* Replace `CrandallQuarticField` with a more generic `QuarticExtension`
And likewise for `CrandallQuadraticField`.
There are a few parameters which we can't automatically derive (in const Rust), so I specified them in a `AutoExtendable` trait.
This would make it fairly easy to add extension fields for `GoldilocksField` and any future fields.
* Attempt to derive 2-adicity, see Hamish's feedback
* Simplify TWO_ADICITY based on chat with Hamish
* PR feedback
* Merge AutoExtendable into Extendable (#235)
* Prepare for the switch to Poseidon
Everything will now select a permutation based on the `PERMUTATION_FAMILY` const.
The `Poseidon` variant won't work quite yet since the gate isn't in place; I left that as a `todo!()`
* fix
* Goldilocks field
Based on Hamish's old branch, but I updated it with a few missing things like generators.
Pulled the inversion code into a shared helper method to avoid redundancy.
Just the base field for now. We can add a quartic extension field later.
* typo
* PR feedback
* More overflowing -> wrapping
* fmt
* cleanup
* Refactor GMiMC code
Adds a sub-trait of `Field` called `GMiMCInterface`, which is similar to `PoseidonInterface`.
This lets us have different fields with different GMiMC constants in a type-safe way.
* Remove `Interface`
* Const generic for width
- Split it into two files, one for general `Field` tests and one for `PrimeField` tests.
- Replace most uses of `BigUint` in tests with `u64`. These uses were only applicable for `PrimeField`s, which are 64-bit fields anyway. This lets us delete the `BigUInt` conversion methods.
- Simplify `test_inputs`, which was originally written for large prime fields. Now that it's only used for 64-bit fields, I think interesting inputs are just the smallest and largest elements, and those close to 2^32 etc.
* Move some Field members to a Field64 subtrait
I.e. move anything specific to 64-bit fields.
Also, relatedly,
- Tweak a bunch of prover code to require `Field64`, since 64-bit stuff is used in a couple places, like the FRI proof-of-work
- Remove `bits()`, which was unused and assumed a 64-bit field
- Rename a couple methods to reflect that they're u64 variants
There are no functional changes.
* Field64 -> PrimeField
* Remove `exp_u32`, `kth_root_u32`
* PrimeField: PrimeField
* Move `to_canonical_biguint` as well
* Add back from_noncanonical_u128
* Simplify and refactor GMiMC benchmark.
* Refactor/combine GMiMC and Rescue hash benchmarks.
* Remove old Rescue bench; rename GMiMC bench.
* Add from_canonical_u128 for fields.
* Initial version of Poseidon.
* Partial implementation of fast Poseidon.
* Complete (but broken) implementation of fast partial rounds.
* Fix index calculation.
* Add basic tests.
* Fix constants; fix bugs in fast partial round calculation.
* Rename main functions.
* Add test vectors.
* Use x^7 for s-box monomial.
* Fix s-box application in fast version.
* Make WIDTH a parameter.
* Working version with both widths.
* Updated the constants so they use x^3; added test vectors.
* Expand bench_hash to cover both widths and report relative slowdown.
* Remove references to MaybeUninit.
* First draft of refactoring the two Poseidon widths.
* Tidy up use of conversion to/from raw data.
* Add some comments.
* Refactor tests.
* Apply cargo fmt changes.
* Have `Field`s implement `PoseidonInterface` (#209)
* Have `Field`s implement `PoseidonInterface`
Rather than having a sort of "dummy struct" implement `PoseidonInterface` with the field as a generic param. I think this seems more natural and type-safe.
The type safety does come at a price -- it would be harder to do dynamic things such as taking `WIDTH` as a command line option -- but I think that's alright.
* Fix missed conflicts.
* cargo fmt fixes.
* Fix to accommodate changes in latest nightly.
Co-authored-by: Hamish Ivey-Law <426294+unzvfu@users.noreply.github.com>
Co-authored-by: Hamish Ivey-Law <hamish@ivey-law.name>
* Sanity check number of rounds.
Co-authored-by: Daniel Lubarov <daniel@lubarov.com>
* Field: Default
It's done for primitive types like `u64`, so seems conventional, and some code in mir-core expects it.
* HashOut::ZERO
* Default for HashOut
* fmt
* pub elements
* Debug
* rand_from_rng
It's just a wrapper around `Target`, which signifies that the wrapped `Target` has already been range checked. Should make it easier to audit code that expects bools.
Very minor things:
- A few renames
- Instead of having two constructors call a third constructor, just have one constructor call the other.
- Invoke FFT with the option that specifies the inputs are mostly zero, as a (minor) optimization
- Remove unused field
* Add a reduce_polys_base
Reducing the polynomials in `open_plonk` was taking ~100ms on my machine. It was converting BF polynomials to the EF early on; by doing more work in the BF we can reduce it to ~20ms.
* PR feedback
We previously checked for special cases, like arithmetic on constant Targets, in `arithmetic`. We can handle those cases without actually adding an `ArithmeticGate`.
Now that `arithmetic` just calls `arithmetic_extension`, it makes more sense to check for special cases in the latter method, so it applies to both base and extension field arithmetic.
Reduces gate count from 16149 to 15689.
No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check).
