From a43e138f57c7f01d16ebcf77ce4befa2c73a7447 Mon Sep 17 00:00:00 2001 From: Daniel Lubarov Date: Sun, 6 Feb 2022 23:13:12 -0800 Subject: [PATCH] Move some FRI stuff into the FRI module (#471) I think it would be nice to eventually have separate crates for IOP, FRI, PLONK, etc. This is one step toward that. --- plonky2/src/fri/challenges.rs | 81 +++++++++++++++++++++++++++++++++ plonky2/src/fri/mod.rs | 2 + plonky2/src/fri/witness_util.rs | 71 +++++++++++++++++++++++++++++ plonky2/src/iop/challenger.rs | 71 +---------------------------- plonky2/src/iop/witness.rs | 66 +-------------------------- 5 files changed, 157 insertions(+), 134 deletions(-) create mode 100644 plonky2/src/fri/challenges.rs create mode 100644 plonky2/src/fri/witness_util.rs diff --git a/plonky2/src/fri/challenges.rs b/plonky2/src/fri/challenges.rs new file mode 100644 index 00000000..ad1cfa5c --- /dev/null +++ b/plonky2/src/fri/challenges.rs @@ -0,0 +1,81 @@ +use plonky2_field::extension_field::Extendable; +use plonky2_field::polynomial::PolynomialCoeffs; + +use crate::fri::proof::FriChallenges; +use crate::fri::structure::{FriOpenings, FriOpeningsTarget}; +use crate::fri::FriConfig; +use crate::hash::hash_types::RichField; +use crate::hash::merkle_tree::MerkleCap; +use crate::iop::challenger::{Challenger, RecursiveChallenger}; +use crate::plonk::config::{AlgebraicHasher, GenericConfig, Hasher}; + +impl> Challenger { + pub fn observe_openings(&mut self, openings: &FriOpenings) + where + F: RichField + Extendable, + { + for v in &openings.batches { + self.observe_extension_elements(&v.values); + } + } + + pub fn fri_challenges, const D: usize>( + &mut self, + commit_phase_merkle_caps: &[MerkleCap], + final_poly: &PolynomialCoeffs, + pow_witness: F, + degree_bits: usize, + config: &FriConfig, + ) -> FriChallenges + where + F: RichField + Extendable, + { + let num_fri_queries = config.num_query_rounds; + let lde_size = 1 << (degree_bits + config.rate_bits); + // Scaling factor to combine polynomials. + let fri_alpha = self.get_extension_challenge::(); + + // Recover the random betas used in the FRI reductions. + let fri_betas = commit_phase_merkle_caps + .iter() + .map(|cap| { + self.observe_cap(cap); + self.get_extension_challenge::() + }) + .collect(); + + self.observe_extension_elements(&final_poly.coeffs); + + let fri_pow_response = C::InnerHasher::hash_no_pad( + &self + .get_hash() + .elements + .iter() + .copied() + .chain(Some(pow_witness)) + .collect::>(), + ) + .elements[0]; + + let fri_query_indices = (0..num_fri_queries) + .map(|_| self.get_challenge().to_canonical_u64() as usize % lde_size) + .collect(); + + FriChallenges { + fri_alpha, + fri_betas, + fri_pow_response, + fri_query_indices, + } + } +} + +impl, H: AlgebraicHasher, const D: usize> + RecursiveChallenger +{ + pub fn observe_openings(&mut self, openings: &FriOpeningsTarget) { + for v in &openings.batches { + self.observe_extension_elements(&v.values); + } + } +} diff --git a/plonky2/src/fri/mod.rs b/plonky2/src/fri/mod.rs index 573a189b..a0cd428b 100644 --- a/plonky2/src/fri/mod.rs +++ b/plonky2/src/fri/mod.rs @@ -1,5 +1,6 @@ use crate::fri::reduction_strategies::FriReductionStrategy; +mod challenges; pub mod oracle; pub mod proof; pub mod prover; @@ -7,6 +8,7 @@ pub mod recursive_verifier; pub mod reduction_strategies; pub mod structure; pub mod verifier; +pub mod witness_util; #[derive(Debug, Clone, Eq, PartialEq)] pub struct FriConfig { diff --git a/plonky2/src/fri/witness_util.rs b/plonky2/src/fri/witness_util.rs new