logos-storage/plonky2
1
0
Fork 0
mirror of https://github.com/logos-storage/plonky2.git synced 2026-01-08 16:53:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleaning / Renaming

Browse Source
This commit is contained in:
wborgeaud 2021-08-10 15:53:27 +02:00
parent ad8428f38f
commit e73c1d7769
13 changed files with 117 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/fri/commitment.rs
View File

@ -256,8 +256,7 @@ mod tests {
let degree = 1 << degree_log;
(0..k)
// .map(|_| PolynomialValues::new(F::rand_vec(degree)))
.map(|_| PolynomialValues::new((1..=degree).map(F::from_canonical_usize).collect()))
.map(|_| PolynomialValues::new(F::rand_vec(degree)))
.collect()
}
@ -281,14 +280,13 @@ mod tests {
proof_of_work_bits: 2,
reduction_arity_bits: vec![2, 3, 1, 2],
num_query_rounds: 3,
cap_height: 0,
cap_height: 1,
};
// We only care about `fri_config, num_constants`, and `num_routed_wires` here.
let common_data = CommonCircuitData {
config: CircuitConfig {
fri_config,
num_routed_wires: 6,
zero_knowledge: false,
..CircuitConfig::large_config()
},
degree_bits,
@ -306,7 +304,7 @@ mod tests {
PolynomialBatchCommitment::<F>::from_values(
gen_random_test_case(ks[i], degree_bits),
common_data.config.rate_bits,
false,
PlonkPolynomials::polynomials(i).blinding,
common_data.config.cap_height,
&mut TimingTree::default(),
)
@ -314,7 +312,6 @@ mod tests {
.collect::<Vec<_>>();
let zeta = gen_random_point::<F, D>(degree_bits);
let zeta = F::Extension::MULTIPLICATIVE_GROUP_GENERATOR;
let (proof, os) = PolynomialBatchCommitment::open_plonk::<D>(
&[&lpcs[0], &lpcs[1], &lpcs[2], &lpcs[3]],
zeta,
@ -323,17 +320,17 @@ mod tests {
&mut TimingTree::default(),
);
let merkle_roots = &[
lpcs[0].merkle_tree.root.clone(),
lpcs[1].merkle_tree.root.clone(),
lpcs[2].merkle_tree.root.clone(),
lpcs[3].merkle_tree.root.clone(),
let merkle_caps = &[
lpcs[0].merkle_tree.cap.clone(),
lpcs[1].merkle_tree.cap.clone(),
lpcs[2].merkle_tree.cap.clone(),
lpcs[3].merkle_tree.cap.clone(),
];
verify_fri_proof(
&os,
zeta,
merkle_roots,
merkle_caps,
&proof,
&mut Challenger::new(),
&common_data,

6
src/fri/proof.rs
View File

@ -77,8 +77,8 @@ pub struct FriQueryRoundTarget<const D: usize> {
#[derive(Serialize, Deserialize, Clone, Debug)]
#[serde(bound = "")]
pub struct FriProof<F: Extendable<D>, const D: usize> {
/// A Merkle root for each reduced polynomial in the commit phase.
pub commit_phase_merkle_roots: Vec<MerkleCap<F>>,
/// A Merkle cap for each reduced polynomial in the commit phase.
pub commit_phase_merkle_caps: Vec<MerkleCap<F>>,
/// Query rounds proofs
pub query_round_proofs: Vec<FriQueryRound<F, D>>,
/// The final polynomial in coefficient form.
@ -88,7 +88,7 @@ pub struct FriProof<F: Extendable<D>, const D: usize> {
}
pub struct FriProofTarget<const D: usize> {
pub commit_phase_merkle_roots: Vec<MerkleCapTarget>,
pub commit_phase_merkle_caps: Vec<MerkleCapTarget>,
pub query_round_proofs: Vec<FriQueryRoundTarget<D>>,
pub final_poly: PolynomialCoeffsExtTarget<D>,
pub pow_witness: Target,

