data.num_constants)?; @@ -199,15 +197,13 @@ pub trait Read { /// Reads a value of type [`FriInitialTreeProof`] from `self` with the given `common_data`. #[inline] - fn read_fri_initial_proof( + fn read_fri_initial_proof( &mut self, common_data: &CommonCircuitData, - ) -> IoResult> + ) -> IoResult> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let config = &common_data.config; let salt = salt_size(common_data.fri_params.hiding); @@ -239,16 +235,14 @@ pub trait Read { /// Reads a value of type [`FriQueryStep`] from `self` with the given `arity` and `compressed` /// flag. #[inline] - fn read_fri_query_step( + fn read_fri_query_step( &mut self, arity: usize, compressed: bool, - ) -> IoResult> + ) -> IoResult> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let evals = self.read_field_ext_vec::(arity - usize::from(compressed))?; let merkle_proof = self.read_merkle_proof()?; @@ -260,26 +254,24 @@ pub trait Read { /// Reads a vector of [`FriQueryRound`]s from `self` with `common_data`. #[inline] - fn read_fri_query_rounds( + #[allow(clippy::type_complexity)] + fn read_fri_query_rounds( &mut self, common_data: &CommonCircuitData, - ) -> IoResult>> + ) -> IoResult>> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let config = &common_data.config; let mut fqrs = Vec::with_capacity(config.fri_config.num_query_rounds); for _ in 0..config.fri_config.num_query_rounds { - let initial_trees_proof = - self.read_fri_initial_proof::(common_data)?; + let initial_trees_proof = self.read_fri_initial_proof::(common_data)?; let steps = common_data .fri_params .reduction_arity_bits .iter() - .map(|&ar| self.read_fri_query_step::(1 << ar, false)) + .map(|&ar| self.read_fri_query_step::(1 << ar, false)) .collect::>()?; fqrs.push(FriQueryRound { initial_trees_proof, @@ -291,21 +283,19 @@ pub trait Read { /// Reads a value of type [`FriProof`] from `self` with `common_data`. #[inline] - fn read_fri_proof( + fn read_fri_proof( &mut self, common_data: &CommonCircuitData, - ) -> IoResult> + ) -> IoResult> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let config = &common_data.config; let commit_phase_merkle_caps = (0..common_data.fri_params.reduction_arity_bits.len()) .map(|_| self.read_merkle_cap(config.fri_config.cap_height)) .collect::, _>>()?; - let query_round_proofs = self.read_fri_query_rounds::(common_data)?; + let query_round_proofs = self.read_fri_query_rounds::(common_data)?; let final_poly = PolynomialCoeffs::new( self.read_field_ext_vec::(common_data.fri_params.final_poly_len())?, ); @@ -320,22 +310,20 @@ pub trait Read { /// Reads a value of type [`Proof`] from `self` with `common_data`. #[inline] - fn read_proof( + fn read_proof( &mut self, common_data: &CommonCircuitData, - ) -> IoResult> + ) -> IoResult> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let config = &common_data.config; let wires_cap = self.read_merkle_cap(config.fri_config.cap_height)?; let plonk_zs_partial_products_cap = self.read_merkle_cap(config.fri_config.cap_height)?; let quotient_polys_cap = self.read_merkle_cap(config.fri_config.cap_height)?; - let openings = self.read_opening_set::(common_data)?; - let opening_proof = self.read_fri_proof::(common_data)?; + let openings = self.read_opening_set::(common_data)?; + let opening_proof = self.read_fri_proof::(common_data)?; Ok(Proof { wires_cap, plonk_zs_partial_products_cap, @@ -347,16 +335,14 @@ pub trait Read { /// Reads a value of type [`ProofWithPublicInputs`] from `self` with `common_data`. #[inline] - fn read_proof_with_public_inputs( + fn read_proof_with_public_inputs( &mut self, common_data: &CommonCircuitData, - ) -> IoResult> + ) -> IoResult> where Self: Remaining, F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let proof = self.read_proof(common_data)?; let public_inputs = self.read_field_vec(self.remaining() / size_of::())?; @@ -368,15 +354,13 @@ pub trait Read { /// Reads a value of type [`CompressedFriQueryRounds`] from `self` with `common_data`. #[inline] - fn read_compressed_fri_query_rounds( + fn read_compressed_fri_query_rounds( &mut self, common_data: &CommonCircuitData, - ) -> IoResult> + ) -> IoResult> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let config = &common_data.config; let original_indices = (0..config.fri_config.num_query_rounds) @@ -387,10 +371,7 @@ pub trait Read { indices.dedup(); let mut pairs = Vec::new(); for &i in &indices { - pairs.push(( - i, - self.read_fri_initial_proof::(common_data)?, - )); + pairs.push((i, self.read_fri_initial_proof::(common_data)?)); } let initial_trees_proofs = HashMap::from_iter(pairs); @@ -401,7 +382,7 @@ pub trait Read { }); indices.dedup(); let query_steps = (0..indices.len()) - .map(|_| self.read_fri_query_step::(1 << a, true)) + .map(|_| self.read_fri_query_step::(1 << a, true)) .collect::, _>>()?; steps.push( indices @@ -421,22 +402,19 @@ pub trait Read { /// Reads a value of type [`CompressedFriProof`] from `self` with `common_data`. #[inline] - fn read_compressed_fri_proof( + fn read_compressed_fri_proof( &mut self, common_data: &CommonCircuitData, - ) -> IoResult> + ) -> IoResult> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let config = &common_data.config; let commit_phase_merkle_caps = (0..common_data.fri_params.reduction_arity_bits.len()) .map(|_| self.read_merkle_cap(config.fri_config.cap_height)) .collect::, _>>()?; - let query_round_proofs = - self.read_compressed_fri_query_rounds::(common_data)?; + let query_round_proofs = self.read_compressed_fri_query_rounds::(common_data)?; let final_poly = PolynomialCoeffs::new( self.read_field_ext_vec::(common_data.fri_params.final_poly_len())?, ); @@ -451,22 +429,20 @@ pub trait Read { /// Reads a value of type [`CompressedProof`] from `self` with `common_data`. #[inline] - fn read_compressed_proof( + fn read_compressed_proof( &mut self, common_data: &CommonCircuitData, - ) -> IoResult> + ) -> IoResult> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let config = &common_data.config; let wires_cap = self.read_merkle_cap(config.fri_config.cap_height)?; let plonk_zs_partial_products_cap = self.read_merkle_cap(config.fri_config.cap_height)?; let quotient_polys_cap = self.read_merkle_cap(config.fri_config.cap_height)?; - let openings = self.read_opening_set::(common_data)?; - let opening_proof = self.read_compressed_fri_proof::(common_data)?; + let openings = self.read_opening_set::(common_data)?; + let opening_proof = self.read_compressed_fri_proof::(common_data)?; Ok(CompressedProof { wires_cap, plonk_zs_partial_products_cap, @@ -478,16 +454,14 @@ pub trait Read { /// Reads a value of type [`CompressedProofWithPublicInputs`] from `self` with `common_data`. #[inline] - fn read_compressed_proof_with_public_inputs( + fn read_compressed_proof_with_public_inputs( &mut self, common_data: &CommonCircuitData, - ) -> IoResult> + ) -> IoResult> where Self: Remaining, F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let proof = self.read_compressed_proof(common_data)?; let public_inputs = self.read_field_vec(self.remaining() / size_of::())?; @@ -625,15 +599,13 @@ pub trait Write { /// Writes a value `fitp` of type [`FriInitialTreeProof`] to `self.` #[inline] - fn write_fri_initial_proof( + fn write_fri_initial_proof( &mut self, - fitp: &FriInitialTreeProof, + fitp: &FriInitialTreeProof, ) -> IoResult<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { for (v, p) in &fitp.evals_proofs { self.write_field_vec(v)?; @@ -644,15 +616,13 @@ pub trait Write { /// Writes a value `fqs` of type [`FriQueryStep`] to `self.` #[inline] - fn write_fri_query_step( + fn write_fri_query_step( &mut self, - fqs: &FriQueryStep, + fqs: &FriQueryStep, ) -> IoResult<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { self.write_field_ext_vec::(&fqs.evals)?; self.write_merkle_proof(&fqs.merkle_proof) @@ -660,20 +630,18 @@ pub trait Write { /// Writes a value `fqrs` of type [`FriQueryRound`] to `self.