From f48d8c92bd3fd83e5bd0c24ba68e17031e3e15e4 Mon Sep 17 00:00:00 2001 From: Daniel Lubarov Date: Thu, 6 Jan 2022 23:04:33 -0800 Subject: [PATCH] Finish making FRI generic (#422) * Finish making FRI generic * fix quotient poly factor * Bound quotient degree factor --- plonky2/src/bin/bench_recursion.rs | 19 +------ plonky2/src/fri/mod.rs | 9 ++++ plonky2/src/fri/oracle.rs | 8 +-- plonky2/src/fri/proof.rs | 22 ++++---- plonky2/src/fri/recursive_verifier.rs | 70 ++++++++++--------------- plonky2/src/fri/verifier.rs | 34 +++++------- plonky2/src/plonk/circuit_builder.rs | 10 ++-- plonky2/src/plonk/circuit_data.rs | 9 ++-- plonky2/src/plonk/get_challenges.rs | 4 +- plonky2/src/plonk/proof.rs | 19 +++---- plonky2/src/plonk/prover.rs | 2 +- plonky2/src/plonk/recursive_verifier.rs | 6 +-- plonky2/src/plonk/verifier.rs | 4 +- 13 files changed, 91 insertions(+), 125 deletions(-) diff --git a/plonky2/src/bin/bench_recursion.rs b/plonky2/src/bin/bench_recursion.rs index cb8eaca9..f8566b1b 100644 --- a/plonky2/src/bin/bench_recursion.rs +++ b/plonky2/src/bin/bench_recursion.rs @@ -1,8 +1,6 @@ use anyhow::Result; use env_logger::Env; use log::info; -use plonky2::fri::reduction_strategies::FriReductionStrategy; -use plonky2::fri::FriConfig; use plonky2::hash::hashing::SPONGE_WIDTH; use plonky2::iop::witness::PartialWitness; use plonky2::plonk::circuit_builder::CircuitBuilder; @@ -20,22 +18,7 @@ fn main() -> Result<()> { } fn bench_prove, const D: usize>() -> Result<()> { - let config = CircuitConfig { - num_wires: 126, - num_routed_wires: 33, - constant_gate_size: 6, - use_base_arithmetic_gate: false, - security_bits: 128, - num_challenges: 3, - zero_knowledge: false, - fri_config: FriConfig { - rate_bits: 3, - cap_height: 1, - proof_of_work_bits: 15, - reduction_strategy: FriReductionStrategy::ConstantArityBits(3, 5), - num_query_rounds: 35, - }, - }; + let config = CircuitConfig::standard_recursion_config(); let inputs = PartialWitness::new(); let mut builder = CircuitBuilder::::new(config); diff --git a/plonky2/src/fri/mod.rs b/plonky2/src/fri/mod.rs index d59310de..573a189b 100644 --- a/plonky2/src/fri/mod.rs +++ b/plonky2/src/fri/mod.rs @@ -24,6 +24,12 @@ pub struct FriConfig { pub num_query_rounds: usize, } +impl FriConfig { + pub fn rate(&self) -> f64 { + 1.0 / ((1 << self.rate_bits) as f64) + } +} + /// FRI parameters, including generated parameters which are specific to an instance size, in /// contrast to `FriConfig` which is user-specified and independent of instance size. #[derive(Debug)] @@ -31,6 +37,9 @@ pub struct FriParams { /// User-specified FRI configuration. pub config: FriConfig, + /// Whether to use a hiding variant of Merkle trees (where random salts are added to leaves). + pub hiding: bool, + /// The degree of the purported codeword, measured in bits. pub degree_bits: usize, diff --git a/plonky2/src/fri/oracle.rs b/plonky2/src/fri/oracle.rs index ee391953..2d42e899 100644 --- a/plonky2/src/fri/oracle.rs +++ b/plonky2/src/fri/oracle.rs @@ -8,10 +8,10 @@ use rayon::prelude::*; use crate::fri::proof::FriProof; use crate::fri::prover::fri_proof; use crate::fri::structure::{FriBatchInfo, FriInstanceInfo}; +use crate::fri::FriParams; use crate::hash::hash_types::RichField; use crate::hash::merkle_tree::MerkleTree; use crate::iop::challenger::Challenger; -use crate::plonk::circuit_data::CommonCircuitData; use crate::plonk::config::GenericConfig; use crate::timed; use crate::util::reducing::ReducingFactor; @@ -131,7 +131,7 @@ impl, C: GenericConfig, const D: usize> instance: &FriInstanceInfo, oracles: &[&Self], challenger: &mut Challenger, - common_data: &CommonCircuitData, + fri_params: &FriParams, timing: &mut TimingTree, ) -> FriProof { assert!