From 7c557d31c0e33c3fdde2ed8e3b3b31bf9406b88c Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 11:59:15 +0800 Subject: [PATCH 01/46] Use workspace dependencies --- Cargo.lock | 42 +++++++++++++++++++++--------------------- Cargo.toml | 7 +++++++ circuits/Cargo.toml | 6 +++--- cli/Cargo.toml | 4 ++-- expr/Cargo.toml | 2 +- recproofs/Cargo.toml | 4 ++-- runner/Cargo.toml | 2 +- wasm-demo/Cargo.toml | 2 +- 8 files changed, 38 insertions(+), 31 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d4d30eff4..183e2b6b7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -203,9 +203,9 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" [[package]] name = "cc" -version = "1.0.94" +version = "1.0.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17f6e324229dc011159fcc089755d1e2e216a90d43a7dea6853ca740b84f35e7" +checksum = "d32a725bc159af97c3e629873bb9f88fb8cf8a4867175f76dc987815ea07c83b" [[package]] name = "cfg-if" @@ -1145,8 +1145,8 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" -version = "0.2.1" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git#76e42a132e0938954ff7bc27649474ed875a5c1a" dependencies = [ "ahash", "anyhow", @@ -1170,7 +1170,7 @@ dependencies = [ [[package]] name = "plonky2_crypto" version = "0.1.0" -source = "git+https://github.com/0xmozak/plonky2-crypto.git#49b2ea39eff2776e9c1c903ce4ca36c19a55d998" +source = "git+https://github.com/0xmozak/plonky2-crypto.git#5e2315718c61daada8974cf11f6238c6c25d7bcd" dependencies = [ "anyhow", "hex", @@ -1186,8 +1186,8 @@ dependencies = [ [[package]] name = "plonky2_field" -version = "0.2.1" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git#76e42a132e0938954ff7bc27649474ed875a5c1a" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1202,7 +1202,7 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +source = "git+https://github.com/0xmozak/plonky2.git#76e42a132e0938954ff7bc27649474ed875a5c1a" dependencies = [ "rayon", ] @@ -1210,7 +1210,7 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +source = "git+https://github.com/0xmozak/plonky2.git#76e42a132e0938954ff7bc27649474ed875a5c1a" [[package]] name = "plotters" @@ -1484,9 +1484,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.32" +version = "0.38.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "65e04861e65f21776e67888bfbea442b3642beaa0138fdb1dd7a84a52dffdb89" +checksum = "e3cc72858054fcff6d7dea32df2aeaee6a7c24227366d7ea429aada2f26b16ad" dependencies = [ "bitflags", "errno", @@ -1665,8 +1665,8 @@ dependencies = [ [[package]] name = "starky" -version = "0.3.0" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +version = "0.4.0" +source = "git+https://github.com/0xmozak/plonky2.git#76e42a132e0938954ff7bc27649474ed875a5c1a" dependencies = [ "ahash", "anyhow", @@ -1706,9 +1706,9 @@ checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "syn" -version = "2.0.59" +version = "2.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a6531ffc7b071655e4ce2e04bd464c4830bb585a61cabb96cf808f05172615a" +checksum = "909518bc7b1c9b779f1bbf07f2929d35af9f0f37e47c6e9ef7f9dddc1e1821f3" dependencies = [ "proc-macro2", "quote", @@ -1768,18 +1768,18 @@ dependencies = [ [[package]] name = "thiserror" -version = "1.0.58" +version = "1.0.59" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03468839009160513471e86a034bb2c5c0e4baae3b43f79ffc55c4a5427b3297" +checksum = "f0126ad08bff79f29fc3ae6a55cc72352056dfff61e3ff8bb7129476d44b23aa" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.58" +version = "1.0.59" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c61f3ba182994efc43764a46c018c347bc492c79f024e705f46567b418f6d4f7" +checksum = "d1cd413b5d558b4c5bf3680e324a6fa5014e7b7c067a51e69dbdf47eb7148b66" dependencies = [ "proc-macro2", "quote", @@ -1874,9 +1874,9 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.22.9" +version = "0.22.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e40bb779c5187258fd7aad0eb68cb8706a0a81fa712fbea808ab43c4b8374c4" +checksum = "d3328d4f68a705b2a4498da1d580585d39a6510f98318a2cec3018a7ec61ddef" dependencies = [ "indexmap 2.2.6", "serde", diff --git a/Cargo.toml b/Cargo.toml index 43d6b63cb..eea68d6a7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -49,6 +49,13 @@ lto = "fat" lto = "thin" opt-level = 3 +[workspace.dependencies] +plonky2 = { git = "https://github.com/0xmozak/plonky2.git", default-features = false } +plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", default-features = false } +starky = { git = "https://github.com/0xmozak/plonky2.git", default-features = false } + +plonky2_crypto = { git = "https://github.com/0xmozak/plonky2-crypto.git" } + [patch.crates-io] plonky2 = { git = "https://github.com/0xmozak/plonky2.git" } plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git" } diff --git a/circuits/Cargo.toml b/circuits/Cargo.toml index 534805716..6e43ed900 100644 --- a/circuits/Cargo.toml +++ b/circuits/Cargo.toml @@ -20,11 +20,11 @@ log = "0.4" mozak-circuits-derive = { path = "./derive" } mozak-runner = { path = "../runner" } mozak-sdk = { path = "../sdk" } -plonky2 = { version = "0", default-features = false } -plonky2_maybe_rayon = { version = "0", default-features = false } +plonky2 = { workspace = true, default-features = false } +plonky2_maybe_rayon = { workspace = true, default-features = false } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" -starky = { version = "0", default-features = false, features = ["std"] } +starky = { workspace = true, default-features = false, features = ["std"] } thiserror = "1.0" tt-call = "1.0" diff --git a/cli/Cargo.toml b/cli/Cargo.toml index 9d6f3022b..db68aea19 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -30,11 +30,11 @@ env_logger = "0.11" itertools = "0.12" log = "0.4" mozak-examples = { path = "../examples-builder", features = ["mozak-sort"] } -plonky2 = { version = "0", default-features = false } +plonky2 = { workspace = true, default-features = false } rkyv = { version = "=0.8.0-alpha.1", default-features = false, features = ["pointer_width_32", "alloc"] } rkyv_derive = "=0.8.0-alpha.1" serde_json = "1.0" -starky = { version = "0", default-features = false } +starky = { workspace = true, default-features = false } tempfile = "3" [dev-dependencies] diff --git a/expr/Cargo.toml b/expr/Cargo.toml index 51440523e..956d5038e 100644 --- a/expr/Cargo.toml +++ b/expr/Cargo.toml @@ -11,4 +11,4 @@ version = "0.1.0" [dependencies] bumpalo = "3.14" -starky = { version = "0", default-features = false, features = ["std"] } +starky = { workspace = true, default-features = false, features = ["std"] } diff --git a/recproofs/Cargo.toml b/recproofs/Cargo.toml index 4a76b23c7..f298afea7 100644 --- a/recproofs/Cargo.toml +++ b/recproofs/Cargo.toml @@ -14,8 +14,8 @@ anyhow = { version = "1.0", default-features = false } enumflags2 = "0.7" iter_fixed = "0.3" itertools = "0.12" -plonky2 = { version = "0", default-features = false } -plonky2_maybe_rayon = { version = "0", default-features = false, features = ["parallel"] } +plonky2 = { workspace = true, default-features = false } +plonky2_maybe_rayon = { workspace = true, default-features = false, features = ["parallel"] } [dev-dependencies] criterion = { version = "0.5", features = ["html_reports"] } diff --git a/runner/Cargo.toml b/runner/Cargo.toml index b13358277..8d1e74cb1 100644 --- a/runner/Cargo.toml +++ b/runner/Cargo.toml @@ -19,7 +19,7 @@ im = "15.1" itertools = "0.12" log = "0.4" mozak-sdk = { path = "../sdk" } -plonky2 = { version = "0", default-features = false } +plonky2 = { workspace = true, default-features = false } proptest = { version = "1.4", optional = true } serde = { version = "1.0", features = ["derive"] } diff --git a/wasm-demo/Cargo.toml b/wasm-demo/Cargo.toml index e20058cbb..734c309ad 100644 --- a/wasm-demo/Cargo.toml +++ b/wasm-demo/Cargo.toml @@ -18,5 +18,5 @@ crate-type = ["cdylib", "rlib"] console_error_panic_hook = "0.1" mozak-circuits = { path = "../circuits", features = ["test"] } mozak-runner = { path = "../runner" } -starky = { version = "0", features = ["std"] } +starky = { workspace = true, features = ["std"] } wasm-bindgen = "0.2" From e140e283035d5286b013c2983f2fbf1ba3bc6f6d Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 15:45:02 +0800 Subject: [PATCH 02/46] No more looked tables We can remove them, they are redundant. --- circuits/src/cross_table_lookup.rs | 121 +++++++---------------------- circuits/src/stark/mozak_stark.rs | 21 +++-- 2 files changed, 43 insertions(+), 99 deletions(-) diff --git a/circuits/src/cross_table_lookup.rs b/circuits/src/cross_table_lookup.rs index 39c61c4c6..113c12e8f 100644 --- a/circuits/src/cross_table_lookup.rs +++ b/circuits/src/cross_table_lookup.rs @@ -1,3 +1,5 @@ +use core::ops::Neg; + use anyhow::{ensure, Result}; use itertools::{chain, iproduct, izip, zip_eq}; use plonky2::field::extension::{Extendable, FieldExtension}; @@ -71,27 +73,17 @@ pub(crate) fn verify_cross_table_lookups_and_public_sub_tables< ) -> Result<()> { let mut ctl_zs_openings = ctl_zs_lasts.each_ref().map(|v| v.iter().copied()); for _ in 0..config.num_challenges { - for CrossTableLookup { - looking_tables, - looked_tables, - } in cross_table_lookups - { + for CrossTableLookup { looking_tables } in cross_table_lookups { let looking_zs_sum = looking_tables .iter() .map(|table| ctl_zs_openings[table.kind].next().unwrap()) .sum::(); - let looked_zs_sum = looked_tables - .iter() - .map(|table| ctl_zs_openings[table.kind].next().unwrap()) - .sum::(); ensure!( - looking_zs_sum == looked_zs_sum, - "Cross-table lookup verification failed for {:?}->{:?} ({} != {})", + looking_zs_sum == F::ZERO, + "Cross-table lookup verification failed for {:?} ({} != 0)", looking_tables.iter().map(|table| table.kind), - looked_tables.iter().map(|table| table.kind), looking_zs_sum, - looked_zs_sum, ); } } @@ -125,24 +117,16 @@ pub(crate) fn verify_cross_table_lookups_and_public_sub_table_circuit< ) { let mut ctl_zs_openings = ctl_zs_lasts.each_ref().map(|v| v.iter()); for _ in 0..config.num_challenges { - for CrossTableLookup { - looking_tables, - looked_tables, - } in cross_table_lookups - { + for CrossTableLookup { looking_tables } in cross_table_lookups { let looking_zs_sum = builder.add_many( looking_tables .iter() .map(|table| *ctl_zs_openings[table.kind].next().unwrap()), ); - let looked_zs_sum = builder.add_many( - looked_tables - .iter() - .map(|table| *ctl_zs_openings[table.kind].next().unwrap()), - ); + let zero = builder.zero(); - builder.connect(looked_zs_sum, looking_zs_sum); + builder.connect(zero, looking_zs_sum); } } @@ -170,14 +154,10 @@ pub(crate) fn cross_table_lookup_data( ) -> TableKindArray> { let mut ctl_data_per_table = all_kind!(|_kind| CtlData::default()); for &challenge in &ctl_challenges.challenges { - for CrossTableLookup { - looking_tables, - looked_tables, - } in cross_table_lookups - { + for CrossTableLookup { looking_tables } in cross_table_lookups { log::debug!( "Processing CTL for {:?}", - looked_tables + looking_tables .iter() .map(|table| table.kind) .collect::>() @@ -192,23 +172,16 @@ pub(crate) fn cross_table_lookup_data( ) }; let zs_looking = looking_tables.iter().map(make_z); - let zs_looked = looked_tables.iter().map(make_z); debug_assert_eq!( zs_looking .clone() .map(|z| *z.values.last().unwrap()) .sum::(), - zs_looked - .clone() - .map(|z| *z.values.last().unwrap()) - .sum::(), + F::ZERO ); - for (table, z) in chain!( - izip!(looking_tables, zs_looking), - izip!(looked_tables, zs_looked) - ) { + for (table, z) in izip!(looking_tables, zs_looking) { ctl_data_per_table[table.kind].zs_columns.push(CtlZData { z, challenge, @@ -282,7 +255,6 @@ pub fn partial_sums( #[derive(Clone, Debug)] pub struct CrossTableLookupWithTypedOutput { pub looking_tables: Vec>, - pub looked_tables: Vec>, } // This is a little trick, so that we can use `CrossTableLookup` as a @@ -294,20 +266,12 @@ pub use CrossTableLookupUntyped as CrossTableLookup; impl> CrossTableLookupWithTypedOutput { pub fn to_untyped_output(self) -> CrossTableLookup { - let looked_tables = self - .looked_tables - .into_iter() - .map(TableWithTypedOutput::to_untyped_output) - .collect(); let looking_tables = self .looking_tables .into_iter() .map(TableWithTypedOutput::to_untyped_output) .collect(); - CrossTableLookup { - looking_tables, - looked_tables, - } + CrossTableLookup { looking_tables } } } @@ -318,19 +282,17 @@ impl CrossTableLookupWithTypedOutput { /// Panics if the two tables do not have equal number of columns. #[must_use] pub fn new( - looking_tables: Vec>, + mut looking_tables: Vec>, looked_tables: Vec>, ) -> Self { - Self { - looking_tables, - looked_tables, - } + looking_tables.extend(looked_tables.into_iter().map(Neg::neg)); + Self { looking_tables } } #[must_use] pub fn num_ctl_zs(ctls: &[Self], table: TableKind, num_challenges: usize) -> usize { ctls.iter() - .flat_map(|ctl| chain!(&ctl.looked_tables, &ctl.looking_tables)) + .flat_map(|ctl| &ctl.looking_tables) .filter(|twc| twc.kind == table) .count() * num_challenges @@ -364,12 +326,9 @@ impl<'a, F: RichField + Extendable, const D: usize> .map(|p| izip!(&p.openings.ctl_zs, &p.openings.ctl_zs_next)); let mut ctl_vars_per_table = all_kind!(|_kind| vec![]); - let ctl_chain = cross_table_lookups.iter().flat_map( - |CrossTableLookup { - looking_tables, - looked_tables, - }| chain!(looking_tables, looked_tables), - ); + let ctl_chain = cross_table_lookups + .iter() + .flat_map(|ctl| &ctl.looking_tables); for (&challenges, table) in iproduct!(&ctl_challenges.challenges, ctl_chain) { let (&local_z, &next_z) = ctl_zs[table.kind].next().unwrap(); ctl_vars_per_table[table.kind].push(Self { @@ -452,12 +411,9 @@ impl<'a, const D: usize> CtlCheckVarsTarget<'a, D> { ) -> Vec { let ctl_zs = izip!(&proof.openings.ctl_zs, &proof.openings.ctl_zs_next); - let ctl_chain = cross_table_lookups.iter().flat_map( - |CrossTableLookup { - looking_tables, - looked_tables, - }| chain!(looking_tables, looked_tables).filter(|twc| twc.kind == table), - ); + let ctl_chain = cross_table_lookups + .iter() + .flat_map(|ctl| ctl.looking_tables.iter().filter(|twc| twc.kind == table)); let public_sub_table_chain = public_sub_tables.iter().filter_map(|twc| { if twc.table.kind == table { Some(&twc.table) @@ -580,16 +536,12 @@ pub mod ctl_utils { fn check_multiplicities( row: &[u64], looking_locations: &[(TableKind, F)], - looked_locations: &[(TableKind, F)], ) -> Result<(), LookupError> { let looking_multiplicity = looking_locations.iter().map(|l| l.1).sum::(); - let looked_multiplicity = looked_locations.iter().map(|l| l.1).sum::(); - if looking_multiplicity != looked_multiplicity { + if looking_multiplicity != F::ZERO { eprintln!( - "Row {row:?} has multiplicity {looking_multiplicity} in the looking tables, but - {looked_multiplicity} in the looked table.\n\ - Looking locations: {looking_locations:?}.\n\ - Looked locations: {looked_locations:?}.", + "Row {row:?} has multiplicity {looking_multiplicity} != 0 in the looking tables.\n\ + Looking locations: {looking_locations:?}." ); return Err(LookupError::InconsistentTableRows); } @@ -599,35 +551,16 @@ pub mod ctl_utils { // Maps `m` with `(table.kind, multiplicity) in m[row]` let mut looking_multiset = MultiSet::::default(); - let mut looked_multiset = MultiSet::::default(); for looking_table in &ctl.looking_tables { looking_multiset.process_row(trace_poly_values, looking_table); } - for looked_table in &ctl.looked_tables { - looked_multiset.process_row(trace_poly_values, looked_table); - } - - let empty = &vec![]; // Check that every row in the looking tables appears in the looked table the // same number of times. for (row, looking_locations) in &looking_multiset.0 { - let looked_locations = looked_multiset.get(row).unwrap_or(empty); - check_multiplicities(row, looking_locations, looked_locations).map_err(|e| { - eprintln!("Looking multiset: {looking_multiset:?}"); - eprintln!("Looked multiset: {looked_multiset:?}"); - e - })?; - } - - // Check that every row in the looked tables appears in the looking table the - // same number of times. - for (row, looked_locations) in &looked_multiset.0 { - let looking_locations = looking_multiset.get(row).unwrap_or(empty); - check_multiplicities(row, looking_locations, looked_locations).map_err(|e| { + check_multiplicities(row, looking_locations).map_err(|e| { eprintln!("Looking multiset: {looking_multiset:?}"); - eprintln!("Looked multiset: {looked_multiset:?}"); e })?; } diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index 9880dc646..80e607d45 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -1,4 +1,4 @@ -use std::ops::{Index, IndexMut}; +use std::ops::{Index, IndexMut, Neg}; use cpu::columns::CpuState; use itertools::{chain, izip}; @@ -525,6 +525,18 @@ impl TableWithTypedOutput { } } +impl Neg for TableWithTypedOutput { + type Output = Self; + + fn neg(self) -> Self { + Self::Output { + kind: self.kind, + columns: self.columns, + filter_column: -self.filter_column, + } + } +} + /// Macro to instantiate a new table for cross table lookups. // OK, `table_kind` determines the input type of the table. // But input type could relate to multiple kinds. @@ -667,10 +679,9 @@ impl Lookups for XorCpuTable { type Row = XorView; fn lookups_with_typed_output() -> CrossTableLookupWithTypedOutput { - CrossTableLookupWithTypedOutput { - looking_tables: vec![cpu::columns::lookup_for_xor()], - looked_tables: vec![xor::columns::lookup_for_cpu()], - } + CrossTableLookupWithTypedOutput::new(vec![cpu::columns::lookup_for_xor()], vec![ + xor::columns::lookup_for_cpu(), + ]) } } From defbda8d3c479028c870104a16444373a0682822 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 15:47:12 +0800 Subject: [PATCH 03/46] Fix extraction --- circuits/src/register/generation.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/circuits/src/register/generation.rs b/circuits/src/register/generation.rs index d86da8e57..17f72f7d5 100644 --- a/circuits/src/register/generation.rs +++ b/circuits/src/register/generation.rs @@ -107,6 +107,8 @@ pub fn generate_register_trace( TableKind::CastListCommitmentTape => extract(mem_cast_list_commitment_tape, &looking_table), TableKind::RegisterInit => extract(reg_init, &looking_table), + // We are trying to build the Register table, so we don't have the values to extract. + TableKind::Register => vec![], other => unimplemented!("Can't extract register ops from {other:#?} tables"), }) .collect(); From 8e00e78ebba5b96618134b734ee5597b7be9fe5a Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 15:48:33 +0800 Subject: [PATCH 04/46] More extraction --- circuits/src/register/generation.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/circuits/src/register/generation.rs b/circuits/src/register/generation.rs index 17f72f7d5..30e80514c 100644 --- a/circuits/src/register/generation.rs +++ b/circuits/src/register/generation.rs @@ -107,8 +107,9 @@ pub fn generate_register_trace( TableKind::CastListCommitmentTape => extract(mem_cast_list_commitment_tape, &looking_table), TableKind::RegisterInit => extract(reg_init, &looking_table), - // We are trying to build the Register table, so we don't have the values to extract. - TableKind::Register => vec![], + // We are trying to build the Register tables, so we don't have the values to extract. + TableKind::Register | TableKind::RegisterZeroRead | TableKind::RegisterZeroWrite => + vec![], other => unimplemented!("Can't extract register ops from {other:#?} tables"), }) .collect(); From 79d587da5764907b996e62fe68b97fab73811116 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 15:50:53 +0800 Subject: [PATCH 05/46] Ignore rangecheck, too --- circuits/src/rangecheck/generation.rs | 2 ++ circuits/src/rangecheck_u8/generation.rs | 2 ++ 2 files changed, 4 insertions(+) diff --git a/circuits/src/rangecheck/generation.rs b/circuits/src/rangecheck/generation.rs index a8b94ce5e..a00fcebd1 100644 --- a/circuits/src/rangecheck/generation.rs +++ b/circuits/src/rangecheck/generation.rs @@ -60,6 +60,8 @@ pub(crate) fn generate_rangecheck_trace( TableKind::Cpu => extract(cpu_trace, &looking_table), TableKind::Memory => extract(memory_trace, &looking_table), TableKind::Register => extract(register_trace, &looking_table), + // We are trying to build the RangeCheck table, so we have to ignore it here. + TableKind::RangeCheck => vec![], other => unimplemented!("Can't range check {other:#?} tables"), } .into_iter() diff --git a/circuits/src/rangecheck_u8/generation.rs b/circuits/src/rangecheck_u8/generation.rs index 399fb3195..35a921172 100644 --- a/circuits/src/rangecheck_u8/generation.rs +++ b/circuits/src/rangecheck_u8/generation.rs @@ -44,6 +44,8 @@ pub(crate) fn generate_rangecheck_u8_trace( .flat_map(|looking_table| match looking_table.kind { TableKind::RangeCheck => extract_with_mul(rangecheck_trace, &looking_table), TableKind::Memory => extract_with_mul(memory_trace, &looking_table), + // We are trying to build this table, so we have to ignore it here. + TableKind::RangeCheckU8 => vec![], other => unimplemented!("Can't range check {other:?} tables"), }) .for_each(|(multiplicity, limb)| { From 3495e6cba38658860cdbc9e59cf1b6ba19d4b5a3 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 16:33:19 +0800 Subject: [PATCH 06/46] Fix warning --- Cargo.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index eea68d6a7..e9f916ad2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -50,9 +50,9 @@ lto = "thin" opt-level = 3 [workspace.dependencies] -plonky2 = { git = "https://github.com/0xmozak/plonky2.git", default-features = false } -plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", default-features = false } -starky = { git = "https://github.com/0xmozak/plonky2.git", default-features = false } +plonky2 = { version = "0", default-features = false } +plonky2_maybe_rayon = { version = "0", default-features = false } +starky = { version = "0", default-features = false } plonky2_crypto = { git = "https://github.com/0xmozak/plonky2-crypto.git" } From b8e88bab2ba1465e74aadfe72e99d83e1232162b Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 16:39:24 +0800 Subject: [PATCH 07/46] Use my hacked up prototype plonky2 --- Cargo.lock | 10 +++++----- sdk/Cargo.toml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 183e2b6b7..44fee66cd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1146,7 +1146,7 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git#76e42a132e0938954ff7bc27649474ed875a5c1a" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" dependencies = [ "ahash", "anyhow", @@ -1187,7 +1187,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git#76e42a132e0938954ff7bc27649474ed875a5c1a" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1202,7 +1202,7 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git#76e42a132e0938954ff7bc27649474ed875a5c1a" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" dependencies = [ "rayon", ] @@ -1210,7 +1210,7 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git#76e42a132e0938954ff7bc27649474ed875a5c1a" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" [[package]] name = "plotters" @@ -1666,7 +1666,7 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" -source = "git+https://github.com/0xmozak/plonky2.git#76e42a132e0938954ff7bc27649474ed875a5c1a" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" dependencies = [ "ahash", "anyhow", diff --git a/sdk/Cargo.toml b/sdk/Cargo.toml index f9b8f41a2..045eb7173 100644 --- a/sdk/Cargo.toml +++ b/sdk/Cargo.toml @@ -17,7 +17,7 @@ rkyv_derive = "=0.8.0-alpha.1" [target.'cfg(not(target_os="mozakvm"))'.dependencies] hex = "0.4" -plonky2 = { git = "https://github.com/0xmozak/plonky2.git", default-features = false } +plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/actual-multiplicities", default-features = false } rand = "0.8" rand_chacha = "0.3" serde = { version = "1.0", features = ["derive"] } From 642d3b9d996d45ea52b974f73ddb1bf010ac8637 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 16:52:09 +0800 Subject: [PATCH 08/46] Radical surgery to remove public sub table mechanism (temporarily) --- circuits/src/cross_table_lookup.rs | 77 ++------ circuits/src/lib.rs | 1 - circuits/src/public_sub_table.rs | 220 ----------------------- circuits/src/stark/mozak_stark.rs | 7 - circuits/src/stark/poly.rs | 3 - circuits/src/stark/proof.rs | 2 - circuits/src/stark/prover.rs | 27 +-- circuits/src/stark/recursive_verifier.rs | 53 +----- circuits/src/stark/verifier.rs | 7 - circuits/src/tape_commitments/columns.rs | 25 --- 10 files changed, 18 insertions(+), 404 deletions(-) delete mode 100644 circuits/src/public_sub_table.rs diff --git a/circuits/src/cross_table_lookup.rs b/circuits/src/cross_table_lookup.rs index 113c12e8f..225f806f2 100644 --- a/circuits/src/cross_table_lookup.rs +++ b/circuits/src/cross_table_lookup.rs @@ -1,7 +1,7 @@ use core::ops::Neg; use anyhow::{ensure, Result}; -use itertools::{chain, iproduct, izip, zip_eq}; +use itertools::{iproduct, izip, zip_eq}; use plonky2::field::extension::{Extendable, FieldExtension}; use plonky2::field::packed::PackedField; use plonky2::field::polynomial::PolynomialValues; @@ -20,7 +20,6 @@ use thiserror::Error; pub use crate::linear_combination::Column; use crate::linear_combination::ColumnSparse; pub use crate::linear_combination_typed::ColumnWithTypedInput; -use crate::public_sub_table::PublicSubTable; use crate::stark::mozak_stark::{all_kind, Table, TableKind, TableKindArray, TableWithTypedOutput}; use crate::stark::permutation::challenge::{GrandProductChallenge, GrandProductChallengeSet}; use crate::stark::proof::{StarkProof, StarkProofTarget}; @@ -66,8 +65,6 @@ pub(crate) fn verify_cross_table_lookups_and_public_sub_tables< const D: usize, >( cross_table_lookups: &[CrossTableLookup], - public_sub_tables: &[PublicSubTable], - reduced_public_sub_table_values: &TableKindArray>, ctl_zs_lasts: &TableKindArray>, config: &StarkConfig, ) -> Result<()> { @@ -87,17 +84,6 @@ pub(crate) fn verify_cross_table_lookups_and_public_sub_tables< ); } } - let mut reduced_public_sub_table_values_iter = reduced_public_sub_table_values - .each_ref() - .map(|v| v.iter().copied()); - for _ in 0..config.num_challenges { - for public_sub_table in public_sub_tables { - ensure!( - reduced_public_sub_table_values_iter[public_sub_table.table.kind].next() - == ctl_zs_openings[public_sub_table.table.kind].next() - ); - } - } Ok(()) } @@ -110,8 +96,6 @@ pub(crate) fn verify_cross_table_lookups_and_public_sub_table_circuit< >( builder: &mut CircuitBuilder, cross_table_lookups: &[CrossTableLookup], - public_sub_tables: &[PublicSubTable], - reduced_public_sub_table_targets: &TableKindArray>, ctl_zs_lasts: &TableKindArray>, config: &StarkConfig, ) { @@ -130,20 +114,6 @@ pub(crate) fn verify_cross_table_lookups_and_public_sub_table_circuit< } } - let mut reduced_public_sub_table_targets_iter = reduced_public_sub_table_targets - .each_ref() - .map(|targets| targets.iter()); - - for _ in 0..config.num_challenges { - for public_sub_table in public_sub_tables { - builder.connect( - *reduced_public_sub_table_targets_iter[public_sub_table.table.kind] - .next() - .unwrap(), - *ctl_zs_openings[public_sub_table.table.kind].next().unwrap(), - ); - } - } debug_assert!(ctl_zs_openings.iter_mut().all(|iter| iter.next().is_none())); } @@ -318,7 +288,6 @@ impl<'a, F: RichField + Extendable, const D: usize> pub(crate) fn from_proofs>( proofs: &TableKindArray>, cross_table_lookups: &'a [CrossTableLookup], - public_sub_tables: &'a [PublicSubTable], ctl_challenges: &'a GrandProductChallengeSet, ) -> TableKindArray> { let mut ctl_zs = proofs @@ -339,18 +308,6 @@ impl<'a, F: RichField + Extendable, const D: usize> filter_column: &table.filter_column, }); } - for (&challenges, public_sub_table) in - iproduct!(&ctl_challenges.challenges, public_sub_tables) - { - let (&local_z, &next_z) = ctl_zs[public_sub_table.table.kind].next().unwrap(); - ctl_vars_per_table[public_sub_table.table.kind].push(Self { - local_z, - next_z, - challenges, - columns: &public_sub_table.table.columns, - filter_column: &public_sub_table.table.filter_column, - }); - } ctl_vars_per_table } } @@ -406,7 +363,6 @@ impl<'a, const D: usize> CtlCheckVarsTarget<'a, D> { table: TableKind, proof: &StarkProofTarget, cross_table_lookups: &'a [CrossTableLookup], - public_sub_tables: &'a [PublicSubTable], ctl_challenges: &'a GrandProductChallengeSet, ) -> Vec { let ctl_zs = izip!(&proof.openings.ctl_zs, &proof.openings.ctl_zs_next); @@ -414,28 +370,15 @@ impl<'a, const D: usize> CtlCheckVarsTarget<'a, D> { let ctl_chain = cross_table_lookups .iter() .flat_map(|ctl| ctl.looking_tables.iter().filter(|twc| twc.kind == table)); - let public_sub_table_chain = public_sub_tables.iter().filter_map(|twc| { - if twc.table.kind == table { - Some(&twc.table) - } else { - None - } - }); - zip_eq( - ctl_zs, - chain!( - iproduct!(&ctl_challenges.challenges, ctl_chain), - iproduct!(&ctl_challenges.challenges, public_sub_table_chain) - ), - ) - .map(|((&local_z, &next_z), (&challenges, table))| Self { - local_z, - next_z, - challenges, - columns: &table.columns, - filter_column: &table.filter_column, - }) - .collect() + zip_eq(ctl_zs, iproduct!