mirror of
https://github.com/logos-storage/plonky2.git
synced 2026-01-08 00:33:06 +00:00
Progress
This commit is contained in:
wborgeaud
parent
b8e764bb90
commit
f7c4a463fc
@ -1,4 +1,4 @@
|
||||
use std::ops::Range;
|
||||
use std::ops::{Range, RangeFrom};
|
||||
|
||||
use anyhow::Result;
|
||||
|
||||
@ -201,6 +201,16 @@ impl<F: Extendable<D>, const D: usize> CommonCircuitData<F, D> {
|
||||
pub fn sigmas_range(&self) -> Range<usize> {
|
||||
self.num_constants..self.num_constants + self.config.num_routed_wires
|
||||
}
|
||||
|
||||
/// Range of the constants polynomials in the `constants_sigmas_commitment`.
|
||||
pub fn zs_range(&self) -> Range<usize> {
|
||||
0..self.config.num_challenges
|
||||
}
|
||||
|
||||
/// Range of the sigma polynomials in the `constants_sigmas_commitment`.
|
||||
pub fn partial_products_range(&self) -> RangeFrom<usize> {
|
||||
self.config.num_challenges..
|
||||
}
|
||||
}
|
||||
|
||||
/// The `Target` version of `VerifierCircuitData`, for use inside recursive circuits. Note that this
|
||||
|
||||
@ -9,6 +9,7 @@ use crate::gates::gate::{GateRef, PrefixedGate};
|
||||
use crate::polynomial::commitment::SALT_SIZE;
|
||||
use crate::polynomial::polynomial::PolynomialCoeffs;
|
||||
use crate::target::Target;
|
||||
use crate::util::partial_products::partial_products;
|
||||
use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
|
||||
|
||||
/// Holds the Merkle tree index and blinding flag of a set of polynomials used in FRI.
|
||||
@ -114,8 +115,9 @@ pub(crate) fn eval_vanishing_poly_base<F: Extendable<D>, const D: usize>(
|
||||
index: usize,
|
||||
x: F,
|
||||
vars: EvaluationVarsBase<F>,
|
||||
local_plonk_zs: &[F],
|
||||
next_plonk_zs: &[F],
|
||||
local_zs: &[F],
|
||||
next_zs: &[F],
|
||||
local_partial_products: &[F],
|
||||
s_sigmas: &[F],
|
||||
betas: &[F],
|
||||
gammas: &[F],
|
||||
@ -127,29 +129,66 @@ pub(crate) fn eval_vanishing_poly_base<F: Extendable<D>, const D: usize>(
|
||||
|
||||
// The L_1(x) (Z(x) - 1) vanishing terms.
|
||||
let mut vanishing_z_1_terms = Vec::new();
|
||||
// The terms checking the partial products.
|
||||
let mut vanishing_partial_products_terms = Vec::new();
|
||||
// The Z(x) f'(x) - g'(x) Z(g x) terms.
|
||||
let mut vanishing_v_shift_terms = Vec::new();
|
||||
|
||||
for i in 0..common_data.config.num_challenges {
|
||||
let z_x = local_plonk_zs[i];
|
||||
let z_gz = next_plonk_zs[i];
|
||||
let z_x = local_zs[i];
|
||||
let z_gz = next_zs[i];
|
||||
vanishing_z_1_terms.push(z_h_on_coset.eval_l1(index, x) * (z_x - F::ONE));
|
||||
|
||||
let mut f_prime = F::ONE;
|
||||
let mut g_prime = F::ONE;
|
||||
for j in 0..common_data.config.num_routed_wires {
|
||||
let wire_value = vars.local_wires[j];
|
||||
let k_i = common_data.k_is[j];
|
||||
let s_id = k_i * x;
|
||||
let s_sigma = s_sigmas[j];
|
||||
f_prime *= wire_value + betas[i] * s_id + gammas[i];
