* More wires for ConstantGate
* fix
* fix
* Optimize recursive Poseidon constraint evaluation
- Avoid `ArithmeticGate`s with unique constants; use `ConstantGate` wires instead
- Avoid an unnecessary squaring in exponentiations
Brings Poseidon evaluation down to a reasonable 273 gates when `num_routed_wires = 48`.
* Replace `CrandallQuarticField` with a more generic `QuarticExtension`
And likewise for `CrandallQuadraticField`.
There are a few parameters which we can't automatically derive (in const Rust), so I specified them in a `AutoExtendable` trait.
This would make it fairly easy to add extension fields for `GoldilocksField` and any future fields.
* Attempt to derive 2-adicity, see Hamish's feedback
* Simplify TWO_ADICITY based on chat with Hamish
* PR feedback
* Merge AutoExtendable into Extendable (#235)
* Refactor GMiMC code
Adds a sub-trait of `Field` called `GMiMCInterface`, which is similar to `PoseidonInterface`.
This lets us have different fields with different GMiMC constants in a type-safe way.
* Remove `Interface`
* Const generic for width
* Move some Field members to a Field64 subtrait
I.e. move anything specific to 64-bit fields.
Also, relatedly,
- Tweak a bunch of prover code to require `Field64`, since 64-bit stuff is used in a couple places, like the FRI proof-of-work
- Remove `bits()`, which was unused and assumed a 64-bit field
- Rename a couple methods to reflect that they're u64 variants
There are no functional changes.
* Field64 -> PrimeField
* Remove `exp_u32`, `kth_root_u32`
* PrimeField: PrimeField
* Move `to_canonical_biguint` as well
* Add back from_noncanonical_u128
* Disable ZK in large_config
Speeds up the tests from ~6m to ~1m (debug mode). `large_config` is crate-private so I don't think we need to worry about real users forgetting ZK, and I don't think ZK seems important in these tests, though we should probably have ZK enabled for a couple tests.
A couple tests need ZK or they fail; I added a TODO to look later.
This led to a few other changes:
- Fixed a bug where `trim` could truncate the final poly to a non-power-of-two length. This was improbable when ZK is on due to randomization.
- Gave a few methods access to the whole `CircuitConfig` vs `FriConfig` -- sort of necessary for the above fix, and I don't think there's much downside.
- Remove `cap_height` from `FriConfig` -- didn't really need it any more after giving more methods access to `CircuitConfig`, and having a single copy of the param feels cleaner/safer to me.
* PR feedback
This is detecting the case where we multiply something by 1 and add 0. In that case we can just return the thing being multiplied by 1. We were using the wrong constant to detect this.
Reduces the cost of `compute_evaluation` from 8 to 6 gates.
We previously checked for special cases, like arithmetic on constant Targets, in `arithmetic`. We can handle those cases without actually adding an `ArithmeticGate`.
Now that `arithmetic` just calls `arithmetic_extension`, it makes more sense to check for special cases in the latter method, so it applies to both base and extension field arithmetic.
Reduces gate count from 16149 to 15689.
No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check).
