diff --git a/src/bin/bench_recursion.rs b/src/bin/bench_recursion.rs index ff3a3ba2..efab1dd8 100644 --- a/src/bin/bench_recursion.rs +++ b/src/bin/bench_recursion.rs @@ -9,7 +9,7 @@ use plonky2::fri::FriConfig; use plonky2::gates::constant::ConstantGate; use plonky2::gates::gmimc::GMiMCGate; use plonky2::hash::GMIMC_ROUNDS; -use plonky2::prover::{PLONK_BLINDING, PLONK_CHECK_BASEFIELD}; +use plonky2::prover::PLONK_BLINDING; use plonky2::witness::PartialWitness; fn main() { @@ -43,7 +43,6 @@ fn bench_prove, const D: usize>() { reduction_arity_bits: vec![1], num_query_rounds: 1, blinding: PLONK_BLINDING.to_vec(), - check_basefield: PLONK_CHECK_BASEFIELD.to_vec(), }, }; diff --git a/src/circuit_data.rs b/src/circuit_data.rs index 87798044..d45192cb 100644 --- a/src/circuit_data.rs +++ b/src/circuit_data.rs @@ -38,7 +38,6 @@ impl Default for CircuitConfig { reduction_arity_bits: vec![1], num_query_rounds: 1, blinding: vec![true], - check_basefield: vec![false], }, } } diff --git a/src/fri/mod.rs b/src/fri/mod.rs index dcd458fd..57fd2ecf 100644 --- a/src/fri/mod.rs +++ b/src/fri/mod.rs @@ -23,10 +23,6 @@ pub struct FriConfig { /// Vector of the same length as the number of initial Merkle trees. /// `blinding[i]==true` iff the i-th tree is salted. pub blinding: Vec, - - /// Vector of the same length as the number of initial Merkle trees. - /// `check_basefield[i]==true` iff the polynomials in the i-th tree are checked to be in the base field. - pub check_basefield: Vec, } fn fri_delta(rate_log: usize, conjecture: bool) -> f64 { diff --git a/src/polynomial/commitment.rs b/src/polynomial/commitment.rs index 30f15265..1ee1fb2b 100644 --- a/src/polynomial/commitment.rs +++ b/src/polynomial/commitment.rs @@ -76,234 +76,6 @@ impl ListPolynomialCommitment { &leaf[0..leaf.len() - if self.blinding { SALT_SIZE } else { 0 }] } - pub fn open( - &self, - points: &[F::Extension], - challenger: &mut Challenger, - config: &FriConfig, - ) -> (OpeningProof, Vec>) - where - F: Extendable, - { - assert_eq!(self.rate_bits, config.rate_bits); - assert_eq!(config.check_basefield.len(), 1); - assert_eq!(config.blinding.len(), 1); - assert_eq!(self.blinding, config.blinding[0]); - for p in points { - assert_ne!( - p.exp(self.degree as u64), - F::Extension::ONE, - "Opening point is in the subgroup." - ); - } - - let evaluations = points - .par_iter() - .map(|&x| { - self.polynomials - .iter() - .map(|p| p.to_extension().eval(x)) - .collect::>() - }) - .collect::>(); - for evals in &evaluations { - for e in evals { - challenger.observe_extension_element(e); - } - } - - let alpha = challenger.get_extension_challenge(); - - // Scale polynomials by `alpha`. - let composition_poly = reduce_polys_with_powers(&self.polynomials, alpha); - // Scale evaluations by `alpha`. - let composition_evals = evaluations - .par_iter() - .map(|e| reduce_with_powers(e, alpha)) - .collect::>(); - - let quotient = Self::compute_quotient(points, &composition_evals, &composition_poly); - - let quotient = if config.check_basefield[0] { - let composition_poly_conj = PolynomialCoeffs::::frobenius(&composition_poly); - // This equality holds iff the polynomials in `self.polynomials` are defined over `F` and not `F::Extension`. - debug_assert_eq!( - composition_poly_conj.eval(points[0].frobenius()), - composition_evals[0].frobenius() - ); - let quotient_conj = Self::compute_quotient( - &[points[0].frobenius()], - &[composition_evals[0].frobenius()], - &composition_poly_conj, - ); - - &("ient_conj * alpha.exp(self.polynomials.len() as u64)) + "ient - } else { - quotient - }; - - let lde_quotient = PolynomialCoeffs::from(quotient.clone()).lde(self.rate_bits); - let lde_quotient_values = lde_quotient - .clone() - .coset_fft(F::MULTIPLICATIVE_GROUP_GENERATOR.into()); - - let fri_proof = fri_proof( - &[&self.merkle_tree], - &lde_quotient, - &lde_quotient_values, - challenger, - &config, - ); - - ( - OpeningProof { - fri_proof, - quotient_degree: quotient.len(), - }, - evaluations, - ) - } - - // pub fn batch_open( - // commitments: &[&Self], - // opening_config: &OpeningConfig, - // fri_config: &FriConfig, - // challenger: &mut Challenger, - // ) -> (OpeningProof, Vec>>>) - // where - // F: Extendable, - // { - // let degree = commitments[0].degree; - // assert_eq!