(&ctl_challenges.challenges, ctl_chain)) + .map(|((&local_z, &next_z), (&challenges, table))| Self { + local_z, + next_z, + challenges, + columns: &table.columns, + filter_column: &table.filter_column, + }) + .collect() } } diff --git a/circuits/src/lib.rs b/circuits/src/lib.rs index 6011e3734..aa3f8dd4f 100644 --- a/circuits/src/lib.rs +++ b/circuits/src/lib.rs @@ -25,7 +25,6 @@ pub mod poseidon2_output_bytes; pub mod poseidon2_sponge; pub mod program; pub mod program_multiplicities; -pub mod public_sub_table; pub mod rangecheck; pub mod rangecheck_u8; pub mod register; diff --git a/circuits/src/public_sub_table.rs b/circuits/src/public_sub_table.rs deleted file mode 100644 index 9d901a185..000000000 --- a/circuits/src/public_sub_table.rs +++ /dev/null @@ -1,220 +0,0 @@ -//! To make a Subtable of given stark table public, we follow similar idea -//! used in CTL. The basic idea is to "compress" the subtable into a single -//! value which the verifier can construct on its own, and compare against. -//! Grand product argument, combined with randomness is a good option in -//! such situation. We use its equivalent, Logarithmic derivative approach -//! instead, especially because it lets us combine it with CTL proof system -//! which we have already. Essentially, given a subtable, we `combine` its rows -//! and maintain its running sum of inverses as values of z polynomial. The -//! opening of this z polynomial would be the "compressed" value, and can -//! be reproduced on verifer's end. We can also reuse the challenges used for -//! CTL to `combine`, since the procedure is preceded by commitment to trace -//! polynomials already -#![allow(clippy::module_name_repetitions)] -use itertools::{iproduct, Itertools}; -use plonky2::field::extension::Extendable; -use plonky2::field::polynomial::PolynomialValues; -use plonky2::field::types::Field; -use plonky2::hash::hash_types::RichField; -use plonky2::iop::target::Target; -use plonky2::plonk::circuit_builder::CircuitBuilder; -use plonky2::plonk::plonk_common::reduce_with_powers_circuit; - -use crate::cross_table_lookup::{partial_sums, CtlData, CtlZData}; -use crate::stark::mozak_stark::{all_kind, Table, TableKind, TableKindArray}; -use crate::stark::permutation::challenge::{GrandProductChallenge, GrandProductChallengeSet}; - -/// Specifies a Subtable with `table.columns` and `table.filter_column` -/// which the prover wants to make public. We include `num_rows` since -/// it cannot be computed from `table` alone. -#[derive(Clone, Debug)] -pub struct PublicSubTable { - pub table: Table, - pub num_rows: usize, -} -/// Actual values, as field elements, of the entries -/// of `PublicSubTable` -pub type PublicSubTableValues = Vec>; -/// Plonky2 target version of `PublicSubTableValuesTarget` -pub type PublicSubTableValuesTarget = Vec>; -impl PublicSubTable { - #[must_use] - pub fn num_zs(public_sub_tables: &[Self], table: TableKind, num_challenges: usize) -> usize { - public_sub_tables - .iter() - .filter(|twc| twc.table.kind == table) - .count() - * num_challenges - } - - /// Get `PublicSubTableValues` corresponding to `self` - #[must_use] - pub fn get_values( - &self, - trace: &TableKindArray>>, - ) -> PublicSubTableValues { - let trace_table = &trace[self.table.kind]; - let columns = self - .table - .columns - .clone() - .into_iter() - .map(|col| col.map(F::from_noncanonical_i64)) - .collect_vec(); - let filter = self - .table - .filter_column - .clone() - .map(F::from_noncanonical_i64); - let columns_if_filter_at_i = |i| -> Option> { - filter.eval_table(trace_table, i).is_one().then_some( - columns - .iter() - .map(|column| column.eval_table(trace_table, i)) - .collect_vec(), - ) - }; - (0..trace_table[0].len()) - .filter_map(columns_if_filter_at_i) - .collect_vec() - } - - /// Create the z polynomial, and fill up the data required to prove - /// in `CtlZdata` - pub(crate) fn get_ctlz_data( - &self, - trace: &TableKindArray>>, - challenge: GrandProductChallenge, - ) -> CtlZData { - let z = partial_sums( - &trace[self.table.kind], - &self.table.columns, - &self.table.filter_column, - challenge, - ); - CtlZData { - z, - challenge, - columns: self.table.columns.clone(), - filter_column: self.table.filter_column.clone(), - } - } - - /// Returns virtual targets corresponding to `PublicSubTableValues` - pub fn to_targets, const D: usize>( - &self, - builder: &mut CircuitBuilder, - ) -> PublicSubTableValuesTarget { - (0..self.num_rows) - .map(|_| { - (0..self.table.columns.len()) - .map(|_| builder.add_virtual_target()) - .collect_vec() - }) - .collect_vec() - } -} - -#[must_use] -#[allow(clippy::module_name_repetitions)] -pub fn public_sub_table_data_and_values( - trace_poly_values: &TableKindArray>>, - public_sub_tables: &[PublicSubTable], - ctl_challenges: &GrandProductChallengeSet, -) -> ( - TableKindArray>, - TableKindArray>>, -) { - let mut public_sub_table_data_per_table = all_kind!(|_kind| CtlData::default()); - let mut public_sub_table_values_per_table = all_kind!(|_kind| Vec::default()); - for (&challenge, public_sub_table) in iproduct!(&ctl_challenges.challenges, public_sub_tables) { - public_sub_table_data_per_table[public_sub_table.table.kind] - .zs_columns - .push(public_sub_table.get_ctlz_data(trace_poly_values, challenge)); - } - for public_sub_table in public_sub_tables { - public_sub_table_values_per_table[public_sub_table.table.kind] - .push(public_sub_table.get_values(trace_poly_values)); - } - ( - public_sub_table_data_per_table, - public_sub_table_values_per_table, - ) -} - -/// For each `PublicSubTableValues`, returns the compressed value -/// created according to each `challenge` -#[must_use] -pub fn reduce_public_sub_tables_values( - public_sub_table_values: &TableKindArray>>, - challenges: &GrandProductChallengeSet, -) -> TableKindArray> { - all_kind!(|kind| { - challenges - .challenges - .iter() - .flat_map(|&challenge| { - let sub_tables = &public_sub_table_values[kind]; - sub_tables - .iter() - .map(|sub_table| { - sub_table - .iter() - .map(|row| challenge.combine(row).inverse()) - .sum() - }) - .collect_vec() - }) - .collect_vec() - }) -} - -pub fn reduce_public_sub_table_targets, const D: usize>( - builder: &mut CircuitBuilder, - challenge: &GrandProductChallenge, - targets: &PublicSubTableValuesTarget, -) -> Target { - let all_targets = targets - .iter() - .map(|row| { - let mut combined = reduce_with_powers_circuit(builder, row, challenge.beta); - combined = builder.add(combined, challenge.gamma); - builder.inverse(combined) - }) - .collect_vec(); - builder.add_many(all_targets) -} - -pub fn public_sub_table_values_and_reduced_targets, const D: usize>( - builder: &mut CircuitBuilder, - public_sub_tables: &[PublicSubTable], - ctl_challenges: &GrandProductChallengeSet, -) -> ( - TableKindArray>, - TableKindArray>, -) { - let mut public_sub_table_values_targets = TableKindArray::>::default(); - for public_sub_table in public_sub_tables { - let targets = public_sub_table.to_targets(builder); - public_sub_table_values_targets[public_sub_table.table.kind].push(targets); - } - - let mut reduced_public_sub_table_targets = TableKindArray::>::default(); - - for challenge in &ctl_challenges.challenges { - let mut public_sub_table_values_targets_iter = public_sub_table_values_targets - .each_ref() - .map(|targets| targets.iter()); - for public_sub_table in public_sub_tables { - let targets = public_sub_table_values_targets_iter[public_sub_table.table.kind] - .next() - .unwrap(); - reduced_public_sub_table_targets[public_sub_table.table.kind] - .push(reduce_public_sub_table_targets(builder, challenge, targets)); - } - } - ( - public_sub_table_values_targets, - reduced_public_sub_table_targets, - ) -} diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index 80e607d45..163886b3b 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -39,7 +39,6 @@ use crate::program::columns::{InstructionRow, ProgramRom}; use crate::program::stark::ProgramStark; use crate::program_multiplicities::columns::ProgramMult; use crate::program_multiplicities::stark::ProgramMultStark; -use crate::public_sub_table::PublicSubTable; use crate::rangecheck::columns::{rangecheck_looking, RangeCheckColumnsView, RangeCheckCtl}; use crate::rangecheck::stark::RangeCheckStark; use crate::rangecheck_u8::columns::RangeCheckU8; @@ -64,7 +63,6 @@ use crate::{ }; const NUM_CROSS_TABLE_LOOKUP: usize = 17; -const NUM_PUBLIC_SUB_TABLES: usize = 2; /// STARK Gadgets of Mozak-VM /// @@ -142,7 +140,6 @@ pub struct MozakStark, const D: usize> { #[StarkSet(stark_kind = "TapeCommitments")] pub tape_commitments_stark: TapeCommitmentsStark, pub cross_table_lookups: [CrossTableLookup; NUM_CROSS_TABLE_LOOKUP], - pub public_sub_tables: [PublicSubTable; NUM_PUBLIC_SUB_TABLES], pub debug: bool, } @@ -451,10 +448,6 @@ impl, const D: usize> Default for MozakStark EventCommitmentTapeIOLookupTable::lookups(), CastlistCommitmentTapeIOLookupTable::lookups(), ], - public_sub_tables: [ - crate::tape_commitments::columns::make_event_commitment_tape_public(), - crate::tape_commitments::columns::make_castlist_commitment_tape_public(), - ], debug: false, } } diff --git a/circuits/src/stark/poly.rs b/circuits/src/stark/poly.rs index e62e73322..c381acac9 100644 --- a/circuits/src/stark/poly.rs +++ b/circuits/src/stark/poly.rs @@ -29,7 +29,6 @@ pub fn compute_quotient_polys<'a, F, P, C, S, const D: usize>( ctl_zs_commitment: &'a PolynomialBatch, public_inputs: &[F], ctl_data: &CtlData, - public_sub_table_data: &CtlData, alphas: &[F], degree_bits: usize, config: &StarkConfig, @@ -98,11 +97,9 @@ where &get_trace_values_packed(i_next_start), public_inputs, ); - let public_sub_table_data_chain = public_sub_table_data.zs_columns.as_slice(); let ctl_vars = ctl_data .zs_columns .iter() - .chain(public_sub_table_data_chain.iter()) .enumerate() .map(|(i, zs_columns)| CtlCheckVars:: { local_z: ctl_zs_commitment.get_lde_values_packed(i_start, step)[i], diff --git a/circuits/src/stark/proof.rs b/circuits/src/stark/proof.rs index 7adfefd96..898c7219b 100644 --- a/circuits/src/stark/proof.rs +++ b/circuits/src/stark/proof.rs @@ -18,7 +18,6 @@ use serde::{Deserialize, Serialize}; use starky::config::StarkConfig; use super::mozak_stark::{all_kind, PublicInputs, TableKindArray}; -use crate::public_sub_table::PublicSubTableValues; use crate::stark::permutation::challenge::{GrandProductChallengeSet, GrandProductChallengeTrait}; #[allow(clippy::module_name_repetitions)] @@ -324,7 +323,6 @@ pub struct AllProof, C: GenericConfig, co pub elf_memory_init_trace_cap: MerkleCap, pub mozak_memory_init_trace_cap: MerkleCap, pub public_inputs: PublicInputs, - pub public_sub_table_values: TableKindArray>>, } pub(crate) struct AllProofChallenges, const D: usize> { diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index 35110cca1..f33d4287b 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -3,7 +3,6 @@ use std::fmt::Display; use anyhow::{ensure, Result}; -use itertools::Itertools; use log::Level::Debug; use log::{debug, log_enabled}; use mozak_runner::elf::Program; @@ -29,7 +28,6 @@ use super::proof::{AllProof, StarkOpeningSet, StarkProof}; use crate::cross_table_lookup::ctl_utils::debug_ctl; use crate::cross_table_lookup::{cross_table_lookup_data, CtlData}; use crate::generation::{debug_traces, generate_traces}; -use crate::public_sub_table::public_sub_table_data_and_values; use crate::stark::mozak_stark::{all_starks, PublicInputs}; use crate::stark::permutation::challenge::GrandProductChallengeTrait; use crate::stark::poly::compute_quotient_polys; @@ -128,16 +126,10 @@ where ) ); - let (public_sub_table_data_per_table, public_sub_table_values) = - public_sub_table_data_and_values::( - traces_poly_values, - &mozak_stark.public_sub_tables, - &ctl_challenges, - ); - let proofs = timed!( timing, "compute all proofs given commitments", + // TODO: use starky's `prove_with_commitments` prove_with_commitments( mozak_stark, config, @@ -145,7 +137,6 @@ where traces_poly_values, &trace_commitments, &ctl_data_per_table, - &public_sub_table_data_per_table, &mut challenger, timing )? @@ -163,7 +154,6 @@ where elf_memory_init_trace_cap, mozak_memory_init_trace_cap, public_inputs, - public_sub_table_values, }) } @@ -181,7 +171,7 @@ pub(crate) fn prove_single_table( trace_commitment: &PolynomialBatch, public_inputs: &[F], ctl_data: &CtlData, - public_sub_table_data: &CtlData, + // public_sub_table_data: &CtlData, challenger: &mut Challenger, timing: &mut TimingTree, ) -> Result> @@ -199,13 +189,10 @@ where "FRI total reduction arity is too large.", ); - let z_poly_public_sub_table = public_sub_table_data.z_polys(); + // let z_poly_public_sub_table = public_sub_table_data.z_polys(); // commit to both z poly of ctl and open public - let z_polys = vec![ctl_data.z_polys(), z_poly_public_sub_table] - .into_iter() - .flatten() - .collect_vec(); + let z_polys = ctl_data.z_polys(); // TODO(Matthias): make the code work with empty z_polys, too. assert!(!z_polys.is_empty(), "No CTL? {stark}"); @@ -234,7 +221,6 @@ where &ctl_zs_commitment, public_inputs, ctl_data, - public_sub_table_data, &alphas, degree_bits, config, @@ -299,7 +285,6 @@ where // Make sure that we do not use Starky's lookups. assert!(!stark.requires_ctls()); assert!(!stark.uses_lookups()); - let num_make_rows_public_data = public_sub_table_data.len(); let opening_proof = timed!( timing, format!("{stark}: compute opening proofs").as_str(), @@ -312,7 +297,7 @@ where config, Some(&LookupConfig { degree_bits, - num_zs: ctl_data.len() + num_make_rows_public_data + num_zs: ctl_data.len() }) ), &initial_merkle_trees, @@ -344,7 +329,6 @@ pub fn prove_with_commitments( traces_poly_values: &TableKindArray>>, trace_commitments: &TableKindArray>, ctl_data_per_table: &TableKindArray>, - public_sub_data_per_table: &TableKindArray>, challenger: &mut Challenger, timing: &mut TimingTree, ) -> Result>> @@ -366,7 +350,6 @@ where &trace_commitments[kind], public_inputs[kind], &ctl_data_per_table[kind], - &public_sub_data_per_table[kind], challenger, timing, )? diff --git a/circuits/src/stark/recursive_verifier.rs b/circuits/src/stark/recursive_verifier.rs index 2681bca7d..edd155f1d 100644 --- a/circuits/src/stark/recursive_verifier.rs +++ b/circuits/src/stark/recursive_verifier.rs @@ -4,7 +4,6 @@ use std::fmt::Debug; use std::marker::PhantomData; use anyhow::Result; -use itertools::{zip_eq, Itertools}; use log::info; use mozak_sdk::core::ecall::COMMITMENT_SIZE; use plonky2::field::extension::Extendable; @@ -32,9 +31,6 @@ use crate::columns_view::{columns_view_impl, NumberOfColumns}; use crate::cross_table_lookup::{ verify_cross_table_lookups_and_public_sub_table_circuit, CrossTableLookup, CtlCheckVarsTarget, }; -use crate::public_sub_table::{ - public_sub_table_values_and_reduced_targets, PublicSubTable, PublicSubTableValuesTarget, -}; use crate::stark::mozak_stark::{MozakStark, TableKind}; use crate::stark::permutation::challenge::get_grand_product_challenge_set_target; use crate::stark::poly::eval_vanishing_poly_circuit; @@ -95,7 +91,6 @@ where C::Hasher: AlgebraicHasher, { pub circuit: CircuitData, pub targets: TableKindArray>, - pub public_sub_table_values_targets: TableKindArray>, } #[derive(Eq, PartialEq, Debug)] @@ -134,22 +129,9 @@ where pub fn prove(&self, all_proof: &AllProof) -> Result> { let mut inputs = PartialWitness::new(); + // TODO(Matthias): not sure we need this, if we don't have the pub sub feature? all_kind!(|kind| { self.targets[kind].set_targets(&mut inputs, &all_proof.proofs[kind]); - - // set public_sub_table_values targets - for (public_sub_table_values_target, public_sub_table_values) in zip_eq( - &self.public_sub_table_values_targets[kind], - &all_proof.public_sub_table_values[kind], - ) { - for (row_target, row) in - zip_eq(public_sub_table_values_target, public_sub_table_values) - { - for (&values_target, &values) in zip_eq(row_target, row) { - inputs.set_target(values_target, values); - } - } - } }); // Set public inputs @@ -187,17 +169,12 @@ where kind, inner_config.num_challenges, ); - let num_make_row_public_zs = PublicSubTable::num_zs( - &mozak_stark.public_sub_tables, - kind, - inner_config.num_challenges, - ); add_virtual_stark_proof_with_pis( &mut builder, stark, inner_config, degree_bits[kind], - num_ctl_zs + num_make_row_public_zs, + num_ctl_zs, ) }); @@ -211,18 +188,9 @@ where inner_config.num_challenges, ); - let (public_sub_table_values_targets, reduced_public_sub_table_targets) = - public_sub_table_values_and_reduced_targets( - &mut builder, - &mozak_stark.public_sub_tables, - &ctl_challenges, - ); - verify_cross_table_lookups_and_public_sub_table_circuit( &mut builder, &mozak_stark.cross_table_lookups, - &mozak_stark.public_sub_tables, - &reduced_public_sub_table_targets, &stark_proof_with_pis_target .clone() .map(|p| p.proof.openings.ctl_zs_last), @@ -234,7 +202,6 @@ where kind, &stark_proof_with_pis_target[kind].proof, &mozak_stark.cross_table_lookups, - &mozak_stark.public_sub_tables, &ctl_challenges, ); @@ -275,23 +242,9 @@ where .collect::>(), ); } - all_kind!(|kind| { - builder.register_public_inputs( - &public_sub_table_values_targets[kind] - .clone() - .into_iter() - .flatten() - .flatten() - .collect_vec(), - ); - }); let circuit = builder.build(); - MozakStarkVerifierCircuit { - circuit, - targets, - public_sub_table_values_targets, - } + MozakStarkVerifierCircuit { circuit, targets } } /// Recursively verifies an inner proof. diff --git a/circuits/src/stark/verifier.rs b/circuits/src/stark/verifier.rs index 5c3feea8b..68f3e3772 100644 --- a/circuits/src/stark/verifier.rs +++ b/circuits/src/stark/verifier.rs @@ -17,7 +17,6 @@ use starky::stark::{LookupConfig, Stark}; use super::mozak_stark::{all_starks, MozakStark, TableKind, TableKindSetBuilder}; use super::proof::AllProof; use crate::cross_table_lookup::{verify_cross_table_lookups_and_public_sub_tables, CtlCheckVars}; -use crate::public_sub_table::reduce_public_sub_tables_values; use crate::stark::poly::eval_vanishing_poly; use crate::stark::proof::{AllProofChallenges, StarkOpeningSet, StarkProof, StarkProofChallenges}; @@ -56,13 +55,9 @@ where let ctl_vars_per_table = CtlCheckVars::from_proofs( &all_proof.proofs, &mozak_stark.cross_table_lookups, - &mozak_stark.public_sub_tables, &ctl_challenges, ); - let reduced_public_sub_tables_values = - reduce_public_sub_tables_values(&all_proof.public_sub_table_values, &ctl_challenges); - let public_inputs = TableKindSetBuilder::<&[_]> { cpu_stark: all_proof.public_inputs.borrow(), ..Default::default() @@ -80,8 +75,6 @@ where }); verify_cross_table_lookups_and_public_sub_tables::( &mozak_stark.cross_table_lookups, - &mozak_stark.public_sub_tables, - &reduced_public_sub_tables_values, &all_proof.all_ctl_zs_last(), config, )?; diff --git a/circuits/src/tape_commitments/columns.rs b/circuits/src/tape_commitments/columns.rs index 5b50246ac..448a65828 100644 --- a/circuits/src/tape_commitments/columns.rs +++ b/circuits/src/tape_commitments/columns.rs @@ -1,8 +1,5 @@ -use mozak_sdk::core::ecall::COMMITMENT_SIZE; - use crate::columns_view::{columns_view_impl, make_col_map}; use crate::linear_combination::Column; -use crate::public_sub_table::PublicSubTable; use crate::stark::mozak_stark::{TableWithTypedOutput, TapeCommitmentsTable}; make_col_map!(TAPE_COMMITMENTS, TapeCommitments); @@ -61,25 +58,3 @@ pub fn lookup_for_event_tape_commitment() -> TableWithTypedOutput PublicSubTable { - PublicSubTable { - table: TapeCommitmentsTable::new( - vec![TAPE_COMMITMENTS.commitment_byte_row.byte], - TAPE_COMMITMENTS.is_event_commitment_tape_row, - ), - num_rows: COMMITMENT_SIZE, - } -} - -#[must_use] -pub fn make_castlist_commitment_tape_public() -> PublicSubTable { - PublicSubTable { - table: TapeCommitmentsTable::new( - vec![TAPE_COMMITMENTS.commitment_byte_row.byte], - TAPE_COMMITMENTS.is_castlist_commitment_tape_row, - ), - num_rows: COMMITMENT_SIZE, - } -} From a00b3444e3aac070fc174d55fb00086eb485ad0e Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 16:57:40 +0800 Subject: [PATCH 09/46] Update example's Cargo.lock for some reason --- examples/Cargo.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/examples/Cargo.lock b/examples/Cargo.lock index 66c032d25..7a05c7b5b 100644 --- a/examples/Cargo.lock +++ b/examples/Cargo.lock @@ -434,8 +434,8 @@ dependencies = [ [[package]] name = "plonky2" -version = "0.2.1" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" dependencies = [ "ahash", "anyhow", @@ -456,8 +456,8 @@ dependencies = [ [[package]] name = "plonky2_field" -version = "0.2.1" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" dependencies = [ "anyhow", "itertools", @@ -472,12 +472,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" [[package]] name = "ppv-lite86" From fae398f7c31a091be945149dc11a69142bf0265c Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 18:13:33 +0800 Subject: [PATCH 10/46] Clean up --- circuits/src/stark/prover.rs | 3 --- 1 file changed, 3 deletions(-) diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index f33d4287b..691932d6c 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -171,7 +171,6 @@ pub(crate) fn prove_single_table( trace_commitment: &PolynomialBatch, public_inputs: &[F], ctl_data: &CtlData, - // public_sub_table_data: &CtlData, challenger: &mut Challenger, timing: &mut TimingTree, ) -> Result> @@ -189,8 +188,6 @@ where "FRI total reduction arity is too large.", ); - // let z_poly_public_sub_table = public_sub_table_data.z_polys(); - // commit to both z poly of ctl and open public let z_polys = ctl_data.z_polys(); // TODO(Matthias): make the code work with empty z_polys, too. From 383e914445aa3d55b6d1c666bb3a298cbc50ae4e Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Mon, 22 Apr 2024 18:55:31 +0800 Subject: [PATCH 11/46] Use upstream, pre --- Cargo.lock | 10 +++++----- Cargo.toml | 6 +++--- circuits/src/cross_table_lookup.rs | 10 ++++++++++ circuits/src/linear_combination.rs | 18 ++++++++++++++++++ circuits/src/stark/mozak_stark.rs | 15 +++++++++++++++ sdk/Cargo.toml | 2 +- 6 files changed, 52 insertions(+), 9 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 44fee66cd..3c9c56419 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1146,7 +1146,7 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#dab00a74e7dd5a2bb29e4714d727d5bc27cf7c4e" dependencies = [ "ahash", "anyhow", @@ -1187,7 +1187,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#dab00a74e7dd5a2bb29e4714d727d5bc27cf7c4e" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1202,7 +1202,7 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#dab00a74e7dd5a2bb29e4714d727d5bc27cf7c4e" dependencies = [ "rayon", ] @@ -1210,7 +1210,7 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#dab00a74e7dd5a2bb29e4714d727d5bc27cf7c4e" [[package]] name = "plotters" @@ -1666,7 +1666,7 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#dab00a74e7dd5a2bb29e4714d727d5bc27cf7c4e" dependencies = [ "ahash", "anyhow", diff --git a/Cargo.toml b/Cargo.toml index ee7d6bf0a..931548ae7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,6 +57,6 @@ starky = { version = "0", default-features = false } plonky2_crypto = { git = "https://github.com/0xmozak/plonky2-crypto.git" } [patch.crates-io] -plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/actual-multiplicities" } -plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/actual-multiplicities" } -starky = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/actual-multiplicities" } +plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +starky = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } diff --git a/circuits/src/cross_table_lookup.rs b/circuits/src/cross_table_lookup.rs index 225f806f2..9b9651e2d 100644 --- a/circuits/src/cross_table_lookup.rs +++ b/circuits/src/cross_table_lookup.rs @@ -13,6 +13,7 @@ use plonky2::plonk::circuit_builder::CircuitBuilder; use plonky2::plonk::config::GenericConfig; use starky::config::StarkConfig; use starky::constraint_consumer::{ConstraintConsumer, RecursiveConstraintConsumer}; +use starky::cross_table_lookup as starky_ctl; use starky::evaluation_frame::StarkEvaluationFrame; use starky::stark::Stark; use thiserror::Error; @@ -234,6 +235,15 @@ pub struct CrossTableLookupWithTypedOutput { pub type CrossTableLookupUntyped = CrossTableLookupWithTypedOutput>; pub use CrossTableLookupUntyped as CrossTableLookup; +impl CrossTableLookup { + #[must_use] + pub fn to_starky(&self) -> starky_ctl::CrossTableLookup { + starky_ctl::CrossTableLookup::new_no_looked_table( + self.looking_tables.iter().map(Table::to_starky).collect(), + ) + } +} + impl> CrossTableLookupWithTypedOutput { pub fn to_untyped_output(self) -> CrossTableLookup { let looking_tables = self diff --git a/circuits/src/linear_combination.rs b/circuits/src/linear_combination.rs index 4754c18fc..7a8804851 100644 --- a/circuits/src/linear_combination.rs +++ b/circuits/src/linear_combination.rs @@ -10,6 +10,7 @@ use plonky2::field::types::Field; use plonky2::hash::hash_types::RichField; use plonky2::iop::ext_target::ExtensionTarget; use plonky2::plonk::circuit_builder::CircuitBuilder; +use starky::lookup as starky_lookup; use crate::cross_table_lookup::ColumnWithTypedInput; @@ -73,6 +74,23 @@ pub fn zip_with( pub type ColumnI64 = ColumnSparse; pub use ColumnI64 as Column; +impl Column { + #[must_use] + pub fn to_starky(&self) -> starky_lookup::Column { + starky_lookup::Column::new( + self.lv_linear_combination + .iter() + .map(|&(c, f)| (c, F::from_noncanonical_i64(f))) + .collect(), + self.nv_linear_combination + .iter() + .map(|&(c, f)| (c, F::from_noncanonical_i64(f))) + .collect(), + F::from_noncanonical_i64(self.constant), + ) + } +} + impl> From> for Column { fn from(colx: ColumnWithTypedInput) -> Self { fn to_sparse(v: impl IntoIterator) -> Vec<(usize, i64)> { diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index 163886b3b..8f40bad48 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -9,6 +9,7 @@ use plonky2::hash::hash_types::RichField; #[allow(clippy::wildcard_imports)] use plonky2_maybe_rayon::*; use serde::{Deserialize, Serialize}; +use starky::{cross_table_lookup as starky_ctl, lookup as starky_lookup}; use crate::bitshift::columns::{Bitshift, BitshiftView}; use crate::bitshift::stark::BitshiftStark; @@ -498,6 +499,20 @@ pub struct TableWithTypedOutput { pub type TableUntyped = TableWithTypedOutput>; pub use TableUntyped as Table; +impl Table { + #[must_use] + pub fn to_starky(&self) -> starky_ctl::TableWithColumns { + let columns = self + .columns + .iter() + .map(Column::to_starky) + .collect::>(); + // TODO(Matthias): figure out why they take a vector of filters. + let filter = starky_lookup::Filter::new(vec![], vec![self.filter_column.to_starky()]); + starky_ctl::TableWithColumns::new(self.kind as usize, columns, filter) + } +} + impl> TableWithTypedOutput { pub fn to_untyped_output(self) -> Table { Table { diff --git a/sdk/Cargo.toml b/sdk/Cargo.toml index 045eb7173..579b498d5 100644 --- a/sdk/Cargo.toml +++ b/sdk/Cargo.toml @@ -17,7 +17,7 @@ rkyv_derive = "=0.8.0-alpha.1" [target.'cfg(not(target_os="mozakvm"))'.dependencies] hex = "0.4" -plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/actual-multiplicities", default-features = false } +plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables", default-features = false } rand = "0.8" rand_chacha = "0.3" serde = { version = "1.0", features = ["derive"] } From ba4240f5bdcfc27b5b01b28332383c4d5cc5db26 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Tue, 23 Apr 2024 12:13:33 +0800 Subject: [PATCH 12/46] Update --- Cargo.lock | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3c9c56419..7e73e3a12 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -851,9 +851,9 @@ checksum = "4ec2a862134d2a7d32d7983ddcdd1c4923530833c9f2ea1a44fc5fa473989058" [[package]] name = "libmimalloc-sys" -version = "0.1.35" +version = "0.1.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3979b5c37ece694f1f5e51e7ecc871fdb0f517ed04ee45f88d15d6d553cb9664" +checksum = "81eb4061c0582dedea1cbc7aff2240300dd6982e0239d1c99e65c1dbf4a30ba7" dependencies = [ "cc", "libc", @@ -885,9 +885,9 @@ checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" [[package]] name = "mimalloc" -version = "0.1.39" +version = "0.1.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa01922b5ea280a911e323e4d2fd24b7fe5cc4042e0d2cda3c40775cdc4bdc9c" +checksum = "9f41a2280ded0da56c8cf898babb86e8f10651a34adcfff190ae9a1159c6908d" dependencies = [ "libmimalloc-sys", ] @@ -1146,7 +1146,7 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#dab00a74e7dd5a2bb29e4714d727d5bc27cf7c4e" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#56321fa7967de408b9957c299b3b82afa74281cf" dependencies = [ "ahash", "anyhow", @@ -1187,7 +1187,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#dab00a74e7dd5a2bb29e4714d727d5bc27cf7c4e" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#56321fa7967de408b9957c299b3b82afa74281cf" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1202,7 +1202,7 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#dab00a74e7dd5a2bb29e4714d727d5bc27cf7c4e" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#56321fa7967de408b9957c299b3b82afa74281cf" dependencies = [ "rayon", ] @@ -1210,7 +1210,7 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#dab00a74e7dd5a2bb29e4714d727d5bc27cf7c4e" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#56321fa7967de408b9957c299b3b82afa74281cf" [[package]] name = "plotters" @@ -1484,9 +1484,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.33" +version = "0.38.34" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3cc72858054fcff6d7dea32df2aeaee6a7c24227366d7ea429aada2f26b16ad" +checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" dependencies = [ "bitflags", "errno", @@ -1666,7 +1666,7 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#dab00a74e7dd5a2bb29e4714d727d5bc27cf7c4e" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#56321fa7967de408b9957c299b3b82afa74281cf" dependencies = [ "ahash", "anyhow", From 3f35bc054060588b0c8d3ba8534b3d54bcfeb9c3 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Tue, 23 Apr 2024 12:13:39 +0800 Subject: [PATCH 13/46] Match starky --- circuits/src/stark/prover.