From 7e50a6e8b0b1adfb048a375fd52710b7017112aa Mon Sep 17 00:00:00 2001 From: Al-Kindi-0 <82364884+Al-Kindi-0@users.noreply.github.com> Date: Fri, 30 Aug 2024 18:50:51 +0200 Subject: [PATCH] fix: post merge issues --- air/src/air/logup_gkr.rs | 37 +++++++++++++++++++++- air/src/air/mod.rs | 2 +- prover/src/lib.rs | 18 +---------- prover/src/logup_gkr/mod.rs | 3 +- prover/src/tests/mod.rs | 4 +-- sumcheck/benches/sum_check_high_degree.rs | 10 ++++-- sumcheck/src/verifier/mod.rs | 3 +- verifier/src/lib.rs | 35 -------------------- verifier/src/logup_gkr/mod.rs | 12 +++++-- winterfell/src/tests/logup_gkr_periodic.rs | 17 ++++------ winterfell/src/tests/logup_gkr_simple.rs | 2 -- winterfell/src/tests/mod.rs | 1 - 12 files changed, 67 insertions(+), 77 deletions(-) diff --git a/air/src/air/logup_gkr.rs b/air/src/air/logup_gkr.rs index 08b2890f3..22f36a88d 100644 --- a/air/src/air/logup_gkr.rs +++ b/air/src/air/logup_gkr.rs @@ -82,6 +82,41 @@ pub trait LogUpGkrEvaluator: Clone + Sync { E::ZERO } + /// Generates the data needed for running the univariate IOP for multi-linear evaluation of [1]. + /// + /// This mainly generates the batching randomness used to batch a number of multi-linear + /// evaluation claims and includes some additional data that is needed for building/verifying + /// the univariate IOP for multi-linear evaluation of [1]. + /// + /// This is the $\lambda$ randomness in section 5.2 in [1] but using different random values for + /// each term instead of powers of a single random element. + /// + /// [1]: https://eprint.iacr.org/2023/1284 + fn generate_univariate_iop_for_multi_linear_opening_data( + &self, + openings: Vec, + eval_point: Vec, + public_coin: &mut impl RandomCoin, + ) -> GkrData + where + E: FieldElement, + H: ElementHasher, + { + public_coin.reseed(H::hash_elements(&openings)); + + let mut batching_randomness = Vec::with_capacity(openings.len() - 1); + for _ in 0..openings.len() - 1 { + batching_randomness.push(public_coin.draw().expect("failed to generate randomness")) + } + + GkrData::new( + LagrangeKernelRandElements::new(eval_point), + batching_randomness, + openings, + self.get_oracles().to_vec(), + ) + } + /// Returns the periodic values used in the LogUp-GKR statement, either as base field element /// during circuit evaluation or as extension field element during the run of sum-check for /// the input layer. @@ -196,7 +231,7 @@ pub enum LogUpGkrOracle { /// with the given periodic values. Due to the periodic nature of the values, storing, binding of /// an argument and evaluating the said multi-linear extension can be all done linearly in the size /// of the smallest cycle defining the periodic values. Hence we only store the values of this -/// smallest cycle. The cycle is assumed throughout to be a power of 2. +/// smallest cycle. The cycle is assumed throughout to be a power of 2. #[derive(Clone, Debug, Default, PartialEq, PartialOrd, Eq, Ord)] pub struct PeriodicTable { pub table: Vec>, diff --git a/air/src/air/mod.rs b/air/src/air/mod.rs index 431b901f1..ec43d7a69 100644 --- a/air/src/air/mod.rs +++ b/air/src/air/mod.rs @@ -36,7 +36,7 @@ pub use lagrange::{ }; mod logup_gkr; -pub use logup_gkr::{DummyLogUpGkrEval, LogUpGkrEvaluator, LogUpGkrOracle, PeriodicTable}; +pub use logup_gkr::{LogUpGkrEvaluator, LogUpGkrOracle, PeriodicTable}; mod coefficients; pub use coefficients::{ diff --git a/prover/src/lib.rs b/prover/src/lib.rs index fe58e85f3..703f19d8c 100644 --- a/prover/src/lib.rs +++ b/prover/src/lib.rs @@ -209,23 +209,7 @@ pub trait Prover { where E: FieldElement, { - let mut aux_trace = self.build_aux_trace(main_trace, aux_rand_elements); - - if let Some(lagrange_randomness) = aux_rand_elements.lagrange() { - let evaluator = air.get_logup_gkr_evaluator::(); - let lagrange_col = build_lagrange_column(lagrange_randomness); - let s_col = build_s_column( - main_trace, - aux_rand_elements.gkr_data().expect("should not be empty"), - &evaluator, - &lagrange_col, - ); - - aux_trace.merge_column(s_col); - aux_trace.merge_column(lagrange_col); - } - - aux_trace + unimplemented!