Minor

2026-01-08 08:43:06 +00:00 · 2022-09-19 23:04:53 -07:00 · 2022-09-19 23:04:53 -07:00 · d7d50e9d5a
commit d7d50e9d5a
parent 5d4d81c29f
3 changed files with 71 additions and 38 deletions
--- a/evm/src/verifier.rs
+++ b/evm/src/verifier.rs
@ -228,20 +228,30 @@ where
        opening_proof: _,
    } = proof;

+    let StarkOpeningSet {
+        local_values,
+        next_values,
+        permutation_ctl_zs,
+        permutation_ctl_zs_next,
+        ctl_zs_last,
+        quotient_polys,
+    } = openings;
+
    let degree_bits = proof.recover_degree_bits(config);
    let fri_params = config.fri_params(degree_bits);
    let cap_height = fri_params.config.cap_height;
+    let num_zs = num_ctl_zs + stark.num_permutation_batches(config);
+
    ensure!(trace_cap.height() == cap_height);
    ensure!(permutation_ctl_zs_cap.height() == cap_height);
    ensure!(quotient_polys_cap.height() == cap_height);

-    ensure!(openings.local_values.len() == S::COLUMNS);
-    ensure!(openings.next_values.len() == S::COLUMNS);
-    let num_zs = num_ctl_zs + stark.num_permutation_batches(config);
-    ensure!(openings.permutation_ctl_zs.len() == num_zs);
-    ensure!(openings.permutation_ctl_zs_next.len() == num_zs);
-    ensure!(openings.ctl_zs_last.len() == num_ctl_zs);
-    ensure!(openings.quotient_polys.len() == stark.num_quotient_polys(config));
+    ensure!(local_values.len() == S::COLUMNS);
+    ensure!(next_values.len() == S::COLUMNS);
+    ensure!(permutation_ctl_zs.len() == num_zs);
+    ensure!(permutation_ctl_zs_next.len() == num_zs);
+    ensure!(ctl_zs_last.len() == num_ctl_zs);
+    ensure!(quotient_polys.len() == stark.num_quotient_polys(config));

    Ok(())
 }
--- a/plonky2/src/plonk/validate_shape.rs
+++ b/plonky2/src/plonk/validate_shape.rs
@ -4,7 +4,7 @@ use plonky2_field::extension::Extendable;
 use crate::hash::hash_types::RichField;
 use crate::plonk::circuit_data::CommonCircuitData;
 use crate::plonk::config::{GenericConfig, Hasher};
-use crate::plonk::proof::{Proof, ProofWithPublicInputs};
+use crate::plonk::proof::{OpeningSet, Proof, ProofWithPublicInputs};

 pub(crate) fn validate_proof_with_pis_shape<F, C, const D: usize>(
    proof_with_pis: &ProofWithPublicInputs<F, C, D>,
@ -50,20 +50,28 @@ where
        opening_proof: _,
    } = proof;

+    let OpeningSet {
+        constants,
+        plonk_sigmas,
+        wires,
+        plonk_zs,
+        plonk_zs_next,
+        partial_products,
+        quotient_polys,
+    } = openings;
+
    let cap_height = common_data.fri_params.config.cap_height;
    ensure!(wires_cap.height() == cap_height);
    ensure!(plonk_zs_partial_products_cap.height() == cap_height);
    ensure!(quotient_polys_cap.height() == cap_height);

-    ensure!(openings.constants.len() == common_data.num_constants);
-    ensure!(openings.plonk_sigmas.len() == config.num_routed_wires);
-    ensure!(openings.wires.len() == config.num_wires);
-    ensure!(openings.plonk_zs.len() == config.num_challenges);
-    ensure!(openings.plonk_zs_next.len() == config.num_challenges);
-    ensure!(
-        openings.partial_products.len() == config.num_challenges * common_data.num_partial_products
-    );
-    ensure!(openings.quotient_polys.len() == common_data.num_quotient_polys());
+    ensure!(constants.len() == common_data.num_constants);
+    ensure!(plonk_sigmas.len() == config.num_routed_wires);
+    ensure!(wires.len() == config.num_wires);
+    ensure!(plonk_zs.len() == config.num_challenges);
+    ensure!(plonk_zs_next.len() == config.num_challenges);
+    ensure!(partial_products.len() == config.num_challenges * common_data.num_partial_products);
+    ensure!(quotient_polys.len() == common_data.num_quotient_polys());