` #[inline] - fn write_fri_query_rounds( + fn write_fri_query_rounds( &mut self, - fqrs: &[FriQueryRound], + fqrs: &[FriQueryRound], ) -> IoResult<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { for fqr in fqrs { - self.write_fri_initial_proof::(&fqr.initial_trees_proof)?; + self.write_fri_initial_proof::(&fqr.initial_trees_proof)?; for fqs in &fqr.steps { - self.write_fri_query_step::(fqs)?; + self.write_fri_query_step::(fqs)?; } } Ok(()) @@ -681,54 +649,45 @@ pub trait Write { /// Writes a value `fq` of type [`FriProof`] to `self.` #[inline] - fn write_fri_proof( + fn write_fri_proof( &mut self, - fp: &FriProof, + fp: &FriProof, ) -> IoResult<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { for cap in &fp.commit_phase_merkle_caps { self.write_merkle_cap(cap)?; } - self.write_fri_query_rounds::(&fp.query_round_proofs)?; + self.write_fri_query_rounds::(&fp.query_round_proofs)?; self.write_field_ext_vec::(&fp.final_poly.coeffs)?; self.write_field(fp.pow_witness) } /// Writes a value `proof` of type [`Proof`] to `self.` #[inline] - fn write_proof( - &mut self, - proof: &Proof, - ) -> IoResult<()> + fn write_proof(&mut self, proof: &Proof) -> IoResult<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { self.write_merkle_cap(&proof.wires_cap)?; self.write_merkle_cap(&proof.plonk_zs_partial_products_cap)?; self.write_merkle_cap(&proof.quotient_polys_cap)?; self.write_opening_set(&proof.openings)?; - self.write_fri_proof::(&proof.opening_proof) + self.write_fri_proof::(&proof.opening_proof) } /// Writes a value `proof_with_pis` of type [`ProofWithPublicInputs`] to `self.` #[inline] - fn write_proof_with_public_inputs( + fn write_proof_with_public_inputs( &mut self, - proof_with_pis: &ProofWithPublicInputs, + proof_with_pis: &ProofWithPublicInputs, ) -> IoResult<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let ProofWithPublicInputs { proof, @@ -740,15 +699,13 @@ pub trait Write { /// Writes a value `cfqrs` of type [`CompressedFriQueryRounds`] to `self.` #[inline] - fn write_compressed_fri_query_rounds( + fn write_compressed_fri_query_rounds( &mut self, - cfqrs: &CompressedFriQueryRounds, + cfqrs: &CompressedFriQueryRounds, ) -> IoResult<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { for &i in &cfqrs.indices { self.write_u32(i as u32)?; @@ -756,13 +713,13 @@ pub trait Write { let mut initial_trees_proofs = cfqrs.initial_trees_proofs.iter().collect::>(); initial_trees_proofs.sort_by_key(|&x| x.0); for (_, itp) in initial_trees_proofs { - self.write_fri_initial_proof::(itp)?; + self.write_fri_initial_proof::(itp)?; } for h in &cfqrs.steps { let mut fri_query_steps = h.iter().collect::>(); fri_query_steps.sort_by_key(|&x| x.0); for (_, fqs) in fri_query_steps { - self.write_fri_query_step::(fqs)?; + self.write_fri_query_step::(fqs)?; } } Ok(()) @@ -770,54 +727,48 @@ pub trait Write { /// Writes a value `fq` of type [`CompressedFriProof`] to `self.` #[inline] - fn write_compressed_fri_proof( + fn write_compressed_fri_proof( &mut self, - fp: &CompressedFriProof, + fp: &CompressedFriProof, ) -> IoResult<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { for cap in &fp.commit_phase_merkle_caps { self.write_merkle_cap(cap)?; } - self.write_compressed_fri_query_rounds::(&fp.query_round_proofs)?; + self.write_compressed_fri_query_rounds::(&fp.query_round_proofs)?; self.write_field_ext_vec::(&fp.final_poly.coeffs)?; self.write_field(fp.pow_witness) } /// Writes a value `proof` of type [`CompressedProof`] to `self.` #[inline] - fn write_compressed_proof( + fn write_compressed_proof( &mut self, - proof: &CompressedProof, + proof: &CompressedProof, ) -> IoResult<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { self.write_merkle_cap(&proof.wires_cap)?; self.write_merkle_cap(&proof.plonk_zs_partial_products_cap)?; self.write_merkle_cap(&proof.quotient_polys_cap)?; self.write_opening_set(&proof.openings)?; - self.write_compressed_fri_proof::(&proof.opening_proof) + self.write_compressed_fri_proof::(&proof.opening_proof) } /// Writes a value `proof_with_pis` of type [`CompressedProofWithPublicInputs`] to `self.