logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-22 23:53:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

CTL verification

Browse Source
This commit is contained in:
wborgeaud 2022-05-11 16:09:12 +02:00
parent d0fb76c8db
commit b9e921f640
5 changed files with 68 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
starky2/src/cross_table_lookup.rs
View File

@ -1,3 +1,4 @@
use anyhow::{ensure, Result};
use plonky2::field::extension_field::{Extendable, FieldExtension};
use plonky2::field::field_types::Field;
use plonky2::field::packed_field::PackedField;
@ -12,6 +13,7 @@ use crate::all_stark::Table;
use crate::config::StarkConfig;
use crate::constraint_consumer::ConstraintConsumer;
use crate::permutation::PermutationChallenge;
use crate::proof::StarkProofWithPublicInputs;
use crate::stark::Stark;
use crate::vars::StarkEvaluationVars;
@ -170,3 +172,40 @@ pub(crate) fn eval_cross_table_lookup_checks<F, FE, P, C, S, const D: usize, con
consumer.constraint_transition(*next_z - *local_z * combine(vars.next_values));
}
}
pub(crate) fn verify_cross_table_lookups<
F: RichField + Extendable<D>,
C: GenericConfig<D, F = F>,
const D: usize,
>(
cross_table_lookups: Vec<CrossTableLookup>,
proofs: &[&StarkProofWithPublicInputs<F, C, D>],
challenges: PermutationChallenge<F>,
config: &StarkConfig,
) -> Result<()> {
let degrees_bits = proofs
.iter()
.map(|p| p.proof.recover_degree_bits(config))
.collect::<Vec<_>>();
let mut lookup_zs_openings = proofs
.iter()
.map(|p| p.proof.openings.lookup_zs_last.iter())
.collect::<Vec<_>>();
for CrossTableLookup {
looking_table,
looked_table,
..
} in cross_table_lookups
{
let looking_degree = 1 << degrees_bits[looking_table as usize];
let looked_degree = 1 << degrees_bits[looked_table as usize];
let looking_z = *lookup_zs_openings[looking_table as usize].next().unwrap();
let looked_z = *lookup_zs_openings[looked_table as usize].next().unwrap();
ensure!(
looking_z == looked_z * challenges.gamma.exp_u64(looking_degree - looked_degree),
"Cross-table lookup verification failed."
);
}
Ok(())
}

2
starky2/src/get_challenges.rs
View File

@ -77,8 +77,6 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> A
all_stark: &AllStark<F, D>,
config: &StarkConfig,
) -> AllProofChallenges<F, D> {
let num_challenges = config.num_challenges;
let mut challenger = Challenger::<F, C::Hasher>::new();
for proof in self.proofs() {

22
starky2/src/proof.rs
View File

@ -1,6 +1,5 @@
use itertools::Itertools;
use plonky2::field::extension_field::{Extendable, FieldExtension};
use plonky2::field::field_types::Field;
use plonky2::fri::oracle::PolynomialBatch;
use plonky2::fri::proof::{
CompressedFriProof, FriChallenges, FriChallengesTarget, FriProof, FriProofTarget,
@ -147,7 +146,7 @@ pub struct StarkOpeningSet<F: RichField + Extendable<D>, const D: usize> {
pub next_values: Vec<F::Extension>,
pub permutation_lookup_zs: Option<Vec<F::Extension>>,
pub permutation_lookup_zs_right: Option<Vec<F::Extension>>,
pub lookup_zs_last: Vec<F::Extension>,
pub lookup_zs_last: Vec<F>,
pub quotient_polys: Vec<F::Extension>,
}
@ -167,6 +166,12 @@ impl<F: RichField + Extendable<D>, const D: usize> StarkOpeningSet<F, D> {
.map(|p| p.to_extension().eval(z))
.collect::<Vec<_>>()
};
let eval_commitment_base = |z: F, c: &PolynomialBatch<F, C, D>| {
c.polynomials
.par_iter()
.map(|p| p.eval(z))
.collect::<Vec<_>>()
};
let zeta_right = zeta.scalar_mul(g);
Self {
local_values: eval_commitment(zeta, trace_commitment),
@ -177,10 +182,8 @@ impl<F: RichField + Extendable<D>, const D: usize> StarkOpeningSet<F, D> {
.map(|c| eval_commitment(zeta_right, c)),
lookup_zs_last: permutation_lookup_zs_commitment
.map(|c| {
eval_commitment(
F::Extension::primitive_root_of_unity(degree_bits).inverse(),
c,
)[num_permutation_zs..]
eval_commitment_base(F::primitive_root_of_unity(degree_bits).inverse(), c)
[num_permutation_zs..]
.to_vec()
})
.unwrap_or_default(),
@ -210,7 +213,12 @@ impl<F: RichField + Extendable<D>, const D: usize> StarkOpeningSet<F, D> {
if !self.lookup_zs_last.is_empty() {
batches.push(FriOpeningBatch {
values: self.lookup_zs_last.clone(),
values: self
.lookup_zs_last
.iter()
.copied()
.map(F::Extension::from_basefield)
.collect(),
});
}

4
starky2/src/prover.rs
View File

@ -21,9 +21,7 @@ use rayon::prelude::*;
use crate::all_stark::{AllStark, Table};
use crate::config::StarkConfig;
use crate::constraint_consumer::ConstraintConsumer;
use crate::cross_table_lookup::{
cross_table_lookup_zs, CTLCheckVars, CrossTableLookup, LookupData,
};
use crate::cross_table_lookup::{cross_table_lookup_zs, CTLCheckVars, LookupData};
use crate::permutation::{
compute_permutation_z_polys, get_n_permutation_challenge_sets, PermutationChallengeSet,
};

19
starky2/src/verifier.rs
View File

@ -12,6 +12,7 @@ use plonky2::plonk::plonk_common::reduce_with_powers;
use crate::all_stark::{AllStark, KeccakStark};
use crate::config::StarkConfig;
use crate::constraint_consumer::ConstraintConsumer;
use crate::cross_table_lookup::verify_cross_table_lookups;
use crate::permutation::PermutationCheckVars;
use crate::proof::{
AllProof, AllProofChallenges, StarkOpeningSet, StarkProofChallenges, StarkProofWithPublicInputs,
@ -35,16 +36,22 @@ where
ctl_challenges,
} = all_proof.get_challenges(&all_stark, config);
// Verify CTL
let AllStark {
cpu_stark,
keccak_stark,
cross_table_lookups,
} = all_stark;
verify_stark_proof_with_challenges(
all_stark.cpu_stark,
all_proof.cpu_proof,
cpu_challenges,
verify_cross_table_lookups(
cross_table_lookups,
&all_proof.proofs(),
ctl_challenges,
config,
)?;
verify_stark_proof_with_challenges(cpu_stark, all_proof.cpu_proof, cpu_challenges, config)?;
verify_stark_proof_with_challenges(
all_stark.keccak_stark,
keccak_stark,
all_proof.keccak_proof,
keccak_challenges,
config,