|
||||
g_prime *= wire_value + betas[i] * s_sigma + gammas[i];
|
||||
}
|
||||
vanishing_v_shift_terms.push(f_prime * z_x - g_prime * z_gz);
|
||||
let numerator_values = (0..common_data.config.num_routed_wires)
|
||||
.map(|j| {
|
||||
let wire_value = vars.local_wires[j];
|
||||
let k_i = common_data.k_is[j];
|
||||
let s_id = k_i * x;
|
||||
wire_value + betas[i] * s_id + gammas[i]
|
||||
})
|
||||
.collect::<Vec<_>>();
|
||||
let denominator_values = (0..common_data.config.num_routed_wires)
|
||||
.map(|j| {
|
||||
let wire_value = vars.local_wires[j];
|
||||
let s_sigma = s_sigmas[j];
|
||||
wire_value + betas[i] * s_sigma + gammas[i]
|
||||
})
|
||||
.collect::<Vec<_>>();
|
||||
let numerator_partial_products =
|
||||
partial_products(numerator_values, common_data.max_filtered_constraint_degree);
|
||||
let denominator_partial_products = partial_products(
|
||||
denominator_values,
|
||||
common_data.max_filtered_constraint_degree,
|
||||
);
|
||||
|
||||
dbg!(numerator_partial_products
|
||||
.clone()
|
||||
.0
|
||||
.into_iter()
|
||||
.chain(denominator_partial_products.clone().0)
|
||||
.zip(local_partial_products)
|
||||
.map(|(a, &b)| a - b)
|
||||
.collect::<Vec<_>>(),);
|
||||
vanishing_partial_products_terms.append(
|
||||
&mut numerator_partial_products
|
||||
.0
|
||||
.into_iter()
|
||||
.chain(denominator_partial_products.0)
|
||||
.zip(local_partial_products)
|
||||
.map(|(a, &b)| a - b)
|
||||
.collect::<Vec<_>>(),
|
||||
);
|
||||
dbg!(&numerator_partial_products.1);
|
||||
dbg!(&denominator_partial_products.1);
|
||||
dbg!(common_data.max_filtered_constraint_degree);
|
||||
let f_prime: F = numerator_partial_products.1.into_iter().product();
|
||||
let g_prime: F = denominator_partial_products.1.into_iter().product();
|
||||
// vanishing_v_shift_terms.push(f_prime * z_x - g_prime * z_gz);
|
||||
}
|
||||
|
||||
let vanishing_terms = [
|
||||
vanishing_z_1_terms,
|
||||
vanishing_partial_products_terms,
|
||||
vanishing_v_shift_terms,
|
||||
constraint_terms,
|
||||
]
|
||||
|
||||
@ -90,9 +90,10 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
|
||||
"to compute Z's"
|
||||
);
|
||||
|
||||
let zs_partial_products = [plonk_z_vecs, partial_products.concat()].concat();
|
||||
let plonk_zs_commitment = timed!(
|
||||
ListPolynomialCommitment::new(
|
||||
plonk_z_vecs,
|
||||
zs_partial_products,
|
||||
fri_config.rate_bits,
|
||||
PlonkPolynomials::ZS.blinding
|
||||
),
|
||||
@ -123,7 +124,7 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
|
||||
.flat_map(|mut quotient_poly| {
|
||||
quotient_poly.trim();
|
||||
quotient_poly.pad(quotient_degree).expect(
|
||||
"The quotient polynomial doesn't have the right degree.\
|
||||
"The quotient polynomial doesn't have the right degree. \
|
||||
This may be because the `Z`s polynomials are still too high degree.",
|
||||
);
|
||||
// Split t into degree-n chunks.