7
src/fri/prover.rs
View File

@ -53,7 +53,7 @@ pub fn fri_proof<F: Field + Extendable<D>, const D: usize>(
fri_prover_query_rounds(initial_merkle_trees, &trees, challenger, n, config);
FriProof {
commit_phase_merkle_roots: trees.iter().map(|t| t.root.clone()).collect(),
commit_phase_merkle_caps: trees.iter().map(|t| t.cap.clone()).collect(),
query_round_proofs,
final_poly: final_coeffs,
pow_witness,
@ -84,7 +84,7 @@ fn fri_committed_trees<F: Field + Extendable<D>, const D: usize>(
false,
);
challenger.observe_cap(&tree.root);
challenger.observe_cap(&tree.cap);
trees.push(tree);
let beta = challenger.get_extension_challenge();
@ -155,8 +155,7 @@ fn fri_prover_query_round<F: Field + Extendable<D>, const D: usize>(
for (i, tree) in trees.iter().enumerate() {
let arity_bits = config.reduction_arity_bits[i];
let arity = 1 << arity_bits;
let mut evals = unflatten(tree.get(x_index >> arity_bits));
// evals.remove(x_index & (arity - 1));
let evals = unflatten(tree.get(x_index >> arity_bits));
let merkle_proof = tree.prove(x_index >> arity_bits);
query_steps.push(FriQueryStep {

27
src/fri/recursive_verifier.rs
View File

@ -83,7 +83,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
os: &OpeningSetTarget<D>,
// Point at which the PLONK polynomials are opened.
zeta: ExtensionTarget<D>,
initial_merkle_roots: &[MerkleCapTarget],
initial_merkle_caps: &[MerkleCapTarget],
proof: &FriProofTarget<D>,
challenger: &mut RecursiveChallenger,
common_data: &CommonCircuitData<F, D>,
@ -108,10 +108,10 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
self,
"recover the random betas used in the FRI reductions.",
proof
.commit_phase_merkle_roots
.commit_phase_merkle_caps
.iter()
.map(|root| {
challenger.observe_cap(root);
.map(|cap| {
challenger.observe_cap(cap);
challenger.get_extension_challenge(self)
})
.collect::<Vec<_>>()
@ -160,7 +160,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
zeta,
alpha,
precomputed_reduced_evals,
initial_merkle_roots,
initial_merkle_caps,
proof,
challenger,
n,
@ -176,13 +176,13 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
&mut self,
x_index_bits: &[Target],
proof: &FriInitialTreeProofTarget,
initial_merkle_roots: &[MerkleCapTarget],
initial_merkle_caps: &[MerkleCapTarget],
cap_index: Target,
) {
for (i, ((evals, merkle_proof), root)) in proof
for (i, ((evals, merkle_proof), cap)) in proof
.evals_proofs
.iter()
.zip(initial_merkle_roots)
.zip(initial_merkle_caps)
.enumerate()
{
with_context!(
@ -192,7 +192,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
evals.clone(),
x_index_bits,
cap_index,
root,
cap,
merkle_proof
)
);
@ -278,7 +278,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
zeta: ExtensionTarget<D>,
alpha: ExtensionTarget<D>,
precomputed_reduced_evals: PrecomputedReducedEvalsTarget<D>,
initial_merkle_roots: &[MerkleCapTarget],
initial_merkle_caps: &[MerkleCapTarget],
proof: &FriProofTarget<D>,
challenger: &mut RecursiveChallenger,
n: usize,
@ -303,7 +303,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
self.fri_verify_initial_proof(
&x_index_bits,
&round_proof.initial_trees_proof,
initial_merkle_roots,
initial_merkle_caps,
cap_index
)
);
@ -349,12 +349,11 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
)
)
};
let mut evals = round_proof.steps[i].evals.clone();
let evals = round_proof.steps[i].evals.clone();
// Insert P(y) into the evaluation vector, since it wasn't included by the prover.
let high_x_index_bits = x_index_bits.split_off(arity_bits);
old_x_index_bits = x_index_bits;
let low_x_index = self.le_sum(old_x_index_bits.iter());
// evals = self.insert(low_x_index, e_x, evals);
self.random_access(low_x_index, e_x, evals.clone());
with_context!(
self,
@ -363,7 +362,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
flatten_target(&evals),
&high_x_index_bits,
cap_index,
&proof.commit_phase_merkle_roots[i],
&proof.commit_phase_merkle_caps[i],
&round_proof.steps[i].merkle_proof,
)
);