(D > 1, "Not implemented for D=1."); @@ -155,7 +155,7 @@ impl, C: GenericConfig, const D: usize> final_poly += quotient; } - let lde_final_poly = final_poly.lde(common_data.config.fri_config.rate_bits); + let lde_final_poly = final_poly.lde(fri_params.config.rate_bits); let lde_final_values = timed!( timing, &format!("perform final FFT {}", lde_final_poly.len()), @@ -170,7 +170,7 @@ impl, C: GenericConfig, const D: usize> lde_final_poly, lde_final_values, challenger, - &common_data.fri_params, + fri_params, timing, ); diff --git a/plonky2/src/fri/proof.rs b/plonky2/src/fri/proof.rs index 720ae378..ff81c2c5 100644 --- a/plonky2/src/fri/proof.rs +++ b/plonky2/src/fri/proof.rs @@ -5,6 +5,7 @@ use plonky2_field::extension_field::{flatten, unflatten, Extendable}; use plonky2_field::polynomial::PolynomialCoeffs; use serde::{Deserialize, Serialize}; +use crate::fri::FriParams; use crate::gadgets::polynomial::PolynomialCoeffsExtTarget; use crate::hash::hash_types::MerkleCapTarget; use crate::hash::hash_types::RichField; @@ -13,7 +14,6 @@ use crate::hash::merkle_tree::MerkleCap; use crate::hash::path_compression::{compress_merkle_proofs, decompress_merkle_proofs}; use crate::iop::ext_target::ExtensionTarget; use crate::iop::target::Target; -use crate::plonk::circuit_data::CommonCircuitData; use crate::plonk::config::{GenericConfig, Hasher}; use crate::plonk::plonk_common::salt_size; use crate::plonk::proof::{FriInferredElements, ProofChallenges}; @@ -136,7 +136,7 @@ impl, H: Hasher, const D: usize> FriProof>( self, indices: &[usize], - common_data: &CommonCircuitData, + params: &FriParams, ) -> CompressedFriProof { let FriProof { commit_phase_merkle_caps, @@ -145,8 +145,8 @@ impl, H: Hasher, const D: usize> FriProof, H: Hasher, const D: usize> CompressedFriPr self, challenges: &ProofChallenges, fri_inferred_elements: FriInferredElements, - common_data: &CommonCircuitData, + params: &FriParams, ) -> FriProof { let CompressedFriProof { commit_phase_merkle_caps, @@ -257,8 +257,8 @@ impl, H: Hasher, const D: usize> CompressedFriPr .. } = challenges; let mut fri_inferred_elements = fri_inferred_elements.0.into_iter(); - let cap_height = common_data.config.fri_config.cap_height; - let reduction_arity_bits = &common_data.fri_params.reduction_arity_bits; + let cap_height = params.config.cap_height; + let reduction_arity_bits = ¶ms.reduction_arity_bits; let num_reductions = reduction_arity_bits.len(); let num_initial_trees = query_round_proofs .initial_trees_proofs @@ -275,7 +275,7 @@ impl, H: Hasher, const D: usize> CompressedFriPr let mut steps_indices = vec![vec![]; num_reductions]; let mut steps_evals = vec![vec![]; num_reductions]; let mut steps_proofs = vec![vec![]; num_reductions]; - let height = common_data.degree_bits + common_data.config.fri_config.rate_bits; + let height = params.degree_bits + params.config.rate_bits; let heights = reduction_arity_bits .iter() .scan(height, |acc, &bits| { @@ -285,10 +285,8 @@ impl, H: Hasher, const D: usize> CompressedFriPr .collect::>(); // Holds the `evals` vectors that have already been reconstructed at each reduction depth. - let mut evals_by_depth = vec![ - HashMap::>::new(); - common_data.fri_params.reduction_arity_bits.len() - ]; + let mut evals_by_depth = + vec![HashMap::>::new(); params.reduction_arity_bits.len()]; for &(mut index) in indices { let initial_trees_proof = query_round_proofs.initial_trees_proofs[&index].clone(); for (i, (leaves_data, proof)) in diff --git a/plonky2/src/fri/recursive_verifier.rs b/plonky2/src/fri/recursive_verifier.rs index 447b045e..ba6ebcba 100644 --- a/plonky2/src/fri/recursive_verifier.rs +++ b/plonky2/src/fri/recursive_verifier.rs @@ -4,7 +4,7 @@ use plonky2_util::{log2_strict, reverse_index_bits_in_place}; use crate::fri::proof::{FriInitialTreeProofTarget, FriProofTarget, FriQueryRoundTarget}; use crate::fri::structure::{FriBatchInfoTarget, FriInstanceInfoTarget, FriOpeningsTarget}; -use crate::fri::FriConfig; +use crate::fri::{FriConfig, FriParams}; use crate::gadgets::interpolation::InterpolationGate; use crate::gates::gate::Gate; use crate::gates::interpolation::HighDegreeInterpolationGate; @@ -16,7 +16,6 @@ use crate::iop::challenger::RecursiveChallenger; use crate::iop::ext_target::{flatten_target, ExtensionTarget}; use crate::iop::target::{BoolTarget, Target}; use crate::plonk::circuit_builder::CircuitBuilder; -use crate::plonk::circuit_data::{CircuitConfig, CommonCircuitData}; use crate::plonk::config::{AlgebraicConfig, AlgebraicHasher, GenericConfig}; use crate::plonk::proof::OpeningSetTarget; use crate::util::reducing::ReducingFactorTarget; @@ -32,7 +31,6 @@ impl, const D: usize> CircuitBuilder { arity_bits: usize, evals: &[ExtensionTarget], beta: ExtensionTarget, - common_data: &CommonCircuitData, ) -> ExtensionTarget { let arity = 1 << arity_bits; debug_assert_eq!(evals.len(), arity); @@ -51,7 +49,7 @@ impl, const D: usize> CircuitBuilder { // The answer is gotten by interpolating {(x*g^i, P(x*g^i))} and evaluating at beta. // `HighDegreeInterpolationGate` has degree `arity`, so we use the low-degree gate if // the arity is too large. - if arity > common_data.quotient_degree_factor { + if arity > self.config.max_quotient_degree_factor { self.interpolate_coset::>( arity_bits, coset_start, @@ -71,17 +69,13 @@ impl, const D: usize> CircuitBuilder { /// Make sure we have enough wires and routed wires to do the FRI checks efficiently. This check /// isn't required -- without it we'd get errors elsewhere in the stack -- but just gives more /// helpful errors. - fn check_recursion_config>( - &self, - max_fri_arity_bits: usize, - common_data: &CommonCircuitData, - ) { + fn check_recursion_config>(&self, max_fri_arity_bits: usize) { let random_access = RandomAccessGate::::new_from_config( &self.config, max_fri_arity_bits.max(self.config.fri_config.cap_height), ); let (interpolation_wires, interpolation_routed_wires) = - if 1 << max_fri_arity_bits > common_data.quotient_degree_factor { + if 1 << max_fri_arity_bits > self.config.max_quotient_degree_factor { let gate = LowDegreeInterpolationGate::::new(max_fri_arity_bits); (gate.num_wires(), gate.num_routed_wires()) } else { @@ -133,22 +127,20 @@ impl, const D: usize> CircuitBuilder { initial_merkle_caps: &[MerkleCapTarget], proof: &FriProofTarget, challenger: &mut RecursiveChallenger, - common_data: &CommonCircuitData, + params: &FriParams, ) { - let config = &common_data.config; - - if let Some(max_arity_bits) = common_data.fri_params.max_arity_bits() { - self.check_recursion_config(max_arity_bits, common_data); + if let Some(max_arity_bits) = params.max_arity_bits() { + self.check_recursion_config::(max_arity_bits); } debug_assert_eq!( - common_data.fri_params.final_poly_len(), + params.final_poly_len(), proof.final_poly.len(), "Final polynomial has wrong degree." ); // Size of the LDE domain. - let n = common_data.lde_size(); + let n = params.lde_size(); challenger.observe_opening_set(os); @@ -172,12 +164,12 @@ impl, const D: usize> CircuitBuilder { with_context!