From 02548a054472271c5214a1c41cc81c07d2a51f2f Mon Sep 17 00:00:00 2001 From: Sai Deng Date: Thu, 7 Nov 2024 11:25:58 -0800 Subject: [PATCH] pass tests --- plonky2/src/batch_fri/oracle.rs | 2 -- plonky2/src/batch_fri/prover.rs | 4 --- plonky2/src/fri/mod.rs | 19 +------------- plonky2/src/fri/oracle.rs | 2 ++ plonky2/src/fri/prover.rs | 10 +++---- plonky2/src/fri/recursive_verifier.rs | 7 ++--- plonky2/src/plonk/circuit_builder.rs | 20 +++++--------- plonky2/src/plonk/prover.rs | 1 + plonky2/src/recursion/dummy_circuit.rs | 2 -- plonky2/src/util/serialization/mod.rs | 29 --------------------- starky/src/config.rs | 14 ++-------- starky/src/fibonacci_stark.rs | 25 +++++++++++++----- starky/src/lib.rs | 1 + starky/src/permutation_stark.rs | 3 +++ starky/src/prover.rs | 25 +++++++++++------- starky/src/recursive_verifier.rs | 36 ++++++++++++++++++-------- starky/src/unconstrained_stark.rs | 7 +++-- starky/src/verifier.rs | 4 +-- 18 files changed, 91 insertions(+), 120 deletions(-) diff --git a/plonky2/src/batch_fri/oracle.rs b/plonky2/src/batch_fri/oracle.rs index 117ca83710..192e374451 100644 --- a/plonky2/src/batch_fri/oracle.rs +++ b/plonky2/src/batch_fri/oracle.rs @@ -298,8 +298,6 @@ mod test { hiding: false, degree_bits: k0, reduction_arity_bits, - final_poly_coeff_len: None, - min_degree_bits_to_support: None, }; let n0 = 1 << k0; diff --git a/plonky2/src/batch_fri/prover.rs b/plonky2/src/batch_fri/prover.rs index 043dda40b1..770c2c2285 100644 --- a/plonky2/src/batch_fri/prover.rs +++ b/plonky2/src/batch_fri/prover.rs @@ -260,8 +260,6 @@ mod tests { hiding: false, degree_bits: k, reduction_arity_bits, - final_poly_coeff_len: None, - min_degree_bits_to_support: None, }; let n = 1 << k; @@ -357,8 +355,6 @@ mod tests { hiding: false, degree_bits: k0, reduction_arity_bits, - final_poly_coeff_len: None, - min_degree_bits_to_support: None, }; let n0 = 1 << k0; diff --git a/plonky2/src/fri/mod.rs b/plonky2/src/fri/mod.rs index 76478c0868..5f18600c3c 100644 --- a/plonky2/src/fri/mod.rs +++ b/plonky2/src/fri/mod.rs @@ -45,13 +45,7 @@ impl FriConfig { 1.0 / ((1 << self.rate_bits) as f64) } - pub fn fri_params( - &self, - degree_bits: usize, - final_poly_coeff_len: Option, - min_degree_bits_to_support: Option, - hiding: bool, - ) -> FriParams { + pub fn fri_params(&self, degree_bits: usize, hiding: bool) -> FriParams { let reduction_arity_bits = self.reduction_strategy.reduction_arity_bits( degree_bits, self.rate_bits, @@ -63,8 +57,6 @@ impl FriConfig { hiding, degree_bits, reduction_arity_bits, - final_poly_coeff_len, - min_degree_bits_to_support, } } @@ -91,15 +83,6 @@ pub struct FriParams { /// a 4-to-1 reduction, then a 2-to-1 reduction. After these reductions, the reduced polynomial /// is sent directly. pub reduction_arity_bits: Vec, - - /// The length of the final polynomial's coefficients. - /// This is used only when the proof will be verified in a circuit generated with a - /// larger degree bit size. - pub final_poly_coeff_len: Option, - - /// Specifies the minimum degree bit size to support verification of proofs with - /// varying degree bits. - pub min_degree_bits_to_support: Option, } impl FriParams { diff --git a/plonky2/src/fri/oracle.rs b/plonky2/src/fri/oracle.rs index 3e1ac781b1..eb8cc020e1 100644 --- a/plonky2/src/fri/oracle.rs +++ b/plonky2/src/fri/oracle.rs @@ -178,6 +178,7 @@ impl, C: GenericConfig, const D: usize> oracles: &[&Self], challenger: &mut Challenger, fri_params: &FriParams, + final_poly_coeff_len: Option, timing: &mut TimingTree, ) -> FriProof { assert!