* Replace `CrandallQuarticField` with a more generic `QuarticExtension`
And likewise for `CrandallQuadraticField`.
There are a few parameters which we can't automatically derive (in const Rust), so I specified them in a `AutoExtendable` trait.
This would make it fairly easy to add extension fields for `GoldilocksField` and any future fields.
* Attempt to derive 2-adicity, see Hamish's feedback
* Simplify TWO_ADICITY based on chat with Hamish
* PR feedback
* Merge AutoExtendable into Extendable (#235)
* Refactor GMiMC code
Adds a sub-trait of `Field` called `GMiMCInterface`, which is similar to `PoseidonInterface`.
This lets us have different fields with different GMiMC constants in a type-safe way.
* Remove `Interface`
* Const generic for width
- Split it into two files, one for general `Field` tests and one for `PrimeField` tests.
- Replace most uses of `BigUint` in tests with `u64`. These uses were only applicable for `PrimeField`s, which are 64-bit fields anyway. This lets us delete the `BigUInt` conversion methods.
- Simplify `test_inputs`, which was originally written for large prime fields. Now that it's only used for 64-bit fields, I think interesting inputs are just the smallest and largest elements, and those close to 2^32 etc.
* Move some Field members to a Field64 subtrait
I.e. move anything specific to 64-bit fields.
Also, relatedly,
- Tweak a bunch of prover code to require `Field64`, since 64-bit stuff is used in a couple places, like the FRI proof-of-work
- Remove `bits()`, which was unused and assumed a 64-bit field
- Rename a couple methods to reflect that they're u64 variants
There are no functional changes.
* Field64 -> PrimeField
* Remove `exp_u32`, `kth_root_u32`
* PrimeField: PrimeField
* Move `to_canonical_biguint` as well
* Add back from_noncanonical_u128
* Simplify and refactor GMiMC benchmark.
* Refactor/combine GMiMC and Rescue hash benchmarks.
* Remove old Rescue bench; rename GMiMC bench.
* Add from_canonical_u128 for fields.
* Initial version of Poseidon.
* Partial implementation of fast Poseidon.
* Complete (but broken) implementation of fast partial rounds.
* Fix index calculation.
* Add basic tests.
* Fix constants; fix bugs in fast partial round calculation.
* Rename main functions.
* Add test vectors.
* Use x^7 for s-box monomial.
* Fix s-box application in fast version.
* Make WIDTH a parameter.
* Working version with both widths.
* Updated the constants so they use x^3; added test vectors.
* Expand bench_hash to cover both widths and report relative slowdown.
* Remove references to MaybeUninit.
* First draft of refactoring the two Poseidon widths.
* Tidy up use of conversion to/from raw data.
* Add some comments.
* Refactor tests.
* Apply cargo fmt changes.
* Have `Field`s implement `PoseidonInterface` (#209)
* Have `Field`s implement `PoseidonInterface`
Rather than having a sort of "dummy struct" implement `PoseidonInterface` with the field as a generic param. I think this seems more natural and type-safe.
The type safety does come at a price -- it would be harder to do dynamic things such as taking `WIDTH` as a command line option -- but I think that's alright.
* Fix missed conflicts.
* cargo fmt fixes.
* Fix to accommodate changes in latest nightly.
Co-authored-by: Hamish Ivey-Law <426294+unzvfu@users.noreply.github.com>
Co-authored-by: Hamish Ivey-Law <hamish@ivey-law.name>
* Sanity check number of rounds.
Co-authored-by: Daniel Lubarov <daniel@lubarov.com>
* Field: Default
It's done for primitive types like `u64`, so seems conventional, and some code in mir-core expects it.
* HashOut::ZERO
* Default for HashOut
* fmt
* pub elements
* Debug
* rand_from_rng
* Add a reduce_polys_base
Reducing the polynomials in `open_plonk` was taking ~100ms on my machine. It was converting BF polynomials to the EF early on; by doing more work in the BF we can reduce it to ~20ms.
* PR feedback
We previously checked for special cases, like arithmetic on constant Targets, in `arithmetic`. We can handle those cases without actually adding an `ArithmeticGate`.
Now that `arithmetic` just calls `arithmetic_extension`, it makes more sense to check for special cases in the latter method, so it applies to both base and extension field arithmetic.
Reduces gate count from 16149 to 15689.
No functional changes here. The biggest change was moving certain files into new directories like `plonk` and `iop` (for things like `Challenger` that could be used in STARKs or other IOPs). I also split a few files, renames, etc, but again nothing functional, so I don't think a careful review is necessary (just a sanity check).
Using `serde_cbor` for now. It's probably far from optimal, as we have many `Vec`s which I assume it will prefix with their lengths, but it's a nice and easy method for now.
* Use built-in `reverse_bits`; remove duplicate `reverse_index_bits`.
* Reduce precomputation time/space complexity from quadratic to linear.
* Several working cache-friendly FFTs.
* Fix to allow FFT of constant polynomial.
* Simplify FFT strategy choice.
* Add PrimeField and CHARACTERISTIC properties to Fields.
* Add faster method for inverse of 2^m.
* Pre-compute some of the roots; tidy up loop iteration.
* Precomputation for both FFT variants.
* Refactor precomputation; add optional parameters; rename some things.
* Unrolled version with zero tail.
* Iterative version of Unrolled precomputation.
* Test zero tail algo.
* Restore default degree.
* Address comments from @dlubarov and @wborgeaud.