31
src/fri/verifier.rs
View File

@ -74,7 +74,7 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
os: &OpeningSet<F, D>,
// Point at which the PLONK polynomials are opened.
zeta: F::Extension,
initial_merkle_roots: &[MerkleCap<F>],
initial_merkle_caps: &[MerkleCap<F>],
proof: &FriProof<F, D>,
challenger: &mut Challenger<F>,
common_data: &CommonCircuitData<F, D>,
@ -96,10 +96,10 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
// Recover the random betas used in the FRI reductions.
let betas = proof
.commit_phase_merkle_roots
.commit_phase_merkle_caps
.iter()
.map(|root| {
challenger.observe_cap(root);
.map(|cap| {
challenger.observe_cap(cap);
challenger.get_extension_challenge()
})
.collect::<Vec<_>>();
@ -124,7 +124,7 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
zeta,
alpha,
precomputed_reduced_evals,
initial_merkle_roots,
initial_merkle_caps,
&proof,
challenger,
n,
@ -140,10 +140,10 @@ pub fn verify_fri_proof<F: Field + Extendable<D>, const D: usize>(
fn fri_verify_initial_proof<F: Field>(
x_index: usize,
proof: &FriInitialTreeProof<F>,
initial_merkle_roots: &[MerkleCap<F>],
initial_merkle_caps: &[MerkleCap<F>],
) -> Result<()> {
for ((evals, merkle_proof), root) in proof.evals_proofs.iter().zip(initial_merkle_roots) {
verify_merkle_proof(evals.clone(), x_index, root, merkle_proof, false)?;
for ((evals, merkle_proof), cap) in proof.evals_proofs.iter().zip(initial_merkle_caps) {
verify_merkle_proof(evals.clone(), x_index, cap, merkle_proof, false)?;
}
Ok(())
@ -246,7 +246,7 @@ fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>(
zeta: F::Extension,
alpha: F::Extension,
precomputed_reduced_evals: PrecomputedReducedEvals<F, D>,
initial_merkle_roots: &[MerkleCap<F>],
initial_merkle_caps: &[MerkleCap<F>],
proof: &FriProof<F, D>,
challenger: &mut Challenger<F>,
n: usize,
@ -261,7 +261,7 @@ fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>(
fri_verify_initial_proof(
x_index,
&round_proof.initial_trees_proof,
initial_merkle_roots,
initial_merkle_caps,
)?;
let mut old_x_index = 0;
// `subgroup_x` is `subgroup[x_index]`, i.e., the actual field element in the domain.
@ -293,18 +293,17 @@ fn fri_verifier_query_round<F: Field + Extendable<D>, const D: usize>(
betas[i - 1],
)
};
let mut evals = round_proof.steps[i].evals.clone();
// // Insert P(y) into the evaluation vector, since it wasn't included by the prover.
let evals = &round_proof.steps[i].evals;
// Insert P(y) into the evaluation vector, since it wasn't included by the prover.
ensure!(evals[x_index & (arity - 1)] == e_x);
// evals.insert(x_index & (arity - 1), e_x);
verify_merkle_proof(
flatten(&evals),
flatten(evals),
x_index >> arity_bits,
&proof.commit_phase_merkle_roots[i],
&proof.commit_phase_merkle_caps[i],
&round_proof.steps[i].merkle_proof,
false,
)?;
evaluations.push(evals);
evaluations.push(evals.to_vec());
if i > 0 {
// Update the point x to x^arity.