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index 691932d6c..adba20155 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -169,9 +169,9 @@ pub(crate) fn prove_single_table( config: &StarkConfig, trace_poly_values: &[PolynomialValues], trace_commitment: &PolynomialBatch, - public_inputs: &[F], ctl_data: &CtlData, challenger: &mut Challenger, + public_inputs: &[F], timing: &mut TimingTree, ) -> Result> where @@ -345,9 +345,9 @@ where config, &traces_poly_values[kind], &trace_commitments[kind], - public_inputs[kind], &ctl_data_per_table[kind], challenger, + public_inputs[kind], timing, )? })) From cfeeb43544bf301fcf6516e98f98a9c96715c432 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Tue, 23 Apr 2024 16:47:21 +0800 Subject: [PATCH 14/46] Use upstream --- Cargo.lock | 5 -- Cargo.toml | 9 ++- circuits/src/bitshift/stark.rs | 2 + circuits/src/cpu/stark.rs | 2 + circuits/src/cross_table_lookup.rs | 11 +-- circuits/src/memory/stark.rs | 2 + circuits/src/memory_fullword/stark.rs | 2 + circuits/src/memory_halfword/stark.rs | 2 + circuits/src/memory_io/stark.rs | 2 + circuits/src/memory_zeroinit/stark.rs | 2 + circuits/src/memoryinit/stark.rs | 2 + circuits/src/poseidon2/stark.rs | 2 + circuits/src/poseidon2_output_bytes/stark.rs | 2 + circuits/src/poseidon2_sponge/stark.rs | 2 + circuits/src/program/stark.rs | 2 + circuits/src/program_multiplicities/stark.rs | 2 + circuits/src/rangecheck_u8/stark.rs | 2 + circuits/src/register/general/stark.rs | 2 + circuits/src/register/init/stark.rs | 2 + circuits/src/stark/mozak_stark.rs | 19 +++++- circuits/src/stark/permutation.rs | 30 ++++++++- circuits/src/stark/prover.rs | 71 +++++++++++++++++++- circuits/src/unstark.rs | 2 + circuits/src/xor/stark.rs | 2 + examples/Cargo.lock | 65 ++++++++++++++++-- sdk/Cargo.toml | 3 +- 26 files changed, 228 insertions(+), 21 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7e73e3a12..4ea059630 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1146,7 +1146,6 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#56321fa7967de408b9957c299b3b82afa74281cf" dependencies = [ "ahash", "anyhow", @@ -1187,7 +1186,6 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#56321fa7967de408b9957c299b3b82afa74281cf" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1202,7 +1200,6 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#56321fa7967de408b9957c299b3b82afa74281cf" dependencies = [ "rayon", ] @@ -1210,7 +1207,6 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#56321fa7967de408b9957c299b3b82afa74281cf" [[package]] name = "plotters" @@ -1666,7 +1662,6 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#56321fa7967de408b9957c299b3b82afa74281cf" dependencies = [ "ahash", "anyhow", diff --git a/Cargo.toml b/Cargo.toml index 931548ae7..088bf3aec 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,6 +57,9 @@ starky = { version = "0", default-features = false } plonky2_crypto = { git = "https://github.com/0xmozak/plonky2-crypto.git" } [patch.crates-io] -plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } -plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } -starky = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +plonky2 = { path = "../plonky2/plonky2" } +plonky2_maybe_rayon = { path = "../plonky2/maybe_rayon" } +starky = { path = "../plonky2/starky" } +# plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +# plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +# starky = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } diff --git a/circuits/src/bitshift/stark.rs b/circuits/src/bitshift/stark.rs index 733abd1ef..971bd78f8 100644 --- a/circuits/src/bitshift/stark.rs +++ b/circuits/src/bitshift/stark.rs @@ -80,6 +80,8 @@ impl, const D: usize> Stark for BitshiftStark type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/cpu/stark.rs b/circuits/src/cpu/stark.rs index 1054f086f..40d1d513f 100644 --- a/circuits/src/cpu/stark.rs +++ b/circuits/src/cpu/stark.rs @@ -256,6 +256,8 @@ impl, const D: usize> Stark for CpuStark, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/cross_table_lookup.rs b/circuits/src/cross_table_lookup.rs index 9b9651e2d..aa968857b 100644 --- a/circuits/src/cross_table_lookup.rs +++ b/circuits/src/cross_table_lookup.rs @@ -235,15 +235,18 @@ pub struct CrossTableLookupWithTypedOutput { pub type CrossTableLookupUntyped = CrossTableLookupWithTypedOutput>; pub use CrossTableLookupUntyped as CrossTableLookup; -impl CrossTableLookup { - #[must_use] - pub fn to_starky(&self) -> starky_ctl::CrossTableLookup { +impl From<&CrossTableLookup> for starky_ctl::CrossTableLookup { + fn from(ctl: &CrossTableLookup) -> Self { starky_ctl::CrossTableLookup::new_no_looked_table( - self.looking_tables.iter().map(Table::to_starky).collect(), + ctl.looking_tables.iter().map(Table::to_starky).collect(), ) } } +impl From for starky_ctl::CrossTableLookup { + fn from(ctl: CrossTableLookup) -> Self { Self::from(&ctl) } +} + impl> CrossTableLookupWithTypedOutput { pub fn to_untyped_output(self) -> CrossTableLookup { let looking_tables = self diff --git a/circuits/src/memory/stark.rs b/circuits/src/memory/stark.rs index 88185f19a..6b538580e 100644 --- a/circuits/src/memory/stark.rs +++ b/circuits/src/memory/stark.rs @@ -90,6 +90,8 @@ impl, const D: usize> Stark for MemoryStark, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/memory_fullword/stark.rs b/circuits/src/memory_fullword/stark.rs index 2f76c68fa..acdabe497 100644 --- a/circuits/src/memory_fullword/stark.rs +++ b/circuits/src/memory_fullword/stark.rs @@ -61,6 +61,8 @@ impl, const D: usize> Stark for FullWordMemor type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + // Design description - https://docs.google.com/presentation/d/1J0BJd49BMQh3UR5TrOhe3k67plHxnohFtFVrMpDJ1oc/edit?usp=sharing fn eval_packed_generic( &self, diff --git a/circuits/src/memory_halfword/stark.rs b/circuits/src/memory_halfword/stark.rs index 9917e1fa3..943ba900a 100644 --- a/circuits/src/memory_halfword/stark.rs +++ b/circuits/src/memory_halfword/stark.rs @@ -59,6 +59,8 @@ impl, const D: usize> Stark for HalfWordMemor type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/memory_io/stark.rs b/circuits/src/memory_io/stark.rs index 5c2f4c0ec..e622c8cdf 100644 --- a/circuits/src/memory_io/stark.rs +++ b/circuits/src/memory_io/stark.rs @@ -86,6 +86,8 @@ impl, const D: usize> Stark for InputOutputMe type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/memory_zeroinit/stark.rs b/circuits/src/memory_zeroinit/stark.rs index 6d9785971..181abb795 100644 --- a/circuits/src/memory_zeroinit/stark.rs +++ b/circuits/src/memory_zeroinit/stark.rs @@ -49,6 +49,8 @@ impl, const D: usize> Stark for MemoryZeroIni type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/memoryinit/stark.rs b/circuits/src/memoryinit/stark.rs index 47dd7ab8f..0403bc662 100644 --- a/circuits/src/memoryinit/stark.rs +++ b/circuits/src/memoryinit/stark.rs @@ -49,6 +49,8 @@ impl, const D: usize> Stark for MemoryInitSta type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/poseidon2/stark.rs b/circuits/src/poseidon2/stark.rs index b35d20da8..a5a7fcc64 100644 --- a/circuits/src/poseidon2/stark.rs +++ b/circuits/src/poseidon2/stark.rs @@ -293,6 +293,8 @@ impl, const D: usize> Stark for Poseidon2_12S type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/poseidon2_output_bytes/stark.rs b/circuits/src/poseidon2_output_bytes/stark.rs index ebd156b44..6285e6f11 100644 --- a/circuits/src/poseidon2_output_bytes/stark.rs +++ b/circuits/src/poseidon2_output_bytes/stark.rs @@ -37,6 +37,8 @@ impl, const D: usize> Stark for Poseidon2Outp type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/poseidon2_sponge/stark.rs b/circuits/src/poseidon2_sponge/stark.rs index 1e573269a..3f80076e4 100644 --- a/circuits/src/poseidon2_sponge/stark.rs +++ b/circuits/src/poseidon2_sponge/stark.rs @@ -39,6 +39,8 @@ impl, const D: usize> Stark for Poseidon2Spon type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + // For design check https://docs.google.com/presentation/d/10Dv00xL3uggWTPc0L91cgu_dWUzhM7l1EQ5uDEI_cjg/edit?usp=sharing fn eval_packed_generic( &self, diff --git a/circuits/src/program/stark.rs b/circuits/src/program/stark.rs index 2531689ba..dd5003798 100644 --- a/circuits/src/program/stark.rs +++ b/circuits/src/program/stark.rs @@ -36,6 +36,8 @@ impl, const D: usize> Stark for ProgramStark< type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/program_multiplicities/stark.rs b/circuits/src/program_multiplicities/stark.rs index 51b8c27e7..b4bf2a81e 100644 --- a/circuits/src/program_multiplicities/stark.rs +++ b/circuits/src/program_multiplicities/stark.rs @@ -35,6 +35,8 @@ impl, const D: usize> Stark for ProgramMultSt type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/rangecheck_u8/stark.rs b/circuits/src/rangecheck_u8/stark.rs index 98bf2869c..aa94aefb0 100644 --- a/circuits/src/rangecheck_u8/stark.rs +++ b/circuits/src/rangecheck_u8/stark.rs @@ -36,6 +36,8 @@ impl, const D: usize> Stark for RangeCheckU8S type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/register/general/stark.rs b/circuits/src/register/general/stark.rs index 091622f1b..03613a72e 100644 --- a/circuits/src/register/general/stark.rs +++ b/circuits/src/register/general/stark.rs @@ -37,6 +37,8 @@ impl, const D: usize> Stark for RegisterStark type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + /// Constraints for the [`RegisterStark`]: /// /// 1) `is_init`, `is_read`, `is_write`, and the virtual `is_used` column diff --git a/circuits/src/register/init/stark.rs b/circuits/src/register/init/stark.rs index b7ebbbc8f..638f491c2 100644 --- a/circuits/src/register/init/stark.rs +++ b/circuits/src/register/init/stark.rs @@ -36,6 +36,8 @@ impl, const D: usize> Stark for RegisterInitS type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + /// Constraints for the [`RegisterInitStark`]. /// /// For sanity check, we can constrain the register address column to be in diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index 8f40bad48..fdc47a4a3 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -161,7 +161,7 @@ macro_rules! mozak_stark_helpers { } impl TableKind { - const COUNT: usize = $kind_count; + pub const COUNT: usize = $kind_count; } // Generate the set builder @@ -499,6 +499,23 @@ pub struct TableWithTypedOutput { pub type TableUntyped = TableWithTypedOutput>; pub use TableUntyped as Table; +impl From<&Table> for starky_ctl::TableWithColumns { + fn from(table: &Table) -> Self { + let columns = table + .columns + .iter() + .map(Column::to_starky) + .collect::>(); + // TODO(Matthias): figure out why they take a vector of filters. + let filter = starky_lookup::Filter::new(vec![], vec![table.filter_column.to_starky()]); + starky_ctl::TableWithColumns::new(table.kind as usize, columns, filter) + } +} + +impl From for starky_ctl::TableWithColumns { + fn from(table: Table) -> Self { Self::from(&table) } +} + impl Table { #[must_use] pub fn to_starky(&self) -> starky_ctl::TableWithColumns { diff --git a/circuits/src/stark/permutation.rs b/circuits/src/stark/permutation.rs index 1b0bc464a..8229cbded 100644 --- a/circuits/src/stark/permutation.rs +++ b/circuits/src/stark/permutation.rs @@ -91,13 +91,41 @@ pub mod challenge { } } + impl From> for starky::lookup::GrandProductChallenge + where + Target: Copy + Eq + PartialEq + Debug, + { + fn from(challenge: GrandProductChallenge) -> Self { + starky::lookup::GrandProductChallenge { + beta: challenge.beta, + gamma: challenge.gamma, + } + } + } + /// [`GrandProductChallenge`] repeated for [`num_challenges`] to boost /// soundness. #[derive(Clone, Eq, PartialEq, Debug, Default)] - pub struct GrandProductChallengeSet { + pub struct GrandProductChallengeSet { pub challenges: Vec>, } + impl From> + for starky::lookup::GrandProductChallengeSet + where + Target: Copy + Eq + PartialEq + core::fmt::Debug, + { + fn from(challenges: GrandProductChallengeSet) -> Self { + starky::lookup::GrandProductChallengeSet { + challenges: challenges + .challenges + .into_iter() + .map(starky::lookup::GrandProductChallenge::from) + .collect(), + } + } + } + pub trait GrandProductChallengeTrait> { fn get_grand_product_challenge(&mut self) -> GrandProductChallenge; diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index adba20155..becb7c30c 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -114,8 +114,24 @@ where for cap in &trace_caps { challenger.observe_cap(cap); } + let starky_cross_table_lookups = mozak_stark + .cross_table_lookups + .clone() + .map(starky::cross_table_lookup::CrossTableLookup::from); + let (starky_ctl_challenges, starky_ctl_datas) = { + let mut challenger = challenger.clone(); + starky::cross_table_lookup::get_ctl_data::( + config, + &traces_poly_values.0, + &starky_cross_table_lookups, + &mut challenger, + 3, + ) + }; let ctl_challenges = challenger.get_grand_product_challenge_set(config.num_challenges); + // TODO(Matthias): should we observe all ctl data here globally for all? To + // better parallelise later. let ctl_data_per_table = timed!( timing, "Compute CTL data for each table", @@ -138,7 +154,9 @@ where &trace_commitments, &ctl_data_per_table, &mut challenger, - timing + timing, + &starky_ctl_challenges, + &starky_ctl_datas, )? ); @@ -169,15 +187,60 @@ pub(crate) fn prove_single_table( config: &StarkConfig, trace_poly_values: &[PolynomialValues], trace_commitment: &PolynomialBatch, + // This is our CtlData, we need to match starky. ctl_data: &CtlData, challenger: &mut Challenger, public_inputs: &[F], timing: &mut TimingTree, + starky_ctl_challenges: &starky::lookup::GrandProductChallengeSet, + starky_ctl_data: &starky::cross_table_lookup::CtlData<'_, F>, + // Of course, we need to match the output, too. + // Ok, looks doable. ) -> Result> where - F: RichField + Extendable, + F: RichField + Extendable + Copy + Eq + core::fmt::Debug, C: GenericConfig, S: Stark + Display, { + { + let degree = trace_poly_values[0].len(); + let degree_bits = log2_strict(degree); + let fri_params = config.fri_params(degree_bits); + let rate_bits = config.fri_config.rate_bits; + let cap_height = config.fri_config.cap_height; + assert!( + fri_params.total_arities() <= degree_bits + rate_bits - cap_height, + "FRI total reduction arity is too large.", + ); + + let trace_commitment = timed!( + timing, + "compute trace commitment", + PolynomialBatch::::from_values( + trace_poly_values.to_vec(), + rate_bits, + false, + cap_height, + timing, + None, + ) + ); + + let trace_cap = trace_commitment.merkle_tree.cap.clone(); + let mut challenger = challenger.clone(); + challenger.observe_cap(&trace_cap); + let _ = starky::prover::prove_with_commitment( + stark, + config, + trace_poly_values, + &trace_commitment, + Some(starky_ctl_data), + Some(starky_ctl_challenges), + &mut challenger, + public_inputs, + timing, + ); + } + let degree = trace_poly_values[0].len(); let degree_bits = log2_strict(degree); let fri_params = config.fri_params(degree_bits); @@ -328,6 +391,8 @@ pub fn prove_with_commitments( ctl_data_per_table: &TableKindArray>, challenger: &mut Challenger, timing: &mut TimingTree, + starky_ctl_challenges: &starky::lookup::GrandProductChallengeSet, + starky_ctl_datas: &[starky::cross_table_lookup::CtlData<'_, F>; TableKind::COUNT], ) -> Result>> where F: RichField + Extendable, @@ -349,6 +414,8 @@ where challenger, public_inputs[kind], timing, + starky_ctl_challenges, + &starky_ctl_datas[kind as usize], )? })) } diff --git a/circuits/src/unstark.rs b/circuits/src/unstark.rs index fbff57de3..c3d0c1f19 100644 --- a/circuits/src/unstark.rs +++ b/circuits/src/unstark.rs @@ -45,6 +45,8 @@ impl< type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, _vars: &Self::EvaluationFrame, diff --git a/circuits/src/xor/stark.rs b/circuits/src/xor/stark.rs index ec0effe44..5ad0d9b7f 100644 --- a/circuits/src/xor/stark.rs +++ b/circuits/src/xor/stark.rs @@ -67,6 +67,8 @@ impl, const D: usize> Stark for XorStark, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/examples/Cargo.lock b/examples/Cargo.lock index 7a05c7b5b..324c7219b 100644 --- a/examples/Cargo.lock +++ b/examples/Cargo.lock @@ -111,6 +111,31 @@ dependencies = [ "libc", ] +[[package]] +name = "crossbeam-deque" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" +dependencies = [ + "crossbeam-epoch", + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-epoch" +version = "0.9.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" +dependencies = [ + "crossbeam-utils", +] + +[[package]] +name = "crossbeam-utils" +version = "0.8.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" + [[package]] name = "crunchy" version = "0.2.2" @@ -200,6 +225,7 @@ checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" dependencies = [ "ahash", "allocator-api2", + "rayon", "serde", ] @@ -435,7 +461,6 @@ dependencies = [ [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" dependencies = [ "ahash", "anyhow", @@ -448,16 +473,17 @@ dependencies = [ "plonky2_maybe_rayon", "plonky2_util", "rand", + "rand_chacha", "serde", "static_assertions", "tiny-keccak", "unroll", + "web-time", ] [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" dependencies = [ "anyhow", "itertools", @@ -472,12 +498,13 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" +dependencies = [ + "rayon", +] [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/actual-multiplicities#1388aa43987f399013a30a6dff64a2c5bb1c3e22" [[package]] name = "ppv-lite86" @@ -574,6 +601,26 @@ dependencies = [ "getrandom", ] +[[package]] +name = "rayon" +version = "1.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" +dependencies = [ + "either", + "rayon-core", +] + +[[package]] +name = "rayon-core" +version = "1.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" +dependencies = [ + "crossbeam-deque", + "crossbeam-utils", +] + [[package]] name = "rend" version = "0.5.0-pre6" @@ -899,6 +946,16 @@ version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" +[[package]] +name = "web-time" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + [[package]] name = "winnow" version = "0.6.6" diff --git a/sdk/Cargo.toml b/sdk/Cargo.toml index 579b498d5..cd71b3e56 100644 --- a/sdk/Cargo.toml +++ b/sdk/Cargo.toml @@ -17,7 +17,8 @@ rkyv_derive = "=0.8.0-alpha.1" [target.'cfg(not(target_os="mozakvm"))'.dependencies] hex = "0.4" -plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables", default-features = false } +plonky2 = { path = "../../plonky2/plonky2" } +# plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables", default-features = false } rand = "0.8" rand_chacha = "0.3" serde = { version = "1.0", features = ["derive"] } From 7dae23ced2682add9d8b9e7e861fe94ff029de85 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 11:19:26 +0800 Subject: [PATCH 15/46] base verifier compiles, tackling recursion --- circuits/src/cross_table_lookup.rs | 206 --------- circuits/src/stark/mozak_stark.rs | 6 +- circuits/src/stark/proof.rs | 31 +- circuits/src/stark/prover.rs | 222 ++-------- circuits/src/stark/recursive_verifier.rs | 512 ++++++++++++----------- circuits/src/stark/verifier.rs | 155 ++----- circuits/src/tape_commitments/stark.rs | 101 ++--- circuits/src/test_utils.rs | 2 +- cli/src/main.rs | 76 ++-- 9 files changed, 456 insertions(+), 855 deletions(-) diff --git a/circuits/src/cross_table_lookup.rs b/circuits/src/cross_table_lookup.rs index aa968857b..02d29210a 100644 --- a/circuits/src/cross_table_lookup.rs +++ b/circuits/src/cross_table_lookup.rs @@ -61,110 +61,6 @@ pub(crate) struct CtlZData { pub(crate) filter_column: Column, } -pub(crate) fn verify_cross_table_lookups_and_public_sub_tables< - F: RichField + Extendable, - const D: usize, ->( - cross_table_lookups: &[CrossTableLookup], - ctl_zs_lasts: &TableKindArray>, - config: &StarkConfig, -) -> Result<()> { - let mut ctl_zs_openings = ctl_zs_lasts.each_ref().map(|v| v.iter().copied()); - for _ in 0..config.num_challenges { - for CrossTableLookup { looking_tables } in cross_table_lookups { - let looking_zs_sum = looking_tables - .iter() - .map(|table| ctl_zs_openings[table.kind].next().unwrap()) - .sum::(); - - ensure!( - looking_zs_sum == F::ZERO, - "Cross-table lookup verification failed for {:?} ({} != 0)", - looking_tables.iter().map(|table| table.kind), - looking_zs_sum, - ); - } - } - - Ok(()) -} - -/// Circuit version of `verify_cross_table_lookups`. Verifies all cross-table -/// lookups. -pub(crate) fn verify_cross_table_lookups_and_public_sub_table_circuit< - F: RichField + Extendable, - const D: usize, ->( - builder: &mut CircuitBuilder, - cross_table_lookups: &[CrossTableLookup], - ctl_zs_lasts: &TableKindArray>, - config: &StarkConfig, -) { - let mut ctl_zs_openings = ctl_zs_lasts.each_ref().map(|v| v.iter()); - for _ in 0..config.num_challenges { - for CrossTableLookup { looking_tables } in cross_table_lookups { - let looking_zs_sum = builder.add_many( - looking_tables - .iter() - .map(|table| *ctl_zs_openings[table.kind].next().unwrap()), - ); - - let zero = builder.zero(); - - builder.connect(zero, looking_zs_sum); - } - } - - debug_assert!(ctl_zs_openings.iter_mut().all(|iter| iter.next().is_none())); -} - -pub(crate) fn cross_table_lookup_data( - trace_poly_values: &TableKindArray>>, - cross_table_lookups: &[CrossTableLookup], - ctl_challenges: &GrandProductChallengeSet, -) -> TableKindArray> { - let mut ctl_data_per_table = all_kind!(|_kind| CtlData::default()); - for &challenge in &ctl_challenges.challenges { - for CrossTableLookup { looking_tables } in cross_table_lookups { - log::debug!( - "Processing CTL for {:?}", - looking_tables - .iter() - .map(|table| table.kind) - .collect::>() - ); - - let make_z = |table: &Table| { - partial_sums( - &trace_poly_values[table.kind], - &table.columns, - &table.filter_column, - challenge, - ) - }; - let zs_looking = looking_tables.iter().map(make_z); - - debug_assert_eq!( - zs_looking - .clone() - .map(|z| *z.values.last().unwrap()) - .sum::(), - F::ZERO - ); - - for (table, z) in izip!(looking_tables, zs_looking) { - ctl_data_per_table[table.kind].zs_columns.push(CtlZData { - z, - challenge, - columns: table.columns.clone(), - filter_column: table.filter_column.clone(), - }); - } - } - } - ctl_data_per_table -} - /// Treat CTL and the challenge as a single entity. /// /// Logically, the CTL specifies a linear transformation, and so does the @@ -436,106 +332,4 @@ pub fn eval_cross_table_lookup_checks_circuit< } } -pub mod ctl_utils { - use std::collections::BTreeMap; - - use anyhow::Result; - use derive_more::{Deref, DerefMut}; - use plonky2::field::extension::Extendable; - use plonky2::field::polynomial::PolynomialValues; - use plonky2::hash::hash_types::RichField; - - use crate::cross_table_lookup::{CrossTableLookup, LookupError}; - use crate::linear_combination::ColumnSparse; - use crate::stark::mozak_stark::{MozakStark, Table, TableKind, TableKindArray}; - - #[derive(Clone, Debug, Default, Deref, DerefMut)] - struct MultiSet(pub BTreeMap, Vec<(TableKind, F)>>); - - impl MultiSet { - fn process_row( - &mut self, - trace_poly_values: &TableKindArray>>, - table: &Table, - ) { - let trace = &trace_poly_values[table.kind]; - let filter_column = table.filter_column.to_field(); - let columns = table - .columns - .iter() - .map(ColumnSparse::to_field) - .collect::>(); - for i in 0..trace[0].len() { - let filter = filter_column.eval_table(trace, i); - if filter.is_nonzero() { - let row = columns - .iter() - .map(|c| c.eval_table(trace, i)) - .map(|f| f.to_canonical_u64()) - .collect::>(); - self.entry(row).or_default().push((table.kind, filter)); - }; - } - } - } - pub fn check_single_ctl( - trace_poly_values: &TableKindArray>>, - // TODO(Matthias): make this one work with CrossTableLookupNamed, instead of having to - // forget the types first. That should also help with adding better debug messages. - ctl: &CrossTableLookup, - ) -> Result<(), LookupError> { - /// Sums and compares the multiplicities of the given looking and looked - /// locations previously processed. - /// - /// The CTL check holds iff `looking_multiplicity == - /// looked_multiplicity`. - fn check_multiplicities( - row: &[u64], - looking_locations: &[(TableKind, F)], - ) -> Result<(), LookupError> { - let looking_multiplicity = looking_locations.iter().map(|l| l.1).sum::(); - if looking_multiplicity != F::ZERO { - eprintln!( - "Row {row:?} has multiplicity {looking_multiplicity} != 0 in the looking tables.\n\ - Looking locations: {looking_locations:?}." - ); - return Err(LookupError::InconsistentTableRows); - } - - Ok(()) - } - - // Maps `m` with `(table.kind, multiplicity) in m[row]` - let mut looking_multiset = MultiSet::::default(); - - for looking_table in &ctl.looking_tables { - looking_multiset.process_row(trace_poly_values, looking_table); - } - - // Check that every row in the looking tables appears in the looked table the - // same number of times. - for (row, looking_locations) in &looking_multiset.0 { - check_multiplicities(row, looking_locations).map_err(|e| { - eprintln!("Looking multiset: {looking_multiset:?}"); - e - })?; - } - - Ok(()) - } - pub fn debug_ctl, const D: usize>( - traces_poly_values: &TableKindArray>>, - mozak_stark: &MozakStark, - ) { - mozak_stark - .cross_table_lookups - .iter() - .enumerate() - .for_each(|(i, ctl)| { - check_single_ctl(traces_poly_values, ctl) - .unwrap_or_else(|e| panic!("CTL {i} failed: {e:?}")); - }); - } -} - // TODO(Matthias): restore the tests from before https://github.com/0xmozak/mozak-vm/pull/1371 diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index fdc47a4a3..32fcd1d95 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -140,7 +140,8 @@ pub struct MozakStark, const D: usize> { pub poseidon2_output_bytes_stark: Poseidon2OutputBytesStark, #[StarkSet(stark_kind = "TapeCommitments")] pub tape_commitments_stark: TapeCommitmentsStark, - pub cross_table_lookups: [CrossTableLookup; NUM_CROSS_TABLE_LOOKUP], + pub cross_table_lookups: + [starky::cross_table_lookup::CrossTableLookup; NUM_CROSS_TABLE_LOOKUP], pub debug: bool, } @@ -448,7 +449,8 @@ impl, const D: usize> Default for MozakStark Poseidon2OutputBytesPoseidon2SpongeTable::lookups(), EventCommitmentTapeIOLookupTable::lookups(), CastlistCommitmentTapeIOLookupTable::lookups(), - ], + ] + .map(starky::cross_table_lookup::CrossTableLookup::from), debug: false, } } diff --git a/circuits/src/stark/proof.rs b/circuits/src/stark/proof.rs index 898c7219b..896746e00 100644 --- a/circuits/src/stark/proof.rs +++ b/circuits/src/stark/proof.rs @@ -23,7 +23,7 @@ use crate::stark::permutation::challenge::{GrandProductChallengeSet, GrandProduc #[allow(clippy::module_name_repetitions)] impl, C: GenericConfig, const D: usize> AllProof { pub fn degree_bits(&self, config: &StarkConfig) -> TableKindArray { - all_kind!(|kind| self.proofs[kind].recover_degree_bits(config)) + all_kind!(|kind| self.proofs[kind].proof.recover_degree_bits(config)) } } @@ -315,10 +315,10 @@ impl StarkOpeningSetTarget { } #[allow(clippy::module_name_repetitions)] -#[derive(Clone, Debug, Deserialize, Serialize)] -#[serde(bound = "")] +#[derive(Clone, Debug)] pub struct AllProof, C: GenericConfig, const D: usize> { - pub proofs: TableKindArray>, + pub proofs: TableKindArray>, + pub ctl_challenges: starky::lookup::GrandProductChallengeSet, pub program_rom_trace_cap: MerkleCap, pub elf_memory_init_trace_cap: MerkleCap, pub mozak_memory_init_trace_cap: MerkleCap, @@ -326,8 +326,8 @@ pub struct AllProof, C: GenericConfig, co } pub(crate) struct AllProofChallenges, const D: usize> { - pub stark_challenges: TableKindArray>, - pub ctl_challenges: GrandProductChallengeSet, + pub stark_challenges: TableKindArray>, + pub ctl_challenges: starky::lookup::GrandProductChallengeSet, } impl, C: GenericConfig, const D: usize> AllProof { @@ -336,17 +336,27 @@ impl, C: GenericConfig, const D: usize> A let mut challenger = Challenger::::new(); for proof in &self.proofs { - challenger.observe_cap(&proof.trace_cap); + challenger.observe_cap(&proof.proof.trace_cap); } // TODO: Observe public values. - let ctl_challenges = challenger.get_grand_product_challenge_set(config.num_challenges); + let ctl_challenges = + starky::lookup::get_grand_product_challenge_set(&mut challenger, config.num_challenges); + // TODO(Matthias): consider moving to observing all ctl caps at once, so we can + // use the same `alphas` for the whole set of starks. That would need + // changes in plonky2. AllProofChallenges { stark_challenges: all_kind!(|kind| { + let mut challenger = challenger.clone(); challenger.compact(); - self.proofs[kind].get_challenges(&mut challenger, config) + self.proofs[kind].proof.get_challenges( + &mut challenger, + Some(&ctl_challenges), + false, + config, + ) }), ctl_challenges, } @@ -356,6 +366,7 @@ impl, C: GenericConfig, const D: usize> A /// `g^-1`. The order corresponds to the order declared in /// [`TableKind`](crate::cross_table_lookup::TableKind). pub(crate) fn all_ctl_zs_last(self) -> TableKindArray> { - self.proofs.map(|p| p.openings.ctl_zs_last) + // TODO(Matthias): remove, we shouldn't need this. + self.proofs.map(|p| p.proof.openings.ctl_zs_first.unwrap()) } } diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index becb7c30c..83eec237d 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -2,15 +2,13 @@ use std::fmt::Display; -use anyhow::{ensure, Result}; +use anyhow::Result; use log::Level::Debug; use log::{debug, log_enabled}; use mozak_runner::elf::Program; use mozak_runner::vm::ExecutionRecord; use plonky2::field::extension::Extendable; -use plonky2::field::packable::Packable; use plonky2::field::polynomial::PolynomialValues; -use plonky2::field::types::Field; use plonky2::fri::oracle::PolynomialBatch; use plonky2::hash::hash_types::RichField; use plonky2::iop::challenger::Challenger; @@ -18,19 +16,14 @@ use plonky2::plonk::config::GenericConfig; use plonky2::timed; use plonky2::util::log2_strict; use plonky2::util::timing::TimingTree; -#[allow(clippy::wildcard_imports)] -use plonky2_maybe_rayon::*; use starky::config::StarkConfig; -use starky::stark::{LookupConfig, Stark}; +use starky::proof::{StarkProofWithMetadata, StarkProofWithPublicInputs}; +use starky::stark::Stark; use super::mozak_stark::{MozakStark, TableKind, TableKindArray, TableKindSetBuilder}; -use super::proof::{AllProof, StarkOpeningSet, StarkProof}; -use crate::cross_table_lookup::ctl_utils::debug_ctl; -use crate::cross_table_lookup::{cross_table_lookup_data, CtlData}; +use super::proof::AllProof; use crate::generation::{debug_traces, generate_traces}; use crate::stark::mozak_stark::{all_starks, PublicInputs}; -use crate::stark::permutation::challenge::GrandProductChallengeTrait; -use crate::stark::poly::compute_quotient_polys; /// Prove the execution of a given [Program] /// @@ -56,7 +49,6 @@ where let traces_poly_values = generate_traces(program, record); if mozak_stark.debug || std::env::var("MOZAK_STARK_DEBUG").is_ok() { debug_traces(&traces_poly_values, mozak_stark, &public_inputs); - debug_ctl(&traces_poly_values, mozak_stark); } prove_with_traces( mozak_stark, @@ -119,7 +111,6 @@ where .clone() .map(starky::cross_table_lookup::CrossTableLookup::from); let (starky_ctl_challenges, starky_ctl_datas) = { - let mut challenger = challenger.clone(); starky::cross_table_lookup::get_ctl_data::( config, &traces_poly_values.0, @@ -129,19 +120,6 @@ where ) }; - let ctl_challenges = challenger.get_grand_product_challenge_set(config.num_challenges); - // TODO(Matthias): should we observe all ctl data here globally for all? To - // better parallelise later. - let ctl_data_per_table = timed!