(D > 1, "Not implemented for D=1."); @@ -226,6 +227,7 @@ impl, C: GenericConfig, const D: usize> lde_final_values, challenger, fri_params, + final_poly_coeff_len, timing, ); diff --git a/plonky2/src/fri/prover.rs b/plonky2/src/fri/prover.rs index 1997ffe532..0f08da71d3 100644 --- a/plonky2/src/fri/prover.rs +++ b/plonky2/src/fri/prover.rs @@ -27,6 +27,7 @@ pub fn fri_proof, C: GenericConfig, const lde_polynomial_values: PolynomialValues, challenger: &mut Challenger, fri_params: &FriParams, + final_poly_coeff_len: Option, timing: &mut TimingTree, ) -> FriProof { let n = lde_polynomial_values.len(); @@ -41,6 +42,7 @@ pub fn fri_proof, C: GenericConfig, const lde_polynomial_values, challenger, fri_params, + final_poly_coeff_len, ) ); @@ -68,10 +70,7 @@ pub(crate) type FriCommitedTrees = ( PolynomialCoeffs<>::Extension>, ); -fn final_poly_coeff_len( - mut degree_bits: usize, - reduction_arity_bits: &Vec, -) -> usize { +pub fn final_poly_coeff_len(mut degree_bits: usize, reduction_arity_bits: &Vec) -> usize { for arity_bits in reduction_arity_bits { degree_bits -= *arity_bits; } @@ -83,6 +82,7 @@ fn fri_committed_trees, C: GenericConfig, mut values: PolynomialValues, challenger: &mut Challenger, fri_params: &FriParams, + final_poly_coeff_len: Option, ) -> FriCommitedTrees { let mut trees = Vec::with_capacity(fri_params.reduction_arity_bits.len()); @@ -122,7 +122,7 @@ fn fri_committed_trees, C: GenericConfig, challenger.observe_extension_elements(&coeffs.coeffs); // When verifying this proof in a circuit with a different final polynomial length, // the challenger needs to observe the full length of the final polynomial. - if let Some(len) = fri_params.final_poly_coeff_len { + if let Some(len) = final_poly_coeff_len { let current_len = coeffs.coeffs.len(); for _ in current_len..len { challenger.observe_extension_element(&F::Extension::ZERO); diff --git a/plonky2/src/fri/recursive_verifier.rs b/plonky2/src/fri/recursive_verifier.rs index 38a60b063b..c7e4f87790 100644 --- a/plonky2/src/fri/recursive_verifier.rs +++ b/plonky2/src/fri/recursive_verifier.rs @@ -189,6 +189,7 @@ impl, const D: usize> CircuitBuilder { proof: &FriProofTarget, params: &FriParams, current_degree_bits: Target, + min_degree_bits_to_support: usize, ) where C::Hasher: AlgebraicHasher, { @@ -206,8 +207,7 @@ impl, const D: usize> CircuitBuilder { let log_n = params.config.rate_bits + params.degree_bits; let mut current_log_n = self.constant(F::from_canonical_usize(params.config.rate_bits)); current_log_n = self.add(current_log_n, current_degree_bits); - let min_log_n_to_support = - log_n - (params.degree_bits - params.min_degree_bits_to_support.unwrap()); + let min_log_n_to_support = log_n - (params.degree_bits - min_degree_bits_to_support); with_context!( self, @@ -528,7 +528,8 @@ impl, const D: usize> CircuitBuilder { let g = self.constant(F::coset_shift()); // `subgroup_x` is `subgroup[x_index]`, i.e., the actual field element in the domain. - let subgroup_x_vec: Vec<_> = log_n_range.clone() + let subgroup_x_vec: Vec<_> = log_n_range + .clone() .map(|n| { with_context!