20
src/hash/merkle_proofs.rs
View File

@ -28,7 +28,7 @@ pub struct MerkleProofTarget {
}
/// Verifies that the given leaf data is present at the given index in the Merkle tree with the
/// given root.
/// given cap.
pub(crate) fn verify_merkle_proof<F: Field>(
leaf_data: Vec<F>,
leaf_index: usize,
@ -61,12 +61,12 @@ pub(crate) fn verify_merkle_proof<F: Field>(
impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
/// Verifies that the given leaf data is present at the given index in the Merkle tree with the
/// given root. The index is given by it's little-endian bits.
/// given cap. The index is given by it's little-endian bits.
pub(crate) fn verify_merkle_proof(
&mut self,
leaf_data: Vec<Target>,
leaf_index_bits: &[Target],
merkle_root: &MerkleCapTarget,
merkle_cap: &MerkleCapTarget,
proof: &MerkleProofTarget,
) {
let zero = self.zero();
@ -117,7 +117,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
state_ext[i] = state.elements[i];
}
let state_ext = ExtensionTarget(state_ext);
let cap_ext = merkle_root
let cap_ext = merkle_cap
.0
.iter()
.map(|h| {
@ -129,7 +129,6 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
})
.collect();
self.random_access(index, state_ext, cap_ext);
// self.named_assert_hashes_equal(state, merkle_root, "check Merkle root".into())
}
pub(crate) fn verify_merkle_proof_with_cap_index(
@ -137,7 +136,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
leaf_data: Vec<Target>,
leaf_index_bits: &[Target],
cap_index: Target,
merkle_root: &MerkleCapTarget,
merkle_cap: &MerkleCapTarget,
proof: &MerkleProofTarget,
) {
let zero = self.zero();
@ -187,7 +186,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
state_ext[i] = state.elements[i];
}
let state_ext = ExtensionTarget(state_ext);
let cap_ext = merkle_root
let cap_ext = merkle_cap
.0
.iter()
.map(|h| {
@ -199,7 +198,6 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
})
.collect();
self.random_access(cap_index, state_ext, cap_ext);
// self.named_assert_hashes_equal(state, merkle_root, "check Merkle root".into())
}
pub(crate) fn assert_hashes_equal(&mut self, x: HashOutTarget, y: HashOutTarget) {
@ -263,8 +261,8 @@ mod tests {
pw.set_hash_target(proof_t.siblings[i], proof.siblings[i]);
}
let root_t = builder.add_virtual_cap(cap_height);
pw.set_cap_target(&root_t, &tree.root);
let cap_t = builder.add_virtual_cap(cap_height);
pw.set_cap_target(&cap_t, &tree.cap);
let i_c = builder.constant(F::from_canonical_usize(i));
let i_bits = builder.split_le(i_c, log_n);
@ -274,7 +272,7 @@ mod tests {
pw.set_target(data[j], tree.leaves[i][j]);
}
builder.verify_merkle_proof(data, &i_bits, &root_t, &proof_t);
builder.verify_merkle_proof(data, &i_bits, &cap_t, &proof_t);
let data = builder.build();
let proof = data.prove(pw)?;

9
src/hash/merkle_tree.rs
View File

@ -20,7 +20,7 @@ pub struct MerkleTree<F: Field> {
pub layers: Vec<Vec<HashOut<F>>>,
/// The Merkle cap.
pub root: MerkleCap<F>,
pub cap: MerkleCap<F>,
/// If true, the indices are in bit-reversed form, so that the leaf at index `i`
/// contains the leaf originally at index `reverse_bits(i)`.
@ -50,7 +50,7 @@ impl<F: Field> MerkleTree<F> {
Self {
leaves,
layers,
root: MerkleCap(cap),
cap: MerkleCap(cap),
reverse_bits,
}
}
@ -105,7 +105,7 @@ mod tests {
let tree = MerkleTree::new(leaves.clone(), 1, reverse_bits);
for i in 0..n {
let proof = tree.prove(i);
verify_merkle_proof(leaves[i].clone(), i, &tree.root, &proof, reverse_bits)?;
verify_merkle_proof(leaves[i].clone(), i, &tree.cap, &proof, reverse_bits)?;
}
Ok(())
}
@ -118,8 +118,7 @@ mod tests {
let n = 1 << log_n;
let leaves = random_data::<F>(n, 7);
verify_all_leaves(leaves.clone(), n, false)?;
// verify_all_leaves(leaves, n, true)?;
verify_all_leaves(leaves, n, false)?;
Ok(())
}

6
src/plonk/circuit_builder.rs
View File

@ -570,9 +570,9 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
&mut timing,
);
let constants_sigmas_root = constants_sigmas_commitment.merkle_tree.root.clone();
let constants_sigmas_cap = constants_sigmas_commitment.merkle_tree.cap.clone();
let verifier_only = VerifierOnlyCircuitData {
constants_sigmas_root: constants_sigmas_root.clone(),
constants_sigmas_cap: constants_sigmas_cap.clone(),
};
let prover_only = ProverOnlyCircuitData {
@ -603,7 +603,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
// TODO: This should also include an encoding of gate constraints.
let circuit_digest_parts = [
constants_sigmas_root
constants_sigmas_cap
.0
.into_iter()
.flat_map(|h| h.elements)

