Comments

src/gates/gmimc.rs

@@ -17,8 +17,7 @@ use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 ///
 /// This also has some extra features to make it suitable for efficiently verifying Merkle proofs.
 /// It has a flag which can be used to swap the first four inputs with the next four, for ordering
-/// sibling digests. It also has an accumulator that computes the weighted sum of these flags, for
-/// computing the index of the leaf based on these swap bits.
+/// sibling digests.
 #[derive(Debug)]
 pub struct GMiMCGate<
     F: RichField + Extendable<D> + GMiMC<WIDTH>,

src/gates/poseidon.rs

@@ -18,8 +18,7 @@ use crate::plonk::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 ///
 /// This also has some extra features to make it suitable for efficiently verifying Merkle proofs.
 /// It has a flag which can be used to swap the first four inputs with the next four, for ordering
-/// sibling digests. It also has an accumulator that computes the weighted sum of these flags, for
-/// computing the index of the leaf based on these swap bits.
+/// sibling digests.
 #[derive(Debug)]
 pub struct PoseidonGate<
     F: RichField + Extendable<D> + Poseidon<WIDTH>,
@@ -117,6 +116,7 @@ where
         let mut state: [F::Extension; WIDTH] = state.try_into().unwrap();
         let mut round_ctr = 0;
 
+        // First set of full rounds.
         for r in 0..poseidon::HALF_N_FULL_ROUNDS {
             <F as Poseidon<WIDTH>>::constant_layer(&mut state, round_ctr);
             for i in 0..WIDTH {
@@ -129,6 +129,7 @@ where
             round_ctr += 1;
         }
 
+        // Partial rounds.
         <F as Poseidon<WIDTH>>::partial_first_constant_layer(&mut state);
         state = <F as Poseidon<WIDTH>>::mds_partial_layer_init(&mut state);
         for r in 0..(poseidon::N_PARTIAL_ROUNDS - 1) {
@@ -149,6 +150,7 @@ where
         );
         round_ctr += poseidon::N_PARTIAL_ROUNDS;
 
+        // Second set of full rounds.
         for r in 0..poseidon::HALF_N_FULL_ROUNDS {
             <F as Poseidon<WIDTH>>::constant_layer(&mut state, round_ctr);
             for i in 0..WIDTH {
@@ -193,6 +195,7 @@ where
         let mut state: [F; WIDTH] = state.try_into().unwrap();
         let mut round_ctr = 0;
 
+        // First set of full rounds.
         for r in 0..poseidon::HALF_N_FULL_ROUNDS {
             <F as Poseidon<WIDTH>>::constant_layer(&mut state, round_ctr);
             for i in 0..WIDTH {
@@ -205,6 +208,7 @@ where
             round_ctr += 1;
         }
 
+        // Partial rounds.
         <F as Poseidon<WIDTH>>::partial_first_constant_layer(&mut state);
         state = <F as Poseidon<WIDTH>>::mds_partial_layer_init(&mut state);
         for r in 0..(poseidon::N_PARTIAL_ROUNDS - 1) {
@@ -224,6 +228,7 @@ where
         );
         round_ctr += poseidon::N_PARTIAL_ROUNDS;
 
+        // Second set of full rounds.
         for r in 0..poseidon::HALF_N_FULL_ROUNDS {
             <F as Poseidon<WIDTH>>::constant_layer(&mut state, round_ctr);
             for i in 0..WIDTH {
@@ -275,6 +280,7 @@ where
         let mut state: [ExtensionTarget<D>; WIDTH] = state.try_into().unwrap();
         let mut round_ctr = 0;
 
+        // First set of full rounds.
         for r in 0..poseidon::HALF_N_FULL_ROUNDS {
             <F as Poseidon<WIDTH>>::constant_layer_recursive(builder, &mut state, round_ctr);
             for i in 0..WIDTH {
@@ -287,6 +293,7 @@ where
             round_ctr += 1;
         }
 
+        // Partial rounds.
         <F as Poseidon<WIDTH>>::partial_first_constant_layer_recursive(builder, &mut state);
         state = <F as Poseidon<WIDTH>>::mds_partial_layer_init_recursive(builder, &mut state);
         for r in 0..(poseidon::N_PARTIAL_ROUNDS - 1) {
@@ -313,6 +320,7 @@ where
         );
         round_ctr += poseidon::N_PARTIAL_ROUNDS;
 