file mode 100644 index 00000000..70aebd03 --- /dev/null +++ b/plonky2/src/fri/witness_util.rs @@ -0,0 +1,71 @@ +use itertools::Itertools; +use plonky2_field::extension_field::Extendable; + +use crate::fri::proof::{FriProof, FriProofTarget}; +use crate::hash::hash_types::RichField; +use crate::iop::witness::Witness; +use crate::plonk::config::AlgebraicHasher; + +/// Set the targets in a `FriProofTarget` to their corresponding values in a `FriProof`. +pub fn set_fri_proof_target( + witness: &mut W, + fri_proof: &FriProof, + fri_proof_target: &FriProofTarget, +) where + F: RichField + Extendable, + W: Witness + ?Sized, + H: AlgebraicHasher, +{ + witness.set_target(fri_proof_target.pow_witness, fri_proof.pow_witness); + + for (&t, &x) in fri_proof_target + .final_poly + .0 + .iter() + .zip_eq(&fri_proof.final_poly.coeffs) + { + witness.set_extension_target(t, x); + } + + for (t, x) in fri_proof_target + .commit_phase_merkle_caps + .iter() + .zip_eq(&fri_proof.commit_phase_merkle_caps) + { + witness.set_cap_target(t, x); + } + + for (qt, q) in fri_proof_target + .query_round_proofs + .iter() + .zip_eq(&fri_proof.query_round_proofs) + { + for (at, a) in qt + .initial_trees_proof + .evals_proofs + .iter() + .zip_eq(&q.initial_trees_proof.evals_proofs) + { + for (&t, &x) in at.0.iter().zip_eq(&a.0) { + witness.set_target(t, x); + } + for (&t, &x) in at.1.siblings.iter().zip_eq(&a.1.siblings) { + witness.set_hash_target(t, x); + } + } + + for (st, s) in qt.steps.iter().zip_eq(&q.steps) { + for (&t, &x) in st.evals.iter().zip_eq(&s.evals) { + witness.set_extension_target(t, x); + } + for (&t, &x) in st + .merkle_proof + .siblings + .iter() + .zip_eq(&s.merkle_proof.siblings) + { + witness.set_hash_target(t, x); + } + } + } +} diff --git a/plonky2/src/iop/challenger.rs b/plonky2/src/iop/challenger.rs index c85f30d1..1519f6ec 100644 --- a/plonky2/src/iop/challenger.rs +++ b/plonky2/src/iop/challenger.rs @@ -2,11 +2,7 @@ use std::convert::TryInto; use std::marker::PhantomData; use plonky2_field::extension_field::{Extendable, FieldExtension}; -use plonky2_field::polynomial::PolynomialCoeffs; -use crate::fri::proof::FriChallenges; -use crate::fri::structure::{FriOpenings, FriOpeningsTarget}; -use crate::fri::FriConfig; use crate::hash::hash_types::RichField; use crate::hash::hash_types::{HashOut, HashOutTarget, MerkleCapTarget}; use crate::hash::hashing::{PlonkyPermutation, SPONGE_RATE, SPONGE_WIDTH}; @@ -14,7 +10,7 @@ use crate::hash::merkle_tree::MerkleCap; use crate::iop::ext_target::ExtensionTarget; use crate::iop::target::Target; use crate::plonk::circuit_builder::CircuitBuilder; -use crate::plonk::config::{AlgebraicHasher, GenericConfig, GenericHashOut, Hasher}; +use crate::plonk::config::{AlgebraicHasher, GenericHashOut, Hasher}; /// Observes prover messages, and generates challenges by hashing the transcript, a la Fiat-Shamir. #[derive(Clone)] @@ -72,15 +68,6 @@ impl> Challenger { } } - pub fn observe_openings(&mut self, openings: &FriOpenings) - where - F: RichField + Extendable, - { - for v in &openings.batches { - self.observe_extension_elements(&v.values); - } - } - pub fn observe_hash>(&mut self, hash: OH::Hash) { self.observe_elements(&hash.to_vec()) } @@ -138,56 +125,6 @@ impl> Challenger { .collect() } - pub fn fri_challenges, const D: usize>( - &mut self, - commit_phase_merkle_caps: &[MerkleCap], - final_poly: &PolynomialCoeffs, - pow_witness: F, - degree_bits: usize, - config: &FriConfig, - ) -> FriChallenges - where - F: RichField + Extendable, - { - let