4
src/plonk/circuit_data.rs
View File

@ -149,7 +149,7 @@ pub(crate) struct ProverOnlyCircuitData<F: Extendable<D>, const D: usize> {
/// Circuit data required by the verifier, but not the prover.
pub(crate) struct VerifierOnlyCircuitData<F: Field> {
/// A commitment to each constant polynomial and each permutation polynomial.
pub(crate) constants_sigmas_root: MerkleCap<F>,
pub(crate) constants_sigmas_cap: MerkleCap<F>,
}
/// Circuit data required by both the prover and the verifier.
@ -239,5 +239,5 @@ impl<F: Extendable<D>, const D: usize> CommonCircuitData<F, D> {
/// dynamic, at least not without setting a maximum wire count and paying for the worst case.
pub struct VerifierCircuitTarget {
/// A commitment to each constant polynomial and each permutation polynomial.
pub(crate) constants_sigmas_root: MerkleCapTarget,
pub(crate) constants_sigmas_cap: MerkleCapTarget,
}

18
src/plonk/proof.rs
View File

@ -13,12 +13,12 @@ use crate::plonk::circuit_data::CommonCircuitData;
#[derive(Serialize, Deserialize, Clone, Debug)]
#[serde(bound = "")]
pub struct Proof<F: Extendable<D>, const D: usize> {
/// Merkle root of LDEs of wire values.
pub wires_root: MerkleCap<F>,
/// Merkle root of LDEs of Z, in the context of Plonk's permutation argument.
pub plonk_zs_partial_products_root: MerkleCap<F>,
/// Merkle root of LDEs of the quotient polynomial components.
pub quotient_polys_root: MerkleCap<F>,
/// Merkle cap of LDEs of wire values.
pub wires_cap: MerkleCap<F>,
/// Merkle cap of LDEs of Z, in the context of Plonk's permutation argument.
pub plonk_zs_partial_products_cap: MerkleCap<F>,
/// Merkle cap of LDEs of the quotient polynomial components.
pub quotient_polys_cap: MerkleCap<F>,
/// Purported values of each polynomial at the challenge point.
pub openings: OpeningSet<F, D>,
/// A batch FRI argument for all openings.
@ -33,9 +33,9 @@ pub struct ProofWithPublicInputs<F: Extendable<D>, const D: usize> {
}
pub struct ProofTarget<const D: usize> {
pub wires_root: MerkleCapTarget,
pub plonk_zs_partial_products_root: MerkleCapTarget,
pub quotient_polys_root: MerkleCapTarget,
pub wires_cap: MerkleCapTarget,
pub plonk_zs_partial_products_cap: MerkleCapTarget,
pub quotient_polys_cap: MerkleCapTarget,
pub openings: OpeningSetTarget<D>,
pub opening_proof: FriProofTarget<D>,
}

12
src/plonk/prover.rs
View File

@ -96,7 +96,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
challenger.observe_hash(&common_data.circuit_digest);
challenger.observe_hash(&public_inputs_hash);
challenger.observe_cap(&wires_commitment.merkle_tree.root);
challenger.observe_cap(&wires_commitment.merkle_tree.cap);
let betas = challenger.get_n_challenges(num_challenges);
let gammas = challenger.get_n_challenges(num_challenges);
@ -135,7 +135,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
)
);
challenger.observe_cap(&zs_partial_products_commitment.merkle_tree.root);
challenger.observe_cap(&zs_partial_products_commitment.merkle_tree.cap);
let alphas = challenger.get_n_challenges(num_challenges);
@ -184,7 +184,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
)
);
challenger.observe_cap(&quotient_polys_commitment.merkle_tree.root);
challenger.observe_cap(&quotient_polys_commitment.merkle_tree.cap);
let zeta = challenger.get_extension_challenge();
@ -208,9 +208,9 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
timing.print();
let proof = Proof {
wires_root: wires_commitment.merkle_tree.root,
plonk_zs_partial_products_root: zs_partial_products_commitment.merkle_tree.root,
quotient_polys_root: quotient_polys_commitment.merkle_tree.root,
wires_cap: wires_commitment.merkle_tree.cap,
plonk_zs_partial_products_cap: zs_partial_products_commitment.merkle_tree.cap,
quotient_polys_cap: quotient_polys_commitment.merkle_tree.cap,
openings,
opening_proof,
};