( - timing, - "Compute CTL data for each table", - cross_table_lookup_data::( - traces_poly_values, - &mozak_stark.cross_table_lookups, - &ctl_challenges - ) - ); - let proofs = timed!( timing, "compute all proofs given commitments", @@ -152,7 +130,6 @@ where &public_inputs, traces_poly_values, &trace_commitments, - &ctl_data_per_table, &mut challenger, timing, &starky_ctl_challenges, @@ -168,6 +145,7 @@ where } Ok(AllProof { proofs, + ctl_challenges: starky_ctl_challenges, program_rom_trace_cap, elf_memory_init_trace_cap, mozak_memory_init_trace_cap, @@ -187,8 +165,6 @@ pub(crate) fn prove_single_table( config: &StarkConfig, trace_poly_values: &[PolynomialValues], trace_commitment: &PolynomialBatch, - // This is our CtlData, we need to match starky. - ctl_data: &CtlData, challenger: &mut Challenger, public_inputs: &[F], timing: &mut TimingTree, @@ -196,51 +172,11 @@ pub(crate) fn prove_single_table( starky_ctl_data: &starky::cross_table_lookup::CtlData<'_, F>, // Of course, we need to match the output, too. // Ok, looks doable. -) -> Result> +) -> Result> where F: RichField + Extendable + Copy + Eq + core::fmt::Debug, C: GenericConfig, S: Stark + Display, { - { - let degree = trace_poly_values[0].len(); - let degree_bits = log2_strict(degree); - let fri_params = config.fri_params(degree_bits); - let rate_bits = config.fri_config.rate_bits; - let cap_height = config.fri_config.cap_height; - assert!( - fri_params.total_arities() <= degree_bits + rate_bits - cap_height, - "FRI total reduction arity is too large.", - ); - - let trace_commitment = timed!( - timing, - "compute trace commitment", - PolynomialBatch::::from_values( - trace_poly_values.to_vec(), - rate_bits, - false, - cap_height, - timing, - None, - ) - ); - - let trace_cap = trace_commitment.merkle_tree.cap.clone(); - let mut challenger = challenger.clone(); - challenger.observe_cap(&trace_cap); - let _ = starky::prover::prove_with_commitment( - stark, - config, - trace_poly_values, - &trace_commitment, - Some(starky_ctl_data), - Some(starky_ctl_challenges), - &mut challenger, - public_inputs, - timing, - ); - } - let degree = trace_poly_values[0].len(); let degree_bits = log2_strict(degree); let fri_params = config.fri_params(degree_bits); @@ -251,128 +187,25 @@ where "FRI total reduction arity is too large.", ); - // commit to both z poly of ctl and open public - let z_polys = ctl_data.z_polys(); - // TODO(Matthias): make the code work with empty z_polys, too. - assert!(!z_polys.is_empty(), "No CTL? {stark}"); - - let ctl_zs_commitment = timed!( - timing, - format!("{stark}: compute Zs commitment").as_str(), - PolynomialBatch::from_values( - z_polys, - rate_bits, - false, - config.fri_config.cap_height, - timing, - None, - ) - ); - let ctl_zs_cap = ctl_zs_commitment.merkle_tree.cap.clone(); - challenger.observe_cap(&ctl_zs_cap); - - let alphas = challenger.get_n_challenges(config.num_challenges); - let quotient_polys = timed!( - timing, - format!("{stark}: compute quotient polynomial").as_str(), - compute_quotient_polys::::Packing, C, S, D>( - stark, - trace_commitment, - &ctl_zs_commitment, - public_inputs, - ctl_data, - &alphas, - degree_bits, - config, - ) - ); - - let all_quotient_chunks = timed!( - timing, - format!("{stark}: split quotient polynomial").as_str(), - quotient_polys - .into_par_iter() - .flat_map(|mut quotient_poly| { - quotient_poly - .trim_to_len(degree * stark.quotient_degree_factor()) - .expect( - "Quotient has failed, the vanishing polynomial is not divisible by Z_H", - ); - // Split quotient into degree-n chunks. - quotient_poly.chunks(degree) - }) - .collect() - ); - let quotient_commitment = timed!( - timing, - format!("{stark}: compute quotient commitment").as_str(), - PolynomialBatch::from_coeffs( - all_quotient_chunks, - rate_bits, - false, - config.fri_config.cap_height, - timing, - None, - ) - ); - let quotient_polys_cap = quotient_commitment.merkle_tree.cap.clone(); - challenger.observe_cap("ient_polys_cap); - - let zeta = challenger.get_extension_challenge::(); - // To avoid leaking witness data, we want to ensure that our opening locations, - // `zeta` and `g * zeta`, are not in our subgroup `H`. It suffices to check - // `zeta` only, since `(g * zeta)^n = zeta^n`, where `n` is the order of - // `g`. - let g = F::primitive_root_of_unity(degree_bits); - ensure!( - zeta.exp_power_of_2(degree_bits) != F::Extension::ONE, - "Opening point is in the subgroup." - ); - - let openings = StarkOpeningSet::new( - zeta, - g, - trace_commitment, - &ctl_zs_commitment, - "ient_commitment, - degree_bits, - ); - - challenger.observe_openings(&openings.to_fri_openings()); - - let initial_merkle_trees = vec![trace_commitment, &ctl_zs_commitment, "ient_commitment]; - - // Make sure that we do not use Starky's lookups. - assert!(!stark.requires_ctls()); - assert!(!stark.uses_lookups()); - let opening_proof = timed!( + let trace_cap = trace_commitment.merkle_tree.cap.clone(); + let mut challenger = challenger.clone(); + let init_challenger_state = challenger.compact(); + // Clear buffered outputs. + challenger.observe_cap(&trace_cap); + starky::prover::prove_with_commitment( + stark, + config, + trace_poly_values, + &trace_commitment, + Some(starky_ctl_data), + Some(starky_ctl_challenges), + &mut challenger, + public_inputs, timing, - format!("{stark}: compute opening proofs").as_str(), - PolynomialBatch::prove_openings( - &stark.fri_instance( - zeta, - g, - 0, - vec![], - config, - Some(&LookupConfig { - degree_bits, - num_zs: ctl_data.len() - }) - ), - &initial_merkle_trees, - challenger, - &fri_params, - timing, - ) - ); - - Ok(StarkProof { - trace_cap: trace_commitment.merkle_tree.cap.clone(), - ctl_zs_cap, - quotient_polys_cap, - openings, - opening_proof, + ) + .map(|proof_with_pis| StarkProofWithMetadata { + proof: proof_with_pis.proof, + init_challenger_state, }) } @@ -388,12 +221,11 @@ pub fn prove_with_commitments( public_inputs: &PublicInputs, traces_poly_values: &TableKindArray>>, trace_commitments: &TableKindArray>, - ctl_data_per_table: &TableKindArray>, challenger: &mut Challenger, timing: &mut TimingTree, starky_ctl_challenges: &starky::lookup::GrandProductChallengeSet, starky_ctl_datas: &[starky::cross_table_lookup::CtlData<'_, F>; TableKind::COUNT], -) -> Result>> +) -> Result>> where F: RichField + Extendable, C: GenericConfig, { @@ -410,13 +242,13 @@ where config, &traces_poly_values[kind], &trace_commitments[kind], - &ctl_data_per_table[kind], challenger, public_inputs[kind], timing, starky_ctl_challenges, &starky_ctl_datas[kind as usize], - )? + ) + .unwrap() })) } diff --git a/circuits/src/stark/recursive_verifier.rs b/circuits/src/stark/recursive_verifier.rs index edd155f1d..464c0c4bf 100644 --- a/circuits/src/stark/recursive_verifier.rs +++ b/circuits/src/stark/recursive_verifier.rs @@ -24,15 +24,13 @@ use plonky2::with_context; use starky::config::StarkConfig; use starky::constraint_consumer::RecursiveConstraintConsumer; use starky::evaluation_frame::StarkEvaluationFrame; +use starky::proof::StarkProofWithMetadata; use starky::stark::{LookupConfig, Stark}; use super::mozak_stark::{all_kind, all_starks, TableKindArray}; use crate::columns_view::{columns_view_impl, NumberOfColumns}; -use crate::cross_table_lookup::{ - verify_cross_table_lookups_and_public_sub_table_circuit, CrossTableLookup, CtlCheckVarsTarget, -}; +use crate::cross_table_lookup::CtlCheckVarsTarget; use crate::stark::mozak_stark::{MozakStark, TableKind}; -use crate::stark::permutation::challenge::get_grand_product_challenge_set_target; use crate::stark::poly::eval_vanishing_poly_circuit; use crate::stark::proof::{ AllProof, StarkOpeningSetTarget, StarkProof, StarkProofChallengesTarget, StarkProofTarget, @@ -99,7 +97,7 @@ where F: RichField + Extendable, C: GenericConfig, C::Hasher: AlgebraicHasher, { - pub stark_proof_with_pis_target: StarkProofWithPublicInputsTarget, + pub stark_proof_with_pis_target: starky::proof::StarkProofWithPublicInputsTarget, pub zero_target: Target, pub _f: PhantomData<(F, C)>, } @@ -110,25 +108,31 @@ where C: GenericConfig, C::Hasher: AlgebraicHasher, { - pub fn set_targets(&self, witness: &mut PartialWitness, proof: &StarkProof) { - set_stark_proof_with_pis_target( + pub fn set_targets( + &self, + witness: &mut PartialWitness, + proof: &starky::proof::StarkProofWithPublicInputs, + ) { + starky::recursive_verifier::set_stark_proof_with_pis_target( witness, - &self.stark_proof_with_pis_target.proof, + &self.stark_proof_with_pis_target, proof, self.zero_target, ); } } +// TODO(Matthias): this is equivalent to zk_evm's `StarkWrapperCircuit` impl MozakStarkVerifierCircuit where F: RichField + Extendable, C: GenericConfig, C::Hasher: AlgebraicHasher, { - pub fn prove(&self, all_proof: &AllProof) -> Result> { + pub fn prove(&self, all_proof: &AllProof) -> Result> { let mut inputs = PartialWitness::new(); + // let proof = starky::proof::StarkProof::from(proof); // TODO(Matthias): not sure we need this, if we don't have the pub sub feature? all_kind!(|kind| { self.targets[kind].set_targets(&mut inputs, &all_proof.proofs[kind]); @@ -145,6 +149,7 @@ where } } +// TODO(Matthias): learn from zk_evm `recursive_stark_circuit` #[must_use] #[allow(clippy::too_many_lines)] pub fn recursive_mozak_stark_circuit< @@ -164,16 +169,19 @@ where let mut challenger = RecursiveChallenger::::new(&mut builder); let stark_proof_with_pis_target = all_starks!(mozak_stark, |stark, kind| { - let num_ctl_zs = CrossTableLookup::num_ctl_zs( - &mozak_stark.cross_table_lookups, - kind, - inner_config.num_challenges, - ); - add_virtual_stark_proof_with_pis( + let (num_ctl_helper_zs, num_ctl_zs, _) = + starky::cross_table_lookup::CrossTableLookup::num_ctl_helpers_zs_all( + &mozak_stark.cross_table_lookups, + kind as usize, + inner_config.num_challenges, + stark.constraint_degree(), + ); + starky::recursive_verifier::add_virtual_stark_proof_with_pis( &mut builder, stark, inner_config, degree_bits[kind], + num_ctl_helper_zs, num_ctl_zs, ) }); @@ -182,39 +190,62 @@ where challenger.observe_cap(&pi.proof.trace_cap); } - let ctl_challenges = get_grand_product_challenge_set_target( + let ctl_challenges = starky::lookup::get_grand_product_challenge_set_target( &mut builder, &mut challenger, inner_config.num_challenges, ); + // TODO(Matthias): use - verify_cross_table_lookups_and_public_sub_table_circuit( + // starky::recursive_verifier::verify_stark_proof_with_challenges_circuit( + // &mut builder, + // ); + starky::cross_table_lookup::verify_cross_table_lookups_circuit( &mut builder, - &mozak_stark.cross_table_lookups, - &stark_proof_with_pis_target - .clone() - .map(|p| p.proof.openings.ctl_zs_last), + mozak_stark.cross_table_lookups.to_vec(), + stark_proof_with_pis_target + .each_ref() + .map(|p| p.proof.openings.ctl_zs_first.clone().unwrap()) + .0, + None, inner_config, ); let targets = all_starks!(mozak_stark, |stark, kind| { - let ctl_vars = CtlCheckVarsTarget::from_proof( - kind, + let (total_num_helpers, num_ctl_zs, num_helpers_by_ctl) = + starky::cross_table_lookup::CrossTableLookup::num_ctl_helpers_zs_all( + &mozak_stark.cross_table_lookups, + kind as usize, + inner_config.num_challenges, + stark.constraint_degree(), + ); + let ctl_vars = starky::cross_table_lookup::CtlCheckVarsTarget::from_proof( + kind as usize, &stark_proof_with_pis_target[kind].proof, &mozak_stark.cross_table_lookups, &ctl_challenges, + num_ctl_zs, + total_num_helpers, + &num_helpers_by_ctl, ); let challenges_target = stark_proof_with_pis_target[kind] .proof - .get_challenges::(&mut builder, &mut challenger, inner_config); - - verify_stark_proof_with_challenges_circuit::( + .get_challenges::( + &mut builder, + &mut challenger, + Some(&ctl_challenges), + true, + &inner_config, + ); + + starky::recursive_verifier::verify_stark_proof_with_challenges_circuit::( &mut builder, stark, - &stark_proof_with_pis_target[kind], - &challenges_target, - &ctl_vars, + &stark_proof_with_pis_target[kind].proof, + &stark_proof_with_pis_target[kind].public_inputs, + challenges_target, + Some(&ctl_vars), inner_config, ); @@ -648,217 +679,228 @@ mod tests { #[test] fn recursive_verify_mozak_starks() -> Result<()> { - use plonky2::field::types::Field; - - use crate::stark::verifier::verify_proof; - - let stark = S::default(); - let config = StarkConfig::standard_fast_config(); - let (program, record) = code::execute( - [Instruction { - op: Op::ADD, - args: Args { - rd: 5, - rs1: 6, - rs2: 7, - ..Args::default() - }, - }], - &[], - &[(6, 100), (7, 200)], - ); - let public_inputs = PublicInputs { - entry_point: from_u32(program.entry_point), - }; - - let mozak_proof = prove::( - &program, - &record, - &stark, - &config, - public_inputs, - &mut TimingTree::default(), - )?; - verify_proof(&stark, mozak_proof.clone(), &config)?; - - let circuit_config = CircuitConfig::standard_recursion_config(); - let mozak_stark_circuit = recursive_mozak_stark_circuit::( - &stark, - &mozak_proof.degree_bits(&config), - &circuit_config, - &config, - ); - - let recursive_proof = mozak_stark_circuit.prove(&mozak_proof)?; - let public_input_slice: [F; VM_PUBLIC_INPUT_SIZE] = - recursive_proof.public_inputs.as_slice().try_into().unwrap(); - let expected_event_commitment_tape = [F::ZERO; COMMITMENT_SIZE]; - let expected_castlist_commitment_tape = [F::ZERO; COMMITMENT_SIZE]; - let recursive_proof_public_inputs: &VMRecursiveProofPublicInputs = - &public_input_slice.into(); - assert_eq!( - recursive_proof_public_inputs.event_commitment_tape, expected_event_commitment_tape, - "Could not find expected_event_commitment_tape in recursive proof's public inputs" - ); - assert_eq!( - recursive_proof_public_inputs.castlist_commitment_tape, - expected_castlist_commitment_tape, - "Could not find expected_castlist_commitment_tape in recursive proof's public inputs" - ); - - mozak_stark_circuit.circuit.verify(recursive_proof) + todo!() + // use plonky2::field::types::Field; + + // use crate::stark::verifier::verify_proof; + + // let stark = S::default(); + // let config = StarkConfig::standard_fast_config(); + // let (program, record) = code::execute( + // [Instruction { + // op: Op::ADD, + // args: Args { + // rd: 5, + // rs1: 6, + // rs2: 7, + // ..Args::default() + // }, + // }], + // &[], + // &[(6, 100), (7, 200)], + // ); + // let public_inputs = PublicInputs { + // entry_point: from_u32(program.entry_point), + // }; + + // let mozak_proof = prove::( + // &program, + // &record, + // &stark, + // &config, + // public_inputs, + // &mut TimingTree::default(), + // )?; + // verify_proof(&stark, mozak_proof.clone(), &config)?; + + // let circuit_config = CircuitConfig::standard_recursion_config(); + // let mozak_stark_circuit = recursive_mozak_stark_circuit::( + // &stark, + // &mozak_proof.degree_bits(&config), + // &circuit_config, + // &config, + // ); + + // let recursive_proof = mozak_stark_circuit.prove(&mozak_proof)?; + // let public_input_slice: [F; VM_PUBLIC_INPUT_SIZE] = + // recursive_proof.public_inputs.as_slice().try_into().unwrap(); + // let expected_event_commitment_tape = [F::ZERO; COMMITMENT_SIZE]; + // let expected_castlist_commitment_tape = [F::ZERO; COMMITMENT_SIZE]; + // let recursive_proof_public_inputs: &VMRecursiveProofPublicInputs = + // &public_input_slice.into(); + // assert_eq!( + // recursive_proof_public_inputs.event_commitment_tape, + // expected_event_commitment_tape, "Could not find + // expected_event_commitment_tape in recursive proof's public inputs" + // ); + // assert_eq!( + // recursive_proof_public_inputs.castlist_commitment_tape, + // expected_castlist_commitment_tape, + // "Could not find expected_castlist_commitment_tape in recursive + // proof's public inputs" ); + + // mozak_stark_circuit.circuit.verify(recursive_proof) } #[test] #[ignore] #[allow(clippy::too_many_lines)] fn same_circuit_verify_different_vm_proofs() -> Result<()> { - let stark = S::default(); - let inst = Instruction { - op: Op::ADD, - args: Args { - rd: 5, - rs1: 6, - rs2: 7, - ..Args::default() - }, - }; - - let (program0, record0) = code::execute([inst], &[], &[(6, 100), (7, 200)]); - let public_inputs = PublicInputs { - entry_point: from_u32(program0.entry_point), - }; - let stark_config0 = StarkConfig::standard_fast_config(); - let mozak_proof0 = prove::( - &program0, - &record0, - &stark, - &stark_config0, - public_inputs, - &mut TimingTree::default(), - )?; - - let (program1, record1) = code::execute(vec![inst; 128], &[], &[(6, 100), (7, 200)]); - let public_inputs = PublicInputs { - entry_point: from_u32(program1.entry_point), - }; - let stark_config1 = StarkConfig::standard_fast_config(); - let mozak_proof1 = prove::( - &program1, - &record1, - &stark, - &stark_config1, - public_inputs, - &mut TimingTree::default(), - )?; - - // The degree bits should be different for the two proofs. - assert_ne!( - mozak_proof0.degree_bits(&stark_config0), - mozak_proof1.degree_bits(&stark_config1) - ); - - let recursion_circuit_config = CircuitConfig::standard_recursion_config(); - let recursion_circuit0 = recursive_mozak_stark_circuit::( - &stark, - &mozak_proof0.degree_bits(&stark_config0), - &recursion_circuit_config, - &stark_config0, - ); - let recursion_proof0 = recursion_circuit0.prove(&mozak_proof0)?; - - let recursion_circuit1 = recursive_mozak_stark_circuit::( - &stark, - &mozak_proof1.degree_bits(&stark_config1), - &recursion_circuit_config, - &stark_config1, - ); - let recursion_proof1 = recursion_circuit1.prove(&mozak_proof1)?; - - recursion_circuit0 - .circuit - .verify(recursion_proof0.clone())?; - - let public_inputs_size = recursion_proof0.public_inputs.len(); - assert_eq!(VM_PUBLIC_INPUT_SIZE, public_inputs_size); - assert_eq!(public_inputs_size, recursion_proof1.public_inputs.len()); - - // It is not possible to verify different VM proofs with the same recursion - // circuit. - let result = panic::catch_unwind(AssertUnwindSafe(|| { - recursion_circuit0 - .circuit - .verify(recursion_proof1.clone()) - .expect("Verification failed"); - })); - assert!(result.is_err(), "Verification did not failed as expected"); - - let recursion_degree_bits0 = recursion_circuit0.circuit.common.degree_bits(); - let recursion_degree_bits1 = recursion_circuit1.circuit.common.degree_bits(); - assert_ne!(recursion_degree_bits0, recursion_degree_bits1); - info!("recursion circuit0 degree bits: {}", recursion_degree_bits0); - info!("recursion circuit1 degree bits: {}", recursion_degree_bits1); - - let target_degree_bits = VM_RECURSION_THRESHOLD_DEGREE_BITS; - let (final_circuit0, final_proof0) = shrink_to_target_degree_bits_circuit( - &recursion_circuit0.circuit, - &VM_RECURSION_CONFIG, - target_degree_bits, - &recursion_proof0, - )?; - let (final_circuit1, final_proof1) = shrink_to_target_degree_bits_circuit( - &recursion_circuit1.circuit, - &VM_RECURSION_CONFIG, - target_degree_bits, - &recursion_proof1, - )?; - assert_eq!( - final_circuit0.circuit.common.degree_bits(), - target_degree_bits - ); - assert_eq!( - final_circuit1.circuit.common.degree_bits(), - target_degree_bits - ); - - final_circuit0.circuit.verify(final_proof0.clone())?; - final_circuit1.circuit.verify(final_proof1.clone())?; - - // It is still not possible to verify different VM proofs with the same - // recursion circuit at this point. But the final proofs now have the same - // degree bits. - let result = panic::catch_unwind(AssertUnwindSafe(|| { - final_circuit0 - .circuit - .verify(final_proof1.clone()) - .expect("Verification failed"); - })); - assert!(result.is_err(), "Verification did not failed as expected"); - - // Let's build a circuit to verify the final proofs. - let mut builder = CircuitBuilder::new(CircuitConfig::standard_recursion_config()); - let targets = verify_recursive_vm_proof::( - &mut builder, - public_inputs_size, - &VM_RECURSION_CONFIG, - target_degree_bits, - ); - let circuit = builder.build::(); - - // This time, we can verify the final proofs from two different VM programs in - // the same circuit. - let mut pw = PartialWitness::new(); - pw.set_proof_with_pis_target(&targets.proof_with_pis_target, &final_proof0); - pw.set_verifier_data_target(&targets.vk_target, &final_circuit0.circuit.verifier_only); - let proof = circuit.prove(pw)?; - circuit.verify(proof)?; - - let mut pw = PartialWitness::new(); - pw.set_proof_with_pis_target(&targets.proof_with_pis_target, &final_proof1); - pw.set_verifier_data_target(&targets.vk_target, &final_circuit1.circuit.verifier_only); - let proof = circuit.prove(pw)?; - circuit.verify(proof)?; - - Ok(()) + todo!() + // let stark = S::default(); + // let inst = Instruction { + // op: Op::ADD, + // args: Args { + // rd: 5, + // rs1: 6, + // rs2: 7, + // ..Args::default() + // }, + // }; + + // let (program0, record0) = code::execute([inst], &[], &[(6, 100), (7, + // 200)]); let public_inputs = PublicInputs { + // entry_point: from_u32(program0.entry_point), + // }; + // let stark_config0 = StarkConfig::standard_fast_config(); + // let mozak_proof0 = prove::( + // &program0, + // &record0, + // &stark, + // &stark_config0, + // public_inputs, + // &mut TimingTree::default(), + // )?; + + // let (program1, record1) = code::execute(vec![inst; 128], &[], &[(6, + // 100), (7, 200)]); let public_inputs = PublicInputs { + // entry_point: from_u32(program1.entry_point), + // }; + // let stark_config1 = StarkConfig::standard_fast_config(); + // let mozak_proof1 = prove::( + // &program1, + // &record1, + // &stark, + // &stark_config1, + // public_inputs, + // &mut TimingTree::default(), + // )?; + + // // The degree bits should be different for the two proofs. + // assert_ne!( + // mozak_proof0.degree_bits(&stark_config0), + // mozak_proof1.degree_bits(&stark_config1) + // ); + + // let recursion_circuit_config = + // CircuitConfig::standard_recursion_config(); + // let recursion_circuit0 = recursive_mozak_stark_circuit::( + // &stark, + // &mozak_proof0.degree_bits(&stark_config0), + // &recursion_circuit_config, + // &stark_config0, + // ); + // let recursion_proof0 = recursion_circuit0.prove(&mozak_proof0)?; + + // let recursion_circuit1 = recursive_mozak_stark_circuit::( + // &stark, + // &mozak_proof1.degree_bits(&stark_config1), + // &recursion_circuit_config, + // &stark_config1, + // ); + // let recursion_proof1 = recursion_circuit1.prove(&mozak_proof1)?; + + // // recursion_circuit0 + // // .circuit + // // .verify(recursion_proof0.clone())?; + + // let public_inputs_size = recursion_proof0.public_inputs.len(); + // assert_eq!(VM_PUBLIC_INPUT_SIZE, public_inputs_size); + // assert_eq!(public_inputs_size, recursion_proof1.public_inputs.len()); + + // // It is not possible to verify different VM proofs with the same + // recursion // circuit. + // let result = panic::catch_unwind(AssertUnwindSafe(|| { + // recursion_circuit0 + // .circuit + // .verify(recursion_proof1.clone()) + // .expect("Verification failed"); + // })); + // assert!(result.is_err(), "Verification did not failed as expected"); + + // let recursion_degree_bits0 = + // recursion_circuit0.circuit.common.degree_bits(); + // let recursion_degree_bits1 = + // recursion_circuit1.circuit.common.degree_bits(); + // assert_ne!(recursion_degree_bits0, recursion_degree_bits1); + // info!("recursion circuit0 degree bits: {}", recursion_degree_bits0); + // info!("recursion circuit1 degree bits: {}", recursion_degree_bits1); + + // let target_degree_bits = VM_RECURSION_THRESHOLD_DEGREE_BITS; + // let (final_circuit0, final_proof0) = + // shrink_to_target_degree_bits_circuit( + // &recursion_circuit0.circuit, + // &VM_RECURSION_CONFIG, + // target_degree_bits, + // &recursion_proof0, + // )?; + // let (final_circuit1, final_proof1) = + // shrink_to_target_degree_bits_circuit( + // &recursion_circuit1.circuit, + // &VM_RECURSION_CONFIG, + // target_degree_bits, + // &recursion_proof1, + // )?; + // assert_eq!( + // final_circuit0.circuit.common.degree_bits(), + // target_degree_bits + // ); + // assert_eq!( + // final_circuit1.circuit.common.degree_bits(), + // target_degree_bits + // ); + + // final_circuit0.circuit.verify(final_proof0.clone())?; + // final_circuit1.circuit.verify(final_proof1.clone())?; + + // // It is still not possible to verify different VM proofs with the + // same // recursion circuit at this point. But the final proofs + // now have the same // degree bits. + // let result = panic::catch_unwind(AssertUnwindSafe(|| { + // final_circuit0 + // .circuit + // .verify(final_proof1.clone()) + // .expect("Verification failed"); + // })); + // assert!(result.is_err(), "Verification did not failed as expected"); + + // // Let's build a circuit to verify the final proofs. + // let mut builder = + // CircuitBuilder::new(CircuitConfig::standard_recursion_config()); + // let targets = verify_recursive_vm_proof::( + // &mut builder, + // public_inputs_size, + // &VM_RECURSION_CONFIG, + // target_degree_bits, + // ); + // let circuit = builder.build::(); + + // // This time, we can verify the final proofs from two different VM + // programs in // the same circuit. + // let mut pw = PartialWitness::new(); + // pw.set_proof_with_pis_target(&targets.proof_with_pis_target, + // &final_proof0); pw.set_verifier_data_target(&targets. + // vk_target, &final_circuit0.circuit.verifier_only); + // let proof = circuit.prove(pw)?; + // circuit.verify(proof)?; + + // let mut pw = PartialWitness::new(); + // pw.set_proof_with_pis_target(&targets.proof_with_pis_target, + // &final_proof1); pw.set_verifier_data_target(&targets. + // vk_target, &final_circuit1.circuit.verifier_only); + // let proof = circuit.prove(pw)?; + // circuit.verify(proof)?; + + // Ok(()) } } diff --git a/circuits/src/stark/verifier.rs b/circuits/src/stark/verifier.rs index 68f3e3772..d45e0d31f 100644 --- a/circuits/src/stark/verifier.rs +++ b/circuits/src/stark/verifier.rs @@ -12,18 +12,19 @@ use plonky2::plonk::plonk_common::reduce_with_powers; use starky::config::StarkConfig; use starky::constraint_consumer::ConstraintConsumer; use starky::evaluation_frame::StarkEvaluationFrame; +use starky::proof::{MultiProof, StarkProofWithMetadata}; use starky::stark::{LookupConfig, Stark}; use super::mozak_stark::{all_starks, MozakStark, TableKind, TableKindSetBuilder}; use super::proof::AllProof; -use crate::cross_table_lookup::{verify_cross_table_lookups_and_public_sub_tables, CtlCheckVars}; +use crate::cross_table_lookup::CtlCheckVars; use crate::stark::poly::eval_vanishing_poly; use crate::stark::proof::{AllProofChallenges, StarkOpeningSet, StarkProof, StarkProofChallenges}; #[allow(clippy::too_many_lines)] pub fn verify_proof( mozak_stark: &MozakStark, - all_proof: AllProof, + all_proof: &AllProof, config: &StarkConfig, ) -> Result<()> where @@ -37,25 +38,41 @@ where } = all_proof.get_challenges(config); ensure!( - all_proof.proofs[TableKind::Program].trace_cap == all_proof.program_rom_trace_cap, + all_proof.proofs[TableKind::Program].proof.trace_cap == all_proof.program_rom_trace_cap, "Mismatch between Program ROM trace caps" ); ensure!( - all_proof.proofs[TableKind::ElfMemoryInit].trace_cap == all_proof.elf_memory_init_trace_cap, + all_proof.proofs[TableKind::ElfMemoryInit].proof.trace_cap + == all_proof.elf_memory_init_trace_cap, "Mismatch between ElfMemoryInit trace caps" ); ensure!( - all_proof.proofs[TableKind::MozakMemoryInit].trace_cap + all_proof.proofs[TableKind::MozakMemoryInit].proof.trace_cap == all_proof.mozak_memory_init_trace_cap, "Mismatch between MozakMemoryInit trace caps" ); - let ctl_vars_per_table = CtlCheckVars::from_proofs( - &all_proof.proofs, + let num_lookup_columns = all_starks!(mozak_stark, |stark, kind| stark + .num_lookup_helper_columns(config)) + .0; + let multi_proof = MultiProof { + // TODO(Matthias): this is also a bit silly. But proofs are small-ish, and we only clone + // once. + stark_proofs: all_proof.proofs.0.clone(), + // TODO(Matthias): we only use the multi_proof once, and that usage doesn't actualyl read + // the ctl-challenges. That's probably a sloppiness in plonky2. + ctl_challenges: ctl_challenges.clone(), + }; + let ctl_vars_per_table = starky::cross_table_lookup::get_ctl_vars_from_proofs( + // &all_proof.proofs, + &multi_proof, &mozak_stark.cross_table_lookups, &ctl_challenges, + &num_lookup_columns, + // TODO(Matthias): perhaps don't hardcode this? + 3, ); let public_inputs = TableKindSetBuilder::<&[_]> { @@ -64,131 +81,29 @@ where } .build(); all_starks!