` #[inline] - fn write_compressed_proof_with_public_inputs( + fn write_compressed_proof_with_public_inputs( &mut self, - proof_with_pis: &CompressedProofWithPublicInputs, + proof_with_pis: &CompressedProofWithPublicInputs, ) -> IoResult<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, { let CompressedProofWithPublicInputs { proof, diff --git a/starky/src/fibonacci_stark.rs b/starky/src/fibonacci_stark.rs index d5a9ec34..86c5ace7 100644 --- a/starky/src/fibonacci_stark.rs +++ b/starky/src/fibonacci_stark.rs @@ -131,9 +131,7 @@ mod tests { use plonky2::iop::witness::PartialWitness; use plonky2::plonk::circuit_builder::CircuitBuilder; use plonky2::plonk::circuit_data::CircuitConfig; - use plonky2::plonk::config::{ - AlgebraicHasher, GenericConfig, PoseidonGoldilocksConfig, PoseidonHashConfig, - }; + use plonky2::plonk::config::{AlgebraicHasher, GenericConfig, PoseidonGoldilocksConfig}; use plonky2::util::timing::TimingTree; use crate::config::StarkConfig; @@ -156,9 +154,7 @@ mod tests { fn test_fibonacci_stark() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = FibonacciStark; let config = StarkConfig::standard_fast_config(); @@ -166,7 +162,7 @@ mod tests { let public_inputs = [F::ZERO, F::ONE, fibonacci(num_rows - 1, F::ZERO, F::ONE)]; let stark = S::new(num_rows); let trace = stark.generate_trace(public_inputs[0], public_inputs[1]); - let proof = prove::( + let proof = prove::( stark, &config, trace, @@ -181,9 +177,7 @@ mod tests { fn test_fibonacci_stark_degree() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = FibonacciStark; let num_rows = 1 << 5; @@ -195,14 +189,12 @@ mod tests { fn test_fibonacci_stark_circuit() -> Result<()> { const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = FibonacciStark; let num_rows = 1 << 5; let stark = S::new(num_rows); - test_stark_circuit_constraints::(stark) + test_stark_circuit_constraints::(stark) } #[test] @@ -210,9 +202,7 @@ mod tests { init_logger(); const D: usize = 2; type C = PoseidonGoldilocksConfig; - type HCO = PoseidonHashConfig; - type HCI = HCO; - type F = >::F; + type F = >::F; type S = FibonacciStark; let config = StarkConfig::standard_fast_config(); @@ -220,7 +210,7 @@ mod tests { let public_inputs = [F::ZERO, F::ONE, fibonacci(num_rows - 1, F::ZERO, F::ONE)]; let stark = S::new(num_rows); let trace = stark.generate_trace(public_inputs[0], public_inputs[1]); - let proof = prove::( + let proof = prove::( stark, &config, trace, @@ -229,33 +219,29 @@ mod tests { )?; verify_stark_proof(stark, proof.clone(), &config)?; - recursive_proof::(stark, proof, &config, true) + recursive_proof::(stark, proof, &config, true) } fn recursive_proof< F: RichField + Extendable, - HCOO: HashConfig, - HCOI: HashConfig, - HCIO: HashConfig, - HCII: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark + Copy, - InnerC: GenericConfig, + InnerC: GenericConfig, const D: usize, >( stark: S, - inner_proof: StarkProofWithPublicInputs, + inner_proof: StarkProofWithPublicInputs, inner_config: &StarkConfig, print_gate_counts: bool, ) -> Result<()> where - InnerC::Hasher: AlgebraicHasher, + InnerC::Hasher: AlgebraicHasher, [(); S::COLUMNS]:, [(); S::PUBLIC_INPUTS]:, - [(); HCOO::WIDTH]:, - [(); HCOI::WIDTH]:, - [(); HCIO::WIDTH]:, - [(); HCII::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, + [(); InnerC::HCO::WIDTH]:, + [(); InnerC::HCI::WIDTH]:, { let circuit_config = CircuitConfig::standard_recursion_config(); let mut builder = CircuitBuilder::::new(circuit_config); @@ -264,18 +250,13 @@ mod tests { let pt = add_virtual_stark_proof_with_pis(&mut builder, stark, inner_config, degree_bits); set_stark_proof_with_pis_target(&mut pw, &pt, &inner_proof); - verify_stark_proof_circuit::( - &mut builder, - stark, - pt, - inner_config, - ); + verify_stark_proof_circuit::(&mut builder, stark, pt, inner_config); if