64
src/plonk/recursive_verifier.rs
View File

@ -44,14 +44,14 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
challenger.observe_hash(&digest);
challenger.observe_hash(&public_inputs_hash);
challenger.observe_cap(&proof.wires_root);
challenger.observe_cap(&proof.wires_cap);
let betas = challenger.get_n_challenges(self, num_challenges);
let gammas = challenger.get_n_challenges(self, num_challenges);
challenger.observe_cap(&proof.plonk_zs_partial_products_root);
challenger.observe_cap(&proof.plonk_zs_partial_products_cap);
let alphas = challenger.get_n_challenges(self, num_challenges);
challenger.observe_cap(&proof.quotient_polys_root);
challenger.observe_cap(&proof.quotient_polys_cap);
let zeta = challenger.get_extension_challenge(self);
(betas, gammas, alphas, zeta)
@ -107,11 +107,11 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
}
});
let merkle_roots = &[
inner_verifier_data.constants_sigmas_root.clone(),
proof.wires_root,
proof.plonk_zs_partial_products_root,
proof.quotient_polys_root,
let merkle_caps = &[
inner_verifier_data.constants_sigmas_cap.clone(),
proof.wires_cap,
proof.plonk_zs_partial_products_cap,
proof.quotient_polys_cap,
];
with_context!(
@ -120,7 +120,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
self.verify_fri_proof(
&proof.openings,
zeta,
merkle_roots,
merkle_caps,
&proof.opening_proof,
&mut challenger,
inner_common_data,
@ -190,11 +190,11 @@ mod tests {
public_inputs,
} = proof_with_pis;
let wires_root = builder.add_virtual_cap(log2_strict(proof.wires_root.0.len()));
let plonk_zs_root =
builder.add_virtual_cap(log2_strict(proof.plonk_zs_partial_products_root.0.len()));
let quotient_polys_root =
builder.add_virtual_cap(log2_strict(proof.quotient_polys_root.0.len()));
let wires_cap = builder.add_virtual_cap(log2_strict(proof.wires_cap.0.len()));
let plonk_zs_cap =
builder.add_virtual_cap(log2_strict(proof.plonk_zs_partial_products_cap.0.len()));
let quotient_polys_cap =
builder.add_virtual_cap(log2_strict(proof.quotient_polys_cap.0.len()));
let openings = OpeningSetTarget {
constants: builder.add_virtual_extension_targets(proof.openings.constants.len()),
@ -211,14 +211,14 @@ mod tests {
let query_round_proofs = (0..proof.opening_proof.query_round_proofs.len())
.map(|_| get_fri_query_round(proof, builder))
.collect();
let commit_phase_merkle_roots = proof
let commit_phase_merkle_caps = proof
.opening_proof
.commit_phase_merkle_roots
.commit_phase_merkle_caps
.iter()
.map(|r| builder.add_virtual_cap(log2_strict(r.0.len())))
.collect();
let opening_proof = FriProofTarget {
commit_phase_merkle_roots,
commit_phase_merkle_caps,
query_round_proofs,
final_poly: PolynomialCoeffsExtTarget(
builder.add_virtual_extension_targets(proof.opening_proof.final_poly.len()),
@ -227,9 +227,9 @@ mod tests {
};
let proof = ProofTarget {
wires_root,
plonk_zs_partial_products_root: plonk_zs_root,
quotient_polys_root,
wires_cap,
plonk_zs_partial_products_cap: plonk_zs_cap,
quotient_polys_cap,
openings,
opening_proof,
};
@ -261,12 +261,12 @@ mod tests {
pw.set_target(pi_t, pi);
}
pw.set_cap_target(&pt.wires_root, &proof.wires_root);
pw.set_cap_target(&pt.wires_cap, &proof.wires_cap);
pw.set_cap_target(
&pt.plonk_zs_partial_products_root,
&proof.plonk_zs_partial_products_root,
&pt.plonk_zs_partial_products_cap,
&proof.plonk_zs_partial_products_cap,
);
pw.set_cap_target(&pt.quotient_polys_root, &proof.quotient_polys_root);
pw.set_cap_target(&pt.quotient_polys_cap, &proof.quotient_polys_cap);
for (&t, &x) in pt.openings.wires.iter().zip(&proof.openings.wires) {
pw.set_extension_target(t, x);
@ -320,9 +320,9 @@ mod tests {
}
for (t, x) in fpt
.commit_phase_merkle_roots
.commit_phase_merkle_caps
.iter()
.zip(&fri_proof.commit_phase_merkle_roots)
.zip(&fri_proof.commit_phase_merkle_caps)
{
pw.set_cap_target(t, x);
}
@ -405,9 +405,9 @@ mod tests {
set_proof_target(&proof_with_pis, &pt, &mut pw);
let inner_data = VerifierCircuitTarget {
constants_sigmas_root: builder.add_virtual_cap(config.cap_height),
constants_sigmas_cap: builder.add_virtual_cap(config.cap_height),
};
pw.set_cap_target(&inner_data.constants_sigmas_root, &vd.constants_sigmas_root);
pw.set_cap_target(&inner_data.constants_sigmas_cap, &vd.constants_sigmas_cap);
builder.add_recursive_verifier(pt, &config, &inner_data, &cd);
@ -462,9 +462,9 @@ mod tests {
set_proof_target(&proof_with_pis, &pt, &mut pw);
let inner_data = VerifierCircuitTarget {
constants_sigmas_root: builder.add_virtual_cap(config.cap_height),
constants_sigmas_cap: builder.add_virtual_cap(config.cap_height),
};
pw.set_cap_target(&inner_data.constants_sigmas_root, &vd.constants_sigmas_root);
pw.set_cap_target(&inner_data.constants_sigmas_cap, &vd.constants_sigmas_cap);
builder.add_recursive_verifier(pt, &config, &inner_data, &cd);
@ -480,9 +480,9 @@ mod tests {
set_proof_target(&proof_with_pis, &pt, &mut pw);
let inner_data = VerifierCircuitTarget {
constants_sigmas_root: builder.add_virtual_cap(config.cap_height),
constants_sigmas_cap: builder.add_virtual_cap(config.cap_height),
};
pw.set_cap_target(&inner_data.constants_sigmas_root, &vd.constants_sigmas_root);
pw.set_cap_target(&inner_data.constants_sigmas_cap, &vd.constants_sigmas_cap);
builder.add_recursive_verifier(pt, &config, &inner_data, &cd);