(mozak_stark, |stark, kind| { - verify_stark_proof_with_challenges( + starky::verifier::verify_stark_proof_with_challenges( stark, - &all_proof.proofs[kind], + &all_proof.proofs.each_ref()[kind].proof, &stark_challenges[kind], + Some(&ctl_vars_per_table[kind as usize]), public_inputs[kind], - &ctl_vars_per_table[kind], config, )?; }); - verify_cross_table_lookups_and_public_sub_tables::( + starky::cross_table_lookup::verify_cross_table_lookups( &mozak_stark.cross_table_lookups, - &all_proof.all_ctl_zs_last(), + all_proof + .proofs + .each_ref() + .map(|p| p.proof.openings.ctl_zs_first.clone().unwrap()) + .0, + // TODO(Matthias): zk_evm uses this to simulate our pub sub mechanism in a different way. + None, config, )?; Ok(()) } -pub(crate) fn verify_stark_proof_with_challenges< - F: RichField + Extendable, - C: GenericConfig, - S: Stark, - const D: usize, ->( - stark: &S, - proof: &StarkProof, - challenges: &StarkProofChallenges, - public_inputs: &[F], - ctl_vars: &[CtlCheckVars], - config: &StarkConfig, -) -> Result<()> -where -{ - validate_proof_shape(stark, proof, config, ctl_vars.len())?; - let StarkOpeningSet { - local_values, - next_values, - ctl_zs: _, - ctl_zs_next: _, - ctl_zs_last, - quotient_polys, - } = &proof.openings; - - let vars = S::EvaluationFrame::from_values( - local_values, - next_values, - &public_inputs - .iter() - .map(|pi| F::Extension::from_basefield(*pi)) - .collect_vec(), - ); - - let degree_bits = proof.recover_degree_bits(config); - let (l_0, l_last) = eval_l_0_and_l_last(degree_bits, challenges.stark_zeta); - let last = F::primitive_root_of_unity(degree_bits).inverse(); - let z_last = challenges.stark_zeta - last.into(); - let mut consumer = ConstraintConsumer::::new( - challenges - .stark_alphas - .iter() - .map(|&alpha| F::Extension::from_basefield(alpha)) - .collect::>(), - z_last, - l_0, - l_last, - ); - eval_vanishing_poly::( - stark, - &vars, - ctl_vars, - &mut consumer, - ); - let vanishing_polys_zeta = consumer.accumulators(); - - // Check each polynomial identity, of the form `vanishing(x) = Z_H(x) - // quotient(x)`, at zeta. - let zeta_pow_deg = challenges.stark_zeta.exp_power_of_2(degree_bits); - let z_h_zeta = zeta_pow_deg - F::Extension::ONE; - // `quotient_polys_zeta` holds `num_challenges * quotient_degree_factor` - // evaluations. Each chunk of `quotient_degree_factor` holds the evaluations - // of `t_0(zeta),...,t_{quotient_degree_factor-1}(zeta)` where the "real" - // quotient polynomial is `t(X) = t_0(X) + t_1(X)*X^n + t_2(X)*X^{2n} + ...`. - // So to reconstruct `t(zeta)` we can compute `reduce_with_powers(chunk, - // zeta^n)` for each `quotient_degree_factor`-sized chunk of the original - // evaluations. - for (i, chunk) in quotient_polys - .chunks(stark.quotient_degree_factor()) - .enumerate() - { - ensure!( - vanishing_polys_zeta[i] == z_h_zeta * reduce_with_powers(chunk, zeta_pow_deg), - "Mismatch between evaluation and opening of quotient polynomial" - ); - } - - let merkle_caps = vec![ - proof.trace_cap.clone(), - proof.ctl_zs_cap.clone(), - proof.quotient_polys_cap.clone(), - ]; - - // Make sure that we do not use Starky's lookups. - assert!(!stark.requires_ctls()); - assert!(!stark.uses_lookups()); - verify_fri_proof::( - &stark.fri_instance( - challenges.stark_zeta, - F::primitive_root_of_unity(degree_bits), - 0, - vec![], - config, - Some(&LookupConfig { - degree_bits, - num_zs: ctl_zs_last.len(), - }), - ), - &proof.openings.to_fri_openings(), - &challenges.fri_challenges, - &merkle_caps, - &proof.opening_proof, - &config.fri_params(degree_bits), - )?; - - Ok(()) -} - fn validate_proof_shape( stark: &S, proof: &StarkProof, diff --git a/circuits/src/tape_commitments/stark.rs b/circuits/src/tape_commitments/stark.rs index 08202cfda..ce01cf3db 100644 --- a/circuits/src/tape_commitments/stark.rs +++ b/circuits/src/tape_commitments/stark.rs @@ -54,6 +54,8 @@ impl, const D: usize> Stark for TapeCommitmen type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { true } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, @@ -195,58 +197,59 @@ mod tests { #[test] fn test_tape_commitment_recursive_prover() -> Result<(), anyhow::Error> { - let mut rng = rand::thread_rng(); - // generate tapes with random bytes - let cast_list_commitment_tape: [u8; COMMITMENT_SIZE] = rng.gen(); - let events_commitment_tape: [u8; COMMITMENT_SIZE] = rng.gen(); - let code = io_read_tape_commitments_code(); - let (program, record) = - code::execute_code_with_ro_memory(code, &[], &[], &[], RuntimeArguments { - events_commitment_tape, - cast_list_commitment_tape, - ..Default::default() - }); - let stark = MozakStark::::default(); - let config = StarkConfig::standard_fast_config(); - let public_inputs = PublicInputs { - entry_point: from_u32(program.entry_point), - }; - let mozak_proof = prove::( - &program, - &record, - &stark, - &config, - public_inputs, - &mut TimingTree::default(), - )?; - verify_proof(&stark, mozak_proof.clone(), &config)?; + todo!() + // let mut rng = rand::thread_rng(); + // // generate tapes with random bytes + // let cast_list_commitment_tape: [u8; COMMITMENT_SIZE] = rng.gen(); + // let events_commitment_tape: [u8; COMMITMENT_SIZE] = rng.gen(); + // let code = io_read_tape_commitments_code(); + // let (program, record) = + // code::execute_code_with_ro_memory(code, &[], &[], &[], + // RuntimeArguments { events_commitment_tape, + // cast_list_commitment_tape, + // ..Default::default() + // }); + // let stark = MozakStark::::default(); + // let config = StarkConfig::standard_fast_config(); + // let public_inputs = PublicInputs { + // entry_point: from_u32(program.entry_point), + // }; + // let mozak_proof = prove::( + // &program, + // &record, + // &stark, + // &config, + // public_inputs, + // &mut TimingTree::default(), + // )?; + // verify_proof(&stark, mozak_proof.clone(), &config)?; - let circuit_config = CircuitConfig::standard_recursion_config(); - let mozak_stark_circuit = recursive_mozak_stark_circuit::( - &stark, - &mozak_proof.degree_bits(&config), - &circuit_config, - &config, - ); + // let circuit_config = CircuitConfig::standard_recursion_config(); + // let mozak_stark_circuit = recursive_mozak_stark_circuit::( + // &stark, + // &mozak_proof.degree_bits(&config), + // &circuit_config, + // &config, + // ); - let recursive_proof = mozak_stark_circuit.prove(&mozak_proof)?; - let public_input_slice: [F; VM_PUBLIC_INPUT_SIZE] = - recursive_proof.public_inputs.as_slice().try_into().unwrap(); - let recursive_proof_public_inputs: &VMRecursiveProofPublicInputs = - &public_input_slice.into(); + // let recursive_proof = mozak_stark_circuit.prove(&mozak_proof)?; + // let public_input_slice: [F; VM_PUBLIC_INPUT_SIZE] = + // recursive_proof.public_inputs.as_slice().try_into().unwrap(); + // let recursive_proof_public_inputs: &VMRecursiveProofPublicInputs = + // &public_input_slice.into(); - // assert that the commitment tapes match those in pubilc inputs - assert_eq!( - recursive_proof_public_inputs.event_commitment_tape, - events_commitment_tape.map(F::from_canonical_u8), - "Mismatch in events commitment tape in public inputs" - ); - assert_eq!( - recursive_proof_public_inputs.castlist_commitment_tape, - cast_list_commitment_tape.map(F::from_canonical_u8), - "Mismatch in cast list commitment tape in public inputs" - ); - mozak_stark_circuit.circuit.verify(recursive_proof) + // // assert that the commitment tapes match those in pubilc inputs + // assert_eq!( + // recursive_proof_public_inputs.event_commitment_tape, + // events_commitment_tape.map(F::from_canonical_u8), + // "Mismatch in events commitment tape in public inputs" + // ); + // assert_eq!( + // recursive_proof_public_inputs.castlist_commitment_tape, + // cast_list_commitment_tape.map(F::from_canonical_u8), + // "Mismatch in cast list commitment tape in public inputs" + // ); + // mozak_stark_circuit.circuit.verify(recursive_proof) } #[test] diff --git a/circuits/src/test_utils.rs b/circuits/src/test_utils.rs index e5d7ba026..c910af3ed 100644 --- a/circuits/src/test_utils.rs +++ b/circuits/src/test_utils.rs @@ -464,7 +464,7 @@ pub fn prove_and_verify_mozak_stark( public_inputs, &mut TimingTree::default(), )?; - verify_proof(&stark, all_proof, config) + verify_proof(&stark, &all_proof, config) } /// Interpret a u64 as a field element and try to invert it. diff --git a/cli/src/main.rs b/cli/src/main.rs index 188702a9f..f95e5db63 100644 --- a/cli/src/main.rs +++ b/cli/src/main.rs @@ -180,43 +180,43 @@ fn main() -> Result<()> { &mut TimingTree::default(), )?; - let serialized = serde_json::to_string(&all_proof).unwrap(); - proof.write_all(serialized.as_bytes())?; + // let serialized = serde_json::to_string(&all_proof).unwrap(); + // proof.write_all(serialized.as_bytes())?; - // Generate recursive proof - if let Some(mut recursive_proof_output) = recursive_proof { - let degree_bits = all_proof.degree_bits(&config); - let recursive_circuit = recursive_mozak_stark_circuit::( - &stark, - °ree_bits, - &VM_RECURSION_CONFIG, - &config, - ); + // // Generate recursive proof + // if let Some(mut recursive_proof_output) = recursive_proof { + // let degree_bits = all_proof.degree_bits(&config); + // let recursive_circuit = recursive_mozak_stark_circuit::( + // &stark, + // °ree_bits, + // &VM_RECURSION_CONFIG, + // &config, + // ); - let recursive_all_proof = recursive_circuit.prove(&all_proof)?; + // let recursive_all_proof = recursive_circuit.prove(&all_proof)?; - let (final_circuit, final_proof) = shrink_to_target_degree_bits_circuit( - &recursive_circuit.circuit, - &VM_RECURSION_CONFIG, - VM_RECURSION_THRESHOLD_DEGREE_BITS, - &recursive_all_proof, - )?; - assert_eq!( - final_circuit.circuit.common.num_public_inputs, - VM_PUBLIC_INPUT_SIZE - ); + // let (final_circuit, final_proof) = shrink_to_target_degree_bits_circuit( + // &recursive_circuit.circuit, + // &VM_RECURSION_CONFIG, + // VM_RECURSION_THRESHOLD_DEGREE_BITS, + // &recursive_all_proof, + // )?; + // assert_eq!( + // final_circuit.circuit.common.num_public_inputs, + // VM_PUBLIC_INPUT_SIZE + // ); - let s = final_proof.to_bytes(); - recursive_proof_output.write_all(&s)?; + // let s = final_proof.to_bytes(); + // recursive_proof_output.write_all(&s)?; - // Generate the verifier key file - let mut vk_output_path = recursive_proof_output.path().clone(); - vk_output_path.set_extension("vk"); - let mut vk_output = vk_output_path.create()?; + // // Generate the verifier key file + // let mut vk_output_path = recursive_proof_output.path().clone(); + // vk_output_path.set_extension("vk"); + // let mut vk_output = vk_output_path.create()?; - let bytes = final_circuit.circuit.verifier_only.to_bytes().unwrap(); - vk_output.write_all(&bytes)?; - } + // let bytes = final_circuit.circuit.verifier_only.to_bytes().unwrap(); + // vk_output.write_all(&bytes)?; + // } debug!("proof generated successfully!"); } @@ -316,12 +316,14 @@ fn main() -> Result<()> { } Command::Verify { mut proof } => { - let stark = S::default(); - let mut buffer: Vec = vec![]; - proof.read_to_end(&mut buffer)?; - let all_proof: AllProof = serde_json::from_slice(&buffer)?; - verify_proof(&stark, all_proof, &config)?; - println!("proof verified successfully!"); + todo!() + // let stark = S::default(); + // let mut buffer: Vec = vec![]; + // proof.read_to_end(&mut buffer)?; + // let all_proof: AllProof = + // serde_json::from_slice(&buffer)?; verify_proof(& + // stark, all_proof, &config)?; println!("proof verified + // successfully!"); } Command::VerifyRecursiveProof { mut proof, From d65aaa9db3a17ad61f21df2005ca2c5f654d960f Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 11:36:22 +0800 Subject: [PATCH 16/46] Try to make basic proving and verification work --- circuits/src/stark/recursive_verifier.rs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/circuits/src/stark/recursive_verifier.rs b/circuits/src/stark/recursive_verifier.rs index 6551bf5a9..d7c36daee 100644 --- a/circuits/src/stark/recursive_verifier.rs +++ b/circuits/src/stark/recursive_verifier.rs @@ -125,14 +125,15 @@ where C: GenericConfig, C::Hasher: AlgebraicHasher, { - pub fn prove(&self, all_proof: &AllProof) -> Result> { + pub fn prove(&self, all_proof: &AllProof) -> Result> { let mut inputs = PartialWitness::new(); - // let proof = starky::proof::StarkProof::from(proof); - // TODO(Matthias): not sure we need this, if we don't have the pub sub feature? - all_kind!(|kind| { - self.targets[kind].set_targets(&mut inputs, &all_proof.proofs[kind]); - }); + // How are zk_evm handling their public inputs? + // // let proof = starky::proof::StarkProof::from(proof); + // // TODO(Matthias): not sure we need this, if we don't have the pub sub feature? + // all_kind!(|kind| { + // self.targets[kind].set_targets(&mut inputs, &all_proof.proofs[kind]); + // }); // Set public inputs let cpu_target = &self.targets[TableKind::Cpu].stark_proof_with_pis_target; From 1c8b93c8218fa0df2d5259af88d82a6036d8acb7 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 11:55:49 +0800 Subject: [PATCH 17/46] Use my branch --- Cargo.toml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 088bf3aec..634287e64 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,9 +57,9 @@ starky = { version = "0", default-features = false } plonky2_crypto = { git = "https://github.com/0xmozak/plonky2-crypto.git" } [patch.crates-io] -plonky2 = { path = "../plonky2/plonky2" } -plonky2_maybe_rayon = { path = "../plonky2/maybe_rayon" } -starky = { path = "../plonky2/starky" } -# plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } -# plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } -# starky = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +# plonky2 = { path = "../plonky2/plonky2" } +# plonky2_maybe_rayon = { path = "../plonky2/maybe_rayon" } +# starky = { path = "../plonky2/starky" } +plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +starky = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } From 0dc5c0b7ac4887de02fd32a82774b0ac65344f23 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 11:57:31 +0800 Subject: [PATCH 18/46] Update --- Cargo.lock | 33 ++++++++------------------------- sdk/Cargo.lock | 20 ++++++++++---------- sdk/Cargo.toml | 4 ++-- 3 files changed, 20 insertions(+), 37 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4ea059630..df816eaa0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1146,6 +1146,7 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "ahash", "anyhow", @@ -1186,6 +1187,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1200,6 +1202,7 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "rayon", ] @@ -1207,6 +1210,7 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" [[package]] name = "plotters" @@ -1662,6 +1666,7 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "ahash", "anyhow", @@ -2062,37 +2067,15 @@ dependencies = [ "wasm-bindgen", ] -[[package]] -name = "winapi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] - -[[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - [[package]] name = "winapi-util" -version = "0.1.6" +version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" +checksum = "134306a13c5647ad6453e8deaec55d3a44d6021970129e6188735e74bf546697" dependencies = [ - "winapi", + "windows-sys 0.52.0", ] -[[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - [[package]] name = "windows-core" version = "0.52.0" diff --git a/sdk/Cargo.lock b/sdk/Cargo.lock index ed02ad87e..c55ee6718 100644 --- a/sdk/Cargo.lock +++ b/sdk/Cargo.lock @@ -307,8 +307,8 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "plonky2" -version = "0.2.1" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "ahash", "anyhow", @@ -329,8 +329,8 @@ dependencies = [ [[package]] name = "plonky2_field" -version = "0.2.1" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "anyhow", "itertools", @@ -345,12 +345,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git#51f540a0e2a9bd9d6fc6234c6e62d167eaa7c707" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" [[package]] name = "ppv-lite86" @@ -547,9 +547,9 @@ checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" [[package]] name = "syn" -version = "2.0.59" +version = "2.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a6531ffc7b071655e4ce2e04bd464c4830bb585a61cabb96cf808f05172615a" +checksum = "909518bc7b1c9b779f1bbf07f2929d35af9f0f37e47c6e9ef7f9dddc1e1821f3" dependencies = [ "proc-macro2", "quote", @@ -609,9 +609,9 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.22.9" +version = "0.22.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e40bb779c5187258fd7aad0eb68cb8706a0a81fa712fbea808ab43c4b8374c4" +checksum = "d3328d4f68a705b2a4498da1d580585d39a6510f98318a2cec3018a7ec61ddef" dependencies = [ "indexmap", "serde", diff --git a/sdk/Cargo.toml b/sdk/Cargo.toml index cd71b3e56..292798d0a 100644 --- a/sdk/Cargo.toml +++ b/sdk/Cargo.toml @@ -17,8 +17,8 @@ rkyv_derive = "=0.8.0-alpha.1" [target.'cfg(not(target_os="mozakvm"))'.dependencies] hex = "0.4" -plonky2 = { path = "../../plonky2/plonky2" } -# plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables", default-features = false } +# plonky2 = { path = "../../plonky2/plonky2" } +plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables", default-features = false } rand = "0.8" rand_chacha = "0.3" serde = { version = "1.0", features = ["derive"] } From b51474a94afd17b0b78b573313a1b6310d656524 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 12:37:00 +0800 Subject: [PATCH 19/46] Simpler --- Cargo.lock | 6 +- Cargo.toml | 12 +- circuits/src/cross_table_lookup.rs | 161 +------------------ circuits/src/stark/mod.rs | 1 - circuits/src/stark/poly.rs | 163 ------------------- circuits/src/stark/proof.rs | 60 +------ circuits/src/stark/prover.rs | 4 +- circuits/src/stark/recursive_verifier.rs | 190 ++++++++++++----------- circuits/src/stark/verifier.rs | 102 +----------- circuits/src/tape_commitments/stark.rs | 12 +- cli/src/main.rs | 66 ++++---- examples/Cargo.lock | 65 +------- sdk/Cargo.toml | 4 +- 13 files changed, 159 insertions(+), 687 deletions(-) delete mode 100644 circuits/src/stark/poly.rs diff --git a/Cargo.lock b/Cargo.lock index df816eaa0..378a0960f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1146,7 +1146,6 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "ahash", "anyhow", @@ -1187,7 +1186,6 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1202,7 +1200,6 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "rayon", ] @@ -1210,7 +1207,6 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" [[package]] name = "plotters" @@ -1666,7 +1662,6 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "ahash", "anyhow", @@ -1677,6 +1672,7 @@ dependencies = [ "plonky2", "plonky2_maybe_rayon", "plonky2_util", + "serde", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 634287e64..088bf3aec 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,9 +57,9 @@ starky = { version = "0", default-features = false } plonky2_crypto = { git = "https://github.com/0xmozak/plonky2-crypto.git" } [patch.crates-io] -# plonky2 = { path = "../plonky2/plonky2" } -# plonky2_maybe_rayon = { path = "../plonky2/maybe_rayon" } -# starky = { path = "../plonky2/starky" } -plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } -plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } -starky = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +plonky2 = { path = "../plonky2/plonky2" } +plonky2_maybe_rayon = { path = "../plonky2/maybe_rayon" } +starky = { path = "../plonky2/starky" } +# plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +# plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +# starky = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } diff --git a/circuits/src/cross_table_lookup.rs b/circuits/src/cross_table_lookup.rs index 02d29210a..8c1e2d955 100644 --- a/circuits/src/cross_table_lookup.rs +++ b/circuits/src/cross_table_lookup.rs @@ -1,18 +1,13 @@ use core::ops::Neg; -use anyhow::{ensure, Result}; use itertools::{iproduct, izip, zip_eq}; -use plonky2::field::extension::{Extendable, FieldExtension}; -use plonky2::field::packed::PackedField; -use plonky2::field::polynomial::PolynomialValues; +use plonky2::field::extension::Extendable; use plonky2::field::types::Field; use plonky2::hash::hash_types::RichField; use plonky2::iop::ext_target::ExtensionTarget; use plonky2::iop::target::Target; use plonky2::plonk::circuit_builder::CircuitBuilder; -use plonky2::plonk::config::GenericConfig; -use starky::config::StarkConfig; -use starky::constraint_consumer::{ConstraintConsumer, RecursiveConstraintConsumer}; +use starky::constraint_consumer::RecursiveConstraintConsumer; use starky::cross_table_lookup as starky_ctl; use starky::evaluation_frame::StarkEvaluationFrame; use starky::stark::Stark; @@ -21,9 +16,9 @@ use thiserror::Error; pub use crate::linear_combination::Column; use crate::linear_combination::ColumnSparse; pub use crate::linear_combination_typed::ColumnWithTypedInput; -use crate::stark::mozak_stark::{all_kind, Table, TableKind, TableKindArray, TableWithTypedOutput}; +use crate::stark::mozak_stark::{Table, TableKind, TableWithTypedOutput}; use crate::stark::permutation::challenge::{GrandProductChallenge, GrandProductChallengeSet}; -use crate::stark::proof::{StarkProof, StarkProofTarget}; +use crate::stark::proof::StarkProofTarget; #[derive(Error, Debug)] pub enum LookupError { @@ -31,36 +26,6 @@ pub enum LookupError { InconsistentTableRows, } -#[derive(Clone, Default)] -pub struct CtlData { - pub(crate) zs_columns: Vec>, -} - -impl CtlData { - #[must_use] - pub fn len(&self) -> usize { self.zs_columns.len() } - - #[must_use] - pub fn is_empty(&self) -> bool { self.zs_columns.is_empty() } - - #[must_use] - pub fn z_polys(&self) -> Vec> { - self.zs_columns - .iter() - .map(|zs_column| zs_column.z.clone()) - .collect() - } -} - -/// Cross-table lookup data associated with one Z(x) polynomial. -#[derive(Clone)] -pub(crate) struct CtlZData { - pub(crate) z: PolynomialValues, - pub(crate) challenge: GrandProductChallenge, - pub(crate) columns: Vec, - pub(crate) filter_column: Column, -} - /// Treat CTL and the challenge as a single entity. /// /// Logically, the CTL specifies a linear transformation, and so does the @@ -79,45 +44,6 @@ pub fn compose_ctl_with_challenge( + challenge.gamma } -pub fn partial_sums( - trace: &[PolynomialValues], - columns: &[Column], - filter_column: &Column, - challenge: GrandProductChallenge, -) -> PolynomialValues { - // design of table looks like this - // | multiplicity | value | partial_sum | - // | 1 | x_1 | 1/combine(x_1) | - // | 0 | x_2 | 1/combine(x_1) | - // | 2 | x_3 | 1/combine(x_1) + 2/combine(x_3) | - // (where combine(vals) = gamma + reduced_sum(vals, beta)) - // transition constraint looks like - // z_next = z_local + filter_local/combine_local - - let filter_column = filter_column.to_field(); - let get_multiplicity = |&i| -> F { filter_column.eval_table(trace, i) }; - - let columns: Vec> = columns.iter().map(Column::to_field).collect(); - let prepped = compose_ctl_with_challenge(&columns, challenge); - let get_data = |&i| -> F { prepped.eval_table(trace, i) }; - - let degree = trace[0].len(); - let mut degrees = (0..degree).collect::>(); - degrees.rotate_right(1); - - let multiplicities: Vec = degrees.iter().map(get_multiplicity).collect(); - let data: Vec = degrees.iter().map(get_data).collect(); - let inv_data = F::batch_multiplicative_inverse(&data); - - izip!(multiplicities, inv_data) - .scan(F::ZERO, |partial_sum: &mut F, (multiplicity, inv)| { - *partial_sum += multiplicity * inv; - Some(*partial_sum) - }) - .collect::>() - .into() -} - #[allow(clippy::module_name_repetitions)] #[derive(Clone, Debug)] pub struct CrossTableLookupWithTypedOutput { @@ -178,85 +104,6 @@ impl CrossTableLookupWithTypedOutput { } } -#[derive(Clone)] -pub struct CtlCheckVars<'a, F, FE, P, const D2: usize> -where - F: Field, - FE: FieldExtension, - P: PackedField, { - pub(crate) local_z: P, - pub(crate) next_z: P, - pub(crate) challenges: GrandProductChallenge, - pub(crate) columns: &'a [Column], - pub(crate) filter_column: &'a Column, -} - -impl<'a, F: RichField + Extendable, const D: usize> - CtlCheckVars<'a, F, F::Extension, F::Extension, D> -{ - pub(crate) fn from_proofs>( - proofs: &TableKindArray>, - cross_table_lookups: &'a [CrossTableLookup], - ctl_challenges: &'a GrandProductChallengeSet, - ) -> TableKindArray> { - let mut ctl_zs = proofs - .each_ref() - .map(|p| izip!(&p.openings.ctl_zs, &p.openings.ctl_zs_next)); - - let mut ctl_vars_per_table = all_kind!(|_kind| vec![]); - let ctl_chain = cross_table_lookups - .iter() - .flat_map(|ctl| &ctl.looking_tables); - for (&challenges, table) in iproduct!(&ctl_challenges.challenges, ctl_chain) { - let (&local_z, &next_z) = ctl_zs[table.kind].next().unwrap(); - ctl_vars_per_table[table.kind].push(Self { - local_z, - next_z, - challenges, - columns: &table.columns, - filter_column: &table.filter_column, - }); - } - ctl_vars_per_table - } -} - -pub(crate) fn eval_cross_table_lookup_checks( - vars: &S::EvaluationFrame, - ctl_vars: &[CtlCheckVars], - consumer: &mut ConstraintConsumer

, -) where - F: RichField + Extendable, - FE: FieldExtension, - P: PackedField, - S: Stark, { - for lookup_vars in ctl_vars { - let CtlCheckVars { - local_z, - next_z, - challenges, - columns, - filter_column, - } = lookup_vars; - let local_values = vars.get_local_values(); - let next_values = vars.get_next_values(); - - let combine = |lv: &[P], nv: &[P]| -> P { - let evals = columns.iter().map(|c| c.eval(lv, nv)).collect::>(); - challenges.combine(evals.iter()) - }; - let combination = combine(local_values, next_values); - let multiplicity = |lv: &[P], nv: &[P]| -> P { filter_column.eval(lv, nv) }; - let multiplicity = multiplicity(local_values, next_values); - - // Check value of `Z(1) = filter(w^(n-1))/combined(w^(n-1))` - consumer.constraint_last_row(*next_z * combination - multiplicity); - - // Check `Z(gw) - Z(w) = filter(w)/combined(w)` - consumer.constraint_transition((*next_z - *local_z) * combination - multiplicity); - } -} - #[derive(Clone)] pub struct CtlCheckVarsTarget<'a, const D: usize> { pub local_z: ExtensionTarget, diff --git a/circuits/src/stark/mod.rs b/circuits/src/stark/mod.rs index e5b66b1ca..d5b50e6b1 100644 --- a/circuits/src/stark/mod.rs +++ b/circuits/src/stark/mod.rs @@ -5,7 +5,6 @@ #[allow(clippy::module_name_repetitions)] pub mod mozak_stark; pub mod permutation; -pub mod poly; pub mod proof; pub mod prover; pub mod recursive_verifier; diff --git a/circuits/src/stark/poly.rs b/circuits/src/stark/poly.rs deleted file mode 100644 index c381acac9..000000000 --- a/circuits/src/stark/poly.rs +++ /dev/null @@ -1,163 +0,0 @@ -#![allow(clippy::too_many_arguments)] - -use plonky2::field::extension::{Extendable, FieldExtension}; -use plonky2::field::packed::PackedField; -use plonky2::field::polynomial::{PolynomialCoeffs, PolynomialValues}; -use plonky2::field::zero_poly_coset::ZeroPolyOnCoset; -use plonky2::fri::oracle::PolynomialBatch; -use plonky2::hash::hash_types::RichField; -use plonky2::plonk::circuit_builder::CircuitBuilder; -use plonky2::plonk::config::GenericConfig; -use plonky2::util::{log2_ceil, transpose}; -#[allow(clippy::wildcard_imports)] -use plonky2_maybe_rayon::*; -use starky::config::StarkConfig; -use starky::constraint_consumer::{ConstraintConsumer, RecursiveConstraintConsumer}; -use starky::evaluation_frame::StarkEvaluationFrame; -use starky::stark::Stark; - -use crate::cross_table_lookup::{ - eval_cross_table_lookup_checks, eval_cross_table_lookup_checks_circuit, CtlCheckVars, - CtlCheckVarsTarget, CtlData, -}; - -/// Computes the quotient polynomials `(sum alpha^i C_i(x)) / Z_H(x)` for -/// `alpha` in `alphas`, where the `C_i`s are the Stark constraints. -pub fn compute_quotient_polys<'a, F, P, C, S, const D: usize>( - stark: &S, - trace_commitment: &'a PolynomialBatch, - ctl_zs_commitment: &'a PolynomialBatch, - public_inputs: &[F], - ctl_data: &CtlData, - alphas: &[F], - degree_bits: usize, - config: &StarkConfig, -) -> Vec> -where - F: RichField + Extendable, - P: PackedField, - C: GenericConfig, - S: Stark, { - let degree = 1 << degree_bits; - let rate_bits = config.fri_config.rate_bits; - - let quotient_degree_bits = log2_ceil(stark.quotient_degree_factor()); - assert!( - quotient_degree_bits <= rate_bits, - "Having constraints of degree higher than the rate is not supported yet." - ); - let step = 1 << (rate_bits - quotient_degree_bits); - // When opening the `Z`s polys at the "next" point, need to look at the point - // `next_step` steps away. - let next_step = 1 << quotient_degree_bits; - - // Evaluation of the first Lagrange polynomial on the LDE domain. - let lagrange_first = PolynomialValues::selector(degree, 0).lde_onto_coset(quotient_degree_bits); - // Evaluation of the last Lagrange polynomial on the LDE domain. - let lagrange_last = - PolynomialValues::selector(degree, degree - 1).lde_onto_coset(quotient_degree_bits); - - let z_h_on_coset = ZeroPolyOnCoset::::new(degree_bits, quotient_degree_bits); - - // Retrieve the LDE values at index `i`. - let get_trace_values_packed = - |i_start| -> Vec

{ trace_commitment.get_lde_values_packed(i_start, step) }; - - // Last element of the subgroup. - let last = F::primitive_root_of_unity(degree_bits).inverse(); - let size = degree << quotient_degree_bits; - let coset = F::cyclic_subgroup_coset_known_order( - F::primitive_root_of_unity(degree_bits + quotient_degree_bits), - F::coset_shift(), - size, - ); - - // We will step by `P::WIDTH`, and in each iteration, evaluate the quotient - // polynomial at a batch of `P::WIDTH` points. - let quotient_values = (0..size) - .into_par_iter() - .step_by(P::WIDTH) - .flat_map_iter(|i_start| { - let i_next_start = (i_start + next_step) % size; - let i_range = i_start..i_start + P::WIDTH; - - let x = *P::from_slice(&coset[i_range.clone()]); - let z_last = x - last; - let lagrange_basis_first = *P::from_slice(&lagrange_first.values[i_range.clone()]); - let lagrange_basis_last = *P::from_slice(&lagrange_last.values[i_range]); - - let mut consumer = ConstraintConsumer::new( - alphas.to_vec(), - z_last, - lagrange_basis_first, - lagrange_basis_last, - ); - let vars = StarkEvaluationFrame::from_values( - &get_trace_values_packed(i_start), - &get_trace_values_packed(i_next_start), - public_inputs, - ); - let ctl_vars = ctl_data - .zs_columns - .iter() - .enumerate() - .map(|(i, zs_columns)| CtlCheckVars:: { - local_z: ctl_zs_commitment.get_lde_values_packed(i_start, step)[i], - next_z: ctl_zs_commitment.get_lde_values_packed(i_next_start, step)[i], - challenges: zs_columns.challenge, - columns: &zs_columns.columns, - filter_column: &zs_columns.filter_column, - }) - .collect::>(); - eval_vanishing_poly::(stark, &vars, &ctl_vars, &mut consumer); - let mut constraints_evals = consumer.accumulators(); - // We divide the constraints evaluations by `Z_H(x)`. - let denominator_inv: P = z_h_on_coset.eval_inverse_packed(i_start); - for eval in &mut constraints_evals { - *eval *= denominator_inv; - } - - let num_challenges = alphas.len(); - - (0..P::WIDTH).map(move |i| { - (0..num_challenges) - .map(|j| constraints_evals[j].as_slice()[i]) - .collect() - }) - }) - .collect::>(); - - transpose("ient_values) - .into_par_iter() - .map(PolynomialValues::new) - .map(|values| values.coset_ifft(F::coset_shift())) - .collect() -} - -#[allow(clippy::module_name_repetitions)] -pub fn eval_vanishing_poly( - stark: &S, - vars: &S::EvaluationFrame, - ctl_vars: &[CtlCheckVars], - consumer: &mut ConstraintConsumer