( self, "check PoW", - self.fri_verify_proof_of_work::(proof, challenger, &config.fri_config) + self.fri_verify_proof_of_work::(proof, challenger, ¶ms.config) ); // Check that parameters are coherent. debug_assert_eq!( - config.fri_config.num_query_rounds, + params.config.num_query_rounds, proof.query_round_proofs.len(), "Number of query rounds does not match config." ); @@ -203,7 +195,7 @@ impl, const D: usize> CircuitBuilder { self, level, &format!("verify one (of {}) query rounds", num_queries), - self.fri_verifier_query_round( + self.fri_verifier_query_round::( instance, alpha, &precomputed_reduced_evals, @@ -213,7 +205,7 @@ impl, const D: usize> CircuitBuilder { n, &betas, round_proof, - common_data, + params, ) ); } @@ -253,15 +245,14 @@ impl, const D: usize> CircuitBuilder { alpha: ExtensionTarget, subgroup_x: Target, precomputed_reduced_evals: &PrecomputedReducedOpeningsTarget, - common_data: &CommonCircuitData, + params: &FriParams, ) -> ExtensionTarget { assert!(D > 1, "Not implemented for D=1."); - let config = &common_data.config; - let degree_log = common_data.degree_bits; + let degree_log = params.degree_bits; debug_assert_eq!( degree_log, - common_data.config.fri_config.cap_height + proof.evals_proofs[0].1.siblings.len() - - config.fri_config.rate_bits + params.config.cap_height + proof.evals_proofs[0].1.siblings.len() + - params.config.rate_bits ); let subgroup_x = self.convert_to_ext(subgroup_x); let mut alpha = ReducingFactorTarget::new(alpha); @@ -277,7 +268,7 @@ impl, const D: usize> CircuitBuilder { .iter() .map(|p| { let poly_blinding = instance.oracles[p.oracle_index].blinding; - let salted = config.zero_knowledge && poly_blinding; + let salted = params.hiding && poly_blinding; proof.unsalted_eval(p.oracle_index, p.polynomial_index, salted) }) .collect_vec(); @@ -302,19 +293,18 @@ impl, const D: usize> CircuitBuilder { n: usize, betas: &[ExtensionTarget], round_proof: &FriQueryRoundTarget, - common_data: &CommonCircuitData, + params: &FriParams, ) { let n_log = log2_strict(n); // Note that this `low_bits` decomposition permits non-canonical binary encodings. Here we // verify that this has a negligible impact on soundness error. - Self::assert_noncanonical_indices_ok(&common_data.config); + Self::assert_noncanonical_indices_ok(¶ms.config); let x_index = challenger.get_challenge(self); let mut x_index_bits = self.low_bits(x_index, n_log, F::BITS); - let cap_index = self.le_sum( - x_index_bits[x_index_bits.len() - common_data.config.fri_config.cap_height..].iter(), - ); + let cap_index = + self.le_sum(x_index_bits[x_index_bits.len() - params.config.cap_height..].iter()); with_context!( self, "check FRI initial proof", @@ -340,22 +330,17 @@ impl, const D: usize> CircuitBuilder { let mut old_eval = with_context!( self, "combine initial oracles", - self.fri_combine_initial( + self.fri_combine_initial::( instance, &round_proof.initial_trees_proof, alpha, subgroup_x, precomputed_reduced_evals, - common_data, + params, ) ); - for (i, &arity_bits) in common_data - .fri_params - .reduction_arity_bits - .iter() - .enumerate() - { + for (i, &arity_bits) in params.reduction_arity_bits.iter().enumerate() { let evals = &round_proof.steps[i].evals; // Split x_index into the index of the coset x is in, and the index of x within that coset. @@ -370,13 +355,12 @@ impl, const D: usize> CircuitBuilder { old_eval = with_context!