|
||||
@ -202,12 +203,9 @@ fn wires_permutation_partial_products<F: Extendable<D>, const D: usize>(
|
||||
prover_data: &ProverOnlyCircuitData<F, D>,
|
||||
common_data: &CommonCircuitData<F, D>,
|
||||
) -> Vec<PolynomialValues<F>> {
|
||||
let vanish_degree = common_data
|
||||
.max_filtered_constraint_degree
|
||||
.next_power_of_two();
|
||||
let num_polys = ceil_div_usize(common_data.config.num_routed_wires, vanish_degree);
|
||||
let degree = common_data.max_filtered_constraint_degree;
|
||||
let subgroup = &prover_data.subgroup;
|
||||
let mut values = vec![vec![F::ONE; 2 * num_polys]];
|
||||
let mut values = Vec::new();
|
||||
let k_is = &common_data.k_is;
|
||||
for i in 1..common_data.degree() {
|
||||
let x = subgroup[i - 1];
|
||||
@ -228,13 +226,14 @@ fn wires_permutation_partial_products<F: Extendable<D>, const D: usize>(
|
||||
})
|
||||
.collect::<Vec<_>>();
|
||||
let partials = [
|
||||
partial_products(numerator_values, vanish_degree),
|
||||
partial_products(denominator_values, vanish_degree),
|
||||
partial_products(numerator_values, degree).0,
|
||||
partial_products(denominator_values, degree).0,
|
||||
]
|
||||
.concat();
|
||||
values.push(partials);
|
||||
}
|
||||
|
||||
values.insert(0, vec![F::ONE; values[0].len()]);
|
||||
transpose(&values)
|
||||
.into_par_iter()
|
||||
.map(PolynomialValues::new)
|
||||
@ -280,7 +279,7 @@ fn compute_quotient_polys<'a, F: Extendable<D>, const D: usize>(
|
||||
common_data: &CommonCircuitData<F, D>,
|
||||
prover_data: &'a ProverOnlyCircuitData<F, D>,
|
||||
wires_commitment: &'a ListPolynomialCommitment<F>,
|
||||
plonk_zs_commitment: &'a ListPolynomialCommitment<F>,
|
||||
zs_partial_products_commitment: &'a ListPolynomialCommitment<F>,
|
||||
betas: &[F],
|
||||
gammas: &[F],
|
||||
alphas: &[F],
|
||||
@ -322,11 +321,15 @@ fn compute_quotient_polys<'a, F: Extendable<D>, const D: usize>(
|
||||
let local_constants = &local_constants_sigmas[common_data.constants_range()];
|
||||
let s_sigmas = &local_constants_sigmas[common_data.sigmas_range()];
|
||||
let local_wires = get_at_index(wires_commitment, i);
|
||||
let local_plonk_zs = get_at_index(plonk_zs_commitment, i);
|
||||
let next_plonk_zs = get_at_index(plonk_zs_commitment, i_next);
|
||||
let local_zs_partial_products = get_at_index(zs_partial_products_commitment, i);
|
||||
let local_zs = &local_zs_partial_products[common_data.zs_range()];
|
||||
let next_zs =
|
||||
&get_at_index(zs_partial_products_commitment, i_next)[common_data.zs_range()];
|
||||
let local_partial_products =
|
||||
&local_zs_partial_products[common_data.partial_products_range()];
|
||||
|
||||
debug_assert_eq!(local_wires.len(), common_data.config.num_wires);
|
||||
debug_assert_eq!(local_plonk_zs.len(), num_challenges);
|
||||
debug_assert_eq!(local_zs.len(), num_challenges);
|
||||
|
||||
let vars = EvaluationVarsBase {
|
||||
local_constants,
|
||||
@ -337,8 +340,9 @@ fn compute_quotient_polys<'a, F: Extendable<D>, const D: usize>(
|
||||
i,
|
||||
shifted_x,
|
||||
vars,
|
||||
local_plonk_zs,
|
||||
next_plonk_zs,
|
||||
local_zs,
|
||||
next_zs,
|
||||
local_partial_products,
|
||||
s_sigmas,
|
||||
betas,
|
||||
gammas,
|
||||
|
||||
@ -1,19 +1,19 @@
|
||||
use std::iter::Product;
|
||||
|
||||
pub fn partial_products<T: Product + Copy>(v: Vec<T>, max_degree: usize) -> Vec<T> {
|
||||
pub fn partial_products<T: Product + Copy>(v: Vec<T>, max_degree: usize) -> (Vec<T>, Vec<T>) {
|
||||
let mut res = Vec::new();
|
||||
let mut remainder = v;
|
||||
while remainder.len() > max_degree {
|
||||
while remainder.len() >= max_degree {
|
||||
let new_partials = remainder
|
||||
.chunks(max_degree)
|
||||
.filter(|chunk| chunk.len() != 1) // Don't need to compute the product in this case.
|
||||
// TODO: If `chunk.len()=1`, there's some redundant data.
|
||||
.map(|chunk| chunk.iter().copied().product())
|
||||
.collect::<Vec<_>>();
|
||||
res.extend_from_slice(&new_partials);
|
||||
remainder = new_partials;
|
||||
}
|
||||
|
||||
res
|
||||
(res, remainder)
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
@ -24,7 +24,7 @@ mod tests {
|
||||
fn test_partial_products() {
|
||||
assert_eq!(
|
||||
partial_products(vec![1, 2, 3, 4, 5, 6], 2),
|
||||
vec![2, 12, 30, 24]
|
||||
(vec![2, 12, 30, 24, 30], vec![24, 30])
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user