, -) where - F: RichField + Extendable, - FE: FieldExtension, - P: PackedField, - S: Stark, { - stark.eval_packed_generic(vars, consumer); - eval_cross_table_lookup_checks::(vars, ctl_vars, consumer); -} - -pub fn eval_vanishing_poly_circuit( - builder: &mut CircuitBuilder, - stark: &S, - vars: &S::EvaluationFrameTarget, - ctl_vars: &[CtlCheckVarsTarget], - consumer: &mut RecursiveConstraintConsumer, -) where - F: RichField + Extendable, - S: Stark, { - stark.eval_ext_circuit(builder, vars, consumer); - eval_cross_table_lookup_checks_circuit::(builder, vars, ctl_vars, consumer); -} diff --git a/circuits/src/stark/proof.rs b/circuits/src/stark/proof.rs index 9fbc0663e..135299804 100644 --- a/circuits/src/stark/proof.rs +++ b/circuits/src/stark/proof.rs @@ -11,14 +11,13 @@ use plonky2::iop::challenger::{Challenger, RecursiveChallenger}; use plonky2::iop::ext_target::ExtensionTarget; use plonky2::iop::target::Target; use plonky2::plonk::circuit_builder::CircuitBuilder; -use plonky2::plonk::config::{AlgebraicHasher, GenericConfig}; +use plonky2::plonk::config::{AlgebraicHasher, GenericConfig, Hasher}; #[allow(clippy::wildcard_imports)] use plonky2_maybe_rayon::*; use serde::{Deserialize, Serialize}; use starky::config::StarkConfig; use super::mozak_stark::{all_kind, PublicInputs, TableKindArray}; -use crate::stark::permutation::challenge::{GrandProductChallengeSet, GrandProductChallengeTrait}; #[allow(clippy::module_name_repetitions)] impl, C: GenericConfig, const D: usize> AllProof { @@ -55,52 +54,6 @@ impl, C: GenericConfig, const D: usize> S } pub fn num_ctl_zs(&self) -> usize { self.openings.ctl_zs_last.len() } - - /// Computes all Fiat-Shamir challenges used in the STARK proof. - pub(crate) fn get_challenges( - &self, - challenger: &mut Challenger, - config: &StarkConfig, - ) -> StarkProofChallenges { - let degree_bits = self.recover_degree_bits(config); - - let StarkProof { - ctl_zs_cap, - quotient_polys_cap, - openings, - opening_proof: - FriProof { - commit_phase_merkle_caps, - final_poly, - pow_witness, - .. - }, - .. - } = &self; - - let num_challenges = config.num_challenges; - - challenger.observe_cap(ctl_zs_cap); - - let stark_alphas = challenger.get_n_challenges(num_challenges); - - challenger.observe_cap(quotient_polys_cap); - let stark_zeta = challenger.get_extension_challenge::(); - - challenger.observe_openings(&openings.to_fri_openings()); - - StarkProofChallenges { - stark_alphas, - stark_zeta, - fri_challenges: challenger.fri_challenges::( - commit_phase_merkle_caps, - final_poly, - *pow_witness, - degree_bits, - &config.fri_config, - ), - } - } } #[derive(Clone, Debug, Eq, PartialEq)] @@ -315,7 +268,8 @@ impl StarkOpeningSetTarget { } #[allow(clippy::module_name_repetitions)] -#[derive(Clone, Debug)] +#[derive(Clone, Debug, Deserialize, Serialize)] +#[serde(bound = ">::Permutation: for<'a> Deserialize<'a> + Serialize")] pub struct AllProof, C: GenericConfig, const D: usize> { pub proofs: TableKindArray>, pub ctl_challenges: starky::lookup::GrandProductChallengeSet, @@ -360,12 +314,4 @@ impl, C: GenericConfig, const D: usize> A ctl_challenges, } } - - /// Returns the ordered openings of cross-table lookups `Z` polynomials at - /// `g^-1`. The order corresponds to the order declared in - /// [`TableKind`](crate::cross_table_lookup::TableKind). - pub(crate) fn all_ctl_zs_last(self) -> TableKindArray> { - // TODO(Matthias): remove, we shouldn't need this. - self.proofs.map(|p| p.proof.openings.ctl_zs_first.unwrap()) - } } diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index 3c25708a9..39a1446ee 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -17,7 +17,7 @@ use plonky2::timed; use plonky2::util::log2_strict; use plonky2::util::timing::TimingTree; use starky::config::StarkConfig; -use starky::proof::{StarkProofWithMetadata, StarkProofWithPublicInputs}; +use starky::proof::StarkProofWithMetadata; use starky::stark::Stark; use super::mozak_stark::{MozakStark, TableKind, TableKindArray, TableKindSetBuilder}; @@ -194,7 +194,7 @@ where stark, config, trace_poly_values, - &trace_commitment, + trace_commitment, Some(starky_ctl_data), Some(starky_ctl_challenges), &mut challenger, diff --git a/circuits/src/stark/recursive_verifier.rs b/circuits/src/stark/recursive_verifier.rs index d7c36daee..52240bc57 100644 --- a/circuits/src/stark/recursive_verifier.rs +++ b/circuits/src/stark/recursive_verifier.rs @@ -24,14 +24,12 @@ use plonky2::with_context; use starky::config::StarkConfig; use starky::constraint_consumer::RecursiveConstraintConsumer; use starky::evaluation_frame::StarkEvaluationFrame; -use starky::proof::StarkProofWithMetadata; -use starky::stark::{LookupConfig, Stark}; +use starky::stark::Stark; -use super::mozak_stark::{all_kind, all_starks, TableKindArray}; +use super::mozak_stark::{all_starks, TableKindArray}; use crate::columns_view::{columns_view_impl, NumberOfColumns}; use crate::cross_table_lookup::CtlCheckVarsTarget; use crate::stark::mozak_stark::{MozakStark, TableKind}; -use crate::stark::poly::eval_vanishing_poly_circuit; use crate::stark::proof::{ AllProof, StarkOpeningSetTarget, StarkProof, StarkProofChallengesTarget, StarkProofTarget, StarkProofWithPublicInputsTarget, @@ -130,8 +128,8 @@ where // How are zk_evm handling their public inputs? // // let proof = starky::proof::StarkProof::from(proof); - // // TODO(Matthias): not sure we need this, if we don't have the pub sub feature? - // all_kind!(|kind| { + // // TODO(Matthias): not sure we need this, if we don't have the pub sub + // feature? all_kind!(|kind| { // self.targets[kind].set_targets(&mut inputs, &all_proof.proofs[kind]); // }); @@ -286,94 +284,100 @@ fn verify_stark_proof_with_challenges_circuit< inner_config: &StarkConfig, ) where C::Hasher: AlgebraicHasher, { - let zero = builder.zero(); - let one = builder.one_extension(); - - let StarkOpeningSetTarget { - local_values, - next_values, - ctl_zs: _, - ctl_zs_next: _, - ctl_zs_last, - quotient_polys, - } = &proof_with_public_inputs.proof.openings; - - let converted_public_inputs: Vec> = proof_with_public_inputs - .public_inputs - .iter() - .map(|target| builder.convert_to_ext(*target)) // replace with actual conversion function/method - .collect(); - - let vars = - S::EvaluationFrameTarget::from_values(local_values, next_values, &converted_public_inputs); - - let degree_bits = proof_with_public_inputs - .proof - .recover_degree_bits(inner_config); - let zeta_pow_deg = builder.exp_power_of_2_extension(challenges.stark_zeta, degree_bits); - let z_h_zeta = builder.sub_extension(zeta_pow_deg, one); - let (l_0, l_last) = - eval_l_0_and_l_last_circuit(builder, degree_bits, challenges.stark_zeta, z_h_zeta); - let last = - builder.constant_extension(F::Extension::primitive_root_of_unity(degree_bits).inverse()); - let z_last = builder.sub_extension(challenges.stark_zeta, last); - - let mut consumer = RecursiveConstraintConsumer::::new( - builder.zero_extension(), - challenges.stark_alphas.clone(), - z_last, - l_0, - l_last, - ); - - with_context!( - builder, - "evaluate vanishing polynomial", - eval_vanishing_poly_circuit::(builder, stark, &vars, ctl_vars, &mut consumer,) - ); - let vanishing_polys_zeta = consumer.accumulators(); - - // Check each polynomial identity, of the form `vanishing(x) = Z_H(x) - // quotient(x)`, at zeta. - let mut scale = ReducingFactorTarget::new(zeta_pow_deg); - for (i, chunk) in quotient_polys - .chunks(stark.quotient_degree_factor()) - .enumerate() - { - let recombined_quotient = scale.reduce(chunk, builder); - let computed_vanishing_poly = builder.mul_extension(z_h_zeta, recombined_quotient); - builder.connect_extension(vanishing_polys_zeta[i], computed_vanishing_poly); - } - - let merkle_caps = vec![ - proof_with_public_inputs.proof.trace_cap.clone(), - proof_with_public_inputs.proof.ctl_zs_cap.clone(), - proof_with_public_inputs.proof.quotient_polys_cap.clone(), - ]; + todo!() + // let zero = builder.zero(); + // let one = builder.one_extension(); + + // let StarkOpeningSetTarget { + // local_values, + // next_values, + // ctl_zs: _, + // ctl_zs_next: _, + // ctl_zs_last, + // quotient_polys, + // } = &proof_with_public_inputs.proof.openings; + + // let converted_public_inputs: Vec> = + // proof_with_public_inputs .public_inputs + // .iter() + // .map(|target| builder.convert_to_ext(*target)) // replace with actual + // conversion function/method .collect(); + + // let vars = + // S::EvaluationFrameTarget::from_values(local_values, next_values, + // &converted_public_inputs); + + // let degree_bits = proof_with_public_inputs + // .proof + // .recover_degree_bits(inner_config); + // let zeta_pow_deg = + // builder.exp_power_of_2_extension(challenges.stark_zeta, degree_bits); + // let z_h_zeta = builder.sub_extension(zeta_pow_deg, one); + // let (l_0, l_last) = + // eval_l_0_and_l_last_circuit(builder, degree_bits, + // challenges.stark_zeta, z_h_zeta); let last = + // builder. + // constant_extension(F::Extension::primitive_root_of_unity(degree_bits). + // inverse()); let z_last = builder.sub_extension(challenges.stark_zeta, + // last); + + // let mut consumer = RecursiveConstraintConsumer::::new( + // builder.zero_extension(), + // challenges.stark_alphas.clone(), + // z_last, + // l_0, + // l_last, + // ); - let fri_instance = stark.fri_instance_target( - builder, - challenges.stark_zeta, - F::primitive_root_of_unity(degree_bits), - 0, - 0, - inner_config, - Some(&LookupConfig { - degree_bits, - num_zs: ctl_zs_last.len(), - }), - ); - builder.verify_fri_proof::( - &fri_instance, - &proof_with_public_inputs - .proof - .openings - .to_fri_openings(zero), - &challenges.fri_challenges, - &merkle_caps, - &proof_with_public_inputs.proof.opening_proof, - &inner_config.fri_params(degree_bits), - ); + // with_context!( + // builder, + // "evaluate vanishing polynomial", + // eval_vanishing_poly_circuit::(builder, stark, &vars, + // ctl_vars, &mut consumer,) ); + // let vanishing_polys_zeta = consumer.accumulators(); + + // // Check each polynomial identity, of the form `vanishing(x) = Z_H(x) + // // quotient(x)`, at zeta. + // let mut scale = ReducingFactorTarget::new(zeta_pow_deg); + // for (i, chunk) in quotient_polys + // .chunks(stark.quotient_degree_factor()) + // .enumerate() + // { + // let recombined_quotient = scale.reduce(chunk, builder); + // let computed_vanishing_poly = builder.mul_extension(z_h_zeta, + // recombined_quotient); builder. + // connect_extension(vanishing_polys_zeta[i], computed_vanishing_poly); + // } + + // let merkle_caps = vec![ + // proof_with_public_inputs.proof.trace_cap.clone(), + // proof_with_public_inputs.proof.ctl_zs_cap.clone(), + // proof_with_public_inputs.proof.quotient_polys_cap.clone(), + // ]; + + // let fri_instance = stark.fri_instance_target( + // builder, + // challenges.stark_zeta, + // F::primitive_root_of_unity(degree_bits), + // 0, + // 0, + // inner_config, + // Some(&LookupConfig { + // degree_bits, + // num_zs: ctl_zs_last.len(), + // }), + // ); + // builder.verify_fri_proof::( + // &fri_instance, + // &proof_with_public_inputs + // .proof + // .openings + // .to_fri_openings(zero), + // &challenges.fri_challenges, + // &merkle_caps, + // &proof_with_public_inputs.proof.opening_proof, + // &inner_config.fri_params(degree_bits), + // ); } fn eval_l_0_and_l_last_circuit, const D: usize>( diff --git a/circuits/src/stark/verifier.rs b/circuits/src/stark/verifier.rs index a91432a9a..72f22d93e 100644 --- a/circuits/src/stark/verifier.rs +++ b/circuits/src/stark/verifier.rs @@ -1,25 +1,17 @@ use std::borrow::Borrow; use anyhow::{ensure, Result}; -use itertools::Itertools; use log::debug; -use plonky2::field::extension::{Extendable, FieldExtension}; -use plonky2::field::types::Field; -use plonky2::fri::verifier::verify_fri_proof; +use plonky2::field::extension::Extendable; use plonky2::hash::hash_types::RichField; use plonky2::plonk::config::GenericConfig; -use plonky2::plonk::plonk_common::reduce_with_powers; use starky::config::StarkConfig; -use starky::constraint_consumer::ConstraintConsumer; -use starky::evaluation_frame::StarkEvaluationFrame; -use starky::proof::{MultiProof, StarkProofWithMetadata}; -use starky::stark::{LookupConfig, Stark}; +use starky::proof::MultiProof; +use starky::stark::Stark; use super::mozak_stark::{all_starks, MozakStark, TableKind, TableKindSetBuilder}; use super::proof::AllProof; -use crate::cross_table_lookup::CtlCheckVars; -use crate::stark::poly::eval_vanishing_poly; -use crate::stark::proof::{AllProofChallenges, StarkOpeningSet, StarkProof, StarkProofChallenges}; +use crate::stark::proof::AllProofChallenges; #[allow(clippy::too_many_lines)] pub fn verify_proof( @@ -48,7 +40,7 @@ where "Mismatch between ElfMemoryInit trace caps" ); - let num_lookup_columns = all_starks!(mozak_stark, |stark, kind| stark + let num_lookup_columns = all_starks!(mozak_stark, |stark, _kind| stark .num_lookup_helper_columns(config)) .0; let multi_proof = MultiProof { @@ -97,87 +89,3 @@ where )?; Ok(()) } - -fn validate_proof_shape( - stark: &S, - proof: &StarkProof, - config: &StarkConfig, - num_ctl_zs: usize, -) -> anyhow::Result<()> -where - F: RichField + Extendable, - C: GenericConfig, - S: Stark, { - let StarkProof { - trace_cap, - ctl_zs_cap, - quotient_polys_cap, - openings, - // The shape of the opening proof will be checked in the FRI verifier (see - // validate_fri_proof_shape), so we ignore it here. - opening_proof: _, - } = proof; - - let StarkOpeningSet { - local_values, - next_values, - ctl_zs, - ctl_zs_next, - ctl_zs_last, - quotient_polys, - } = openings; - - let degree_bits = proof.recover_degree_bits(config); - let fri_params = config.fri_params(degree_bits); - let cap_height = fri_params.config.cap_height; - - ensure!(trace_cap.height() == cap_height); - ensure!(ctl_zs_cap.height() == cap_height); - ensure!(quotient_polys_cap.height() == cap_height); - - ensure!(local_values.len() == S::COLUMNS); - ensure!(next_values.len() == S::COLUMNS); - ensure!(ctl_zs.len() == num_ctl_zs); - ensure!(ctl_zs_next.len() == num_ctl_zs); - ensure!(ctl_zs_last.len() == num_ctl_zs); - ensure!(quotient_polys.len() == stark.num_quotient_polys(config)); - - Ok(()) -} - -/// Evaluate the Lagrange polynomials `L_0` and `L_(n-1)` at a point `x`. -/// `L_0(x) = (x^n - 1)/(n * (x - 1))` -/// `L_(n-1)(x) = (x^n - 1)/(n * (g * x - 1))`, with `g` the first element of -/// the subgroup. -fn eval_l_0_and_l_last(log_n: usize, x: F) -> (F, F) { - let n = F::from_canonical_usize(1 << log_n); - let g = F::primitive_root_of_unity(log_n); - let z_x = x.exp_power_of_2(log_n) - F::ONE; - let invs = F::batch_multiplicative_inverse(&[n * (x - F::ONE), n * (g * x - F::ONE)]); - - (z_x * invs[0], z_x * invs[1]) -} - -#[cfg(test)] -mod tests { - use plonky2::field::goldilocks_field::GoldilocksField; - use plonky2::field::polynomial::PolynomialValues; - use plonky2::field::types::Sample; - - use crate::stark::verifier::eval_l_0_and_l_last; - - #[test] - fn test_eval_l_0_and_l_last() { - type F = GoldilocksField; - let log_n = 5; - let n = 1 << log_n; - - let x = F::rand(); // challenge point - let expected_l_first_x = PolynomialValues::selector(n, 0).ifft().eval(x); - let expected_l_last_x = PolynomialValues::selector(n, n - 1).ifft().eval(x); - - let (l_first_x, l_last_x) = eval_l_0_and_l_last(log_n, x); - assert_eq!(l_first_x, expected_l_first_x); - assert_eq!(l_last_x, expected_l_last_x); - } -} diff --git a/circuits/src/tape_commitments/stark.rs b/circuits/src/tape_commitments/stark.rs index ce01cf3db..5b509562c 100644 --- a/circuits/src/tape_commitments/stark.rs +++ b/circuits/src/tape_commitments/stark.rs @@ -91,23 +91,13 @@ mod tests { use mozak_runner::instruction::{Args, Instruction, Op}; use mozak_sdk::core::ecall::{self, COMMITMENT_SIZE}; use mozak_sdk::core::reg_abi::{REG_A0, REG_A1, REG_A2}; - use plonky2::field::types::Field; - use plonky2::plonk::circuit_data::CircuitConfig; use plonky2::plonk::config::{GenericConfig, Poseidon2GoldilocksConfig}; - use plonky2::util::timing::TimingTree; use rand::Rng; - use starky::config::StarkConfig; use starky::stark_testing::test_stark_circuit_constraints; use super::TapeCommitmentsStark; - use crate::stark::mozak_stark::{MozakStark, PublicInputs}; - use crate::stark::prover::prove; - use crate::stark::recursive_verifier::{ - recursive_mozak_stark_circuit, VMRecursiveProofPublicInputs, VM_PUBLIC_INPUT_SIZE, - }; - use crate::stark::verifier::verify_proof; + use crate::stark::mozak_stark::MozakStark; use crate::test_utils::ProveAndVerify; - use crate::utils::from_u32; const D: usize = 2; type C = Poseidon2GoldilocksConfig; diff --git a/cli/src/main.rs b/cli/src/main.rs index f95e5db63..50568008d 100644 --- a/cli/src/main.rs +++ b/cli/src/main.rs @@ -183,40 +183,40 @@ fn main() -> Result<()> { // let serialized = serde_json::to_string(&all_proof).unwrap(); // proof.write_all(serialized.as_bytes())?; - // // Generate recursive proof - // if let Some(mut recursive_proof_output) = recursive_proof { - // let degree_bits = all_proof.degree_bits(&config); - // let recursive_circuit = recursive_mozak_stark_circuit::( - // &stark, - // °ree_bits, - // &VM_RECURSION_CONFIG, - // &config, - // ); + // Generate recursive proof + if let Some(mut recursive_proof_output) = recursive_proof { + let degree_bits = all_proof.degree_bits(&config); + let recursive_circuit = recursive_mozak_stark_circuit::( + &stark, + °ree_bits, + &VM_RECURSION_CONFIG, + &config, + ); - // let recursive_all_proof = recursive_circuit.prove(&all_proof)?; + let recursive_all_proof = recursive_circuit.prove(&all_proof)?; - // let (final_circuit, final_proof) = shrink_to_target_degree_bits_circuit( - // &recursive_circuit.circuit, - // &VM_RECURSION_CONFIG, - // VM_RECURSION_THRESHOLD_DEGREE_BITS, - // &recursive_all_proof, - // )?; - // assert_eq!( - // final_circuit.circuit.common.num_public_inputs, - // VM_PUBLIC_INPUT_SIZE - // ); + let (final_circuit, final_proof) = shrink_to_target_degree_bits_circuit( + &recursive_circuit.circuit, + &VM_RECURSION_CONFIG, + VM_RECURSION_THRESHOLD_DEGREE_BITS, + &recursive_all_proof, + )?; + assert_eq!( + final_circuit.circuit.common.num_public_inputs, + VM_PUBLIC_INPUT_SIZE + ); - // let s = final_proof.to_bytes(); - // recursive_proof_output.write_all(&s)?; + let s = final_proof.to_bytes(); + recursive_proof_output.write_all(&s)?; - // // Generate the verifier key file - // let mut vk_output_path = recursive_proof_output.path().clone(); - // vk_output_path.set_extension("vk"); - // let mut vk_output = vk_output_path.create()?; + // Generate the verifier key file + let mut vk_output_path = recursive_proof_output.path().clone(); + vk_output_path.set_extension("vk"); + let mut vk_output = vk_output_path.create()?; - // let bytes = final_circuit.circuit.verifier_only.to_bytes().unwrap(); - // vk_output.write_all(&bytes)?; - // } + let bytes = final_circuit.circuit.verifier_only.to_bytes().unwrap(); + vk_output.write_all(&bytes)?; + } debug!("proof generated successfully!"); } @@ -315,15 +315,17 @@ fn main() -> Result<()> { println!("Transaction bundled: {transaction:?}"); } - Command::Verify { mut proof } => { + Command::Verify { proof } => { todo!() // let stark = S::default(); // let mut buffer: Vec = vec![]; // proof.read_to_end(&mut buffer)?; // let all_proof: AllProof = // serde_json::from_slice(&buffer)?; verify_proof(& - // stark, all_proof, &config)?; println!("proof verified - // successfully!"); + // stark, &all_proof, &config)?; println!( + // "proof verified + // successfully!" + // ); } Command::VerifyRecursiveProof { mut proof, diff --git a/examples/Cargo.lock b/examples/Cargo.lock index 324c7219b..67893dfb9 100644 --- a/examples/Cargo.lock +++ b/examples/Cargo.lock @@ -111,31 +111,6 @@ dependencies = [ "libc", ] -[[package]] -name = "crossbeam-deque" -version = "0.8.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "613f8cc01fe9cf1a3eb3d7f488fd2fa8388403e97039e2f73692932e291a770d" -dependencies = [ - "crossbeam-epoch", - "crossbeam-utils", -] - -[[package]] -name = "crossbeam-epoch" -version = "0.9.18" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e" -dependencies = [ - "crossbeam-utils", -] - -[[package]] -name = "crossbeam-utils" -version = "0.8.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "248e3bacc7dc6baa3b21e405ee045c3047101a49145e7e9eca583ab4c2ca5345" - [[package]] name = "crunchy" version = "0.2.2" @@ -225,7 +200,6 @@ checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" dependencies = [ "ahash", "allocator-api2", - "rayon", "serde", ] @@ -461,6 +435,7 @@ dependencies = [ [[package]] name = "plonky2" version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "ahash", "anyhow", @@ -473,17 +448,16 @@ dependencies = [ "plonky2_maybe_rayon", "plonky2_util", "rand", - "rand_chacha", "serde", "static_assertions", "tiny-keccak", "unroll", - "web-time", ] [[package]] name = "plonky2_field" version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" dependencies = [ "anyhow", "itertools", @@ -498,13 +472,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -dependencies = [ - "rayon", -] +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" [[package]] name = "plonky2_util" version = "0.2.0" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" [[package]] name = "ppv-lite86" @@ -601,26 +574,6 @@ dependencies = [ "getrandom", ] -[[package]] -name = "rayon" -version = "1.10.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b418a60154510ca1a002a752ca9714984e21e4241e804d32555251faf8b78ffa" -dependencies = [ - "either", - "rayon-core", -] - -[[package]] -name = "rayon-core" -version = "1.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1465873a3dfdaa8ae7cb14b4383657caab0b3e8a0aa9ae8e04b044854c8dfce2" -dependencies = [ - "crossbeam-deque", - "crossbeam-utils", -] - [[package]] name = "rend" version = "0.5.0-pre6" @@ -946,16 +899,6 @@ version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" -[[package]] -name = "web-time" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a6580f308b1fad9207618087a65c04e7a10bc77e02c8e84e9b00dd4b12fa0bb" -dependencies = [ - "js-sys", - "wasm-bindgen", -] - [[package]] name = "winnow" version = "0.6.6" diff --git a/sdk/Cargo.toml b/sdk/Cargo.toml index 292798d0a..cd71b3e56 100644 --- a/sdk/Cargo.toml +++ b/sdk/Cargo.toml @@ -17,8 +17,8 @@ rkyv_derive = "=0.8.0-alpha.1" [target.'cfg(not(target_os="mozakvm"))'.dependencies] hex = "0.4" -# plonky2 = { path = "../../plonky2/plonky2" } -plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables", default-features = false } +plonky2 = { path = "../../plonky2/plonky2" } +# plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables", default-features = false } rand = "0.8" rand_chacha = "0.3" serde = { version = "1.0", features = ["derive"] } From f2e65de5a4c204d437e65e40b3bc371757e547c1 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 12:55:00 +0800 Subject: [PATCH 20/46] Serialising --- circuits/src/stark/proof.rs | 12 +++++++++--- cli/src/main.rs | 25 ++++++++++++------------- 2 files changed, 21 insertions(+), 16 deletions(-) diff --git a/circuits/src/stark/proof.rs b/circuits/src/stark/proof.rs index 135299804..b1ac774f1 100644 --- a/circuits/src/stark/proof.rs +++ b/circuits/src/stark/proof.rs @@ -14,13 +14,17 @@ use plonky2::plonk::circuit_builder::CircuitBuilder; use plonky2::plonk::config::{AlgebraicHasher, GenericConfig, Hasher}; #[allow(clippy::wildcard_imports)] use plonky2_maybe_rayon::*; +use serde::de::DeserializeOwned; use serde::{Deserialize, Serialize}; use starky::config::StarkConfig; use super::mozak_stark::{all_kind, PublicInputs, TableKindArray}; #[allow(clippy::module_name_repetitions)] -impl, C: GenericConfig, const D: usize> AllProof { +impl, C: GenericConfig, const D: usize> AllProof +where + for<'a> >::Permutation: Deserialize<'a> + Serialize, +{ pub fn degree_bits(&self, config: &StarkConfig) -> TableKindArray { all_kind!(|kind| self.proofs[kind].proof.recover_degree_bits(config)) } @@ -269,8 +273,10 @@ impl StarkOpeningSetTarget { #[allow(clippy::module_name_repetitions)] #[derive(Clone, Debug, Deserialize, Serialize)] -#[serde(bound = ">::Permutation: for<'a> Deserialize<'a> + Serialize")] -pub struct AllProof, C: GenericConfig, const D: usize> { +#[serde(bound = "")] +pub struct AllProof, C: GenericConfig, const D: usize> +where + F: DeserializeOwned + Serialize, { pub proofs: TableKindArray>, pub ctl_challenges: starky::lookup::GrandProductChallengeSet, pub program_rom_trace_cap: MerkleCap, diff --git a/cli/src/main.rs b/cli/src/main.rs index 50568008d..8e1829253 100644 --- a/cli/src/main.rs +++ b/cli/src/main.rs @@ -180,8 +180,8 @@ fn main() -> Result<()> { &mut TimingTree::default(), )?; - // let serialized = serde_json::to_string(&all_proof).unwrap(); - // proof.write_all(serialized.as_bytes())?; + let serialized = serde_json::to_string(&all_proof).unwrap(); + proof.write_all(serialized.as_bytes())?; // Generate recursive proof if let Some(mut recursive_proof_output) = recursive_proof { @@ -315,17 +315,16 @@ fn main() -> Result<()> { println!("Transaction bundled: {transaction:?}"); } - Command::Verify { proof } => { - todo!() - // let stark = S::default(); - // let mut buffer: Vec = vec![]; - // proof.read_to_end(&mut buffer)?; - // let all_proof: AllProof = - // serde_json::from_slice(&buffer)?; verify_proof(& - // stark, &all_proof, &config)?; println!( - // "proof verified - // successfully!" - // ); + Command::Verify { mut proof } => { + let stark = S::default(); + let mut buffer: Vec = vec![]; + proof.read_to_end(&mut buffer)?; + let all_proof: AllProof = serde_json::from_slice(&buffer)?; + verify_proof(&stark, &all_proof, &config)?; + println!( + "proof verified + successfully!" + ); } Command::VerifyRecursiveProof { mut proof, From 11297df56bee265d0e987366f95f9435ebb94acd Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 12:55:46 +0800 Subject: [PATCH 21/46] Nicer --- circuits/src/stark/proof.rs | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/circuits/src/stark/proof.rs b/circuits/src/stark/proof.rs index b1ac774f1..fabc8a946 100644 --- a/circuits/src/stark/proof.rs +++ b/circuits/src/stark/proof.rs @@ -21,10 +21,7 @@ use starky::config::StarkConfig; use super::mozak_stark::{all_kind, PublicInputs, TableKindArray}; #[allow(clippy::module_name_repetitions)] -impl, C: GenericConfig, const D: usize> AllProof -where - for<'a> >::Permutation: Deserialize<'a> + Serialize, -{ +impl, C: GenericConfig, const D: usize> AllProof { pub fn degree_bits(&self, config: &StarkConfig) -> TableKindArray { all_kind!