( self, "infer evaluation using interpolation", - self.compute_evaluation( + self.compute_evaluation::( subgroup_x, x_index_within_coset_bits, arity_bits, evals, betas[i], - common_data ) ); @@ -423,7 +407,7 @@ impl, const D: usize> CircuitBuilder { /// Thus ambiguous elements contribute a negligible amount to soundness error. /// /// Here we compare the probabilities as a sanity check, to verify the claim above. - fn assert_noncanonical_indices_ok(config: &CircuitConfig) { + fn assert_noncanonical_indices_ok(config: &FriConfig) { let num_ambiguous_elems = u64::MAX - F::ORDER + 1; let query_error = config.rate(); let p_ambiguous = (num_ambiguous_elems as f64) / (F::ORDER as f64); diff --git a/plonky2/src/fri/verifier.rs b/plonky2/src/fri/verifier.rs index 34f7a3dd..e95cb80a 100644 --- a/plonky2/src/fri/verifier.rs +++ b/plonky2/src/fri/verifier.rs @@ -6,11 +6,10 @@ use plonky2_util::{log2_strict, reverse_index_bits_in_place}; use crate::fri::proof::{FriInitialTreeProof, FriProof, FriQueryRound}; use crate::fri::structure::{FriBatchInfo, FriInstanceInfo, FriOpenings}; -use crate::fri::FriConfig; +use crate::fri::{FriConfig, FriParams}; use crate::hash::hash_types::RichField; use crate::hash::merkle_proofs::verify_merkle_proof; use crate::hash::merkle_tree::MerkleCap; -use crate::plonk::circuit_data::CommonCircuitData; use crate::plonk::config::{GenericConfig, Hasher}; use crate::plonk::proof::{OpeningSet, ProofChallenges}; use crate::util::reducing::ReducingFactor; @@ -69,23 +68,22 @@ pub(crate) fn verify_fri_proof< challenges: &ProofChallenges, initial_merkle_caps: &[MerkleCap], proof: &FriProof, - common_data: &CommonCircuitData, + params: &FriParams, ) -> Result<()> { - let config = &common_data.config; ensure!( - common_data.fri_params.final_poly_len() == proof.final_poly.len(), + params.final_poly_len() == proof.final_poly.len(), "Final polynomial has wrong degree." ); // Size of the LDE domain. - let n = common_data.lde_size(); + let n = params.lde_size(); // Check PoW. - fri_verify_proof_of_work(challenges.fri_pow_response, &config.fri_config)?; + fri_verify_proof_of_work(challenges.fri_pow_response, ¶ms.config)?; // Check that parameters are coherent. ensure!( - config.fri_config.num_query_rounds == proof.query_round_proofs.len(), + params.config.num_query_rounds == proof.query_round_proofs.len(), "Number of query rounds does not match config." ); @@ -105,7 +103,7 @@ pub(crate) fn verify_fri_proof< x_index, n, round_proof, - common_data, + params, )?; } @@ -134,9 +132,8 @@ pub(crate) fn fri_combine_initial< alpha: F::Extension, subgroup_x: F, precomputed_reduced_evals: &PrecomputedReducedOpenings, - common_data: &CommonCircuitData, + params: &FriParams, ) -> F::Extension { - let config = &common_data.config; assert!(D > 1, "Not implemented for D=1."); let subgroup_x = F::Extension::from_basefield(subgroup_x); let mut alpha = ReducingFactor::new(alpha); @@ -152,7 +149,7 @@ pub(crate) fn fri_combine_initial< .iter() .map(|p| { let poly_blinding = instance.oracles[p.oracle_index].blinding; - let salted = config.zero_knowledge && poly_blinding; + let salted = params.hiding && poly_blinding; proof.unsalted_eval(p.oracle_index, p.polynomial_index, salted) }) .map(F::Extension::from_basefield); @@ -179,7 +176,7 @@ fn fri_verifier_query_round< mut x_index: usize, n: usize, round_proof: &FriQueryRound, - common_data: &CommonCircuitData, + params: &FriParams, ) -> Result<()> { fri_verify_initial_proof::( x_index, @@ -193,21 +190,16 @@ fn fri_verifier_query_round< // old_eval is the last derived evaluation; it will be checked for consistency with its // committed "parent" value in the next iteration. - let mut old_eval = fri_combine_initial( + let