logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-04 23:03:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #67 from mir-protocol/hardcode_plonk_polys

Browse Source 
Hardcode Plonk polynomials indices and blinding flags.
This commit is contained in:
wborgeaud 2021-06-17 19:33:41 +02:00 committed by GitHub
commit b2e8a44994
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 86 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/bin/bench_recursion.rs
View File

@ -8,7 +8,6 @@ use plonky2::fri::FriConfig;
use plonky2::gates::constant::ConstantGate;
use plonky2::gates::gmimc::GMiMCGate;
use plonky2::hash::GMIMC_ROUNDS;
use plonky2::prover::PLONK_BLINDING;
use plonky2::witness::PartialWitness;
fn main() {
@ -41,7 +40,6 @@ fn bench_prove<F: Field + Extendable<D>, const D: usize>() {
rate_bits: 3,
reduction_arity_bits: vec![1],
num_query_rounds: 1,
blinding: PLONK_BLINDING.to_vec(),
},
};

4
src/circuit_data.rs
View File

@ -7,7 +7,7 @@ use crate::gates::gate::GateRef;
use crate::generator::WitnessGenerator;
use crate::polynomial::commitment::ListPolynomialCommitment;
use crate::proof::{Hash, HashTarget, Proof};
use crate::prover::{prove, PLONK_BLINDING};
use crate::prover::prove;
use crate::verifier::verify;
use crate::witness::PartialWitness;
@ -38,7 +38,6 @@ impl Default for CircuitConfig {
rate_bits: 1,
reduction_arity_bits: vec![1],
num_query_rounds: 1,
blinding: vec![true],
},
}
}
@ -61,7 +60,6 @@ impl CircuitConfig {
rate_bits: 3,
reduction_arity_bits: vec![1],
num_query_rounds: 1,
blinding: PLONK_BLINDING.to_vec(),
},
}
}

16
src/fri/mod.rs
View File

@ -1,5 +1,3 @@
use crate::polynomial::commitment::SALT_SIZE;
pub mod prover;
mod recursive_verifier;
pub mod verifier;
@ -22,20 +20,6 @@ pub struct FriConfig {
/// Number of query rounds to perform.
pub num_query_rounds: usize,
/// Vector of the same length as the number of initial Merkle trees.
/// `blinding[i]==true` iff the i-th tree is salted.
pub blinding: Vec<bool>,
}
impl FriConfig {
pub(crate) fn salt_size(&self, i: usize) -> usize {
if self.blinding[i] {
SALT_SIZE
} else {
0
}
}
}
fn fri_delta(rate_log: usize, conjecture: bool) -> f64 {

19
src/fri/recursive_verifier.rs
View File

@ -6,6 +6,7 @@ use crate::field::extension_field::Extendable;
use crate::field::field::Field;
use crate::fri::FriConfig;
use crate::plonk_challenger::RecursiveChallenger;
use crate::plonk_common::PlonkPolynomials;
use crate::proof::{
FriInitialTreeProofTarget, FriProofTarget, FriQueryRoundTarget, HashTarget, OpeningSetTarget,
};
@ -157,11 +158,15 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
// - one for polynomials opened at `x` and `x.frobenius()`
// Polynomials opened at `x`, i.e., the constants, sigmas and quotient polynomials.
let single_evals = [0, 1, 4]
.iter()
.flat_map(|&i| proof.unsalted_evals(i, config))
.map(|&e| self.convert_to_ext(e))
.collect::<Vec<_>>();
let single_evals = [
PlonkPolynomials::CONSTANTS,
PlonkPolynomials::SIGMAS,
PlonkPolynomials::QUOTIENT,
]
.iter()
.flat_map(|&p| proof.unsalted_evals(p))
.map(|&e| self.convert_to_ext(e))
.collect::<Vec<_>>();
let single_openings = os
.constants
.iter()
@ -179,7 +184,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
// Polynomials opened at `x` and `g x`, i.e., the Zs polynomials.
let zs_evals = proof
.unsalted_evals(3, config)
.unsalted_evals(PlonkPolynomials::ZS)
.iter()
.map(|&e| self.convert_to_ext(e))
.collect::<Vec<_>>();
@ -217,7 +222,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
// Polynomials opened at `x` and `x.frobenius()`, i.e., the wires polynomials.
let wire_evals = proof
.unsalted_evals(2, config)
.unsalted_evals(PlonkPolynomials::WIRES)
.iter()
.map(|&e| self.convert_to_ext(e))
.collect::<Vec<_>>();