num_fri_queries = config.num_query_rounds; - let lde_size = 1 << (degree_bits + config.rate_bits); - // Scaling factor to combine polynomials. - let fri_alpha = self.get_extension_challenge::(); - - // Recover the random betas used in the FRI reductions. - let fri_betas = commit_phase_merkle_caps - .iter() - .map(|cap| { - self.observe_cap(cap); - self.get_extension_challenge::() - }) - .collect(); - - self.observe_extension_elements(&final_poly.coeffs); - - let fri_pow_response = C::InnerHasher::hash_no_pad( - &self - .get_hash() - .elements - .iter() - .copied() - .chain(Some(pow_witness)) - .collect::>(), - ) - .elements[0]; - - let fri_query_indices = (0..num_fri_queries) - .map(|_| self.get_challenge().to_canonical_u64() as usize % lde_size) - .collect(); - - FriChallenges { - fri_alpha, - fri_betas, - fri_pow_response, - fri_query_indices, - } - } - /// Absorb any buffered inputs. After calling this, the input buffer will be empty. fn absorb_buffered_inputs(&mut self) { if self.input_buffer.is_empty() { @@ -251,12 +188,6 @@ impl, H: AlgebraicHasher, const D: usize> } } - pub fn observe_openings(&mut self, openings: &FriOpeningsTarget) { - for v in &openings.batches { - self.observe_extension_elements(&v.values); - } - } - pub fn observe_hash(&mut self, hash: &HashOutTarget) { self.observe_elements(&hash.elements) } diff --git a/plonky2/src/iop/witness.rs b/plonky2/src/iop/witness.rs index efe4d911..4efd35d3 100644 --- a/plonky2/src/iop/witness.rs +++ b/plonky2/src/iop/witness.rs @@ -5,7 +5,7 @@ use num::{BigUint, FromPrimitive, Zero}; use plonky2_field::extension_field::{Extendable, FieldExtension}; use plonky2_field::field_types::Field; -use crate::fri::proof::{FriProof, FriProofTarget}; +use crate::fri::witness_util::set_fri_proof_target; use crate::gadgets::arithmetic_u32::U32Target; use crate::gadgets::biguint::BigUintTarget; use crate::gadgets::nonnative::NonNativeTarget; @@ -258,69 +258,7 @@ pub trait Witness { self.set_extension_target(t, x); } - self.set_fri_proof_target(&proof.opening_proof, &proof_target.opening_proof); - } - - /// Set the targets in a `FriProofTarget` to their corresponding values in a `FriProof`. - fn set_fri_proof_target, const D: usize>( - &mut self, - fri_proof: &FriProof, - fri_proof_target: &FriProofTarget, - ) where - F: RichField + Extendable, - { - self.set_target(fri_proof_target.pow_witness, fri_proof.pow_witness); - - for (&t, &x) in fri_proof_target - .final_poly - .0 - .iter() - .zip_eq(&fri_proof.final_poly.coeffs) - { - self.set_extension_target(t, x); - } - - for (t, x) in fri_proof_target - .commit_phase_merkle_caps - .iter() - .zip_eq(&fri_proof.commit_phase_merkle_caps) - { - self.set_cap_target(t, x); - } - - for (qt, q) in fri_proof_target - .query_round_proofs - .iter() - .zip_eq(&fri_proof.query_round_proofs) - { - for (at, a) in qt - .initial_trees_proof - .evals_proofs - .iter() - .zip_eq(&q.initial_trees_proof.evals_proofs) - { - for (&t, &x) in at.0.iter().zip_eq(&a.0) { - self.set_target(t, x); - } - for (&t, &x) in at.1.siblings.iter().zip_eq(&a.1.siblings) { - self.set_hash_target(t, x); - } - } - - for (st, s) in qt.steps.iter().zip_eq(&q.steps) { - for (&t, &x) in st.evals.iter().zip_eq(&s.evals) { - self.set_extension_target(t, x); - } - for (&t, &x) in st - .merkle_proof - .siblings - .iter() - .zip_eq(&s.merkle_proof.siblings) - { - self.set_hash_target(t, x); - } - } - } + set_fri_proof_target(self, &proof.opening_proof, &proof_target.opening_proof); } fn set_wire(&mut self, wire: Wire, value: F) {