18
src/plonk/verifier.rs
View File

@ -31,14 +31,14 @@ pub(crate) fn verify<F: Extendable<D>, const D: usize>(
challenger.observe_hash(&common_data.circuit_digest);
challenger.observe_hash(&public_inputs_hash);
challenger.observe_cap(&proof.wires_root);
challenger.observe_cap(&proof.wires_cap);
let betas = challenger.get_n_challenges(num_challenges);
let gammas = challenger.get_n_challenges(num_challenges);
challenger.observe_cap(&proof.plonk_zs_partial_products_root);
challenger.observe_cap(&proof.plonk_zs_partial_products_cap);
let alphas = challenger.get_n_challenges(num_challenges);
challenger.observe_cap(&proof.quotient_polys_root);
challenger.observe_cap(&proof.quotient_polys_cap);
let zeta = challenger.get_extension_challenge();
let local_constants = &proof.openings.constants;
@ -83,17 +83,17 @@ pub(crate) fn verify<F: Extendable<D>, const D: usize>(
ensure!(vanishing_polys_zeta[i] == z_h_zeta * reduce_with_powers(chunk, zeta_pow_deg));
}
let merkle_roots = &[
verifier_data.constants_sigmas_root.clone(),
proof.wires_root,
proof.plonk_zs_partial_products_root,
proof.quotient_polys_root,
let merkle_caps = &[
verifier_data.constants_sigmas_cap.clone(),
proof.wires_cap,
proof.plonk_zs_partial_products_cap,
proof.quotient_polys_cap,
];
verify_fri_proof(
&proof.openings,
zeta,
merkle_roots,
merkle_caps,
&proof.opening_proof,
&mut challenger,
common_data,