+        // Second set of full rounds.
         for r in 0..poseidon::HALF_N_FULL_ROUNDS {
             <F as Poseidon<WIDTH>>::constant_layer_recursive(builder, &mut state, round_ctr);
             for i in 0..WIDTH {

src/hash/poseidon.rs

@@ -170,6 +170,7 @@ where
 
     #[inline(always)]
     #[unroll_for_loops]
+    /// Same as `mds_row_shf` for general fields.
     fn mds_row_shf_field<F: FieldExtension<D, BaseField = Self>, const D: usize>(
         r: usize,
         v: &[F; WIDTH],
@@ -189,6 +190,7 @@ where
 
     #[inline(always)]
     #[unroll_for_loops]
+    /// Recursive version of `mds_row_shf`.
     fn mds_row_shf_recursive<F: RichField + Extendable<D>, const D: usize>(
         builder: &mut CircuitBuilder<F, D>,
         r: usize,
@@ -237,6 +239,7 @@ where
 
     #[inline(always)]
     #[unroll_for_loops]
+    /// Same as `mds_layer` for general fields.
     fn mds_layer_field<F: FieldExtension<D, BaseField = Self>, const D: usize>(
         state: &[F; WIDTH],
     ) -> [F; WIDTH] {
@@ -254,6 +257,7 @@ where
 
     #[inline(always)]
     #[unroll_for_loops]
+    /// Recursive version of `mds_layer`.
     fn mds_layer_recursive<F: RichField + Extendable<D>, const D: usize>(
         builder: &mut CircuitBuilder<F, D>,
         state: &[ExtensionTarget<D>; WIDTH],
@@ -285,6 +289,7 @@ where
 
     #[inline(always)]
     #[unroll_for_loops]
+    /// Recursive version of `partial_first_constant_layer`.
     fn partial_first_constant_layer_recursive<F: RichField + Extendable<D>, const D: usize>(
         builder: &mut CircuitBuilder<F, D>,
         state: &mut [ExtensionTarget<D>; WIDTH],
@@ -338,6 +343,7 @@ where
 
     #[inline(always)]
     #[unroll_for_loops]
+    /// Recursive version of `mds_partial_layer_init`.
     fn mds_partial_layer_init_recursive<F: RichField + Extendable<D>, const D: usize>(
         builder: &mut CircuitBuilder<F, D>,
         state: &[ExtensionTarget<D>; WIDTH],
@@ -403,6 +409,7 @@ where
 
     #[inline(always)]
     #[unroll_for_loops]
+    /// Same as `mds_partial_layer_fast` for general fields.
     fn mds_partial_layer_fast_field<F: FieldExtension<D, BaseField = Self>, const D: usize>(
         state: &[F; WIDTH],
         r: usize,
@@ -432,7 +439,8 @@ where
 
     #[inline(always)]
     #[unroll_for_loops]
-    fn mds_partial_layer_fast_field_recursive<F: RichField + Extendable<D>, const D: usize>(
+    /// Recursive version of `mds_partial_layer_fast`.
+    fn mds_partial_layer_fast_recursive<F: RichField + Extendable<D>, const D: usize>(
         builder: &mut CircuitBuilder<F, D>,
         state: &[ExtensionTarget<D>; WIDTH],
         r: usize,
@@ -484,6 +492,7 @@ where
 
     #[inline(always)]
     #[unroll_for_loops]
+    /// Recursive version of `constant_layer`.
     fn constant_layer_recursive<F: RichField + Extendable<D>, const D: usize>(
         builder: &mut CircuitBuilder<F, D>,
         state: &mut [ExtensionTarget<D>; WIDTH],
@@ -514,6 +523,7 @@ where
     }
 
     #[inline(always)]
+    /// Recursive version of `sbox_monomial`.
     fn sbox_monomial_recursive<F: RichField + Extendable<D>, const D: usize>(
         builder: &mut CircuitBuilder<F, D>,
         x: ExtensionTarget<D>,
@@ -535,6 +545,7 @@ where
 
     #[inline(always)]
     #[unroll_for_loops]
+    /// Recursive version of `sbox_layer`.
     fn sbox_layer_recursive<F: RichField + Extendable<D>, const D: usize>(
         builder: &mut CircuitBuilder<F, D>,
         state: &mut [ExtensionTarget<D>; WIDTH],

src/plonk/recursive_verifier.rs

@@ -361,7 +361,7 @@ mod tests {
         type F = CrandallField;
         const D: usize = 4;
         let config = CircuitConfig {
-            num_wires: 126,
+            num_wires: 143,
             num_routed_wires: 33,
             security_bits: 128,
             rate_bits: 3,