logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-08 00:33:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Open the partial products polynomials only at zeta

Browse Source
This commit is contained in:
wborgeaud 2021-07-01 18:24:49 +02:00
parent cc3c278a92
commit b86e60a397
3 changed files with 32 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/fri/verifier.rs
View File

@ -1,5 +1,6 @@
use anyhow::{ensure, Result};
use crate::circuit_data::CommonCircuitData;
use crate::field::extension_field::{flatten, Extendable, FieldExtension, Frobenius};
use crate::field::field::Field;
use crate::field::interpolation::{barycentric_weights, interpolate, interpolate2};
@ -75,8 +76,9 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
initial_merkle_roots: &[Hash<F>],
proof: &FriProof<F, D>,
challenger: &mut Challenger<F>,
config: &FriConfig,
common_data: &CommonCircuitData<F, D>,
) -> Result<()> {
let config = &common_data.config.fri_config;
let total_arities = config.reduction_arity_bits.iter().sum::<usize>();
ensure!(
purported_degree_log
@ -122,7 +124,7 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
n,
&betas,
round_proof,
config,
common_data,
)?;
}
@ -147,8 +149,9 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
os: &OpeningSet<F, D>,
zeta: F::Extension,
subgroup_x: F,
config: &FriConfig,
common_data: &CommonCircuitData<F, D>,
) -> F::Extension {
let config = &common_data.config.fri_config;
assert!(D > 1, "Not implemented for D=1.");
let degree_log = proof.evals_proofs[0].1.siblings.len() - config.rate_bits;
let subgroup_x = F::Extension::from_basefield(subgroup_x);
@ -167,12 +170,17 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
]
.iter()
.flat_map(|&p| proof.unsalted_evals(p))
.chain(
&proof.unsalted_evals(PlonkPolynomials::ZS_PARTIAL_PRODUCTS)
[common_data.partial_products_range()],
)
.map(|&e| F::Extension::from_basefield(e));
let single_openings = os
.constants
.iter()
.chain(&os.plonk_s_sigmas)
.chain(&os.quotient_polys);
.chain(&os.quotient_polys)
.chain(&os.partial_products);
let single_diffs = single_evals
.into_iter()
.zip(single_openings)
@ -187,7 +195,8 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
let zs_evals = proof
.unsalted_evals(PlonkPolynomials::ZS_PARTIAL_PRODUCTS)
.iter()
.map(|&e| F::Extension::from_basefield(e));
.map(|&e| F::Extension::from_basefield(e))
.take(common_data.zs_range().end);
let zs_composition_eval = alpha.clone().reduce(zs_evals);
let zeta_right = F::Extension::primitive_root_of_unity(degree_log) * zeta;
let zs_interpol = interpolate2(
@ -236,8 +245,9 @@ fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>(
n: usize,
betas: &[F::Extension],
round_proof: &FriQueryRound<F, D>,
config: &FriConfig,
common_data: &CommonCircuitData<F, D>,
) -> Result<()> {
let config = &common_data.config.fri_config;
let mut evaluations: Vec<Vec<F::Extension>> = Vec::new();
let x = challenger.get_challenge();
let mut domain_size = n;
@ -262,7 +272,7 @@ fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>(
os,
zeta,
subgroup_x,
config,
common_data,
)
} else {
let last_evals = &evaluations[i - 1];

24
src/polynomial/commitment.rs
View File

@ -147,6 +147,13 @@ impl<F: Field> ListPolynomialCommitment<F> {
// Final low-degree polynomial that goes into FRI.
let mut final_poly = PolynomialCoeffs::empty();
let mut zs_polys = commitments[PlonkPolynomials::ZS_PARTIAL_PRODUCTS.index]
.polynomials
.iter()
.map(|p| p.to_extension())
.collect::<Vec<_>>();
let partial_products_polys = zs_polys.split_off(common_data.zs_range().end);
// Polynomials opened at a single point.
let single_polys = [
PlonkPolynomials::CONSTANTS_SIGMAS,
@ -154,7 +161,8 @@ impl<F: Field> ListPolynomialCommitment<F> {
]
.iter()
.flat_map(|&p| &commitments[p.index].polynomials)
.map(|p| p.to_extension());
.map(|p| p.to_extension())
.chain(partial_products_polys);
let single_composition_poly = alpha.reduce_polys(single_polys);
let single_quotient = Self::compute_quotient([zeta], single_composition_poly);
@ -162,11 +170,7 @@ impl<F: Field> ListPolynomialCommitment<F> {
alpha.reset();
// Zs polynomials are opened at `zeta` and `g*zeta`.
let zs_polys = commitments[PlonkPolynomials::ZS_PARTIAL_PRODUCTS.index]
.polynomials
.iter()
.map(|p| p.to_extension());
let zs_composition_poly = alpha.reduce_polys(zs_polys);
let zs_composition_poly = alpha.reduce_polys(zs_polys.into_iter());
let zs_quotient = Self::compute_quotient([zeta, g * zeta], zs_composition_poly);
alpha.shift_poly(&mut final_poly);
@ -254,7 +258,7 @@ impl<F: Field + Extendable<D>, const D: usize> OpeningProof<F, D> {
os: &OpeningSet<F, D>,
merkle_roots: &[Hash<F>],
challenger: &mut Challenger<F>,
fri_config: &FriConfig,
common_data: &CommonCircuitData<F, D>,
) -> Result<()> {
challenger.observe_opening_set(os);
@ -268,7 +272,7 @@ impl<F: Field + Extendable<D>, const D: usize> OpeningProof<F, D> {
merkle_roots,
&self.fri_proof,
challenger,
fri_config,
common_data,
)
}
}
@ -310,7 +314,7 @@ mod tests {
}
fn check_batch_polynomial_commitment<F: Field + Extendable<D>, const D: usize>() -> Result<()> {
let ks = [10, 2, 3, 8];
let ks = [10, 2, 10, 8];
let degree_log = 11;
let fri_config = FriConfig {
proof_of_work_bits: 2,
@ -363,7 +367,7 @@ mod tests {
lpcs[3].merkle_tree.root,
],
&mut Challenger::new(),
&common_data.config.fri_config,
&common_data,
)
}

2
src/verifier.rs
View File

@ -75,7 +75,7 @@ pub(crate) fn verify<F: Extendable<D>, const D: usize>(
&evaluations,
merkle_roots,
&mut challenger,
fri_config,
common_data,
)?;
Ok(())