20
src/fri/verifier.rs
View File

@ -7,7 +7,7 @@ use crate::fri::FriConfig;
use crate::hash::hash_n_to_1;
use crate::merkle_proofs::verify_merkle_proof;
use crate::plonk_challenger::Challenger;
use crate::plonk_common::reduce_with_iter;
use crate::plonk_common::{reduce_with_iter, PlonkPolynomials};
use crate::proof::{FriInitialTreeProof, FriProof, FriQueryRound, Hash, OpeningSet};
use crate::util::{log2_strict, reverse_bits, reverse_index_bits_in_place};
@ -157,13 +157,17 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
// We will add three terms to `sum`:
// - one for various polynomials which are opened at a single point `x`
// - one for Zs, which are opened at `x` and `g x`
// - one for wire polynomials, which are opened at `x` and its conjugate
// - one for wire polynomials, which are opened at `x` and `x.frobenius()`
// Polynomials opened at `x`, i.e., the constants, sigmas and quotient polynomials.
let single_evals = [0, 1, 4]
.iter()
.flat_map(|&i| proof.unsalted_evals(i, config))
.map(|&e| F::Extension::from_basefield(e));
let single_evals = [
PlonkPolynomials::CONSTANTS,
PlonkPolynomials::SIGMAS,
PlonkPolynomials::QUOTIENT,
]
.iter()
.flat_map(|&p| proof.unsalted_evals(p))
.map(|&e| F::Extension::from_basefield(e));
let single_openings = os
.constants
.iter()
@ -176,7 +180,7 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
// Polynomials opened at `x` and `g x`, i.e., the Zs polynomials.
let zs_evals = proof
.unsalted_evals(3, config)
.unsalted_evals(PlonkPolynomials::ZS)
.iter()
.map(|&e| F::Extension::from_basefield(e));
let zs_composition_eval = reduce_with_iter(zs_evals, alpha_powers.clone());
@ -194,7 +198,7 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
// Polynomials opened at `x` and `x.frobenius()`, i.e., the wires polynomials.
let wire_evals = proof
.unsalted_evals(2, config)
.unsalted_evals(PlonkPolynomials::WIRES)
.iter()
.map(|&e| F::Extension::from_basefield(e));
let wire_composition_eval = reduce_with_iter(wire_evals, alpha_powers.clone());

1
src/gadgets/arithmetic.rs
View File

@ -371,7 +371,6 @@ mod tests {
use crate::field::extension_field::quartic::QuarticCrandallField;
use crate::field::field::Field;
use crate::fri::FriConfig;
use crate::prover::PLONK_BLINDING;
use crate::witness::PartialWitness;
#[test]

52
src/plonk_common.rs
View File

@ -6,10 +6,62 @@ use crate::field::extension_field::target::ExtensionTarget;
use crate::field::extension_field::Extendable;
use crate::field::field::Field;
use crate::gates::gate::GateRef;
use crate::polynomial::commitment::SALT_SIZE;
use crate::polynomial::polynomial::PolynomialCoeffs;
use crate::target::Target;
use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
/// Holds the Merkle tree index and blinding flag of a set of polynomials used in FRI.
#[derive(Debug, Copy, Clone)]
pub struct PolynomialsIndexBlinding {
pub(crate) index: usize,
pub(crate) blinding: bool,
}
impl PolynomialsIndexBlinding {
pub fn salt_size(&self) -> usize {
if self.blinding {
SALT_SIZE
} else {
0
}
}
}
/// Holds the indices and blinding flags of the Plonk polynomials.
pub struct PlonkPolynomials;
impl PlonkPolynomials {
pub const CONSTANTS: PolynomialsIndexBlinding = PolynomialsIndexBlinding {
index: 0,
blinding: false,
};
pub const SIGMAS: PolynomialsIndexBlinding = PolynomialsIndexBlinding {
index: 1,
blinding: false,
};
pub const WIRES: PolynomialsIndexBlinding = PolynomialsIndexBlinding {
index: 2,
blinding: true,
};
pub const ZS: PolynomialsIndexBlinding = PolynomialsIndexBlinding {
index: 3,
blinding: true,
};
pub const QUOTIENT: PolynomialsIndexBlinding = PolynomialsIndexBlinding {
index: 4,
blinding: true,
};
pub fn polynomials(i: usize) -> PolynomialsIndexBlinding {
match i {
0 => Self::CONSTANTS,
1 => Self::SIGMAS,
2 => Self::WIRES,
3 => Self::ZS,
4 => Self::QUOTIENT,
_ => panic!("There are only 5 sets of polynomials in Plonk."),
}
}
}
/// Evaluate the vanishing polynomial at `x`. In this context, the vanishing polynomial is a random
/// linear combination of gate constraints, plus some other terms relating to the permutation
/// argument. All such terms should vanish on `H`.

