mirror of
https://github.com/logos-storage/plonky2.git
synced 2026-01-05 15:23:06 +00:00
24 lines
1.2 KiB
Rust
24 lines
1.2 KiB
Rust
use rand::SeedableRng;
|
|
use rand_chacha::ChaCha8Rng;
|
|
|
|
use crate::field::field::Field;
|
|
|
|
/// Returns `k_i`, the multiplier used in `S_ID_i` in the context of Plonk's permutation argument.
|
|
// TODO: This is copied from plonky1, but may need revisiting. Is the random approach still OK now
|
|
// that our field is smaller?
|
|
pub(crate) fn get_subgroup_shift<F: Field>(i: usize) -> F {
|
|
// The optimized variant of Plonk's permutation argument calls for NUM_ROUTED_WIRES shifts,
|
|
// k_1, ..., k_n, which result in distinct cosets. The paper suggests a method which is
|
|
// fairly straightforward when only three shifts are needed, but seems a bit complex and
|
|
// expensive if more are needed.
|
|
|
|
// We will "cheat" and just use random field elements. Since our subgroup has |F*|/degree
|
|
// possible cosets, the probability of a collision is negligible for large fields.
|
|
|
|
// Unlike what's shown in the Plonk paper, we do not set k_1=1 to "randomize" the
|
|
// sigmas polynomials evaluations and making them fit in both fields with high probability.
|
|
// TODO: Go back to k_1=1 if we change the way we deal with values not fitting in both fields.
|
|
let mut rng = ChaCha8Rng::seed_from_u64(i as u64);
|
|
F::rand_from_rng(&mut rng)
|
|
}
|