diff --git a/Cargo.lock b/Cargo.lock index 33f650aa1d..5f895c8005 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4313,7 +4313,6 @@ dependencies = [ [[package]] name = "openvm-stark-backend" version = "0.2.0-alpha" -source = "git+https://github.com/openvm-org/stark-backend.git?rev=dd3a03c#dd3a03c0e12fada12622bcae2df207b625e2a619" dependencies = [ "async-trait", "cfg-if", @@ -4340,7 +4339,6 @@ dependencies = [ [[package]] name = "openvm-stark-sdk" version = "0.2.0-alpha" -source = "git+https://github.com/openvm-org/stark-backend.git?rev=dd3a03c#dd3a03c0e12fada12622bcae2df207b625e2a619" dependencies = [ "derive_more 0.99.18", "ff 0.13.0", @@ -4357,7 +4355,7 @@ dependencies = [ "p3-goldilocks", "p3-keccak", "p3-merkle-tree", - "p3-poseidon", + "p3-poseidon 0.1.0 (git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd)", "p3-poseidon2", "p3-symmetric", "rand", @@ -4473,7 +4471,6 @@ dependencies = [ [[package]] name = "p3-air" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "p3-field", "p3-matrix", @@ -4482,7 +4479,6 @@ dependencies = [ [[package]] name = "p3-baby-bear" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "p3-field", "p3-mds", @@ -4496,7 +4492,6 @@ dependencies = [ [[package]] name = "p3-blake3" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "blake3", "p3-symmetric", @@ -4506,7 +4501,6 @@ dependencies = [ [[package]] name = "p3-bn254-fr" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "ff 0.13.0", "halo2curves", @@ -4521,7 +4515,6 @@ dependencies = [ [[package]] name = "p3-challenger" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "p3-field", "p3-maybe-rayon", @@ -4533,7 +4526,6 @@ dependencies = [ [[package]] name = "p3-commit" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "p3-challenger", @@ -4547,7 +4539,6 @@ dependencies = [ [[package]] name = "p3-dft" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "p3-field", @@ -4560,7 +4551,6 @@ dependencies = [ [[package]] name = "p3-field" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "num-bigint 0.4.6", @@ -4577,7 +4567,6 @@ dependencies = [ [[package]] name = "p3-fri" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "p3-challenger", @@ -4596,13 +4585,12 @@ dependencies = [ [[package]] name = "p3-goldilocks" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "num-bigint 0.4.6", "p3-dft", "p3-field", "p3-mds", - "p3-poseidon", + "p3-poseidon 0.1.0", "p3-poseidon2", "p3-symmetric", "p3-util", @@ -4613,7 +4601,6 @@ dependencies = [ [[package]] name = "p3-interpolation" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "p3-field", "p3-matrix", @@ -4624,7 +4611,6 @@ dependencies = [ [[package]] name = "p3-keccak" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "p3-field", @@ -4636,7 +4622,6 @@ dependencies = [ [[package]] name = "p3-keccak-air" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "p3-air", "p3-field", @@ -4650,7 +4635,6 @@ dependencies = [ [[package]] name = "p3-matrix" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "p3-field", @@ -4665,7 +4649,6 @@ dependencies = [ [[package]] name = "p3-maybe-rayon" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "rayon", ] @@ -4673,7 +4656,6 @@ dependencies = [ [[package]] name = "p3-mds" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "p3-dft", @@ -4687,7 +4669,6 @@ dependencies = [ [[package]] name = "p3-merkle-tree" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "p3-commit", @@ -4704,7 +4685,6 @@ dependencies = [ [[package]] name = "p3-monty-31" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "num-bigint 0.4.6", @@ -4722,6 +4702,16 @@ dependencies = [ "transpose", ] +[[package]] +name = "p3-poseidon" +version = "0.1.0" +dependencies = [ + "p3-field", + "p3-mds", + "p3-symmetric", + "rand", +] + [[package]] name = "p3-poseidon" version = "0.1.0" @@ -4736,7 +4726,6 @@ dependencies = [ [[package]] name = "p3-poseidon2" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "gcd", "p3-field", @@ -4764,7 +4753,6 @@ dependencies = [ [[package]] name = "p3-symmetric" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "p3-field", @@ -4774,7 +4762,6 @@ dependencies = [ [[package]] name = "p3-uni-stark" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "itertools 0.13.0", "p3-air", @@ -4792,7 +4779,6 @@ dependencies = [ [[package]] name = "p3-util" version = "0.1.0" -source = "git+https://github.com/Plonky3/Plonky3.git?rev=784b7dd#784b7dd1fa87c1202e63350cc8182d7c5327a7af" dependencies = [ "serde", ] diff --git a/extensions/native/recursion/Cargo.toml b/extensions/native/recursion/Cargo.toml index 45c028f9b7..1116382866 100644 --- a/extensions/native/recursion/Cargo.toml +++ b/extensions/native/recursion/Cargo.toml @@ -37,7 +37,7 @@ tempfile = "3.14.0" bitcode = { workspace = true } [features] -default = ["parallel", "mimalloc"] +default = ["parallel", "mimalloc", "static-verifier"] parallel = ["openvm-stark-backend/parallel"] static-verifier = [ "openvm-native-compiler/halo2-compiler", diff --git a/extensions/native/recursion/src/challenger/multi_field32.rs b/extensions/native/recursion/src/challenger/multi_field32.rs index 685f98f15f..1b4418ac85 100644 --- a/extensions/native/recursion/src/challenger/multi_field32.rs +++ b/extensions/native/recursion/src/challenger/multi_field32.rs @@ -92,6 +92,7 @@ impl MultiField32ChallengerVariable { pub fn sample_bits(&mut self, builder: &mut Builder, bits: usize) -> Var { let rand_f = self.sample(builder); + builder.print_f(rand_f); let rand_f_bits = builder.num2bits_f_circuit(rand_f); builder.bits2num_v_circuit(&rand_f_bits[0..bits]) } @@ -99,6 +100,7 @@ impl MultiField32ChallengerVariable { pub fn check_witness(&mut self, builder: &mut Builder, bits: usize, witness: Felt) { self.observe(builder, witness); let element = self.sample_bits(builder, bits); + builder.print_v(element); builder.assert_var_eq(element, C::N::from_canonical_usize(0)); } } @@ -128,6 +130,7 @@ impl CanSampleBitsVariable for MultiField32ChallengerVariable { nb_bits: RVar, ) -> Array> { let rand_f = self.sample(builder); + builder.print_f(rand_f); let rand_f_bits = builder.num2bits_f_circuit(rand_f); builder.vec(rand_f_bits[..nb_bits.value()].to_vec()) } diff --git a/extensions/native/recursion/src/fri/mod.rs b/extensions/native/recursion/src/fri/mod.rs index f8f9532eae..3f5411a239 100644 --- a/extensions/native/recursion/src/fri/mod.rs +++ b/extensions/native/recursion/src/fri/mod.rs @@ -9,12 +9,8 @@ use openvm_native_compiler::{ use openvm_stark_backend::p3_field::{Field, FieldAlgebra, TwoAdicField}; pub use two_adic_pcs::*; -use self::types::{ - DimensionsVariable, FriChallengesVariable, FriConfigVariable, FriProofVariable, - FriQueryProofVariable, -}; +use self::types::{DimensionsVariable, FriConfigVariable, FriQueryProofVariable}; use crate::{ - challenger::ChallengerVariable, digest::{CanPoseidon2Digest, DigestVariable}, outer_poseidon2::Poseidon2CircuitBuilder, utils::cond_eval, @@ -27,94 +23,6 @@ pub mod two_adic_pcs; pub mod types; pub mod witness; -/// Reference: https://github.com/Plonky3/Plonky3/blob/4809fa7bedd9ba8f6f5d3267b1592618e3776c57/fri/src/verifier.rs#L27 -pub fn verify_shape_and_sample_challenges( - builder: &mut Builder, - config: &FriConfigVariable, - proof: &FriProofVariable, - challenger: &mut impl ChallengerVariable, -) -> FriChallengesVariable { - let betas: Array> = builder.array(proof.commit_phase_commits.len()); - - builder - .range(0, proof.commit_phase_commits.len()) - .for_each(|i, builder| { - let comm = builder.get(&proof.commit_phase_commits, i); - challenger.observe_digest(builder, comm); - let sample = challenger.sample_ext(builder); - builder.set(&betas, i, sample); - }); - - builder - .range(0, proof.final_poly.len()) - .for_each(|i, builder| { - let final_poly_elem = builder.get(&proof.final_poly, i); - let final_poly_elem_felts = builder.ext2felt(final_poly_elem); - challenger.observe_slice(builder, final_poly_elem_felts); - }); - - let num_query_proofs = proof.query_proofs.len().clone(); - builder - .if_ne(num_query_proofs, RVar::from(config.num_queries)) - .then(|builder| { - builder.error(); - }); - - challenger.check_witness(builder, config.proof_of_work_bits, proof.pow_witness); - - let log_max_height = - builder.eval_expr(proof.commit_phase_commits.len() + RVar::from(config.log_blowup)); - let query_indices = builder.array(config.num_queries); - builder.range(0, config.num_queries).for_each(|i, builder| { - let index_bits = challenger.sample_bits(builder, log_max_height); - builder.set(&query_indices, i, index_bits); - }); - - FriChallengesVariable { - query_indices, - betas, - } -} - -/// Verifies a set of FRI challenges. -/// -/// Reference: https://github.com/Plonky3/Plonky3/blob/4809fa7bedd9ba8f6f5d3267b1592618e3776c57/fri/src/verifier.rs#L67 -#[allow(clippy::type_complexity)] -pub fn verify_challenges( - builder: &mut Builder, - config: &FriConfigVariable, - proof: &FriProofVariable, - challenges: &FriChallengesVariable, - reduced_openings: &Array>>, -) where - C::F: TwoAdicField, - C::EF: TwoAdicField, -{ - let log_max_height = - builder.eval_expr(proof.commit_phase_commits.len() + RVar::from(config.log_blowup)); - builder - .range(0, challenges.query_indices.len()) - .for_each(|i, builder| { - let index_bits = builder.get(&challenges.query_indices, i); - let query_proof = builder.get(&proof.query_proofs, i); - let ro = builder.get(reduced_openings, i); - - let folded_eval = verify_query( - builder, - config, - &proof.commit_phase_commits, - &index_bits, - &query_proof, - &challenges.betas, - &ro, - log_max_height, - ); - - let final_poly_elem = builder.get(&proof.final_poly, 0); - builder.assert_ext_eq(folded_eval, final_poly_elem); - }); -} - /// Verifies a FRI query. /// /// Currently assumes the index that is accessed is constant. diff --git a/extensions/native/recursion/src/fri/two_adic_pcs.rs b/extensions/native/recursion/src/fri/two_adic_pcs.rs index 76a9823a5c..d8243fb679 100644 --- a/extensions/native/recursion/src/fri/two_adic_pcs.rs +++ b/extensions/native/recursion/src/fri/two_adic_pcs.rs @@ -9,8 +9,7 @@ use super::{ types::{ DimensionsVariable, FriConfigVariable, TwoAdicPcsMatsVariable, TwoAdicPcsRoundVariable, }, - verify_batch, verify_challenges, verify_shape_and_sample_challenges, NestedOpenedValues, - TwoAdicMultiplicativeCosetVariable, + verify_batch, verify_query, NestedOpenedValues, TwoAdicMultiplicativeCosetVariable, }; use crate::{ challenger::ChallengerVariable, commit::PcsVariable, digest::DigestVariable, @@ -29,6 +28,7 @@ use crate::{ /// Reference: /// /// +/// pub fn verify_two_adic_pcs( builder: &mut Builder, config: &FriConfigVariable, @@ -47,21 +47,40 @@ pub fn verify_two_adic_pcs( let blowup = config.blowup; let alpha = challenger.sample_ext(builder); - builder.cycle_tracker_start("stage-d-1-verify-shape-and-sample-challenges"); - let fri_challenges = verify_shape_and_sample_challenges(builder, config, &proof, challenger); - builder.cycle_tracker_end("stage-d-1-verify-shape-and-sample-challenges"); + builder.cycle_tracker_start("stage-d-verifier-verify"); + let betas: Array> = builder.array(proof.commit_phase_commits.len()); + builder + .range(0, proof.commit_phase_commits.len()) + .for_each(|i, builder| { + let comm = builder.get(&proof.commit_phase_commits, i); + challenger.observe_digest(builder, comm); + let sample = challenger.sample_ext(builder); + builder.set(&betas, i, sample); + }); + builder + .range(0, proof.final_poly.len()) + .for_each(|i, builder| { + let final_poly_elem = builder.get(&proof.final_poly, i); + let final_poly_elem_felts = builder.ext2felt(final_poly_elem); + challenger.observe_slice(builder, final_poly_elem_felts); + }); + let num_query_proofs = proof.query_proofs.len().clone(); + builder + .if_ne(num_query_proofs, RVar::from(config.num_queries)) + .then(|builder| { + builder.error(); + }); - let log_global_max_height = - builder.eval_expr(proof.commit_phase_commits.len() + RVar::from(log_blowup)); + challenger.check_witness(builder, config.proof_of_work_bits, proof.pow_witness); - let reduced_openings: Array<_, Array<_, Ext<_, _>>> = builder.array(proof.query_proofs.len()); + let log_max_height = + builder.eval_expr(proof.commit_phase_commits.len() + RVar::from(log_blowup)); - builder.cycle_tracker_start("stage-d-2-fri-fold"); builder .range(0, proof.query_proofs.len()) .for_each(|i, builder| { let query_proof = builder.get(&proof.query_proofs, i); - let index_bits = builder.get(&fri_challenges.query_indices, i); + let index_bits = challenger.sample_bits(builder, log_max_height); let ro: Array> = builder.array(32); let alpha_pow: Array> = builder.array(32); @@ -130,8 +149,7 @@ pub fn verify_two_adic_pcs( }); let permed_opened_values = NestedOpenedValues::Felt(permed_opened_values); - let bits_reduced: Usize<_> = - builder.eval(log_global_max_height - log_batch_max_height); + let bits_reduced: Usize<_> = builder.eval(log_max_height - log_batch_max_height); let index_bits_shifted_v1 = index_bits.shift(builder, bits_reduced); builder.cycle_tracker_start("verify-batch"); @@ -163,8 +181,7 @@ pub fn verify_two_adic_pcs( let cur_ro = builder.get(&ro, log_height); let cur_alpha_pow = builder.get(&alpha_pow, log_height); - let bits_reduced: Usize<_> = - builder.eval(log_global_max_height - log_height); + let bits_reduced: Usize<_> = builder.eval(log_max_height - log_height); let index_bits_shifted = index_bits.shift(builder, bits_reduced); let two_adic_generator = config.get_two_adic_generator(builder, log_height); @@ -211,13 +228,22 @@ pub fn verify_two_adic_pcs( builder.cycle_tracker_end("compute-reduced-opening"); }); - builder.set_value(&reduced_openings, i, ro); + let folded_eval = verify_query( + builder, + config, + &proof.commit_phase_commits, + &index_bits, + &query_proof, + &betas, + &ro, + log_max_height, + ); + + let final_poly_elem = builder.get(&proof.final_poly, 0); + builder.print_e(folded_eval); + builder.assert_ext_eq(folded_eval, final_poly_elem); }); - builder.cycle_tracker_end("stage-d-2-fri-fold"); - - builder.cycle_tracker_start("stage-d-3-verify-challenges"); - verify_challenges(builder, config, &proof, &fri_challenges, &reduced_openings); - builder.cycle_tracker_end("stage-d-3-verify-challenges"); + builder.cycle_tracker_end("stage-d-verifier-verify"); } impl FromConstant for TwoAdicPcsRoundVariable