("`Prover::build_aux_trace` needs to be implemented when the trace has an auxiliary segment.") } /// Returns a STARK proof attesting to a correct execution of a computation defined by the diff --git a/prover/src/logup_gkr/mod.rs b/prover/src/logup_gkr/mod.rs index 56174bf1f..c13c02991 100644 --- a/prover/src/logup_gkr/mod.rs +++ b/prover/src/logup_gkr/mod.rs @@ -109,8 +109,7 @@ impl EvaluatedCircuit { log_up_randomness: &[E], ) -> CircuitLayer { let num_fractions = evaluator.get_num_fractions(); - let periodic_values = - evaluator.build_periodic_values::(); + let periodic_values = evaluator.build_periodic_values::(); let mut input_layer_wires = Vec::with_capacity(main_trace.main_segment().num_rows() * num_fractions); let mut main_frame = EvaluationFrame::new(main_trace.main_segment().num_cols()); diff --git a/prover/src/tests/mod.rs b/prover/src/tests/mod.rs index 7c1b66b9f..5132e2025 100644 --- a/prover/src/tests/mod.rs +++ b/prover/src/tests/mod.rs @@ -6,8 +6,8 @@ use alloc::vec::Vec; use air::{ - Air, AirContext, Assertion, DummyLogUpGkrEval, EvaluationFrame, FieldExtension, ProofOptions, - TraceInfo, TransitionConstraintDegree, + Air, AirContext, Assertion, EvaluationFrame, FieldExtension, ProofOptions, TraceInfo, + TransitionConstraintDegree, }; use math::{fields::f64::BaseElement, FieldElement, StarkField}; diff --git a/sumcheck/benches/sum_check_high_degree.rs b/sumcheck/benches/sum_check_high_degree.rs index cc7fc3465..e7f60ae2c 100644 --- a/sumcheck/benches/sum_check_high_degree.rs +++ b/sumcheck/benches/sum_check_high_degree.rs @@ -78,7 +78,7 @@ fn setup_sum_check( MultiLinearPoly, MultiLinearPoly, ), - PeriodicTable + PeriodicTable, ) { let n = 1 << log_size; let table = MultiLinearPoly::from_evaluations(rand_vector(n)); @@ -94,7 +94,13 @@ fn setup_sum_check( let r_batch: E = rand_value(); let claim: E = rand_value(); - (claim, r_batch, rand_pt, (table, multiplicity, values_0, values_1, values_2), periodic_table) + ( + claim, + r_batch, + rand_pt, + (table, multiplicity, values_0, values_1, values_2), + periodic_table, + ) } #[derive(Clone, Default)] diff --git a/sumcheck/src/verifier/mod.rs b/sumcheck/src/verifier/mod.rs index 6a708b255..a3bb51c47 100644 --- a/sumcheck/src/verifier/mod.rs +++ b/sumcheck/src/verifier/mod.rs @@ -10,7 +10,8 @@ use crypto::{ElementHasher, RandomCoin}; use math::FieldElement; use crate::{ - comb_func, evaluate_composition_poly, EqFunction, FinalLayerProof, FinalOpeningClaim, MultiLinearPoly, RoundProof, SumCheckProof, SumCheckRoundClaim + comb_func, evaluate_composition_poly, EqFunction, FinalLayerProof, FinalOpeningClaim, + MultiLinearPoly, RoundProof, SumCheckProof, SumCheckRoundClaim, }; /// Verifies sum-check proofs, as part of the GKR proof, for all GKR layers except for the last one diff --git a/verifier/src/lib.rs b/verifier/src/lib.rs index f21cfc227..cabbda6c7 100644 --- a/verifier/src/lib.rs +++ b/verifier/src/lib.rs @@ -350,41 +350,6 @@ where .map_err(VerifierError::FriVerificationFailed) } -fn verify_gkr>( - gkr_proof: GkrCircuitProof, - evaluator: &impl LogUpGkrEvaluator, - public_coin: &mut impl RandomCoin, -) -> Result, GkrVerifierError> { - let claim = E::ZERO; - let num_logup_random_values = evaluator.get_num_rand_values(); - let mut logup_randomness: Vec = Vec::with_capacity(num_logup_random_values); - - for _ in 0..num_logup_random_values { - logup_randomness.push(public_coin.draw().expect("failed to generate randomness")); - } - - let final_eval_claim = - verify_logup_gkr(claim, evaluator, &gkr_proof, logup_randomness, public_coin)?; - - let FinalOpeningClaim { eval_point, openings } = final_eval_claim; - - public_coin.reseed(H::hash_elements(&openings)); - - let mut batching_randomness = Vec::with_capacity(openings.len() - 1); - for _ in 0..openings.len() - 1 { - batching_randomness.push(public_coin.draw().expect("failed to generate randomness")) - } - - let gkr_rand_elements = GkrData::new( - LagrangeKernelRandElements::new(eval_point), - batching_randomness, - openings, - evaluator.get_oracles().to_vec(), - ); - - Ok(gkr_rand_elements) -} - // ACCEPTABLE OPTIONS // ================================================================================================ // Specifies either the minimal, conjectured or proven, security level or a set of diff --git a/verifier/src/logup_gkr/mod.rs b/verifier/src/logup_gkr/mod.rs index 4ff9334fc..e317e0ab1 100644 --- a/verifier/src/logup_gkr/mod.rs +++ b/verifier/src/logup_gkr/mod.rs @@ -15,12 +15,18 @@ pub fn verify_gkr< C: RandomCoin, H: ElementHasher, >( - claim: E, - evaluator: &impl LogUpGkrEvaluator, + pub_inputs: &A::PublicInputs, proof: &GkrCircuitProof, - log_up_randomness: Vec, + evaluator: &impl LogUpGkrEvaluator, transcript: &mut C, ) -> Result, VerifierError> { + let num_logup_random_values = evaluator.get_num_rand_values(); + let mut logup_randomness: Vec = Vec::with_capacity(num_logup_random_values); + + for _ in 0..num_logup_random_values { + logup_randomness.push(transcript.draw().expect("failed to generate randomness")); + } + let GkrCircuitProof { circuit_outputs, before_final_layer_proofs, diff --git a/winterfell/src/tests/logup_gkr_periodic.rs b/winterfell/src/tests/logup_gkr_periodic.rs index 85b92147f..52764dd24 100644 --- a/winterfell/src/tests/logup_gkr_periodic.rs +++ b/winterfell/src/tests/logup_gkr_periodic.rs @@ -114,18 +114,18 @@ impl Trace for LogUpGkrPeriodic { // ================================================================================================= struct LogUpGkrPeriodicAir { - context: AirContext, + context: AirContext, } impl Air for LogUpGkrPeriodicAir { type BaseField = BaseElement; type PublicInputs = (); - type LogUpGkrEvaluator = PeriodicLogUpGkrEval; fn new(trace_info: TraceInfo, _pub_inputs: Self::PublicInputs, options: ProofOptions) -> Self { Self { context: AirContext::with_logup_gkr( trace_info, + (), vec![TransitionConstraintDegree::new(1)], vec![], 1, @@ -135,7 +135,7 @@ impl Air for LogUpGkrPeriodicAir { } } - fn context(&self) -> &AirContext { + fn context(&self) -> &AirContext { &self.context } @@ -177,9 +177,10 @@ impl Air for LogUpGkrPeriodicAir { vec![] } - fn get_logup_gkr_evaluator>( + fn get_logup_gkr_evaluator( &self, - ) -> Self::LogUpGkrEvaluator { + ) -> impl LogUpGkrEvaluator + { PeriodicLogUpGkrEval::new() } } @@ -338,11 +339,7 @@ impl Prover for LogUpGkrPeriodicProver { DefaultConstraintEvaluator::new(air, aux_rand_elements, composition_coefficients) } - fn build_aux_trace( - &self, - main_trace: &Self::Trace, - _aux_rand_elements: &AuxRandElements, - ) -> ColMatrix + fn build_aux_trace(&self, main_trace: &Self::Trace, _aux_rand_elements: &[E]) -> ColMatrix where E: FieldElement, { diff --git a/winterfell/src/tests/logup_gkr_simple.rs b/winterfell/src/tests/logup_gkr_simple.rs index d180da2b5..508a14816 100644 --- a/winterfell/src/tests/logup_gkr_simple.rs +++ b/winterfell/src/tests/logup_gkr_simple.rs @@ -1,4 +1,3 @@ - use std::{marker::PhantomData, vec, vec::Vec}; use air::{ @@ -111,7 +110,6 @@ struct LogUpGkrSimpleAir { impl Air for LogUpGkrSimpleAir { type BaseField = BaseElement; type PublicInputs = (); - type LogUpGkrEvaluator = PlainLogUpGkrEval; fn new(trace_info: TraceInfo, _pub_inputs: Self::PublicInputs, options: ProofOptions) -> Self { Self { diff --git a/winterfell/src/tests/mod.rs b/winterfell/src/tests/mod.rs index 201cf3b3a..51881e55e 100644 --- a/winterfell/src/tests/mod.rs +++ b/winterfell/src/tests/mod.rs @@ -3,7 +3,6 @@ // This source code is licensed under the MIT license found in the // LICENSE file in the root directory of this source tree. - mod logup_gkr_simple; mod logup_gkr_periodic;