ba8b40f0e6
* Goldilocks field Based on Hamish's old branch, but I updated it with a few missing things like generators. Pulled the inversion code into a shared helper method to avoid redundancy. Just the base field for now. We can add a quartic extension field later. * typo * PR feedback * More overflowing -> wrapping * fmt * cleanup
plonky2
plonky2 is an implementation of recursive arguments based on Plonk and FRI. It uses FRI to check systems of polynomial constraints, similar to the DEEP-ALI method described in the DEEP-FRI paper. It is the successor of plonky, which was based on Plonk and Halo.
plonky2 is largely focused on recursion performance. We use custom gates to mitigate the bottlenecks of FRI verification, such as hashing and interpolation. We also encode witness data in a ~64 bit field, so field operations take just a few cycles. To achieve 128-bit security, we repeat certain checks, and run certain parts of the argument in an extension field.
Running
To see recursion performance, one can run this test, which generates a chain of three recursion proofs:
RUST_LOG=debug RUSTFLAGS=-Ctarget-cpu=native cargo test --release test_recursive_recursive_verifier -- --ignored
Disclaimer
This code has not been thoroughly reviewed or tested, and should not be used in any production systems.