(self, "compute x from its index", { let phi = F::primitive_root_of_unity(n); diff --git a/plonky2/src/plonk/circuit_builder.rs b/plonky2/src/plonk/circuit_builder.rs index 4a1dffec03..d0d96f39ba 100644 --- a/plonky2/src/plonk/circuit_builder.rs +++ b/plonky2/src/plonk/circuit_builder.rs @@ -827,18 +827,10 @@ impl, const D: usize> CircuitBuilder { (gate_idx, slot_idx) } - fn fri_params( - &self, - degree_bits: usize, - final_poly_coeff_len: Option, - min_degree_bits_to_support: Option, - ) -> FriParams { - self.config.fri_config.fri_params( - degree_bits, - final_poly_coeff_len, - min_degree_bits_to_support, - self.config.zero_knowledge, - ) + fn fri_params(&self, degree_bits: usize) -> FriParams { + self.config + .fri_config + .fri_params(degree_bits, self.config.zero_knowledge) } /// The number of (base field) `arithmetic` operations that can be performed in a single gate. @@ -863,7 +855,7 @@ impl, const D: usize> CircuitBuilder { let degree_bits_estimate = log2_strict(degree_estimate); let fri_queries = self.config.fri_config.num_query_rounds; let arities: Vec = self - .fri_params(degree_bits_estimate, None, None) + .fri_params(degree_bits_estimate) .reduction_arity_bits .iter() .map(|x| 1 << x) @@ -1133,7 +1125,7 @@ impl, const D: usize> CircuitBuilder { let degree = self.gate_instances.len(); debug!("Degree after blinding & padding: {}", degree); let degree_bits = log2_strict(degree); - let fri_params = self.fri_params(degree_bits, None, None); + let fri_params = self.fri_params(degree_bits); assert!( fri_params.total_arities() <= degree_bits + rate_bits - cap_height, "FRI total reduction arity is too large.", diff --git a/plonky2/src/plonk/prover.rs b/plonky2/src/plonk/prover.rs index fcd784f326..280337ca55 100644 --- a/plonky2/src/plonk/prover.rs +++ b/plonky2/src/plonk/prover.rs @@ -340,6 +340,7 @@ where ], &mut challenger, &common_data.fri_params, + None, timing, ) ); diff --git a/plonky2/src/recursion/dummy_circuit.rs b/plonky2/src/recursion/dummy_circuit.rs index 1828a34de3..cd85593822 100644 --- a/plonky2/src/recursion/dummy_circuit.rs +++ b/plonky2/src/recursion/dummy_circuit.rs @@ -227,8 +227,6 @@ where hiding: false, degree_bits: 0, reduction_arity_bits: vec![], - final_poly_coeff_len: None, - min_degree_bits_to_support: None, }, gates: vec![], selectors_info: SelectorsInfo { diff --git a/plonky2/src/util/serialization/mod.rs b/plonky2/src/util/serialization/mod.rs index 64caf3ddfd..f4b7b920ac 100644 --- a/plonky2/src/util/serialization/mod.rs +++ b/plonky2/src/util/serialization/mod.rs @@ -681,26 +681,11 @@ pub trait Read { let reduction_arity_bits = self.read_usize_vec()?; let degree_bits = self.read_usize()?; let hiding = self.read_bool()?; - let has_final_poly_coeff_len = self.read_bool()?; - let final_poly_coeff_len = if has_final_poly_coeff_len { - Some(self.read_usize()?) - } else { - None - }; - let has_min_degree_bits_to_support = self.read_bool()?; - let min_degree_bits_to_support = if has_min_degree_bits_to_support { - Some(self.read_usize()?) - } else { - None - }; - Ok(FriParams { config, reduction_arity_bits, degree_bits, hiding, - final_poly_coeff_len, - min_degree_bits_to_support, }) } @@ -1690,26 +1675,12 @@ pub trait Write { reduction_arity_bits, degree_bits, hiding, - final_poly_coeff_len, - min_degree_bits_to_support, } = fri_params; self.write_fri_config(config)?; self.write_usize_vec(reduction_arity_bits.as_slice())?; self.write_usize(*degree_bits)?; self.write_bool(*hiding)?; - if let Some(len) = final_poly_coeff_len { - self.write_bool(true)?; - self.write_usize(*len)?; - } else { - self.write_bool(false)?; - } - if let Some(db) = min_degree_bits_to_support { - self.write_bool(true)?; - self.write_usize(*db)?; - } else { - self.write_bool(false)?; - } Ok(()) } diff --git a/starky/src/config.rs b/starky/src/config.rs index 57fe611d73..8f95c0ea1c 100644 --- a/starky/src/config.rs +++ b/starky/src/config.rs @@ -61,18 +61,8 @@ impl StarkConfig { } /// Outputs the [`FriParams`] used during the FRI sub-protocol by this [`StarkConfig`]. - pub fn fri_params( - &self, - degree_bits: usize, - final_poly_coeff_len: Option, - min_degree_bits_to_support: Option, - ) -> FriParams { - self.fri_config.fri_params( - degree_bits, - final_poly_coeff_len, - min_degree_bits_to_support, - false, - ) + pub fn fri_params(&self, degree_bits: usize) -> FriParams { + self.fri_config.fri_params(degree_bits, false) } /// Checks that this STARK configuration is consistent, i.e. that the different diff --git a/starky/src/fibonacci_stark.rs b/starky/src/fibonacci_stark.rs index 5563b6f84b..1268310ff3 100644 --- a/starky/src/fibonacci_stark.rs +++ b/starky/src/fibonacci_stark.rs @@ -178,6 +178,7 @@ mod tests { &config, trace, &public_inputs, + None, &mut TimingTree::default(), )?; @@ -215,12 +216,13 @@ mod tests { &config, trace, &public_inputs, + None, &mut TimingTree::default(), )?; verify_stark_proof(stark, proof.clone(), &config)?; assert_eq!(degree_bits, proof.proof.recover_degree_bits(&config)); - recursive_proof::(stark, proof, &config, degree_bits, true) + recursive_proof::(stark, proof, &config, degree_bits, None, true) } fn recursive_proof< @@ -234,6 +236,7 @@ mod tests { inner_proof: StarkProofWithPublicInputs, inner_config: &StarkConfig, degree_bits: usize, + min_degree_bits_to_support: Option, print_gate_counts: bool, ) -> Result<()> where @@ -259,6 +262,7 @@ mod tests { pt, inner_config, degree_bits, + min_degree_bits_to_support, ); if print_gate_counts { @@ -281,8 +285,10 @@ mod tests { let mut config = StarkConfig::standard_fast_config(); config.fri_config.num_query_rounds = 8; - // Test first STARK let degree_bits0 = 7; + let degree_bits1 = 8; + + // Test first STARK let num_rows = 1 << degree_bits0; let public_inputs = [F::ZERO, F::ONE, fibonacci(num_rows - 1, F::ZERO, F::ONE)]; let stark0 = S::new(num_rows); @@ -292,13 +298,11 @@ mod tests { &config, trace, &public_inputs, + Some(degree_bits1), &mut TimingTree::default(), )?; - // verify_stark_proof(stark0, proof0.clone(), &config)?; - // recursive_proof::(stark0, proof0.clone(), &config, degree_bits0, true)?; // Test second STARK - let degree_bits1 = 8; let num_rows = 1 << degree_bits1; let public_inputs = [F::ZERO, F::ONE, fibonacci(num_rows - 1, F::ZERO, F::ONE)]; let stark1 = S::new(num_rows); @@ -308,13 +312,20 @@ mod tests { &config, trace, &public_inputs, + None, &mut TimingTree::default(), )?; verify_stark_proof(stark1, proof1.clone(), &config)?; // Verify proof0 with the recursion circuit at different degree. - // recursive_proof::(stark1, proof1, &config, degree_bits1, true)?; - recursive_proof::(stark1, proof0, &config, degree_bits1, true)?; + recursive_proof::( + stark1, + proof0, + &config, + degree_bits1, + Some(degree_bits0), + true, + )?; Ok(()) } } diff --git a/starky/src/lib.rs b/starky/src/lib.rs index 607a9879a4..27f37ade27 100644 --- a/starky/src/lib.rs +++ b/starky/src/lib.rs @@ -192,6 +192,7 @@ //! &CONFIG, //! trace, //! &public_inputs, +//! None, //! &mut TimingTree::default(), //! ).expect("We should have a valid proof!"); //! diff --git a/starky/src/permutation_stark.rs b/starky/src/permutation_stark.rs index d45e2e9389..936346daac 100644 --- a/starky/src/permutation_stark.rs +++ b/starky/src/permutation_stark.rs @@ -141,6 +141,7 @@ mod tests { &config, trace, &[public_input], + None, &mut TimingTree::default(), )?; @@ -190,6 +191,7 @@ mod tests { &config, trace, &[public_input], + None, &mut TimingTree::default(), )?; verify_stark_proof(stark, proof.clone(), &config)?; @@ -226,6 +228,7 @@ mod tests { pt, inner_config, degree_bits, + None, ); if print_gate_counts { diff --git a/starky/src/prover.rs b/starky/src/prover.rs index ba3018c806..a934d3af1a 100644 --- a/starky/src/prover.rs +++ b/starky/src/prover.rs @@ -13,9 +13,9 @@ use plonky2::field::polynomial::{PolynomialCoeffs, PolynomialValues}; use plonky2::field::types::Field; use plonky2::field::zero_poly_coset::ZeroPolyOnCoset; use plonky2::fri::oracle::PolynomialBatch; +use plonky2::fri::prover::final_poly_coeff_len; use plonky2::hash::hash_types::RichField; use plonky2::iop::challenger::Challenger; -use plonky2::plonk::circuit_data::{CommonCircuitData, VerifierCircuitData}; use plonky2::plonk::config::GenericConfig; use plonky2::timed; use plonky2::util::timing::TimingTree; @@ -40,6 +40,7 @@ pub fn prove( config: &StarkConfig, trace_poly_values: Vec>, public_inputs: &[F], + verifier_circuit_degree_bits: Option, timing: &mut TimingTree, ) -> Result> where @@ -49,7 +50,7 @@ where { let degree = trace_poly_values[0].len(); let degree_bits = log2_strict(degree); - let fri_params = config.fri_params(degree_bits, None, None); + let fri_params = config.fri_params(degree_bits); let rate_bits = config.fri_config.rate_bits; let cap_height = config.fri_config.cap_height; assert!( @@ -75,6 +76,15 @@ where challenger.observe_elements(public_inputs); challenger.observe_cap(&trace_cap); + let final_poly_coeff_len = + if let Some(verifier_circuit_degree_bits) = verifier_circuit_degree_bits { + Some(final_poly_coeff_len( + verifier_circuit_degree_bits, + &fri_params.reduction_arity_bits, + )) + } else { + None + }; prove_with_commitment( &stark, config, @@ -84,6 +94,7 @@ where None, &mut challenger, public_inputs, + final_poly_coeff_len, timing, ) } @@ -104,7 +115,7 @@ pub fn prove_with_commitment( ctl_challenges: Option<&GrandProductChallengeSet>, challenger: &mut Challenger, public_inputs: &[F], - common_circuit_data: Option>, + final_poly_coeff_len: Option, timing: &mut TimingTree, ) -> Result> where @@ -114,12 +125,7 @@ where { let degree = trace_poly_values[0].len(); let degree_bits = log2_strict(degree); - let fri_params = if let Some(cd) = common_circuit_data { - - config.fri_params(degree_bits, Some(cd.degree_bits()), Some(cd.fri_params.)) - } else { - config.fri_params(degree_bits, None, None) - }; + let fri_params = config.fri_params(degree_bits); let rate_bits = config.fri_config.rate_bits; let cap_height = config.fri_config.cap_height; assert!( @@ -326,6 +332,7 @@ where &initial_merkle_trees, challenger, &fri_params, + final_poly_coeff_len, timing, ) ); diff --git a/starky/src/recursive_verifier.rs b/starky/src/recursive_verifier.rs index 82016614e7..aae2ef7a0c 100644 --- a/starky/src/recursive_verifier.rs +++ b/starky/src/recursive_verifier.rs @@ -8,7 +8,6 @@ use core::iter::once; use anyhow::{ensure, Result}; use itertools::Itertools; use plonky2::field::extension::Extendable; -use plonky2::field::types::Field; use plonky2::fri::witness_util::set_fri_proof_target; use plonky2::hash::hash_types::RichField; use plonky2::iop::challenger::RecursiveChallenger; @@ -46,6 +45,7 @@ pub fn