logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-09 09:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

PR feedback

Browse Source
This commit is contained in:
wborgeaud 2022-02-03 11:49:44 +01:00
parent be44edcd78
commit bc5bc8245d
7 changed files with 40 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
field/src/polynomial/mod.rs
View File

@ -57,7 +57,8 @@ impl<F: Field> PolynomialValues<F> {
fft_with_options(coeffs, Some(rate_bits), None)
}
pub fn coset_lde(self, rate_bits: usize) -> Self {
/// Low-degree extend `Self` (seen as evaluations over the subgroup) onto a coset.
pub fn lde_onto_coset(self, rate_bits: usize) -> Self {
let coeffs = ifft(self).lde(rate_bits);
coeffs.coset_fft_with_options(F::coset_shift(), Some(rate_bits), None)
}

8
plonky2/src/plonk/proof.rs
View File

@ -227,16 +227,16 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize>
}
pub(crate) struct ProofChallenges<F: RichField + Extendable<D>, const D: usize> {
// Random values used in Plonk's permutation argument.
/// Random values used in Plonk's permutation argument.
pub plonk_betas: Vec<F>,
// Random values used in Plonk's permutation argument.
/// Random values used in Plonk's permutation argument.
pub plonk_gammas: Vec<F>,
// Random values used to combine PLONK constraints.
/// Random values used to combine PLONK constraints.
pub plonk_alphas: Vec<F>,
// Point at which the PLONK polynomials are opened.
/// Point at which the PLONK polynomials are opened.
pub plonk_zeta: F::Extension,
pub fri_challenges: FriChallenges<F, D>,

8
starky/src/constraint_consumer.rs
View File

@ -104,8 +104,8 @@ impl<F: RichField + Extendable<D>, const D: usize> RecursiveConstraintConsumer<F
builder: &mut CircuitBuilder<F, D>,
constraint: ExtensionTarget<D>,
) {
self.constraint_acc =
builder.scalar_mul_add_extension(self.alpha, self.constraint_acc, constraint);
let filtered_constraint = builder.mul_extension(constraint, self.z_last);
self.constraint(builder, filtered_constraint);
}
/// Add one constraint valid on all rows.
@ -114,8 +114,8 @@ impl<F: RichField + Extendable<D>, const D: usize> RecursiveConstraintConsumer<F
builder: &mut CircuitBuilder<F, D>,
constraint: ExtensionTarget<D>,
) {
let filtered_constraint = builder.mul_extension(constraint, self.z_last);
self.constraint(builder, filtered_constraint);
self.constraint_acc =
builder.scalar_mul_add_extension(self.alpha, self.constraint_acc, constraint);
}
/// Add one constraint, but first multiply it by a filter such that it will only apply to the

22
starky/src/proof.rs
View File

@ -52,10 +52,10 @@ pub struct CompressedStarkProofWithPublicInputs<
}
pub(crate) struct StarkProofChallenges<F: RichField + Extendable<D>, const D: usize> {
// Random values used to combine PLONK constraints.
/// Random values used to combine STARK constraints.
pub stark_alphas: Vec<F>,
// Point at which the PLONK polynomials are opened.
/// Point at which the STARK polynomials are opened.
pub stark_zeta: F::Extension,
pub fri_challenges: FriChallenges<F, D>,
@ -66,6 +66,7 @@ pub struct StarkOpeningSet<F: RichField + Extendable<D>, const D: usize> {
pub local_values: Vec<F::Extension>,
pub next_values: Vec<F::Extension>,
pub permutation_zs: Vec<F::Extension>,
pub permutation_zs_right: Vec<F::Extension>,
pub quotient_polys: Vec<F::Extension>,
}
@ -86,19 +87,28 @@ impl<F: RichField + Extendable<D>, const D: usize> StarkOpeningSet<F, D> {
local_values: eval_commitment(zeta, trace_commitment),
next_values: eval_commitment(zeta * g, trace_commitment),
permutation_zs: vec![/*TODO*/],
permutation_zs_right: vec![/*TODO*/],
quotient_polys: eval_commitment(zeta, quotient_commitment),
}
}
// TODO: Replace with a `observe_fri_openings` function.
// Note: Can't implement this directly on `Challenger` as it's in a different crate.
pub fn observe<H: Hasher<F>>(&self, challenger: &mut Challenger<F, H>) {
let StarkOpeningSet {
local_values,
next_values,
permutation_zs,
permutation_zs_right,
quotient_polys,
} = self;
for v in &[local_values, next_values, permutation_zs, quotient_polys] {
for v in &[
local_values,
next_values,
permutation_zs,
permutation_zs_right,
quotient_polys,
] {
challenger.observe_extension_elements(v);
}
}
@ -113,7 +123,11 @@ impl<F: RichField + Extendable<D>, const D: usize> StarkOpeningSet<F, D> {
.concat(),
};
let zeta_right_batch = FriOpeningBatch {
values: self.next_values.to_vec(),
values: [
self.next_values.as_slice(),
self.permutation_zs_right.as_slice(),
]
.concat(),
};
FriOpenings {
batches: vec![zeta_batch, zeta_right_batch],

