diff --git a/evm/src/all_stark.rs b/evm/src/all_stark.rs index 2b0fa6b9..e04004cc 100644 --- a/evm/src/all_stark.rs +++ b/evm/src/all_stark.rs @@ -174,8 +174,6 @@ mod tests { use itertools::Itertools; use plonky2::field::polynomial::PolynomialValues; use plonky2::field::types::{Field, PrimeField64}; - use plonky2::iop::witness::PartialWitness; - use plonky2::plonk::circuit_builder::CircuitBuilder; use plonky2::plonk::circuit_data::CircuitConfig; use plonky2::plonk::config::{GenericConfig, PoseidonGoldilocksConfig}; use plonky2::util::timing::TimingTree; @@ -194,9 +192,7 @@ mod tests { use crate::memory::NUM_CHANNELS; use crate::proof::{AllProof, PublicValues}; use crate::prover::prove_with_traces; - use crate::recursive_verifier::{ - add_virtual_all_proof, set_all_proof_target, verify_proof_circuit, - }; + use crate::recursive_verifier::recursively_prove_all_proof; use crate::stark::Stark; use crate::util::{limb_from_bits_le, trace_rows_to_poly_values}; use crate::verifier::verify_proof; @@ -739,38 +735,44 @@ mod tests { let (all_stark, proof) = get_proof(&config)?; verify_proof(all_stark.clone(), proof.clone(), &config)?; - recursive_proof(all_stark, proof, &config, true) + recursive_proof(all_stark, proof, &config) } fn recursive_proof( inner_all_stark: AllStark, inner_proof: AllProof, inner_config: &StarkConfig, - print_gate_counts: bool, ) -> Result<()> { let circuit_config = CircuitConfig::standard_recursion_config(); - let mut builder = CircuitBuilder::::new(circuit_config); - let mut pw = PartialWitness::new(); - let degree_bits = inner_proof.degree_bits(inner_config); - let nums_ctl_zs = inner_proof.nums_ctl_zs(); - let pt = add_virtual_all_proof( - &mut builder, + let recursive_all_proof = recursively_prove_all_proof( &inner_all_stark, + &inner_proof, inner_config, - °ree_bits, - &nums_ctl_zs, - ); - set_all_proof_target(&mut pw, &pt, &inner_proof, builder.zero()); - - verify_proof_circuit::(&mut builder, inner_all_stark, pt, inner_config); - - if print_gate_counts { - builder.print_gate_counts(0); - } - - let data = builder.build::(); - let proof = data.prove(pw)?; - data.verify(proof) + circuit_config, + )?; + recursive_all_proof.verify() + // let mut builder = CircuitBuilder::::new(circuit_config); + // let mut pw = PartialWitness::new(); + // let degree_bits = inner_proof.degree_bits(inner_config); + // let nums_ctl_zs = inner_proof.nums_ctl_zs(); + // let pt = add_virtual_all_proof( + // &mut builder, + // &inner_all_stark, + // inner_config, + // °ree_bits, + // &nums_ctl_zs, + // ); + // set_all_proof_target(&mut pw, &pt, &inner_proof, builder.zero()); + // + // verify_proof_circuit::(&mut builder, inner_all_stark, pt, inner_config); + // + // if print_gate_counts { + // builder.print_gate_counts(0); + // } + // + // let data = builder.build::(); + // let proof = data.prove(pw)?; + // data.verify(proof) } fn init_logger() { diff --git a/evm/src/recursive_verifier.rs b/evm/src/recursive_verifier.rs index 508db332..7488b86a 100644 --- a/evm/src/recursive_verifier.rs +++ b/evm/src/recursive_verifier.rs @@ -8,7 +8,7 @@ use plonky2::iop::ext_target::ExtensionTarget; use plonky2::iop::target::Target; use plonky2::iop::witness::{PartialWitness, Witness}; use plonky2::plonk::circuit_builder::CircuitBuilder; -use plonky2::plonk::circuit_data::CircuitConfig; +use plonky2::plonk::circuit_data::{CircuitConfig, VerifierCircuitData}; use plonky2::plonk::config::Hasher; use plonky2::plonk::config::{AlgebraicHasher, GenericConfig}; use plonky2::plonk::proof::ProofWithPublicInputs; @@ -19,9 +19,7 @@ use crate::all_stark::{AllStark, Table, NUM_TABLES}; use crate::config::StarkConfig; use crate::constraint_consumer::RecursiveConstraintConsumer; use crate::cpu::cpu_stark::CpuStark; -use crate::cross_table_lookup::{ - verify_cross_table_lookups_circuit, CrossTableLookup, CtlCheckVarsTarget, -}; +use crate::cross_table_lookup::{verify_cross_table_lookups_circuit, CtlCheckVarsTarget}; use crate::keccak::keccak_stark::KeccakStark; use crate::keccak_memory::keccak_memory_stark::KeccakMemoryStark; use crate::logic::LogicStark; @@ -37,15 +35,30 @@ use crate::util::{h160_limbs, u256_limbs}; use crate::vanishing_poly::eval_vanishing_poly_circuit; use