print_gate_counts { builder.print_gate_counts(0); } - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; data.verify(proof) } diff --git a/starky/src/get_challenges.rs b/starky/src/get_challenges.rs index 2e6c86b6..eaa91c12 100644 --- a/starky/src/get_challenges.rs +++ b/starky/src/get_challenges.rs @@ -19,13 +19,13 @@ use crate::permutation::{ use crate::proof::*; use crate::stark::Stark; -fn get_challenges( +fn get_challenges( stark: &S, - trace_cap: &MerkleCap, - permutation_zs_cap: Option<&MerkleCap>, - quotient_polys_cap: &MerkleCap, + trace_cap: &MerkleCap, + permutation_zs_cap: Option<&MerkleCap>, + quotient_polys_cap: &MerkleCap, openings: &StarkOpeningSet, - commit_phase_merkle_caps: &[MerkleCap], + commit_phase_merkle_caps: &[MerkleCap], final_poly: &PolynomialCoeffs, pow_witness: F, config: &StarkConfig, @@ -33,16 +33,14 @@ fn get_challenges( ) -> StarkProofChallenges where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let num_challenges = config.num_challenges; - let mut challenger = Challenger::::new(); + let mut challenger = Challenger::::new(); challenger.observe_cap(trace_cap); @@ -67,7 +65,7 @@ where permutation_challenge_sets, stark_alphas, stark_zeta, - fri_challenges: challenger.fri_challenges::( + fri_challenges: challenger.fri_challenges::( commit_phase_merkle_caps, final_poly, pow_witness, @@ -77,14 +75,12 @@ where } } -impl StarkProofWithPublicInputs +impl StarkProofWithPublicInputs where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C: GenericConfig, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { // TODO: Should be used later in compression? #![allow(dead_code)] @@ -120,7 +116,7 @@ where }, } = &self.proof; - get_challenges::( + get_challenges::( stark, trace_cap, permutation_zs_cap.as_ref(), @@ -138,9 +134,7 @@ where #[allow(clippy::too_many_arguments)] pub(crate) fn get_challenges_target< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( @@ -156,13 +150,13 @@ pub(crate) fn get_challenges_target< config: &StarkConfig, ) -> StarkProofChallengesTarget where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let num_challenges = config.num_challenges; - let mut challenger = RecursiveChallenger::::new(builder); + let mut challenger = RecursiveChallenger::::new(builder); challenger.observe_cap(trace_cap); @@ -201,9 +195,7 @@ where impl StarkProofWithPublicInputsTarget { pub(crate) fn get_challenges< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, >( &self, @@ -212,9 +204,9 @@ impl StarkProofWithPublicInputsTarget { config: &StarkConfig, ) -> StarkProofChallengesTarget where - C::Hasher: AlgebraicHasher, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + C::Hasher: AlgebraicHasher, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let StarkProofTarget { trace_cap, @@ -230,7 +222,7 @@ impl StarkProofWithPublicInputsTarget { }, } = &self.proof; - get_challenges_target::( + get_challenges_target::( builder, stark, trace_cap, @@ -246,13 +238,13 @@ impl StarkProofWithPublicInputsTarget { } // TODO: Deal with the compressed stuff. -// impl, C: GenericConfig, const D: usize> -// CompressedProofWithPublicInputs +// impl, C: GenericConfig, const D: usize> +// CompressedProofWithPublicInputs // { // /// Computes all Fiat-Shamir challenges used in the Plonk proof. // pub(crate) fn get_challenges( // &self, -// common_data: &CommonCircuitData, +// common_data: &CommonCircuitData, // ) -> anyhow::Result> { // let CompressedProof { // wires_cap, @@ -285,7 +277,7 @@ impl StarkProofWithPublicInputsTarget { // pub(crate) fn get_inferred_elements( // &self, // challenges: &ProofChallenges, -// common_data: &CommonCircuitData, +// common_data: &CommonCircuitData, // ) -> FriInferredElements { // let ProofChallenges { // plonk_zeta, @@ -308,7 +300,7 @@ impl StarkProofWithPublicInputsTarget { // for &(mut x_index) in fri_query_indices { // let mut subgroup_x = F::MULTIPLICATIVE_GROUP_GENERATOR // * F::primitive_root_of_unity(log_n).exp_u64(reverse_bits(x_index, log_n) as