verify_stark_proof_circuit< proof_with_pis: StarkProofWithPublicInputsTarget, inner_config: &StarkConfig, degree_bits: usize, + min_degree_bits_to_support: Option, ) where C::Hasher: AlgebraicHasher, { @@ -67,6 +67,7 @@ pub fn verify_stark_proof_circuit< None, inner_config, degree_bits, + min_degree_bits_to_support, ); } @@ -85,6 +86,7 @@ pub fn verify_stark_proof_with_challenges_circuit< ctl_vars: Option<&[CtlCheckVarsTarget]>, inner_config: &StarkConfig, degree_bits: usize, + min_degree_bits_to_support: Option, ) where C::Hasher: AlgebraicHasher, { @@ -215,15 +217,27 @@ pub fn verify_stark_proof_with_challenges_circuit< ctl_zs_first.as_ref().map_or(0, |c| c.len()), inner_config, ); - builder.verify_fri_proof::( - &fri_instance, - &proof.openings.to_fri_openings(zero), - &challenges.fri_challenges, - &merkle_caps, - &proof.opening_proof, - &inner_config.fri_params(degree_bits, None), - Some(proof.degree_bits), - ); + if let Some(min_degree_bits_to_support) = min_degree_bits_to_support { + builder.verify_fri_proof_with_multiple_degree_bits::( + &fri_instance, + &proof.openings.to_fri_openings(zero), + &challenges.fri_challenges, + &merkle_caps, + &proof.opening_proof, + &inner_config.fri_params(degree_bits), + proof.degree_bits, + min_degree_bits_to_support, + ); + } else { + builder.verify_fri_proof::( + &fri_instance, + &proof.openings.to_fri_openings(zero), + &challenges.fri_challenges, + &merkle_caps, + &proof.opening_proof, + &inner_config.fri_params(degree_bits), + ); + } } fn eval_l_0_and_l_last_circuit, const D: usize>( @@ -281,7 +295,7 @@ pub fn add_virtual_stark_proof, S: Stark, con num_ctl_helper_zs: usize, num_ctl_zs: usize, ) -> StarkProofTarget { - let fri_params = config.fri_params(degree_bits, None); + let fri_params = config.fri_params(degree_bits); let cap_height = fri_params.config.cap_height; let num_leaves_per_oracle = once(S::COLUMNS) diff --git a/starky/src/unconstrained_stark.rs b/starky/src/unconstrained_stark.rs index ac9fabe29e..d287a2eec2 100644 --- a/starky/src/unconstrained_stark.rs +++ b/starky/src/unconstrained_stark.rs @@ -114,7 +114,8 @@ mod tests { let stark = S::new(num_rows); let trace = stark.generate_trace(); - let proof = prove::(stark, &config, trace, &[], &mut TimingTree::default())?; + let proof = + prove::(stark, &config, trace, &[], None, &mut TimingTree::default())?; verify_stark_proof(stark, proof, &config) } @@ -156,7 +157,8 @@ mod tests { let stark = S::new(num_rows); let trace = stark.generate_trace(); - let proof = prove::(stark, &config, trace, &[], &mut TimingTree::default())?; + let proof = + prove::(stark, &config, trace, &[], None, &mut TimingTree::default())?; verify_stark_proof(stark, proof.clone(), &config)?; recursive_proof::(stark, proof, &config, true) @@ -191,6 +193,7 @@ mod tests { pt, inner_config, degree_bits, + None, ); if print_gate_counts { diff --git a/starky/src/verifier.rs b/starky/src/verifier.rs index 0ba160cd45..d56072ad3a 100644 --- a/starky/src/verifier.rs +++ b/starky/src/verifier.rs @@ -201,7 +201,7 @@ where &challenges.fri_challenges, &merkle_caps, &proof.opening_proof, - &config.fri_params(degree_bits, None), + &config.fri_params(degree_bits), )?; Ok(()) @@ -243,7 +243,7 @@ where ensure!(public_inputs.len() == S::PUBLIC_INPUTS); - let fri_params = config.fri_params(degree_bits, None); + let fri_params = config.fri_params(degree_bits); let cap_height = fri_params.config.cap_height; ensure!(trace_cap.height() == cap_height);