236a143abf
* Move some Field members to a Field64 subtrait I.e. move anything specific to 64-bit fields. Also, relatedly, - Tweak a bunch of prover code to require `Field64`, since 64-bit stuff is used in a couple places, like the FRI proof-of-work - Remove `bits()`, which was unused and assumed a 64-bit field - Rename a couple methods to reflect that they're u64 variants There are no functional changes. * Field64 -> PrimeField * Remove `exp_u32`, `kth_root_u32` * PrimeField: PrimeField * Move `to_canonical_biguint` as well * Add back from_noncanonical_u128
plonky2
plonky2 is an implementation of recursive arguments based on Plonk and FRI. It uses FRI to check systems of polynomial constraints, similar to the DEEP-ALI method described in the DEEP-FRI paper. It is the successor of plonky, which was based on Plonk and Halo.
plonky2 is largely focused on recursion performance. We use custom gates to mitigate the bottlenecks of FRI verification, such as hashing and interpolation. We also encode witness data in a ~64 bit field, so field operations take just a few cycles. To achieve 128-bit security, we repeat certain checks, and run certain parts of the argument in an extension field.
Running
To see recursion performance, one can run this test, which generates a chain of three recursion proofs:
RUST_LOG=debug RUSTFLAGS=-Ctarget-cpu=native cargo test --release test_recursive_recursive_verifier -- --ignored
Disclaimer
This code has not been thoroughly reviewed or tested, and should not be used in any production systems.