    Ok(())
 }
--- a/starky/src/verifier.rs
+++ b/starky/src/verifier.rs
@ -55,6 +55,7 @@ where
    [(); S::PUBLIC_INPUTS]:,
    [(); C::Hasher::HASH_SIZE]:,
 {
+    validate_proof_shape(&stark, &proof_with_pis, config)?;
    check_permutation_options(&stark, &proof_with_pis, &challenges)?;
    let StarkProofWithPublicInputs {
        proof,
@ -146,7 +147,7 @@ where

 fn validate_proof_shape<F, C, S, const D: usize>(
    stark: &S,
-    proof_with_pis: StarkProofWithPublicInputs<F, C, D>,
+    proof_with_pis: &StarkProofWithPublicInputs<F, C, D>,
    config: &StarkConfig,
 ) -> anyhow::Result<()>
 where
@ -156,21 +157,29 @@ where
    [(); S::COLUMNS]:,
    [(); C::Hasher::HASH_SIZE]:,
 {
-    let degree_bits = proof_with_pis.proof.recover_degree_bits(config);
-
    let StarkProofWithPublicInputs {
-        proof:
-            StarkProof {
-                trace_cap,
-                permutation_zs_cap,
-                quotient_polys_cap,
-                openings,
-                // The shape of the opening proof will be checked in the FRI verifier (see
-                // validate_fri_proof_shape), so we ignore it here.
-                opening_proof: _,
-            },
+        proof,
        public_inputs,
    } = proof_with_pis;
+    let degree_bits = proof.recover_degree_bits(config);
+
+    let StarkProof {
+        trace_cap,
+        permutation_zs_cap,
+        quotient_polys_cap,
+        openings,
+        // The shape of the opening proof will be checked in the FRI verifier (see
+        // validate_fri_proof_shape), so we ignore it here.
+        opening_proof: _,
+    } = proof;
+
+    let StarkOpeningSet {
+        local_values,
+        next_values,
+        permutation_zs,
+        permutation_zs_next,
+        quotient_polys,
+    } = openings;

    ensure!(public_inputs.len() == S::PUBLIC_INPUTS);

@ -181,22 +190,28 @@ where
    ensure!(trace_cap.height() == cap_height);
    ensure!(quotient_polys_cap.height() == cap_height);

-    ensure!(openings.local_values.len() == S::COLUMNS);
-    ensure!(openings.next_values.len() == S::COLUMNS);
-    ensure!(openings.quotient_polys.len() == stark.num_quotient_polys(config));
+    ensure!(local_values.len() == S::COLUMNS);
+    ensure!(next_values.len() == S::COLUMNS);
+    ensure!(quotient_polys.len() == stark.num_quotient_polys(config));

    if stark.uses_permutation_args() {
-        let permutation_zs_cap = permutation_zs_cap.ok_or_else(|| anyhow!("Missing Zs cap"))?;
-        let permutation_zs = openings
-            .permutation_zs
+        let permutation_zs_cap = permutation_zs_cap
+            .as_ref()
+            .ok_or_else(|| anyhow!("Missing Zs cap"))?;
+        let permutation_zs = permutation_zs
+            .as_ref()
            .ok_or_else(|| anyhow!("Missing permutation_zs"))?;
-        let permutation_zs_next = openings
-            .permutation_zs_next
+        let permutation_zs_next = permutation_zs_next
+            .as_ref()
            .ok_or_else(|| anyhow!("Missing permutation_zs_next"))?;

        ensure!(permutation_zs_cap.height() == cap_height);
        ensure!(permutation_zs.len() == num_zs);
        ensure!(permutation_zs_next.len() == num_zs);
+    } else {
+        ensure!(permutation_zs_cap.is_none());
+        ensure!(permutation_zs.is_none());
+        ensure!(permutation_zs_next.is_none());
    }

    Ok(())