mut old_eval = fri_combine_initial::( instance, &round_proof.initial_trees_proof, challenges.fri_alpha, subgroup_x, precomputed_reduced_evals, - common_data, + params, ); - for (i, &arity_bits) in common_data - .fri_params - .reduction_arity_bits - .iter() - .enumerate() - { + for (i, &arity_bits) in params.reduction_arity_bits.iter().enumerate() { let arity = 1 << arity_bits; let evals = &round_proof.steps[i].evals; diff --git a/plonky2/src/plonk/circuit_builder.rs b/plonky2/src/plonk/circuit_builder.rs index ca9f5a6b..d83e2b9f 100644 --- a/plonky2/src/plonk/circuit_builder.rs +++ b/plonky2/src/plonk/circuit_builder.rs @@ -377,6 +377,7 @@ impl, const D: usize> CircuitBuilder { ); FriParams { config: fri_config.clone(), + hiding: self.config.zero_knowledge, degree_bits, reduction_arity_bits, } @@ -588,6 +589,7 @@ impl, const D: usize> CircuitBuilder { pub fn build>(mut self) -> CircuitData { let mut timing = TimingTree::new("preprocess", Level::Trace); let start = Instant::now(); + let rate_bits = self.config.fri_config.rate_bits; self.fill_batched_gates(); @@ -620,14 +622,16 @@ impl, const D: usize> CircuitBuilder { let gates = self.gates.iter().cloned().collect(); let (gate_tree, max_filtered_constraint_degree, num_constants) = Tree::from_gates(gates); + let prefixed_gates = PrefixedGate::from_tree(gate_tree); + // `quotient_degree_factor` has to be between `max_filtered_constraint_degree-1` and `1< f64 { - 1.0 / ((1 << self.fri_config.rate_bits) as f64) - } - pub fn num_advice_wires(&self) -> usize { self.num_wires - self.num_routed_wires } @@ -70,6 +68,7 @@ impl CircuitConfig { security_bits: 100, num_challenges: 2, zero_knowledge: false, + max_quotient_degree_factor: 8, fri_config: FriConfig { rate_bits: 3, cap_height: 4, diff --git a/plonky2/src/plonk/get_challenges.rs b/plonky2/src/plonk/get_challenges.rs index bbb91d79..c340cef9 100644 --- a/plonky2/src/plonk/get_challenges.rs +++ b/plonky2/src/plonk/get_challenges.rs @@ -197,7 +197,7 @@ impl, C: GenericConfig, const D: usize> for &(mut x_index) in fri_query_indices { let mut subgroup_x = F::MULTIPLICATIVE_GROUP_GENERATOR * F::primitive_root_of_unity(log_n).exp_u64(reverse_bits(x_index, log_n) as u64); - let mut old_eval = fri_combine_initial( + let mut old_eval = fri_combine_initial::( &common_data.get_fri_instance(*plonk_zeta), &self .proof @@ -207,7 +207,7 @@ impl, C: GenericConfig, const D: usize> *fri_alpha, subgroup_x, &precomputed_reduced_evals, - common_data, + &common_data.fri_params, ); for (i, &arity_bits) in common_data .fri_params diff --git a/plonky2/src/plonk/proof.rs b/plonky2/src/plonk/proof.rs index c2dd47f3..cd49de89 100644 --- a/plonky2/src/plonk/proof.rs +++ b/plonky2/src/plonk/proof.rs @@ -7,6 +7,7 @@ use crate::fri::proof::{CompressedFriProof, FriProof, FriProofTarget}; use crate::fri::structure::{ FriOpeningBatch, FriOpeningBatchTarget, FriOpenings, FriOpeningsTarget, }; +use crate::fri::FriParams; use crate::hash::hash_types::{MerkleCapTarget, RichField}; use crate::hash::merkle_tree::MerkleCap; use crate::iop::ext_target::ExtensionTarget; @@ -41,11 +42,7 @@ pub struct ProofTarget { impl, C: GenericConfig, const D: usize> Proof { /// Compress the proof. - pub fn compress( - self, - indices: &[usize], - common_data: &CommonCircuitData, - ) -> CompressedProof { + pub fn compress(self, indices: &[usize], params: &FriParams) -> CompressedProof { let Proof { wires_cap, plonk_zs_partial_products_cap, @@ -59,7 +56,7 @@ impl, C: GenericConfig, const D: usize> P plonk_zs_partial_products_cap, quotient_polys_cap, openings, - opening_proof: opening_proof.compress(indices, common_data), + opening_proof: opening_proof.compress::(indices, params), } } } @@ -83,7 +80,7 @@ impl, C: GenericConfig, const D: usize> common_data: &CommonCircuitData, ) -> anyhow::Result> { let indices = self.fri_query_indices(common_data)?; - let compressed_proof = self.proof.compress(&indices, common_data); + let compressed_proof = self.proof.compress(&indices, &common_data.fri_params); Ok(CompressedProofWithPublicInputs { public_inputs: self.public_inputs, proof: compressed_proof, @@ -136,7 +133,7 @@ impl, C: GenericConfig, const D: usize> self, challenges: &ProofChallenges, fri_inferred_elements: FriInferredElements, - common_data: &CommonCircuitData, + params: &FriParams, ) -> Proof { let CompressedProof { wires_cap, @@ -151,7 +148,7 @@ impl, C: GenericConfig, const D: usize> plonk_zs_partial_products_cap, quotient_polys_cap, openings, - opening_proof: opening_proof.decompress(challenges, fri_inferred_elements, common_data), + opening_proof: opening_proof.decompress::(challenges, fri_inferred_elements, params), } } } @@ -178,7 +175,7 @@ impl, C: GenericConfig, const D: usize> let fri_inferred_elements = self.get_inferred_elements(&challenges, common_data); let decompressed_proof = self.proof - .decompress(&challenges, fri_inferred_elements, common_data); + .decompress(&challenges, fri_inferred_elements, &common_data.fri_params); Ok(ProofWithPublicInputs { public_inputs: self.public_inputs, proof: decompressed_proof, @@ -194,7 +191,7 @@ impl, C: GenericConfig, const D: usize> let fri_inferred_elements = self.get_inferred_elements(&challenges, common_data); let decompressed_proof = self.proof - .decompress(&challenges, fri_inferred_elements, common_data); + .decompress(&challenges, fri_inferred_elements, &common_data.fri_params); verify_with_challenges( ProofWithPublicInputs { public_inputs: self.public_inputs, diff --git a/plonky2/src/plonk/prover.rs b/plonky2/src/plonk/prover.rs index abd2c552..d371d7b7 100644 --- a/plonky2/src/plonk/prover.rs +++ b/plonky2/src/plonk/prover.rs @@ -209,7 +209,7 @@ pub(crate) fn prove, C: GenericConfig, co "ient_polys_commitment, ], &mut challenger, - common_data, + &common_data.fri_params, timing, ) ); diff --git a/plonky2/src/plonk/recursive_verifier.rs b/plonky2/src/plonk/recursive_verifier.rs index ba653e22..4e8583d3 100644 --- a/plonky2/src/plonk/recursive_verifier.rs +++ b/plonky2/src/plonk/recursive_verifier.rs @@ -30,7 +30,7 @@ impl, const D: usize> CircuitBuilder { let public_inputs_hash = &self.hash_n_to_hash::(public_inputs, true); - let mut challenger = RecursiveChallenger::new(self); + let mut challenger = RecursiveChallenger::::new(self); let (betas, gammas, alphas, zeta) = with_context!(self, "observe proof and generates challenges", { @@ -111,13 +111,13 @@ impl, const D: usize> CircuitBuilder { with_context!( self, "verify FRI proof", - self.verify_fri_proof( + self.verify_fri_proof::( &fri_instance, &proof.openings, merkle_caps, &proof.opening_proof, &mut challenger, - inner_common_data, + &inner_common_data.fri_params, ) ); } diff --git a/plonky2/src/plonk/verifier.rs b/plonky2/src/plonk/verifier.rs index 3dca02a7..e612a1c9 100644 --- a/plonky2/src/plonk/verifier.rs +++ b/plonky2/src/plonk/verifier.rs @@ -85,13 +85,13 @@ pub(crate) fn verify_with_challenges< proof.quotient_polys_cap, ]; - verify_fri_proof( + verify_fri_proof::( &common_data.get_fri_instance(challenges.plonk_zeta), &proof.openings, &challenges, merkle_caps, &proof.opening_proof, - common_data, + &common_data.fri_params, )?; Ok(())