u64); -// let mut old_eval = fri_combine_initial::( +// let mut old_eval = fri_combine_initial::( // &common_data.get_fri_instance(*plonk_zeta), // &self // .proof diff --git a/starky/src/proof.rs b/starky/src/proof.rs index b6641c32..b19d6ac8 100644 --- a/starky/src/proof.rs +++ b/starky/src/proof.rs @@ -11,7 +11,6 @@ use plonky2::fri::structure::{ FriOpeningBatch, FriOpeningBatchTarget, FriOpenings, FriOpeningsTarget, }; use plonky2::hash::hash_types::{MerkleCapTarget, RichField}; -use plonky2::hash::hashing::HashConfig; use plonky2::hash::merkle_tree::MerkleCap; use plonky2::iop::ext_target::ExtensionTarget; use plonky2::iop::target::Target; @@ -22,33 +21,20 @@ use crate::config::StarkConfig; use crate::permutation::PermutationChallengeSet; #[derive(Debug, Clone)] -pub struct StarkProof< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, -> { +pub struct StarkProof, C: GenericConfig, const D: usize> { /// Merkle cap of LDEs of trace values. - pub trace_cap: MerkleCap, + pub trace_cap: MerkleCap, /// Merkle cap of LDEs of permutation Z values. - pub permutation_zs_cap: Option>, + pub permutation_zs_cap: Option>, /// Merkle cap of LDEs of trace values. - pub quotient_polys_cap: MerkleCap, + pub quotient_polys_cap: MerkleCap, /// Purported values of each polynomial at the challenge point. pub openings: StarkOpeningSet, /// A batch FRI argument for all openings. - pub opening_proof: FriProof, + pub opening_proof: FriProof, } -impl< - F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, - const D: usize, - > StarkProof -{ +impl, C: GenericConfig, const D: usize> StarkProof { /// Recover the length of the trace from a STARK proof and a STARK config. pub fn recover_degree_bits(&self, config: &StarkConfig) -> usize { let initial_merkle_proof = &self.opening_proof.query_round_proofs[0] @@ -83,12 +69,10 @@ impl StarkProofTarget { #[derive(Debug, Clone)] pub struct StarkProofWithPublicInputs< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, > { - pub proof: StarkProof, + pub proof: StarkProof, // TODO: Maybe make it generic over a `S: Stark` and replace with `[F; S::PUBLIC_INPUTS]`. pub public_inputs: Vec, } @@ -100,27 +84,23 @@ pub struct StarkProofWithPublicInputsTarget { pub struct CompressedStarkProof< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, > { /// Merkle cap of LDEs of trace values. - pub trace_cap: MerkleCap, + pub trace_cap: MerkleCap, /// Purported values of each polynomial at the challenge point. pub openings: StarkOpeningSet, /// A batch FRI argument for all openings. - pub opening_proof: CompressedFriProof, + pub opening_proof: CompressedFriProof, } pub struct CompressedStarkProofWithPublicInputs< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, const D: usize, > { - pub proof: CompressedStarkProof, + pub proof: CompressedStarkProof, pub public_inputs: Vec, } @@ -155,14 +135,14 @@ pub struct StarkOpeningSet, const D: usize> { } impl, const D: usize> StarkOpeningSet { - pub fn new>( + pub fn new>( zeta: F::Extension, g: F, - trace_commitment: &PolynomialBatch, - permutation_zs_commitment: Option<&PolynomialBatch>, - quotient_commitment: &PolynomialBatch, + trace_commitment: &PolynomialBatch, + permutation_zs_commitment: Option<&PolynomialBatch>, + quotient_commitment: &PolynomialBatch, ) -> Self { - let eval_commitment = |z: F::Extension, c: &PolynomialBatch| { + let eval_commitment = |z: F::Extension, c: &PolynomialBatch| { c.polynomials .par_iter() .map(|p| p.to_extension().eval(z)) diff --git a/starky/src/prover.rs b/starky/src/prover.rs index 885f244e..535cd76c 100644 --- a/starky/src/prover.rs +++ b/starky/src/prover.rs @@ -30,23 +30,21 @@ use crate::stark::Stark; use crate::vanishing_poly::eval_vanishing_poly; use crate::vars::StarkEvaluationVars; -pub fn prove( +pub fn prove( stark: S, config: &StarkConfig, trace_poly_values: Vec>, public_inputs: [F; S::PUBLIC_INPUTS], timing: &mut TimingTree, -) -> Result> +) -> Result> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, [(); S::COLUMNS]:, [(); S::PUBLIC_INPUTS]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { let degree = trace_poly_values[0].len(); let degree_bits = log2_strict(degree); @@ -61,7 +59,7 @@ where let trace_commitment = timed!