16
src/polynomial/commitment.rs
View File

@ -260,9 +260,9 @@ pub struct OpeningProofTarget<const D: usize> {
#[cfg(test)]
mod tests {
use anyhow::Result;
use rand::Rng;
use super::*;
use crate::plonk_common::PlonkPolynomials;
fn gen_random_test_case<F: Field + Extendable<D>, const D: usize>(
k: usize,
@ -288,17 +288,6 @@ mod tests {
point
}
fn gen_random_blindings() -> Vec<bool> {
let mut rng = rand::thread_rng();
vec![
rng.gen_bool(0.5),
rng.gen_bool(0.5),
rng.gen_bool(0.5),
rng.gen_bool(0.5),
rng.gen_bool(0.5),
]
}
fn check_batch_polynomial_commitment<F: Field + Extendable<D>, const D: usize>() -> Result<()> {
let ks = [1, 2, 3, 5, 8];
let degree_log = 11;
@ -307,7 +296,6 @@ mod tests {
rate_bits: 2,
reduction_arity_bits: vec![2, 3, 1, 2],
num_query_rounds: 3,
blinding: gen_random_blindings(),
};
let lpcs = (0..5)
@ -315,7 +303,7 @@ mod tests {
ListPolynomialCommitment::<F>::new(
gen_random_test_case(ks[i], degree_log),
fri_config.rate_bits,
fri_config.blinding[i],
PlonkPolynomials::polynomials(i).blinding,
)
})
.collect::<Vec<_>>();

14
src/proof.rs
View File

@ -3,9 +3,9 @@ use std::convert::TryInto;
use crate::field::extension_field::target::ExtensionTarget;
use crate::field::extension_field::Extendable;
use crate::field::field::Field;
use crate::fri::FriConfig;
use crate::gadgets::polynomial::PolynomialCoeffsExtTarget;
use crate::merkle_proofs::{MerkleProof, MerkleProofTarget};
use crate::plonk_common::PolynomialsIndexBlinding;
use crate::polynomial::commitment::{ListPolynomialCommitment, OpeningProof, OpeningProofTarget};
use crate::polynomial::polynomial::PolynomialCoeffs;
use crate::target::Target;
@ -99,9 +99,9 @@ pub struct FriInitialTreeProof<F: Field> {
}
impl<F: Field> FriInitialTreeProof<F> {
pub(crate) fn unsalted_evals(&self, i: usize, config: &FriConfig) -> &[F] {
let evals = &self.evals_proofs[i].0;
&evals[..evals.len() - config.salt_size(i)]
pub(crate) fn unsalted_evals(&self, polynomials: PolynomialsIndexBlinding) -> &[F] {
let evals = &self.evals_proofs[polynomials.index].0;
&evals[..evals.len() - polynomials.salt_size()]
}
}
@ -110,9 +110,9 @@ pub struct FriInitialTreeProofTarget {
}
impl FriInitialTreeProofTarget {
pub(crate) fn unsalted_evals(&self, i: usize, config: &FriConfig) -> &[Target] {
let evals = &self.evals_proofs[i].0;
&evals[..evals.len() - config.salt_size(i)]
pub(crate) fn unsalted_evals(&self, polynomials: PolynomialsIndexBlinding) -> &[Target] {
let evals = &self.evals_proofs[polynomials.index].0;
&evals[..evals.len() - polynomials.salt_size()]
}
}

3
src/prover.rs
View File

@ -19,9 +19,6 @@ use crate::vars::EvaluationVarsBase;
use crate::wire::Wire;
use crate::witness::PartialWitness;
/// Corresponds to constants - sigmas - wires - zs - quotient — polynomial commitments.
pub const PLONK_BLINDING: [bool; 5] = [false, false, true, true, true];
pub(crate) fn prove<F: Extendable<D>, const D: usize>(
prover_data: &ProverOnlyCircuitData<F>,
common_data: &CommonCircuitData<F, D>,