From dda14011c5998323b21ee689650866ce74ad3bd5 Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Mon, 18 Oct 2021 17:23:39 +0200 Subject: [PATCH] Forgot a random access check --- src/fri/recursive_verifier.rs | 18 +++++++++--------- src/gadgets/random_access.rs | 1 + src/gates/random_access.rs | 36 ++++++++++++----------------------- src/hash/merkle_proofs.rs | 12 +++++++++--- 4 files changed, 31 insertions(+), 36 deletions(-) diff --git a/src/fri/recursive_verifier.rs b/src/fri/recursive_verifier.rs index 2a6c5ff9..0115277e 100644 --- a/src/fri/recursive_verifier.rs +++ b/src/fri/recursive_verifier.rs @@ -60,17 +60,17 @@ impl, const D: usize> CircuitBuilder { /// isn't required -- without it we'd get errors elsewhere in the stack -- but just gives more /// helpful errors. fn check_config(&self, arity: usize) { - // let random_access = RandomAccessGate::::new(arity); + // TODO: It would be nice to remove the hardcoded 8 here and replace it with the maximum arity bits + // used in FRI. + let random_access = RandomAccessGate::::new_from_config(&self.config, 8); let interpolation_gate = InterpolationGate::::new(arity); - // let min_wires = random_access - // .num_wires() - // .max(interpolation_gate.num_wires()); - let min_wires = interpolation_gate.num_wires(); - // let min_routed_wires = random_access - // .num_routed_wires() - // .max(interpolation_gate.num_routed_wires()); - let min_routed_wires = interpolation_gate.num_routed_wires(); + let min_wires = random_access + .num_wires() + .max(interpolation_gate.num_wires()); + let min_routed_wires = random_access + .num_routed_wires() + .max(interpolation_gate.num_routed_wires()); assert!( self.config.num_wires >= min_wires, diff --git a/src/gadgets/random_access.rs b/src/gadgets/random_access.rs index f8c3acab..9875385f 100644 --- a/src/gadgets/random_access.rs +++ b/src/gadgets/random_access.rs @@ -36,6 +36,7 @@ impl, const D: usize> CircuitBuilder { (gate, i) } + /// Checks that a `Target` matches a vector at a non-deterministic index. /// Note: `access_index` is not range-checked. pub fn random_access(&mut self, access_index: Target, claimed_element: Target, v: Vec) { diff --git a/src/gates/random_access.rs b/src/gates/random_access.rs index 191f66e3..5bddf63c 100644 --- a/src/gates/random_access.rs +++ b/src/gates/random_access.rs @@ -298,23 +298,6 @@ mod tests { use crate::hash::hash_types::HashOut; use crate::plonk::vars::EvaluationVars; - // #[test] - // fn wire_indices() { - // let gate = RandomAccessGate:: { - // vec_size: 3, - // _phantom: PhantomData, - // }; - // - // assert_eq!(gate.wire_access_index(), 0); - // assert_eq!(gate.wires_claimed_element(), 1..5); - // assert_eq!(gate.wires_list_item(0), 5..9); - // assert_eq!(gate.wires_list_item(2), 13..17); - // assert_eq!(gate.wire_equality_dummy_for_index(0), 17); - // assert_eq!(gate.wire_equality_dummy_for_index(2), 19); - // assert_eq!(gate.wire_index_matches_for_index(0), 20); - // assert_eq!(gate.wire_index_matches_for_index(2), 22); - // } - #[test] fn low_degree() { test_low_degree::(RandomAccessGate::new(4, 4)); @@ -331,8 +314,8 @@ mod tests { type FF = QuarticExtension; const D: usize = 4; - /// Returns the local wires for a random access gate given the vector, element to compare, - /// and index. + /// Returns the local wires for a random access gate given the vectors, elements to compare, + /// and indices. fn get_wires( lists: Vec>, access_indices: Vec, @@ -367,16 +350,21 @@ mod tests { } v.extend(equality_dummy_vals); v.extend(index_matches_vals); + v.iter().map(|&x| x.into()).collect::>() } - let lists = (0..4).map(|_| F::rand_vec(3)).collect::>(); - let access_indices = (0..4) - .map(|_| thread_rng().gen_range(0..3)) + let vec_size = 3; + let num_copies = 4; + let lists = (0..num_copies) + .map(|_| F::rand_vec(vec_size)) + .collect::>(); + let access_indices = (0..num_copies) + .map(|_| thread_rng().gen_range(0..vec_size)) .collect::>(); let gate = RandomAccessGate:: { - vec_size: 3, - num_copies: 4, + vec_size, + num_copies, _phantom: PhantomData, }; diff --git a/src/hash/merkle_proofs.rs b/src/hash/merkle_proofs.rs index 3e265979..3391bbff 100644 --- a/src/hash/merkle_proofs.rs +++ b/src/hash/merkle_proofs.rs @@ -55,7 +55,6 @@ pub(crate) fn verify_merkle_proof( impl, const D: usize> CircuitBuilder { /// Verifies that the given leaf data is present at the given index in the Merkle tree with the /// given cap. The index is given by it's little-endian bits. - /// Note: Works only for D=4. pub(crate) fn verify_merkle_proof( &mut self, leaf_data: Vec, @@ -75,10 +74,17 @@ impl, const D: usize> CircuitBuilder { } let index = self.le_sum(leaf_index_bits[proof.siblings.len()..].to_vec().into_iter()); + + for i in 0..4 { + self.random_access( + index, + state.elements[i], + merkle_cap.0.iter().map(|h| h.elements[i]).collect(), + ); + } } - /// Same a `verify_merkle_proof` but with the final "cap index" as extra parameter. - /// Note: Works only for D=4. + /// Same as `verify_merkle_proof` but with the final "cap index" as extra parameter. pub(crate) fn verify_merkle_proof_with_cap_index( &mut self, leaf_data: Vec,