( timing, "compute trace commitment", - PolynomialBatch::::from_values( + PolynomialBatch::::from_values( // TODO: Cloning this isn't great; consider having `from_values` accept a reference, // or having `compute_permutation_z_polys` read trace values from the `PolynomialBatch`. trace_poly_values.clone(), @@ -116,7 +114,7 @@ where } let alphas = challenger.get_n_challenges(config.num_challenges); - let quotient_polys = compute_quotient_polys::::Packing, HCO, HCI, C, S, D>( + let quotient_polys = compute_quotient_polys::::Packing, C, S, D>( &stark, &trace_commitment, &permutation_zs_commitment_challenges, @@ -200,11 +198,11 @@ where /// Computes the quotient polynomials `(sum alpha^i C_i(x)) / Z_H(x)` for `alpha` in `alphas`, /// where the `C_i`s are the Stark constraints. -fn compute_quotient_polys<'a, F, P, HCO, HCI, C, S, const D: usize>( +fn compute_quotient_polys<'a, F, P, C, S, const D: usize>( stark: &S, - trace_commitment: &'a PolynomialBatch, + trace_commitment: &'a PolynomialBatch, permutation_zs_commitment_challenges: &'a Option<( - PolynomialBatch, + PolynomialBatch, Vec>, )>, public_inputs: [F; S::PUBLIC_INPUTS], @@ -215,9 +213,7 @@ fn compute_quotient_polys<'a, F, P, HCO, HCI, C, S, const D: usize>( where F: RichField + Extendable, P: PackedField, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, [(); S::COLUMNS]:, [(); S::PUBLIC_INPUTS]:, diff --git a/starky/src/recursive_verifier.rs b/starky/src/recursive_verifier.rs index 0de9e652..8daeabb8 100644 --- a/starky/src/recursive_verifier.rs +++ b/starky/src/recursive_verifier.rs @@ -28,9 +28,7 @@ use crate::vars::StarkEvaluationTargets; pub fn verify_stark_proof_circuit< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( @@ -39,21 +37,21 @@ pub fn verify_stark_proof_circuit< proof_with_pis: StarkProofWithPublicInputsTarget, inner_config: &StarkConfig, ) where - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, [(); S::COLUMNS]:, [(); S::PUBLIC_INPUTS]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { assert_eq!(proof_with_pis.public_inputs.len(), S::PUBLIC_INPUTS); let degree_bits = proof_with_pis.proof.recover_degree_bits(inner_config); let challenges = with_context!( builder, "compute challenges", - proof_with_pis.get_challenges::(builder, &stark, inner_config) + proof_with_pis.get_challenges::(builder, &stark, inner_config) ); - verify_stark_proof_with_challenges_circuit::( + verify_stark_proof_with_challenges_circuit::( builder, stark, proof_with_pis, @@ -66,9 +64,7 @@ pub fn verify_stark_proof_circuit< /// Recursively verifies an inner proof. fn verify_stark_proof_with_challenges_circuit< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( @@ -79,10 +75,10 @@ fn verify_stark_proof_with_challenges_circuit< inner_config: &StarkConfig, degree_bits: usize, ) where - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, [(); S::COLUMNS]:, [(); S::PUBLIC_INPUTS]:, - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { check_permutation_options(&stark, &proof_with_pis, &challenges).unwrap(); let one = builder.one_extension(); @@ -169,7 +165,7 @@ fn verify_stark_proof_with_challenges_circuit< F::primitive_root_of_unity(degree_bits), inner_config, ); - builder.verify_fri_proof::( + builder.verify_fri_proof::( &fri_instance, &proof.openings.to_fri_openings(), &challenges.fri_challenges, @@ -267,22 +263,13 @@ fn add_stark_opening_set_target, S: Stark, co } } -pub fn set_stark_proof_with_pis_target< - F, - HCO, - HCI, - C: GenericConfig, - W, - const D: usize, ->( +pub fn set_stark_proof_with_pis_target, W, const D: usize>( witness: &mut W, stark_proof_with_pis_target: &StarkProofWithPublicInputsTarget, - stark_proof_with_pis: &StarkProofWithPublicInputs, + stark_proof_with_pis: &StarkProofWithPublicInputs, ) where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, W: Witness, { let StarkProofWithPublicInputs { @@ -302,22 +289,13 @@ pub fn set_stark_proof_with_pis_target< set_stark_proof_target(witness, pt, proof); } -pub fn set_stark_proof_target< - F, - HCO, - HCI, - C: GenericConfig, - W, - const D: usize, ->( +pub fn set_stark_proof_target, W, const D: usize>( witness: &mut W, proof_target: &StarkProofTarget, - proof: &StarkProof, + proof: &StarkProof, ) where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C::Hasher: AlgebraicHasher, + C::Hasher: AlgebraicHasher, W: Witness, { witness.set_cap_target(&proof_target.trace_cap, &proof.trace_cap); diff --git a/starky/src/stark_testing.rs b/starky/src/stark_testing.rs index e815a1be..227a8574 100644 --- a/starky/src/stark_testing.rs +++ b/starky/src/stark_testing.rs @@ -81,9 +81,7 @@ where /// Tests that the circuit constraints imposed by the given STARK are coherent with the native constraints. pub fn test_stark_circuit_constraints< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( @@ -92,8 +90,8 @@ pub fn test_stark_circuit_constraints< where [(); S::COLUMNS]:, [(); S::PUBLIC_INPUTS]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { // Compute native constraint evaluation on random values. let vars = StarkEvaluationVars { @@ -155,7 +153,7 @@ where let native_eval_t = builder.constant_extension(native_eval); builder.connect_extension(circuit_eval, native_eval_t); - let data = builder.build::(); + let data = builder.build::(); let proof = data.prove(pw)?; data.verify(proof) } diff --git a/starky/src/verifier.rs b/starky/src/verifier.rs index 0b53cec9..a6e0de54 100644 --- a/starky/src/verifier.rs +++ b/starky/src/verifier.rs @@ -21,21 +21,19 @@ use crate::vars::StarkEvaluationVars; pub fn verify_stark_proof< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( stark: S, - proof_with_pis: StarkProofWithPublicInputs, + proof_with_pis: StarkProofWithPublicInputs, config: &StarkConfig, ) -> Result<()> where [(); S::COLUMNS]:, [(); S::PUBLIC_INPUTS]:, - [(); HCO::WIDTH]:, - [(); HCI::WIDTH]:, + [(); C::HCO::WIDTH]:, + [(); C::HCI::WIDTH]:, { ensure!(proof_with_pis.public_inputs.len() == S::PUBLIC_INPUTS); let degree_bits = proof_with_pis.proof.recover_degree_bits(config); @@ -45,14 +43,12 @@ where pub(crate) fn verify_stark_proof_with_challenges< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( stark: S, - proof_with_pis: StarkProofWithPublicInputs, + proof_with_pis: StarkProofWithPublicInputs, challenges: StarkProofChallenges, degree_bits: usize, config: &StarkConfig, @@ -60,7 +56,7 @@ pub(crate) fn verify_stark_proof_with_challenges< where [(); S::COLUMNS]:, [(); S::PUBLIC_INPUTS]:, - [(); HCO::WIDTH]:, + [(); C::HCO::WIDTH]:, { validate_proof_shape(&stark, &proof_with_pis, config)?; check_permutation_options(&stark, &proof_with_pis, &challenges)?; @@ -136,7 +132,7 @@ where .chain(once(proof.quotient_polys_cap)) .collect_vec(); - verify_fri_proof::( + verify_fri_proof::( &stark.fri_instance( challenges.stark_zeta, F::primitive_root_of_unity(degree_bits), @@ -152,16 +148,14 @@ where Ok(()) } -fn validate_proof_shape( +fn validate_proof_shape( stark: &S, - proof_with_pis: &StarkProofWithPublicInputs, + proof_with_pis: &StarkProofWithPublicInputs, config: &StarkConfig, ) -> anyhow::Result<()> where F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, [(); S::COLUMNS]:, { @@ -241,14 +235,12 @@ fn eval_l_0_and_l_last(log_n: usize, x: F) -> (F, F) { /// the Stark uses a permutation argument. fn check_permutation_options< F: RichField + Extendable, - HCO: HashConfig, - HCI: HashConfig, - C: GenericConfig, + C: GenericConfig, S: Stark, const D: usize, >( stark: &S, - proof_with_pis: &StarkProofWithPublicInputs, + proof_with_pis: &StarkProofWithPublicInputs, challenges: &StarkProofChallenges, ) -> Result<()> { let options_is_some = [