(|kind| self.proofs[kind].proof.recover_degree_bits(config)) } From 98364e38300585856968ae2801e7890ed39d6c1f Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 12:59:56 +0800 Subject: [PATCH 22/46] All the things --- Cargo.lock | 5 +++++ Cargo.toml | 12 ++++++------ sdk/Cargo.lock | 8 ++++---- sdk/Cargo.toml | 4 ++-- 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 378a0960f..abf1b9236 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1146,6 +1146,7 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" dependencies = [ "ahash", "anyhow", @@ -1186,6 +1187,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1200,6 +1202,7 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" dependencies = [ "rayon", ] @@ -1207,6 +1210,7 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" [[package]] name = "plotters" @@ -1662,6 +1666,7 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" dependencies = [ "ahash", "anyhow", diff --git a/Cargo.toml b/Cargo.toml index 088bf3aec..634287e64 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -57,9 +57,9 @@ starky = { version = "0", default-features = false } plonky2_crypto = { git = "https://github.com/0xmozak/plonky2-crypto.git" } [patch.crates-io] -plonky2 = { path = "../plonky2/plonky2" } -plonky2_maybe_rayon = { path = "../plonky2/maybe_rayon" } -starky = { path = "../plonky2/starky" } -# plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } -# plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } -# starky = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +# plonky2 = { path = "../plonky2/plonky2" } +# plonky2_maybe_rayon = { path = "../plonky2/maybe_rayon" } +# starky = { path = "../plonky2/starky" } +plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +plonky2_maybe_rayon = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } +starky = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables" } diff --git a/sdk/Cargo.lock b/sdk/Cargo.lock index c55ee6718..efad7f888 100644 --- a/sdk/Cargo.lock +++ b/sdk/Cargo.lock @@ -308,7 +308,7 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" dependencies = [ "ahash", "anyhow", @@ -330,7 +330,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" dependencies = [ "anyhow", "itertools", @@ -345,12 +345,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" [[package]] name = "ppv-lite86" diff --git a/sdk/Cargo.toml b/sdk/Cargo.toml index cd71b3e56..292798d0a 100644 --- a/sdk/Cargo.toml +++ b/sdk/Cargo.toml @@ -17,8 +17,8 @@ rkyv_derive = "=0.8.0-alpha.1" [target.'cfg(not(target_os="mozakvm"))'.dependencies] hex = "0.4" -plonky2 = { path = "../../plonky2/plonky2" } -# plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables", default-features = false } +# plonky2 = { path = "../../plonky2/plonky2" } +plonky2 = { git = "https://github.com/0xmozak/plonky2.git", branch = "matthias/looked-tables", default-features = false } rand = "0.8" rand_chacha = "0.3" serde = { version = "1.0", features = ["derive"] } From ed4d1cdc0c8571a364d62af096cb9c158153c0fc Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 15:12:44 +0800 Subject: [PATCH 23/46] Clippy fix --- circuits/src/stark/proof.rs | 2 +- circuits/src/stark/recursive_verifier.rs | 31 +++--------------------- rust-toolchain.toml | 2 +- sdk/src/lib.rs | 1 - 4 files changed, 6 insertions(+), 30 deletions(-) diff --git a/circuits/src/stark/proof.rs b/circuits/src/stark/proof.rs index fabc8a946..e35172286 100644 --- a/circuits/src/stark/proof.rs +++ b/circuits/src/stark/proof.rs @@ -11,7 +11,7 @@ use plonky2::iop::challenger::{Challenger, RecursiveChallenger}; use plonky2::iop::ext_target::ExtensionTarget; use plonky2::iop::target::Target; use plonky2::plonk::circuit_builder::CircuitBuilder; -use plonky2::plonk::config::{AlgebraicHasher, GenericConfig, Hasher}; +use plonky2::plonk::config::{AlgebraicHasher, GenericConfig}; #[allow(clippy::wildcard_imports)] use plonky2_maybe_rayon::*; use serde::de::DeserializeOwned; diff --git a/circuits/src/stark/recursive_verifier.rs b/circuits/src/stark/recursive_verifier.rs index 52240bc57..a2cf2a181 100644 --- a/circuits/src/stark/recursive_verifier.rs +++ b/circuits/src/stark/recursive_verifier.rs @@ -19,10 +19,7 @@ use plonky2::plonk::circuit_builder::CircuitBuilder; use plonky2::plonk::circuit_data::{CircuitConfig, CircuitData, VerifierCircuitTarget}; use plonky2::plonk::config::{AlgebraicHasher, GenericConfig}; use plonky2::plonk::proof::{ProofWithPublicInputs, ProofWithPublicInputsTarget}; -use plonky2::util::reducing::ReducingFactorTarget; -use plonky2::with_context; use starky::config::StarkConfig; -use starky::constraint_consumer::RecursiveConstraintConsumer; use starky::evaluation_frame::StarkEvaluationFrame; use starky::stark::Stark; @@ -231,7 +228,7 @@ where &mut challenger, Some(&ctl_challenges), true, - &inner_config, + inner_config, ); starky::recursive_verifier::verify_stark_proof_with_challenges_circuit::( @@ -647,30 +644,10 @@ where #[cfg(test)] mod tests { - use std::panic; - use std::panic::AssertUnwindSafe; - use anyhow::Result; - use log::info; - use mozak_runner::code; - use mozak_runner::instruction::{Args, Instruction, Op}; - use mozak_sdk::core::ecall::COMMITMENT_SIZE; - use plonky2::field::goldilocks_field::GoldilocksField; - use plonky2::iop::witness::{PartialWitness, WitnessWrite}; - use plonky2::plonk::circuit_builder::CircuitBuilder; - use plonky2::plonk::circuit_data::CircuitConfig; - use plonky2::util::timing::TimingTree; - use starky::config::StarkConfig; - - use crate::stark::mozak_stark::{MozakStark, PublicInputs}; - use crate::stark::prover::prove; - use crate::stark::recursive_verifier::{ - recursive_mozak_stark_circuit, shrink_to_target_degree_bits_circuit, - verify_recursive_vm_proof, VMRecursiveProofPublicInputs, VM_PUBLIC_INPUT_SIZE, - VM_RECURSION_CONFIG, VM_RECURSION_THRESHOLD_DEGREE_BITS, - }; - use crate::test_utils::{C, D, F}; - use crate::utils::from_u32; + + use crate::stark::mozak_stark::MozakStark; + use crate::test_utils::{D, F}; type S = MozakStark; diff --git a/rust-toolchain.toml b/rust-toolchain.toml index c9c702df6..b0731b297 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,4 +1,4 @@ [toolchain] -channel = "nightly-2024-03-10" +channel = "nightly-2024-04-24" components = ["rustfmt", "rust-src", "clippy"] profile = "minimal" diff --git a/sdk/src/lib.rs b/sdk/src/lib.rs index 58d7859c2..22a486d8c 100644 --- a/sdk/src/lib.rs +++ b/sdk/src/lib.rs @@ -4,7 +4,6 @@ #![feature(trait_alias)] #![feature(raw_ref_op)] #![feature(stmt_expr_attributes)] -#![feature(slice_ptr_len)] #![deny(warnings)] #![cfg_attr(not(feature = "std"), no_std)] #![cfg_attr(feature = "std", feature(restricted_std))] From 9db9a4b5c847952bf2d799fa7813cba130f0108f Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 15:16:34 +0800 Subject: [PATCH 24/46] Clippy --- circuits/src/stark/recursive_verifier.rs | 1 - runner/src/vm.rs | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/circuits/src/stark/recursive_verifier.rs b/circuits/src/stark/recursive_verifier.rs index a2cf2a181..565aa0b9a 100644 --- a/circuits/src/stark/recursive_verifier.rs +++ b/circuits/src/stark/recursive_verifier.rs @@ -20,7 +20,6 @@ use plonky2::plonk::circuit_data::{CircuitConfig, CircuitData, VerifierCircuitTa use plonky2::plonk::config::{AlgebraicHasher, GenericConfig}; use plonky2::plonk::proof::{ProofWithPublicInputs, ProofWithPublicInputsTarget}; use starky::config::StarkConfig; -use starky::evaluation_frame::StarkEvaluationFrame; use starky::stark::Stark; use super::mozak_stark::{all_starks, TableKindArray}; diff --git a/runner/src/vm.rs b/runner/src/vm.rs index a13aacf07..599ef0211 100644 --- a/runner/src/vm.rs +++ b/runner/src/vm.rs @@ -1045,7 +1045,7 @@ mod tests { fn rem_proptest(rd in reg(), rs1 in reg(), rs2 in reg(), rs1_value in i32_extra(), rs2_value in i32_extra()) { prop_assume!(rs1 != rs2); prop_assume!(rs2_value != 0); - prop_assume!(rs1_value != i32::min_value() && rs2_value != -1); + prop_assume!(rs1_value != i32::MIN && rs2_value != -1); let rem = rs1_value % rs2_value; let e = simple_test_code( [Instruction::new( From d7b5a6fdbc6e92044e68aa767c9f17ed94a5efbb Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 15:33:53 +0800 Subject: [PATCH 25/46] Standalone proving --- circuits/src/bitshift/stark.rs | 3 ++- circuits/src/cpu/stark.rs | 3 ++- circuits/src/memory/stark.rs | 3 ++- circuits/src/memory_fullword/stark.rs | 3 ++- circuits/src/memory_halfword/stark.rs | 3 ++- circuits/src/memory_io/stark.rs | 3 ++- circuits/src/memory_zeroinit/stark.rs | 3 ++- circuits/src/memoryinit/stark.rs | 3 ++- circuits/src/poseidon2/stark.rs | 3 ++- circuits/src/poseidon2_output_bytes/stark.rs | 3 ++- circuits/src/poseidon2_sponge/stark.rs | 2 +- circuits/src/program/stark.rs | 3 ++- circuits/src/program_multiplicities/stark.rs | 2 +- circuits/src/rangecheck_u8/stark.rs | 3 ++- circuits/src/register/general/stark.rs | 3 ++- circuits/src/register/init/stark.rs | 3 ++- circuits/src/tape_commitments/stark.rs | 2 +- circuits/src/test_utils.rs | 6 +++++- circuits/src/unstark.rs | 2 +- circuits/src/xor/stark.rs | 3 ++- 20 files changed, 39 insertions(+), 20 deletions(-) diff --git a/circuits/src/bitshift/stark.rs b/circuits/src/bitshift/stark.rs index 971bd78f8..02460ebbd 100644 --- a/circuits/src/bitshift/stark.rs +++ b/circuits/src/bitshift/stark.rs @@ -21,6 +21,7 @@ use crate::unstark::NoColumns; #[allow(clippy::module_name_repetitions)] pub struct BitshiftStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for BitshiftStark { @@ -80,7 +81,7 @@ impl, const D: usize> Stark for BitshiftStark type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/cpu/stark.rs b/circuits/src/cpu/stark.rs index 40d1d513f..462a76b9d 100644 --- a/circuits/src/cpu/stark.rs +++ b/circuits/src/cpu/stark.rs @@ -25,6 +25,7 @@ use crate::stark::utils::{is_binary, is_binary_ext_circuit}; #[allow(clippy::module_name_repetitions)] pub struct CpuStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for CpuStark { @@ -256,7 +257,7 @@ impl, const D: usize> Stark for CpuStark, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/memory/stark.rs b/circuits/src/memory/stark.rs index 6b538580e..f90b1cc68 100644 --- a/circuits/src/memory/stark.rs +++ b/circuits/src/memory/stark.rs @@ -20,6 +20,7 @@ use crate::unstark::NoColumns; #[allow(clippy::module_name_repetitions)] pub struct MemoryStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for MemoryStark { @@ -90,7 +91,7 @@ impl, const D: usize> Stark for MemoryStark, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/memory_fullword/stark.rs b/circuits/src/memory_fullword/stark.rs index acdabe497..f650d5f56 100644 --- a/circuits/src/memory_fullword/stark.rs +++ b/circuits/src/memory_fullword/stark.rs @@ -21,6 +21,7 @@ use crate::unstark::NoColumns; #[allow(clippy::module_name_repetitions)] pub struct FullWordMemoryStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for FullWordMemoryStark { @@ -61,7 +62,7 @@ impl, const D: usize> Stark for FullWordMemor type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } // Design description - https://docs.google.com/presentation/d/1J0BJd49BMQh3UR5TrOhe3k67plHxnohFtFVrMpDJ1oc/edit?usp=sharing fn eval_packed_generic( diff --git a/circuits/src/memory_halfword/stark.rs b/circuits/src/memory_halfword/stark.rs index 943ba900a..565678055 100644 --- a/circuits/src/memory_halfword/stark.rs +++ b/circuits/src/memory_halfword/stark.rs @@ -20,6 +20,7 @@ use crate::unstark::NoColumns; #[allow(clippy::module_name_repetitions)] pub struct HalfWordMemoryStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for HalfWordMemoryStark { @@ -59,7 +60,7 @@ impl, const D: usize> Stark for HalfWordMemor type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/memory_io/stark.rs b/circuits/src/memory_io/stark.rs index e622c8cdf..f6f66918a 100644 --- a/circuits/src/memory_io/stark.rs +++ b/circuits/src/memory_io/stark.rs @@ -20,6 +20,7 @@ use crate::unstark::NoColumns; #[allow(clippy::module_name_repetitions)] pub struct InputOutputMemoryStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for InputOutputMemoryStark { @@ -86,7 +87,7 @@ impl, const D: usize> Stark for InputOutputMe type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/memory_zeroinit/stark.rs b/circuits/src/memory_zeroinit/stark.rs index 181abb795..6c32bc49f 100644 --- a/circuits/src/memory_zeroinit/stark.rs +++ b/circuits/src/memory_zeroinit/stark.rs @@ -20,6 +20,7 @@ use crate::unstark::NoColumns; #[allow(clippy::module_name_repetitions)] pub struct MemoryZeroInitStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for MemoryZeroInitStark { @@ -49,7 +50,7 @@ impl, const D: usize> Stark for MemoryZeroIni type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/memoryinit/stark.rs b/circuits/src/memoryinit/stark.rs index 0403bc662..f4bd2f9c2 100644 --- a/circuits/src/memoryinit/stark.rs +++ b/circuits/src/memoryinit/stark.rs @@ -20,6 +20,7 @@ use crate::unstark::NoColumns; #[allow(clippy::module_name_repetitions)] pub struct MemoryInitStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for MemoryInitStark { @@ -49,7 +50,7 @@ impl, const D: usize> Stark for MemoryInitSta type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/poseidon2/stark.rs b/circuits/src/poseidon2/stark.rs index a5a7fcc64..f5204de72 100644 --- a/circuits/src/poseidon2/stark.rs +++ b/circuits/src/poseidon2/stark.rs @@ -276,6 +276,7 @@ fn matmul_internal12_circuit< #[allow(clippy::module_name_repetitions)] pub struct Poseidon2_12Stark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for Poseidon2_12Stark { @@ -293,7 +294,7 @@ impl, const D: usize> Stark for Poseidon2_12S type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/poseidon2_output_bytes/stark.rs b/circuits/src/poseidon2_output_bytes/stark.rs index 6285e6f11..a94f48b2f 100644 --- a/circuits/src/poseidon2_output_bytes/stark.rs +++ b/circuits/src/poseidon2_output_bytes/stark.rs @@ -20,6 +20,7 @@ use crate::stark::utils::{is_binary, is_binary_ext_circuit}; #[allow(clippy::module_name_repetitions)] pub struct Poseidon2OutputBytesStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for Poseidon2OutputBytesStark { @@ -37,7 +38,7 @@ impl, const D: usize> Stark for Poseidon2Outp type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/poseidon2_sponge/stark.rs b/circuits/src/poseidon2_sponge/stark.rs index 3f80076e4..eee8d2f47 100644 --- a/circuits/src/poseidon2_sponge/stark.rs +++ b/circuits/src/poseidon2_sponge/stark.rs @@ -39,7 +39,7 @@ impl, const D: usize> Stark for Poseidon2Spon type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } // For design check https://docs.google.com/presentation/d/10Dv00xL3uggWTPc0L91cgu_dWUzhM7l1EQ5uDEI_cjg/edit?usp=sharing fn eval_packed_generic( diff --git a/circuits/src/program/stark.rs b/circuits/src/program/stark.rs index dd5003798..153a9170d 100644 --- a/circuits/src/program/stark.rs +++ b/circuits/src/program/stark.rs @@ -18,6 +18,7 @@ use crate::stark::utils::{is_binary, is_binary_ext_circuit}; #[allow(clippy::module_name_repetitions)] pub struct ProgramStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for ProgramStark { @@ -36,7 +37,7 @@ impl, const D: usize> Stark for ProgramStark< type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/program_multiplicities/stark.rs b/circuits/src/program_multiplicities/stark.rs index b4bf2a81e..340fe2970 100644 --- a/circuits/src/program_multiplicities/stark.rs +++ b/circuits/src/program_multiplicities/stark.rs @@ -35,7 +35,7 @@ impl, const D: usize> Stark for ProgramMultSt type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/rangecheck_u8/stark.rs b/circuits/src/rangecheck_u8/stark.rs index aa94aefb0..c6c44dd53 100644 --- a/circuits/src/rangecheck_u8/stark.rs +++ b/circuits/src/rangecheck_u8/stark.rs @@ -18,6 +18,7 @@ use crate::columns_view::{HasNamedColumns, NumberOfColumns}; #[allow(clippy::module_name_repetitions)] pub struct RangeCheckU8Stark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for RangeCheckU8Stark { @@ -36,7 +37,7 @@ impl, const D: usize> Stark for RangeCheckU8S type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/register/general/stark.rs b/circuits/src/register/general/stark.rs index 03613a72e..afbf6a934 100644 --- a/circuits/src/register/general/stark.rs +++ b/circuits/src/register/general/stark.rs @@ -19,6 +19,7 @@ use crate::stark::utils::{is_binary, is_binary_ext_circuit}; #[allow(clippy::module_name_repetitions)] pub struct RegisterStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for RegisterStark { @@ -37,7 +38,7 @@ impl, const D: usize> Stark for RegisterStark type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } /// Constraints for the [`RegisterStark`]: /// diff --git a/circuits/src/register/init/stark.rs b/circuits/src/register/init/stark.rs index 638f491c2..f54b38fad 100644 --- a/circuits/src/register/init/stark.rs +++ b/circuits/src/register/init/stark.rs @@ -18,6 +18,7 @@ use crate::stark::utils::{is_binary, is_binary_ext_circuit}; #[allow(clippy::module_name_repetitions)] pub struct RegisterInitStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for RegisterInitStark { @@ -36,7 +37,7 @@ impl, const D: usize> Stark for RegisterInitS type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } /// Constraints for the [`RegisterInitStark`]. /// diff --git a/circuits/src/tape_commitments/stark.rs b/circuits/src/tape_commitments/stark.rs index 5b509562c..1b07d353d 100644 --- a/circuits/src/tape_commitments/stark.rs +++ b/circuits/src/tape_commitments/stark.rs @@ -54,7 +54,7 @@ impl, const D: usize> Stark for TapeCommitmen type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/test_utils.rs b/circuits/src/test_utils.rs index c910af3ed..a9554e779 100644 --- a/circuits/src/test_utils.rs +++ b/circuits/src/test_utils.rs @@ -126,7 +126,11 @@ impl ProveAndVerify for CpuStark { let config = fast_test_config(); - let stark = S::default(); + let mut stark = S { + standalone_proving: true, + ..S::default() + }; + let trace_poly_values = trace_rows_to_poly_values(generate_cpu_trace(record)); let public_inputs: PublicInputs = PublicInputs { entry_point: from_u32(program.entry_point), diff --git a/circuits/src/unstark.rs b/circuits/src/unstark.rs index c3d0c1f19..660187a9e 100644 --- a/circuits/src/unstark.rs +++ b/circuits/src/unstark.rs @@ -45,7 +45,7 @@ impl< type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, diff --git a/circuits/src/xor/stark.rs b/circuits/src/xor/stark.rs index 5ad0d9b7f..7c3a6ee53 100644 --- a/circuits/src/xor/stark.rs +++ b/circuits/src/xor/stark.rs @@ -21,6 +21,7 @@ use crate::unstark::NoColumns; #[allow(clippy::module_name_repetitions)] pub struct XorStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for XorStark { @@ -67,7 +68,7 @@ impl, const D: usize> Stark for XorStark, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; - fn requires_ctls(&self) -> bool { true } + fn requires_ctls(&self) -> bool { !self.standalone_proving } fn eval_packed_generic( &self, From 49d789cb4331fbc62cc211d65a9c1d8425d03360 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 15:35:38 +0800 Subject: [PATCH 26/46] Rescue tests --- circuits/src/test_utils.rs | 52 ++++++++++++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 11 deletions(-) diff --git a/circuits/src/test_utils.rs b/circuits/src/test_utils.rs index a9554e779..fcd58dbf8 100644 --- a/circuits/src/test_utils.rs +++ b/circuits/src/test_utils.rs @@ -126,7 +126,7 @@ impl ProveAndVerify for CpuStark { let config = fast_test_config(); - let mut stark = S { + let stark = S { standalone_proving: true, ..S::default() }; @@ -153,7 +153,10 @@ impl ProveAndVerify for RangeCheckStark { let config = fast_test_config(); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let cpu_trace = generate_cpu_trace(record); let memory_init = generate_memory_init_trace(program); @@ -216,7 +219,10 @@ impl ProveAndVerify for XorStark { let config = fast_test_config(); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let cpu_trace = generate_cpu_trace(record); let trace_poly_values = trace_rows_to_poly_values(generate_xor_trace(&cpu_trace)); let proof = prove_table::( @@ -236,7 +242,10 @@ impl ProveAndVerify for MemoryStark { type S = MemoryStark; let config = fast_test_config(); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let memory_init = generate_memory_init_trace(program); let memory_zeroinit_rows = generate_memory_zero_init_trace(&record.executed, program); @@ -282,7 +291,10 @@ impl ProveAndVerify for HalfWordMemoryStark { type S = HalfWordMemoryStark; let config = fast_test_config(); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let trace_poly_values = trace_rows_to_poly_values(generate_halfword_memory_trace(&record.executed)); let proof = prove_table::( @@ -302,7 +314,10 @@ impl ProveAndVerify for FullWordMemoryStark { type S = FullWordMemoryStark; let config = fast_test_config(); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let trace_poly_values = trace_rows_to_poly_values(generate_fullword_memory_trace(&record.executed)); let proof = prove_table::( @@ -322,7 +337,10 @@ impl ProveAndVerify for InputOutputMemoryStark { type S = InputOutputMemoryStark; let config = fast_test_config(); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let trace_poly_values = trace_rows_to_poly_values(generate_io_memory_private_trace(&record.executed)); let proof = prove_table::( @@ -342,7 +360,10 @@ impl ProveAndVerify for BitshiftStark { type S = BitshiftStark; let config = fast_test_config(); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let cpu_rows = generate_cpu_trace::(record); let trace = generate_shift_amount_trace(&cpu_rows); let trace_poly_values = trace_rows_to_poly_values(trace); @@ -363,7 +384,10 @@ impl ProveAndVerify for RegisterInitStark { type S = RegisterInitStark; let config = fast_test_config(); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let trace = generate_register_init_trace::(record); let trace_poly_values = trace_rows_to_poly_values(trace); let proof = prove_table::( @@ -383,7 +407,10 @@ impl ProveAndVerify for RegisterStark { type S = RegisterStark; let config = fast_test_config(); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let cpu_trace = generate_cpu_trace(record); let io_memory_private = generate_io_memory_private_trace(&record.executed); let io_memory_public = generate_io_memory_public_trace(&record.executed); @@ -418,7 +445,10 @@ impl ProveAndVerify for RegisterStark { impl ProveAndVerify for TapeCommitmentsStark { fn prove_and_verify(_program: &Program, record: &ExecutionRecord) -> Result<()> { type S = TapeCommitmentsStark; - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let config = fast_test_config(); let trace = generate_tape_commitments_trace(record); let trace_poly_values = trace_rows_to_poly_values(trace); From 60bd2e267acbe6f7ecaef0da188a6ec2ac21907a Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 15:40:05 +0800 Subject: [PATCH 27/46] Fix forgotten ones --- circuits/src/poseidon2_sponge/stark.rs | 1 + circuits/src/program_multiplicities/stark.rs | 1 + circuits/src/tape_commitments/stark.rs | 1 + circuits/src/unstark.rs | 1 + 4 files changed, 4 insertions(+) diff --git a/circuits/src/poseidon2_sponge/stark.rs b/circuits/src/poseidon2_sponge/stark.rs index eee8d2f47..ebf3e1d86 100644 --- a/circuits/src/poseidon2_sponge/stark.rs +++ b/circuits/src/poseidon2_sponge/stark.rs @@ -22,6 +22,7 @@ use crate::stark::utils::{is_binary, is_binary_ext_circuit}; #[allow(clippy::module_name_repetitions)] pub struct Poseidon2SpongeStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for Poseidon2SpongeStark { diff --git a/circuits/src/program_multiplicities/stark.rs b/circuits/src/program_multiplicities/stark.rs index 340fe2970..ea2bf4c6d 100644 --- a/circuits/src/program_multiplicities/stark.rs +++ b/circuits/src/program_multiplicities/stark.rs @@ -17,6 +17,7 @@ use crate::columns_view::{HasNamedColumns, NumberOfColumns}; #[allow(clippy::module_name_repetitions)] pub struct ProgramMultStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for ProgramMultStark { diff --git a/circuits/src/tape_commitments/stark.rs b/circuits/src/tape_commitments/stark.rs index 1b07d353d..9658006ac 100644 --- a/circuits/src/tape_commitments/stark.rs +++ b/circuits/src/tape_commitments/stark.rs @@ -36,6 +36,7 @@ fn generate_constraints<'a, T: Copy>( #[allow(clippy::module_name_repetitions)] pub struct TapeCommitmentsStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for TapeCommitmentsStark { diff --git a/circuits/src/unstark.rs b/circuits/src/unstark.rs index 660187a9e..0c3b462d8 100644 --- a/circuits/src/unstark.rs +++ b/circuits/src/unstark.rs @@ -20,6 +20,7 @@ use crate::columns_view::{columns_view_impl, HasNamedColumns, NumberOfColumns}; pub struct Unstark { pub _f: PhantomData, pub _d: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns From 28adc1c24b6d55ed43f3f4c845c61561c3597f63 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 15:51:49 +0800 Subject: [PATCH 28/46] Verify --- circuits/src/stark/prover.rs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index 39a1446ee..94f2c083a 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -185,11 +185,9 @@ where "FRI total reduction arity is too large.", ); - let trace_cap = trace_commitment.merkle_tree.cap.clone(); - let mut challenger = challenger.clone(); - let init_challenger_state = challenger.compact(); // Clear buffered outputs. - challenger.observe_cap(&trace_cap); + let init_challenger_state = challenger.compact(); + starky::prover::prove_with_commitment( stark, config, @@ -197,7 +195,7 @@ where trace_commitment, Some(starky_ctl_data), Some(starky_ctl_challenges), - &mut challenger, + challenger, public_inputs, timing, ) @@ -234,13 +232,16 @@ where } .build(); + // Clear buffered outputs. + let init_challenger_state = challenger.compact(); Ok(all_starks!(mozak_stark, |stark, kind| { + let mut challenger = challenger.clone(); prove_single_table( stark, config, &traces_poly_values[kind], &trace_commitments[kind], - challenger, + &mut challenger, public_inputs[kind], timing, starky_ctl_challenges, From 801cdc0fe5b8e3e83c3837401aaf1fa8e30411e6 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 16:42:03 +0800 Subject: [PATCH 29/46] Simpler --- circuits/src/stark/mozak_stark.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index 32fcd1d95..94a1f6610 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -526,8 +526,7 @@ impl Table { .iter() .map(Column::to_starky) .collect::>(); - // TODO(Matthias): figure out why they take a vector of filters. - let filter = starky_lookup::Filter::new(vec![], vec![self.filter_column.to_starky()]); + let filter = starky_lookup::Filter::new_simple(self.filter_column.to_starky()); starky_ctl::TableWithColumns::new(self.kind as usize, columns, filter) } } From 9da3be1d382fe049642be5b772f272596dbec596 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 16:50:20 +0800 Subject: [PATCH 30/46] Update --- Cargo.lock | 10 +++++----- examples/Cargo.lock | 16 ++++++++-------- sdk/Cargo.lock | 8 ++++---- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index abf1b9236..631d03a54 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1146,7 +1146,7 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" dependencies = [ "ahash", "anyhow", @@ -1187,7 +1187,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1202,7 +1202,7 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" dependencies = [ "rayon", ] @@ -1210,7 +1210,7 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" [[package]] name = "plotters" @@ -1666,7 +1666,7 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" dependencies = [ "ahash", "anyhow", diff --git a/examples/Cargo.lock b/examples/Cargo.lock index 67893dfb9..208a51678 100644 --- a/examples/Cargo.lock +++ b/examples/Cargo.lock @@ -435,7 +435,7 @@ dependencies = [ [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" dependencies = [ "ahash", "anyhow", @@ -457,7 +457,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" dependencies = [ "anyhow", "itertools", @@ -472,12 +472,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#e766ac2cca4addc7aeac0744520dd6ecffcd8d23" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" [[package]] name = "ppv-lite86" @@ -716,9 +716,9 @@ checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" [[package]] name = "syn" -version = "2.0.59" +version = "2.0.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a6531ffc7b071655e4ce2e04bd464c4830bb585a61cabb96cf808f05172615a" +checksum = "909518bc7b1c9b779f1bbf07f2929d35af9f0f37e47c6e9ef7f9dddc1e1821f3" dependencies = [ "proc-macro2", "quote", @@ -789,9 +789,9 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.22.9" +version = "0.22.