crate::vars::StarkEvaluationTargets; -pub(crate) struct AllRecursiveProofs< +pub struct AllRecursiveProofs< F: RichField + Extendable, C: GenericConfig, const D: usize, > { - pub recursive_proofs: [ProofWithPublicInputs; NUM_TABLES], + pub recursive_proofs: + [(ProofWithPublicInputs, VerifierCircuitData); NUM_TABLES], } -pub(crate) fn recursively_prove_stark_proof< +impl, C: GenericConfig, const D: usize> + AllRecursiveProofs +{ + pub fn verify(self) -> Result<()> + where + [(); C::Hasher::HASH_SIZE]:, + { + for (proof, verifier_data) in self.recursive_proofs { + verifier_data.verify(proof)?; + } + Ok(()) + } +} + +fn recursively_prove_stark_proof< F: RichField + Extendable, C: GenericConfig, S: Stark, @@ -55,10 +68,9 @@ pub(crate) fn recursively_prove_stark_proof< stark: S, all_stark: &AllStark, all_proof: &AllProof, - cross_table_lookups: &[CrossTableLookup], inner_config: &StarkConfig, circuit_config: &CircuitConfig, -) -> Result> +) -> Result<(ProofWithPublicInputs, VerifierCircuitData)> where [(); S::COLUMNS]:, [(); C::Hasher::HASH_SIZE]:, @@ -87,7 +99,7 @@ where let ctl_vars = CtlCheckVarsTarget::from_proof( table, &all_proof_target.stark_proofs[table as usize], - cross_table_lookups, + &all_stark.cross_table_lookups, &ctl_challenges, num_permutation_zs, ); @@ -102,20 +114,19 @@ where ); let data = builder.build::(); - data.prove(pw) + Ok((data.prove(pw)?, data.verifier_data())) } -pub(crate) fn recursively_prove_all_proofs< +pub fn recursively_prove_all_proof< F: RichField + Extendable, C: GenericConfig, const D: usize, >( all_stark: &AllStark, all_proof: &AllProof, - cross_table_lookups: &[CrossTableLookup], inner_config: &StarkConfig, circuit_config: CircuitConfig, -) -> Result<[ProofWithPublicInputs; NUM_TABLES]> +) -> Result> where [(); CpuStark::::COLUMNS]:, [(); KeccakStark::::COLUMNS]:, @@ -125,53 +136,50 @@ where [(); C::Hasher::HASH_SIZE]:, C::Hasher: AlgebraicHasher, { - Ok([ - recursively_prove_stark_proof( - Table::Cpu, - all_stark.cpu_stark, - all_stark, - all_proof, - cross_table_lookups, - inner_config, - &circuit_config, - )?, - recursively_prove_stark_proof( - Table::Keccak, - all_stark.keccak_stark, - all_stark, - all_proof, - cross_table_lookups, - inner_config, - &circuit_config, - )?, - recursively_prove_stark_proof( - Table::KeccakMemory, - all_stark.keccak_memory_stark, - all_stark, - all_proof, - cross_table_lookups, - inner_config, - &circuit_config, - )?, - recursively_prove_stark_proof( - Table::Logic, - all_stark.logic_stark, - all_stark, - all_proof, - cross_table_lookups, - inner_config, - &circuit_config, - )?, - recursively_prove_stark_proof( - Table::Memory, - all_stark.memory_stark, - all_stark, - all_proof, - cross_table_lookups, - inner_config, - &circuit_config, - )?, - ]) + Ok(AllRecursiveProofs { + recursive_proofs: [ + recursively_prove_stark_proof( + Table::Cpu, + all_stark.cpu_stark, + all_stark, + all_proof, + inner_config, + &circuit_config, + )?, + recursively_prove_stark_proof( + Table::Keccak, + all_stark.keccak_stark, + all_stark, + all_proof, + inner_config, + &circuit_config, + )?, + recursively_prove_stark_proof( + Table::KeccakMemory, + all_stark.keccak_memory_stark, + all_stark, + all_proof, + inner_config, + &circuit_config, + )?, + recursively_prove_stark_proof( + Table::Logic, + all_stark.logic_stark, + all_stark, + all_proof, + inner_config, + &circuit_config, + )?, + recursively_prove_stark_proof( + Table::Memory, + all_stark.memory_stark, + all_stark, + all_proof, + inner_config, + &circuit_config, + )?, + ], + }) } pub fn verify_proof_circuit< diff --git a/plonky2/src/plonk/circuit_data.rs b/plonky2/src/plonk/circuit_data.rs index fb839978..8e8c13f7 100644 --- a/plonky2/src/plonk/circuit_data.rs +++ b/plonky2/src/plonk/circuit_data.rs @@ -139,6 +139,18 @@ impl, C: GenericConfig, const D: usize> { compressed_proof_with_pis.verify(&self.verifier_only, &self.common) } + + pub fn verifier_data(self) -> VerifierCircuitData { + let CircuitData { + verifier_only, + common, + .. + } = self; + VerifierCircuitData { + verifier_only, + common, + } + } } /// Circuit data required by the prover. This may be thought of as a proving key, although it