(fri_config.blinding.len(), commitments.len()); - // for (i, commitment) in commitments.iter().enumerate() { - // assert_eq!(commitment.rate_bits, fri_config.rate_bits, "Invalid rate."); - // assert_eq!( - // commitment.blinding, fri_config.blinding[i], - // "Invalid blinding paramater." - // ); - // assert_eq!( - // commitment.degree, degree, - // "Trying to open polynomial commitments of different degrees." - // ); - // } - // for &p in opening_config.points.iter().flat_map(|(v, _)| v) { - // assert_ne!( - // p.exp(degree as u64), - // F::Extension::ONE, - // "Opening point is in the subgroup." - // ); - // } - // - // let evaluations = opening_config - // .points - // .iter() - // .map(|(xs, is)| { - // xs.iter() - // .map(|&x| { - // is.iter() - // .map(|&i| { - // commitments[i] - // .polynomials - // .iter() - // .map(|p| p.to_extension().eval(x)) - // .collect::>() - // }) - // .collect::>() - // }) - // .collect::>() - // }) - // .collect::>(); - // for evals_per_point_vec in &evaluations { - // for evals_per_point in evals_per_point_vec { - // for evals in evals_per_point { - // challenger.observe_extension_elements(evals); - // } - // } - // } - // - // let alpha = challenger.get_extension_challenge(); - // let mut cur_alpha = F::Extension::ONE; - // - // // Final low-degree polynomial that goes into FRI. - // let mut final_poly = PolynomialCoeffs::empty(); - // - // for ((ps, is), evals) in opening_config.points.iter().zip(&evaluations) { - // let mut poly_count = 0; - // // Scale polynomials by `alpha`. - // let composition_poly = is - // .iter() - // .flat_map(|&i| &commitments[i].polynomials) - // .rev() - // .fold(PolynomialCoeffs::zero(degree), |acc, p| { - // poly_count += 1; - // &(&acc * alpha) + &p.to_extension() - // }); - // // Scale evaluations by `alpha`. - // let composition_evals = &evals - // .iter() - // .map(|v| { - // v.iter() - // .flatten() - // .rev() - // .fold(F::Extension::ZERO, |acc, &e| acc * alpha + e) - // }) - // .collect::>(); - // - // let quotient = Self::compute_quotient(ps, &composition_evals, &composition_poly); - // final_poly = &final_poly + &("ient * cur_alpha); - // cur_alpha *= alpha.exp(poly_count); - // } - // - // for &i in &opening_config.check_base_field { - // let commitment = commitments[i]; - // let x = opening_config - // .points - // .iter() - // .find(|(xs, is)| is.contains(&i)) - // .expect("Polynomial is never opened.") - // .0[0]; - // let x_conj = x.frobenius(); - // let mut poly_count = 0; - // let poly = commitment.polynomials.iter().rev().fold( - // PolynomialCoeffs::zero(degree), - // |acc, p| { - // poly_count += 1; - // &(&acc * alpha) + &p.to_extension() - // }, - // ); - // let e = poly.eval(x_conj); - // let quotient = Self::compute_quotient(&[x_conj], &[e], &poly); - // final_poly = &final_poly + &("ient * cur_alpha); - // cur_alpha *= alpha.exp(poly_count); - // } - // - // let lde_final_poly = final_poly.lde(fri_config.rate_bits); - // let lde_final_values = lde_final_poly - // .clone() - // .coset_fft(F::Extension::from_basefield( - // F::MULTIPLICATIVE_GROUP_GENERATOR, - // )); - // - // let fri_proof = fri_proof( - // &commitments - // .par_iter() - // .map(|c| &c.merkle_tree) - // .collect::>(), - // &lde_final_poly, - // &lde_final_values, - // challenger, - // &fri_config, - // ); - // - // ( - // OpeningProof { - // fri_proof, - // quotient_degree: final_poly.len(), - // }, - // evaluations, - // ) - // } - pub fn open_plonk( commitments: &[&Self; 5], zeta: F::Extension, @@ -546,7 +318,6 @@ mod tests { reduction_arity_bits: vec![2, 3, 1, 2], num_query_rounds: 3, blinding: random_blindings(), - check_basefield: vec![false, false, false], }; let lpcs = (0..5) diff --git a/src/prover.rs b/src/prover.rs index 19f3b87d..44b2ef18 100644 --- a/src/prover.rs +++ b/src/prover.rs @@ -22,9 +22,6 @@ use crate::witness::PartialWitness; /// Corresponds to constants - sigmas - wires - zs - quotient — polynomial commitments. pub const PLONK_BLINDING: [bool; 5] = [false, false, true, true, true]; -/// Corresponds to constants - sigmas - wires - zs - quotient — polynomial commitments. -pub const PLONK_CHECK_BASEFIELD: [bool; 5] = [false, false, true, false, false]; - pub(crate) fn prove, const D: usize>( prover_data: &ProverOnlyCircuitData, common_data: &CommonCircuitData,