7
starky/src/prover.rs
View File

@ -168,13 +168,13 @@ where
let lagrange_first = {
let mut evals = PolynomialValues::new(vec![F::ZERO; degree]);
evals.values[0] = F::ONE;
evals.coset_lde(rate_bits)
evals.lde_onto_coset(rate_bits)
};
// Evaluation of the last Lagrange polynomial on the LDE domain.
let lagrange_last = {
let mut evals = PolynomialValues::new(vec![F::ZERO; degree]);
evals.values[degree - 1] = F::ONE;
evals.coset_lde(rate_bits)
evals.lde_onto_coset(rate_bits)
};
let z_h_on_coset = ZeroPolyOnCoset::<F>::new(degree_bits, rate_bits);
@ -212,8 +212,7 @@ where
stark.eval_packed_base(vars, &mut consumer);
// TODO: Fix this once we use a genuine `PackedField`.
let mut constraints_evals = consumer.accumulators();
// We divide the constraints evaluations by `Z_H(x) / x - last`, i.e., the vanishing
// polynomial of `H` without it's last element.
// We divide the constraints evaluations by `Z_H(x)`.
let denominator_inv = z_h_on_coset.eval_inverse(i);
for eval in &mut constraints_evals {
*eval *= denominator_inv;

1
starky/src/stark.rs
View File

@ -9,6 +9,7 @@ use crate::vars::StarkEvaluationTargets;
use crate::vars::StarkEvaluationVars;
/// Represents a STARK system.
// TODO: Add a `constraint_degree` fn that returns the maximum constraint degree.
pub trait Stark<F: RichField + Extendable<D>, const D: usize>: Sync {
/// The total number of columns in the trace.
const COLUMNS: usize;

16
starky/src/verifier.rs
View File

@ -58,6 +58,7 @@ where
local_values,
next_values,
permutation_zs,
permutation_zs_right,
quotient_polys,
} = &proof.openings;
let vars = StarkEvaluationVars {
@ -85,7 +86,7 @@ where
l_last,
);
stark.eval_ext(vars, &mut consumer);
let acc = consumer.accumulators();
let vanishing_polys_zeta = consumer.accumulators();
// Check each polynomial identity, of the form `vanishing(x) = Z_H(x) quotient(x)`, at zeta.
let quotient_polys_zeta = &proof.openings.quotient_polys;
@ -100,9 +101,10 @@ where
.chunks(1 << config.fri_config.rate_bits)
.enumerate()
{
ensure!(acc[i] == z_h_zeta * reduce_with_powers(chunk, zeta_pow_deg));
ensure!(vanishing_polys_zeta[i] == z_h_zeta * reduce_with_powers(chunk, zeta_pow_deg));
}
// TODO: Permutation polynomials.
let merkle_caps = &[proof.trace_cap, proof.quotient_polys_cap];
verify_fri_proof::<F, C, D>(
@ -139,12 +141,10 @@ fn recover_degree<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, cons
proof: &StarkProof<F, C, D>,
config: &StarkConfig,
) -> usize {
1 << (proof.opening_proof.query_round_proofs[0]
let initial_merkle_proof = &proof.opening_proof.query_round_proofs[0]
.initial_trees_proof
.evals_proofs[0]
.1
.siblings
.len()
+ config.fri_config.cap_height
- config.fri_config.rate_bits)
.1;
let lde_bits = config.fri_config.cap_height + initial_merkle_proof.siblings.len();
1 << (lde_bits - config.fri_config.rate_bits)
}