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e40bb779c5187258fd7aad0eb68cb8706a0a81fa712fbea808ab43c4b8374c4" +checksum = "d3328d4f68a705b2a4498da1d580585d39a6510f98318a2cec3018a7ec61ddef" dependencies = [ "indexmap", "serde", diff --git a/sdk/Cargo.lock b/sdk/Cargo.lock index efad7f888..9fe57e7a8 100644 --- a/sdk/Cargo.lock +++ b/sdk/Cargo.lock @@ -308,7 +308,7 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" dependencies = [ "ahash", "anyhow", @@ -330,7 +330,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" dependencies = [ "anyhow", "itertools", @@ -345,12 +345,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#c84e5f1a16992015d80a7abe5ff48293f936ca41" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" [[package]] name = "ppv-lite86" From 27cebe86f9593d1ce845b66fb4a2aaace43b98da Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 17:58:05 +0800 Subject: [PATCH 31/46] Fix more --- Cargo.lock | 10 +++++----- circuits/src/bitshift/stark.rs | 10 ++++++++-- circuits/src/cpu/mul.rs | 5 ++++- circuits/src/cpu/stark.rs | 10 ++++++++-- circuits/src/generation/memory.rs | 5 ++++- circuits/src/memory/stark.rs | 10 ++++++++-- circuits/src/memory_fullword/stark.rs | 5 ++++- circuits/src/memory_halfword/stark.rs | 5 ++++- circuits/src/memory_io/stark.rs | 5 ++++- circuits/src/memory_zeroinit/stark.rs | 5 ++++- circuits/src/memoryinit/stark.rs | 5 ++++- circuits/src/poseidon2/stark.rs | 15 ++++++++++++--- circuits/src/poseidon2_output_bytes/stark.rs | 15 ++++++++++++--- circuits/src/poseidon2_sponge/stark.rs | 15 ++++++++++++--- circuits/src/program/stark.rs | 5 ++++- circuits/src/rangecheck/stark.rs | 5 ++++- circuits/src/rangecheck_u8/stark.rs | 5 ++++- circuits/src/register/general/stark.rs | 10 ++++++++-- circuits/src/register/init/stark.rs | 5 ++++- circuits/src/stark/proof.rs | 4 ++-- circuits/src/stark/prover.rs | 2 +- circuits/src/stark/verifier.rs | 5 ++++- circuits/src/tape_commitments/stark.rs | 5 ++++- circuits/src/xor/stark.rs | 15 ++++++++++++--- examples/Cargo.lock | 8 ++++---- 25 files changed, 144 insertions(+), 45 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 631d03a54..1b6f82e53 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1146,7 +1146,7 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" dependencies = [ "ahash", "anyhow", @@ -1187,7 +1187,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1202,7 +1202,7 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" dependencies = [ "rayon", ] @@ -1210,7 +1210,7 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" [[package]] name = "plotters" @@ -1666,7 +1666,7 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" dependencies = [ "ahash", "anyhow", diff --git a/circuits/src/bitshift/stark.rs b/circuits/src/bitshift/stark.rs index 02460ebbd..8693ee85f 100644 --- a/circuits/src/bitshift/stark.rs +++ b/circuits/src/bitshift/stark.rs @@ -130,7 +130,10 @@ mod tests { #[test] fn test_degree() -> Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_low_degree(stark) } @@ -209,7 +212,10 @@ mod tests { #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/cpu/mul.rs b/circuits/src/cpu/mul.rs index 0d2199939..f14012a6d 100644 --- a/circuits/src/cpu/mul.rs +++ b/circuits/src/cpu/mul.rs @@ -268,7 +268,10 @@ mod tests { "trace to poly", trace_rows_to_poly_values(cpu_trace) ); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let public_inputs = PublicInputs { entry_point: from_u32(program.entry_point), }; diff --git a/circuits/src/cpu/stark.rs b/circuits/src/cpu/stark.rs index 462a76b9d..7b7d0e811 100644 --- a/circuits/src/cpu/stark.rs +++ b/circuits/src/cpu/stark.rs @@ -357,7 +357,10 @@ mod tests { type F = >::F; type S = CpuStark; - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_low_degree(stark) } @@ -368,7 +371,10 @@ mod tests { type F = >::F; type S = CpuStark; - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/generation/memory.rs b/circuits/src/generation/memory.rs index fb05f65e3..24f1e3b02 100644 --- a/circuits/src/generation/memory.rs +++ b/circuits/src/generation/memory.rs @@ -241,7 +241,10 @@ mod tests { /// Test that we have a constraint to catch, if there is no init for any memory address. fn no_init() { let _ = env_logger::try_init(); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let trace: Vec> = prep_table(vec![ //is_writable addr clk is_store, is_load, is_init value diff --git a/circuits/src/memory/stark.rs b/circuits/src/memory/stark.rs index f90b1cc68..f8ffcbaa7 100644 --- a/circuits/src/memory/stark.rs +++ b/circuits/src/memory/stark.rs @@ -139,7 +139,10 @@ mod tests { #[test] fn test_degree() -> Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_low_degree(stark) } @@ -212,7 +215,10 @@ mod tests { #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/memory_fullword/stark.rs b/circuits/src/memory_fullword/stark.rs index f650d5f56..4274dc56b 100644 --- a/circuits/src/memory_fullword/stark.rs +++ b/circuits/src/memory_fullword/stark.rs @@ -149,7 +149,10 @@ mod tests { fn test_circuit() -> anyhow::Result<()> { type C = Poseidon2GoldilocksConfig; type S = FullWordMemoryStark; - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/memory_halfword/stark.rs b/circuits/src/memory_halfword/stark.rs index 565678055..97df0fb8e 100644 --- a/circuits/src/memory_halfword/stark.rs +++ b/circuits/src/memory_halfword/stark.rs @@ -151,7 +151,10 @@ mod tests { fn test_circuit() -> anyhow::Result<()> { type C = Poseidon2GoldilocksConfig; type S = HalfWordMemoryStark; - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/memory_io/stark.rs b/circuits/src/memory_io/stark.rs index 8138c1c51..ee9aae877 100644 --- a/circuits/src/memory_io/stark.rs +++ b/circuits/src/memory_io/stark.rs @@ -442,7 +442,10 @@ mod tests { type C = Poseidon2GoldilocksConfig; type S = StorageDeviceStark; - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/memory_zeroinit/stark.rs b/circuits/src/memory_zeroinit/stark.rs index 6c32bc49f..55ceea0ac 100644 --- a/circuits/src/memory_zeroinit/stark.rs +++ b/circuits/src/memory_zeroinit/stark.rs @@ -92,7 +92,10 @@ mod tests { #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/memoryinit/stark.rs b/circuits/src/memoryinit/stark.rs index f4bd2f9c2..20fa60864 100644 --- a/circuits/src/memoryinit/stark.rs +++ b/circuits/src/memoryinit/stark.rs @@ -92,7 +92,10 @@ mod tests { #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/poseidon2/stark.rs b/circuits/src/poseidon2/stark.rs index f5204de72..41136c9e7 100644 --- a/circuits/src/poseidon2/stark.rs +++ b/circuits/src/poseidon2/stark.rs @@ -478,7 +478,10 @@ mod tests { let step_rows = record.executed; - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let trace = generate_poseidon2_trace(&step_rows); let trace_poly_values = trace_rows_to_poly_values(trace); @@ -494,12 +497,18 @@ mod tests { #[test] fn poseidon2_stark_degree() -> Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_low_degree(stark) } #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) } diff --git a/circuits/src/poseidon2_output_bytes/stark.rs b/circuits/src/poseidon2_output_bytes/stark.rs index a94f48b2f..8cbe0606a 100644 --- a/circuits/src/poseidon2_output_bytes/stark.rs +++ b/circuits/src/poseidon2_output_bytes/stark.rs @@ -123,7 +123,10 @@ mod tests { let step_rows = record.executed; - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let trace = generate_poseidon2_sponge_trace(&step_rows); let trace = generate_poseidon2_output_bytes_trace(&trace); let trace_poly_values = trace_rows_to_poly_values(trace); @@ -179,12 +182,18 @@ mod tests { #[test] fn poseidon2_stark_degree() -> Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_low_degree(stark) } #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/poseidon2_sponge/stark.rs b/circuits/src/poseidon2_sponge/stark.rs index ebf3e1d86..01cd06cb6 100644 --- a/circuits/src/poseidon2_sponge/stark.rs +++ b/circuits/src/poseidon2_sponge/stark.rs @@ -236,7 +236,10 @@ mod tests { let step_rows = record.executed; - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let trace = generate_poseidon2_sponge_trace(&step_rows); let trace_poly_values = trace_rows_to_poly_values(trace); @@ -279,12 +282,18 @@ mod tests { #[test] fn poseidon2_stark_degree() -> Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_low_degree(stark) } #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/program/stark.rs b/circuits/src/program/stark.rs index 153a9170d..3c3c85919 100644 --- a/circuits/src/program/stark.rs +++ b/circuits/src/program/stark.rs @@ -77,7 +77,10 @@ mod tests { #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/rangecheck/stark.rs b/circuits/src/rangecheck/stark.rs index da9d1865c..27707374f 100644 --- a/circuits/src/rangecheck/stark.rs +++ b/circuits/src/rangecheck/stark.rs @@ -48,7 +48,10 @@ mod tests { #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/rangecheck_u8/stark.rs b/circuits/src/rangecheck_u8/stark.rs index c6c44dd53..f53701068 100644 --- a/circuits/src/rangecheck_u8/stark.rs +++ b/circuits/src/rangecheck_u8/stark.rs @@ -89,7 +89,10 @@ mod tests { #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/register/general/stark.rs b/circuits/src/register/general/stark.rs index afbf6a934..3938ad333 100644 --- a/circuits/src/register/general/stark.rs +++ b/circuits/src/register/general/stark.rs @@ -190,13 +190,19 @@ mod tests { #[test] fn test_degree() -> Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_low_degree(stark) } #[test] fn test_circuit() -> Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark) } diff --git a/circuits/src/register/init/stark.rs b/circuits/src/register/init/stark.rs index f54b38fad..29dec1f8e 100644 --- a/circuits/src/register/init/stark.rs +++ b/circuits/src/register/init/stark.rs @@ -89,7 +89,10 @@ mod tests { #[test] fn test_degree() -> Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_low_degree(stark) } diff --git a/circuits/src/stark/proof.rs b/circuits/src/stark/proof.rs index e35172286..448298949 100644 --- a/circuits/src/stark/proof.rs +++ b/circuits/src/stark/proof.rs @@ -303,14 +303,14 @@ impl, C: GenericConfig, const D: usize> A // TODO(Matthias): consider moving to observing all ctl caps at once, so we can // use the same `alphas` for the whole set of starks. That would need // changes in plonky2. + challenger.compact(); AllProofChallenges { stark_challenges: all_kind!(|kind| { let mut challenger = challenger.clone(); - challenger.compact(); self.proofs[kind].proof.get_challenges( &mut challenger, Some(&ctl_challenges), - false, + true, config, ) }), diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index 94f2c083a..20bc7bc2b 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -233,7 +233,7 @@ where .build(); // Clear buffered outputs. - let init_challenger_state = challenger.compact(); + challenger.compact(); Ok(all_starks!(mozak_stark, |stark, kind| { let mut challenger = challenger.clone(); prove_single_table( diff --git a/circuits/src/stark/verifier.rs b/circuits/src/stark/verifier.rs index 72f22d93e..1d442f368 100644 --- a/circuits/src/stark/verifier.rs +++ b/circuits/src/stark/verifier.rs @@ -66,6 +66,8 @@ where ..Default::default() } .build(); + // TODO(Matthias): we still need to make sure that all the challenges are + // correct, via our own observing etc. all_starks!(mozak_stark, |stark, kind| { starky::verifier::verify_stark_proof_with_challenges( stark, @@ -74,7 +76,8 @@ where Some(&ctl_vars_per_table[kind as usize]), public_inputs[kind], config, - )?; + ) + .unwrap_or_else(|e| panic!("Failed to verify stark proof for {kind:?}: {e}")); }); starky::cross_table_lookup::verify_cross_table_lookups( &mozak_stark.cross_table_lookups, diff --git a/circuits/src/tape_commitments/stark.rs b/circuits/src/tape_commitments/stark.rs index 9658006ac..6b681f42c 100644 --- a/circuits/src/tape_commitments/stark.rs +++ b/circuits/src/tape_commitments/stark.rs @@ -245,7 +245,10 @@ mod tests { #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/circuits/src/xor/stark.rs b/circuits/src/xor/stark.rs index 7c3a6ee53..f65af2a4c 100644 --- a/circuits/src/xor/stark.rs +++ b/circuits/src/xor/stark.rs @@ -116,7 +116,10 @@ mod tests { type S = XorStark; #[test] fn test_degree() -> Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_low_degree(stark) } @@ -161,7 +164,10 @@ mod tests { let cpu_trace = generate_cpu_trace(&record); let trace = timed!(timing, "generate_xor_trace", generate_xor_trace(&cpu_trace)); let trace_poly_values = timed!(timing, "trace to poly", trace_rows_to_poly_values(trace)); - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; let proof = timed!( timing, @@ -193,7 +199,10 @@ mod tests { #[test] fn test_circuit() -> anyhow::Result<()> { - let stark = S::default(); + let stark = S { + standalone_proving: true, + ..S::default() + }; test_stark_circuit_constraints::(stark)?; Ok(()) diff --git a/examples/Cargo.lock b/examples/Cargo.lock index 208a51678..474e79ab7 100644 --- a/examples/Cargo.lock +++ b/examples/Cargo.lock @@ -435,7 +435,7 @@ dependencies = [ [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" dependencies = [ "ahash", "anyhow", @@ -457,7 +457,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" dependencies = [ "anyhow", "itertools", @@ -472,12 +472,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" [[package]] name = "ppv-lite86" From ca7f5b5ec8705665abab76618a168249f6222d73 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 18:10:22 +0800 Subject: [PATCH 32/46] Restore --- circuits/src/stark/recursive_verifier.rs | 451 ++++++++++++----------- 1 file changed, 231 insertions(+), 220 deletions(-) diff --git a/circuits/src/stark/recursive_verifier.rs b/circuits/src/stark/recursive_verifier.rs index 565aa0b9a..6821be554 100644 --- a/circuits/src/stark/recursive_verifier.rs +++ b/circuits/src/stark/recursive_verifier.rs @@ -643,237 +643,248 @@ where #[cfg(test)] mod tests { - use anyhow::Result; + use std::panic; + use std::panic::AssertUnwindSafe; - use crate::stark::mozak_stark::MozakStark; - use crate::test_utils::{D, F}; + use anyhow::Result; + use log::info; + use mozak_runner::code; + use mozak_runner::instruction::{Args, Instruction, Op}; + use mozak_sdk::core::ecall::COMMITMENT_SIZE; + use plonky2::field::goldilocks_field::GoldilocksField; + use plonky2::iop::witness::{PartialWitness, WitnessWrite}; + use plonky2::plonk::circuit_builder::CircuitBuilder; + use plonky2::plonk::circuit_data::CircuitConfig; + use plonky2::util::timing::TimingTree; + use starky::config::StarkConfig; + + use crate::stark::mozak_stark::{MozakStark, PublicInputs}; + use crate::stark::prover::prove; + use crate::stark::recursive_verifier::{ + recursive_mozak_stark_circuit, shrink_to_target_degree_bits_circuit, + verify_recursive_vm_proof, VMRecursiveProofPublicInputs, VM_PUBLIC_INPUT_SIZE, + VM_RECURSION_CONFIG, VM_RECURSION_THRESHOLD_DEGREE_BITS, + }; + use crate::test_utils::{C, D, F}; + use crate::utils::from_u32; type S = MozakStark; #[test] fn recursive_verify_mozak_starks() -> Result<()> { - todo!() - // use plonky2::field::types::Field; - - // use crate::stark::verifier::verify_proof; - - // let stark = S::default(); - // let config = StarkConfig::standard_fast_config(); - // let (program, record) = code::execute( - // [Instruction { - // op: Op::ADD, - // args: Args { - // rd: 5, - // rs1: 6, - // rs2: 7, - // ..Args::default() - // }, - // }], - // &[], - // &[(6, 100), (7, 200)], - // ); - // let public_inputs = PublicInputs { - // entry_point: from_u32(program.entry_point), - // }; - - // let mozak_proof = prove::( - // &program, - // &record, - // &stark, - // &config, - // public_inputs, - // &mut TimingTree::default(), - // )?; - // verify_proof(&stark, mozak_proof.clone(), &config)?; - - // let circuit_config = CircuitConfig::standard_recursion_config(); - // let mozak_stark_circuit = recursive_mozak_stark_circuit::( - // &stark, - // &mozak_proof.degree_bits(&config), - // &circuit_config, - // &config, - // ); - - // let recursive_proof = mozak_stark_circuit.prove(&mozak_proof)?; - // let public_input_slice: [F; VM_PUBLIC_INPUT_SIZE] = - // recursive_proof.public_inputs.as_slice().try_into().unwrap(); - // let expected_event_commitment_tape = [F::ZERO; COMMITMENT_SIZE]; - // let expected_castlist_commitment_tape = [F::ZERO; COMMITMENT_SIZE]; - // let recursive_proof_public_inputs: &VMRecursiveProofPublicInputs = - // &public_input_slice.into(); - // assert_eq!( - // recursive_proof_public_inputs.event_commitment_tape, - // expected_event_commitment_tape, "Could not find - // expected_event_commitment_tape in recursive proof's public inputs" - // ); - // assert_eq!( - // recursive_proof_public_inputs.castlist_commitment_tape, - // expected_castlist_commitment_tape, - // "Could not find expected_castlist_commitment_tape in recursive - // proof's public inputs" ); - - // mozak_stark_circuit.circuit.verify(recursive_proof) + use plonky2::field::types::Field; + + use crate::stark::verifier::verify_proof; + + let stark = S::default(); + let config = StarkConfig::standard_fast_config(); + let (program, record) = code::execute( + [Instruction { + op: Op::ADD, + args: Args { + rd: 5, + rs1: 6, + rs2: 7, + ..Args::default() + }, + }], + &[], + &[(6, 100), (7, 200)], + ); + let public_inputs = PublicInputs { + entry_point: from_u32(program.entry_point), + }; + + let mozak_proof = prove::( + &program, + &record, + &stark, + &config, + public_inputs, + &mut TimingTree::default(), + )?; + verify_proof(&stark, &mozak_proof.clone(), &config)?; + + let circuit_config = CircuitConfig::standard_recursion_config(); + let mozak_stark_circuit = recursive_mozak_stark_circuit::( + &stark, + &mozak_proof.degree_bits(&config), + &circuit_config, + &config, + ); + + let recursive_proof = mozak_stark_circuit.prove(&mozak_proof)?; + let public_input_slice: [F; VM_PUBLIC_INPUT_SIZE] = + recursive_proof.public_inputs.as_slice().try_into().unwrap(); + let expected_event_commitment_tape = [F::ZERO; COMMITMENT_SIZE]; + let expected_castlist_commitment_tape = [F::ZERO; COMMITMENT_SIZE]; + let recursive_proof_public_inputs: &VMRecursiveProofPublicInputs = + &public_input_slice.into(); + assert_eq!( + recursive_proof_public_inputs.event_commitment_tape, expected_event_commitment_tape, + "Could not find + expected_event_commitment_tape in recursive proof's public inputs" + ); + assert_eq!( + recursive_proof_public_inputs.castlist_commitment_tape, + expected_castlist_commitment_tape, + "Could not find expected_castlist_commitment_tape in recursive + proof's public inputs" + ); + + mozak_stark_circuit.circuit.verify(recursive_proof) } #[test] #[ignore] #[allow(clippy::too_many_lines)] fn same_circuit_verify_different_vm_proofs() -> Result<()> { - todo!() - // let stark = S::default(); - // let inst = Instruction { - // op: Op::ADD, - // args: Args { - // rd: 5, - // rs1: 6, - // rs2: 7, - // ..Args::default() - // }, - // }; - - // let (program0, record0) = code::execute([inst], &[], &[(6, 100), (7, - // 200)]); let public_inputs = PublicInputs { - // entry_point: from_u32(program0.entry_point), - // }; - // let stark_config0 = StarkConfig::standard_fast_config(); - // let mozak_proof0 = prove::( - // &program0, - // &record0, - // &stark, - // &stark_config0, - // public_inputs, - // &mut TimingTree::default(), - // )?; - - // let (program1, record1) = code::execute(vec![inst; 128], &[], &[(6, - // 100), (7, 200)]); let public_inputs = PublicInputs { - // entry_point: from_u32(program1.entry_point), - // }; - // let stark_config1 = StarkConfig::standard_fast_config(); - // let mozak_proof1 = prove::( - // &program1, - // &record1, - // &stark, - // &stark_config1, - // public_inputs, - // &mut TimingTree::default(), - // )?; - - // // The degree bits should be different for the two proofs. - // assert_ne!( - // mozak_proof0.degree_bits(&stark_config0), - // mozak_proof1.degree_bits(&stark_config1) - // ); - - // let recursion_circuit_config = - // CircuitConfig::standard_recursion_config(); - // let recursion_circuit0 = recursive_mozak_stark_circuit::( - // &stark, - // &mozak_proof0.degree_bits(&stark_config0), - // &recursion_circuit_config, - // &stark_config0, - // ); - // let recursion_proof0 = recursion_circuit0.prove(&mozak_proof0)?; - - // let recursion_circuit1 = recursive_mozak_stark_circuit::( - // &stark, - // &mozak_proof1.degree_bits(&stark_config1), - // &recursion_circuit_config, - // &stark_config1, - // ); - // let recursion_proof1 = recursion_circuit1.prove(&mozak_proof1)?; - - // // recursion_circuit0 - // // .circuit - // // .verify(recursion_proof0.clone())?; - - // let public_inputs_size = recursion_proof0.public_inputs.len(); - // assert_eq!(VM_PUBLIC_INPUT_SIZE, public_inputs_size); - // assert_eq!(public_inputs_size, recursion_proof1.public_inputs.len()); - - // // It is not possible to verify different VM proofs with the same - // recursion // circuit. - // let result = panic::catch_unwind(AssertUnwindSafe(|| { - // recursion_circuit0 - // .circuit - // .verify(recursion_proof1.clone()) - // .expect("Verification failed"); - // })); - // assert!(result.is_err(), "Verification did not failed as expected"); - - // let recursion_degree_bits0 = - // recursion_circuit0.circuit.common.degree_bits(); - // let recursion_degree_bits1 = - // recursion_circuit1.circuit.common.degree_bits(); - // assert_ne!(recursion_degree_bits0, recursion_degree_bits1); - // info!("recursion circuit0 degree bits: {}", recursion_degree_bits0); - // info!("recursion circuit1 degree bits: {}", recursion_degree_bits1); - - // let target_degree_bits = VM_RECURSION_THRESHOLD_DEGREE_BITS; - // let (final_circuit0, final_proof0) = - // shrink_to_target_degree_bits_circuit( - // &recursion_circuit0.circuit, - // &VM_RECURSION_CONFIG, - // target_degree_bits, - // &recursion_proof0, - // )?; - // let (final_circuit1, final_proof1) = - // shrink_to_target_degree_bits_circuit( - // &recursion_circuit1.circuit, - // &VM_RECURSION_CONFIG, - // target_degree_bits, - // &recursion_proof1, - // )?; - // assert_eq!( - // final_circuit0.circuit.common.degree_bits(), - // target_degree_bits - // ); - // assert_eq!( - // final_circuit1.circuit.common.degree_bits(), - // target_degree_bits - // ); - - // final_circuit0.circuit.verify(final_proof0.clone())?; - // final_circuit1.circuit.verify(final_proof1.clone())?; - - // // It is still not possible to verify different VM proofs with the - // same // recursion circuit at this point. But the final proofs - // now have the same // degree bits. - // let result = panic::catch_unwind(AssertUnwindSafe(|| { - // final_circuit0 - // .circuit - // .verify(final_proof1.clone()) - // .expect("Verification failed"); - // })); - // assert!(result.is_err(), "Verification did not failed as expected"); - - // // Let's build a circuit to verify the final proofs. - // let mut builder = - // CircuitBuilder::new(CircuitConfig::standard_recursion_config()); - // let targets = verify_recursive_vm_proof::( - // &mut builder, - // public_inputs_size, - // &VM_RECURSION_CONFIG, - // target_degree_bits, - // ); - // let circuit = builder.build::(); - - // // This time, we can verify the final proofs from two different VM - // programs in // the same circuit. - // let mut pw = PartialWitness::new(); - // pw.set_proof_with_pis_target(&targets.proof_with_pis_target, - // &final_proof0); pw.set_verifier_data_target(&targets. - // vk_target, &final_circuit0.circuit.verifier_only); - // let proof = circuit.prove(pw)?; - // circuit.verify(proof)?; - - // let mut pw = PartialWitness::new(); - // pw.set_proof_with_pis_target(&targets.proof_with_pis_target, - // &final_proof1); pw.set_verifier_data_target(&targets. - // vk_target, &final_circuit1.circuit.verifier_only); - // let proof = circuit.prove(pw)?; - // circuit.verify(proof)?; - - // Ok(()) + let stark = S::default(); + let inst = Instruction { + op: Op::ADD, + args: Args { + rd: 5, + rs1: 6, + rs2: 7, + ..Args::default() + }, + }; + + let (program0, record0) = code::execute([inst], &[], &[(6, 100), (7, 200)]); + let public_inputs = PublicInputs { + entry_point: from_u32(program0.entry_point), + }; + let stark_config0 = StarkConfig::standard_fast_config(); + let mozak_proof0 = prove::( + &program0, + &record0, + &stark, + &stark_config0, + public_inputs, + &mut TimingTree::default(), + )?; + + let (program1, record1) = code::execute(vec![inst; 128], &[], &[(6, 100), (7, 200)]); + let public_inputs = PublicInputs { + entry_point: from_u32(program1.entry_point), + }; + let stark_config1 = StarkConfig::standard_fast_config(); + let mozak_proof1 = prove::( + &program1, + &record1, + &stark, + &stark_config1, + public_inputs, + &mut TimingTree::default(), + )?; + + // The degree bits should be different for the two proofs. + assert_ne!( + mozak_proof0.degree_bits(&stark_config0), + mozak_proof1.degree_bits(&stark_config1) + ); + + let recursion_circuit_config = CircuitConfig::standard_recursion_config(); + let recursion_circuit0 = recursive_mozak_stark_circuit::( + &stark, + &mozak_proof0.degree_bits(&stark_config0), + &recursion_circuit_config, + &stark_config0, + ); + let recursion_proof0 = recursion_circuit0.prove(&mozak_proof0)?; + + let recursion_circuit1 = recursive_mozak_stark_circuit::( + &stark, + &mozak_proof1.degree_bits(&stark_config1), + &recursion_circuit_config, + &stark_config1, + ); + let recursion_proof1 = recursion_circuit1.prove(&mozak_proof1)?; + + // recursion_circuit0 + // .circuit + // .verify(recursion_proof0.clone())?; + + let public_inputs_size = recursion_proof0.public_inputs.len(); + assert_eq!(VM_PUBLIC_INPUT_SIZE, public_inputs_size); + assert_eq!(public_inputs_size, recursion_proof1.public_inputs.len()); + + // It is not possible to verify different VM proofs with the same recursion + // circuit. + let result = panic::catch_unwind(AssertUnwindSafe(|| { + recursion_circuit0 + .circuit + .verify(recursion_proof1.clone()) + .expect("Verification failed"); + })); + assert!(result.is_err(), "Verification did not failed as expected"); + + let recursion_degree_bits0 = recursion_circuit0.circuit.common.degree_bits(); + let recursion_degree_bits1 = recursion_circuit1.circuit.common.degree_bits(); + assert_ne!(recursion_degree_bits0, recursion_degree_bits1); + info!("recursion circuit0 degree bits: {}", recursion_degree_bits0); + info!("recursion circuit1 degree bits: {}", recursion_degree_bits1); + + let target_degree_bits = VM_RECURSION_THRESHOLD_DEGREE_BITS; + let (final_circuit0, final_proof0) = shrink_to_target_degree_bits_circuit( + &recursion_circuit0.circuit, + &VM_RECURSION_CONFIG, + target_degree_bits, + &recursion_proof0, + )?; + let (final_circuit1, final_proof1) = shrink_to_target_degree_bits_circuit( + &recursion_circuit1.circuit, + &VM_RECURSION_CONFIG, + target_degree_bits, + &recursion_proof1, + )?; + assert_eq!( + final_circuit0.circuit.common.degree_bits(), + target_degree_bits + ); + assert_eq!( + final_circuit1.circuit.common.degree_bits(), + target_degree_bits + ); + + final_circuit0.circuit.verify(final_proof0.clone())?; + final_circuit1.circuit.verify(final_proof1.clone())?; + + // It is still not possible to verify different VM proofs with the same + // recursion circuit at this point. But the final proofs now have the same + // degree bits. + let result = panic::catch_unwind(AssertUnwindSafe(|| { + final_circuit0 + .circuit + .verify(final_proof1.clone()) + .expect("Verification failed"); + })); + assert!(result.is_err(), "Verification did not failed as expected"); + + // Let's build a circuit to verify the final proofs. + let mut builder = CircuitBuilder::new(CircuitConfig::standard_recursion_config()); + let targets = verify_recursive_vm_proof::( + &mut builder, + public_inputs_size, + &VM_RECURSION_CONFIG, + target_degree_bits, + ); + let circuit = builder.build::(); + + // This time, we can verify the final proofs from two different VM programs in + // the same circuit. + let mut pw = PartialWitness::new(); + pw.set_proof_with_pis_target(&targets.proof_with_pis_target, &final_proof0); + pw.set_verifier_data_target(&targets.vk_target, &final_circuit0.circuit.verifier_only); + let proof = circuit.prove(pw)?; + circuit.verify(proof)?; + + let mut pw = PartialWitness::new(); + pw.set_proof_with_pis_target(&targets.proof_with_pis_target, &final_proof1); + pw.set_verifier_data_target(&targets.vk_target, &final_circuit1.circuit.verifier_only); + let proof = circuit.prove(pw)?; + circuit.verify(proof)?; + + Ok(()) } } From f0da0ac04e026f751cdd07677445e83d922d4092 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 18:32:07 +0800 Subject: [PATCH 33/46] Cargo update --- Cargo.lock | 10 +- circuits/src/stark/recursive_verifier.rs | 153 +++-------------------- examples/Cargo.lock | 8 +- sdk/Cargo.lock | 8 +- 4 files changed, 32 insertions(+), 147 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1b6f82e53..f3a90320a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1146,7 +1146,7 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" dependencies = [ "ahash", "anyhow", @@ -1187,7 +1187,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1202,7 +1202,7 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" dependencies = [ "rayon", ] @@ -1210,7 +1210,7 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" [[package]] name = "plotters" @@ -1666,7 +1666,7 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" dependencies = [ "ahash", "anyhow", diff --git a/circuits/src/stark/recursive_verifier.rs b/circuits/src/stark/recursive_verifier.rs index 6821be554..4ce4b7735 100644 --- a/circuits/src/stark/recursive_verifier.rs +++ b/circuits/src/stark/recursive_verifier.rs @@ -7,12 +7,10 @@ use anyhow::Result; use log::info; use mozak_sdk::core::ecall::COMMITMENT_SIZE; use plonky2::field::extension::Extendable; -use plonky2::field::types::Field; use plonky2::fri::witness_util::set_fri_proof_target; use plonky2::gates::noop::NoopGate; use plonky2::hash::hash_types::{RichField, NUM_HASH_OUT_ELTS}; use plonky2::iop::challenger::RecursiveChallenger; -use plonky2::iop::ext_target::ExtensionTarget; use plonky2::iop::target::Target; use plonky2::iop::witness::{PartialWitness, Witness, WitnessWrite}; use plonky2::plonk::circuit_builder::CircuitBuilder; @@ -24,10 +22,9 @@ use starky::stark::Stark; use super::mozak_stark::{all_starks, TableKindArray}; use crate::columns_view::{columns_view_impl, NumberOfColumns}; -use crate::cross_table_lookup::CtlCheckVarsTarget; use crate::stark::mozak_stark::{MozakStark, TableKind}; use crate::stark::proof::{ - AllProof, StarkOpeningSetTarget, StarkProof, StarkProofChallengesTarget, StarkProofTarget, + AllProof, StarkOpeningSetTarget, StarkProof, StarkProofTarget, StarkProofWithPublicInputsTarget, }; @@ -122,6 +119,24 @@ where pub fn prove(&self, all_proof: &AllProof) -> Result> { let mut inputs = PartialWitness::new(); + // all_kind!(|kind| { + // self.targets[kind].set_targets(&mut inputs, &all_proof.proofs[kind]); + + // // set public_sub_table_values targets + // for (public_sub_table_values_target, public_sub_table_values) in zip_eq( + // &self.public_sub_table_values_targets[kind], + // &all_proof.public_sub_table_values[kind], + // ) { + // for (row_target, row) in + // zip_eq(public_sub_table_values_target, public_sub_table_values) + // { + // for (&values_target, &values) in zip_eq(row_target, row) { + // inputs.set_target(values_target, values); + // } + // } + // } + // }); + // How are zk_evm handling their public inputs? // // let proof = starky::proof::StarkProof::from(proof); // // TODO(Matthias): not sure we need this, if we don't have the pub sub @@ -265,136 +280,6 @@ where MozakStarkVerifierCircuit { circuit, targets } } -/// Recursively verifies an inner proof. -fn verify_stark_proof_with_challenges_circuit< - F: RichField + Extendable, - C: GenericConfig, - S: Stark, - const D: usize, ->( - builder: &mut CircuitBuilder, - stark: &S, - proof_with_public_inputs: &StarkProofWithPublicInputsTarget, - challenges: &StarkProofChallengesTarget, - ctl_vars: &[CtlCheckVarsTarget], - inner_config: &StarkConfig, -) where - C::Hasher: AlgebraicHasher, { - todo!() - // let zero = builder.zero(); - // let one = builder.one_extension(); - - // let StarkOpeningSetTarget { - // local_values, - // next_values, - // ctl_zs: _, - // ctl_zs_next: _, - // ctl_zs_last, - // quotient_polys, - // } = &proof_with_public_inputs.proof.openings; - - // let converted_public_inputs: Vec> = - // proof_with_public_inputs .public_inputs - // .iter() - // .map(|target| builder.convert_to_ext(*target)) // replace with actual - // conversion function/method .collect(); - - // let vars = - // S::EvaluationFrameTarget::from_values(local_values, next_values, - // &converted_public_inputs); - - // let degree_bits = proof_with_public_inputs - // .proof - // .recover_degree_bits(inner_config); - // let zeta_pow_deg = - // builder.exp_power_of_2_extension(challenges.stark_zeta, degree_bits); - // let z_h_zeta = builder.sub_extension(zeta_pow_deg, one); - // let (l_0, l_last) = - // eval_l_0_and_l_last_circuit(builder, degree_bits, - // challenges.stark_zeta, z_h_zeta); let last = - // builder. - // constant_extension(F::Extension::primitive_root_of_unity(degree_bits). - // inverse()); let z_last = builder.sub_extension(challenges.stark_zeta, - // last); - - // let mut consumer = RecursiveConstraintConsumer::::new( - // builder.zero_extension(), - // challenges.stark_alphas.clone(), - // z_last, - // l_0, - // l_last, - // ); - - // with_context!( - // builder, - // "evaluate vanishing polynomial", - // eval_vanishing_poly_circuit::(builder, stark, &vars, - // ctl_vars, &mut consumer,) ); - // let vanishing_polys_zeta = consumer.accumulators(); - - // // Check each polynomial identity, of the form `vanishing(x) = Z_H(x) - // // quotient(x)`, at zeta. - // let mut scale = ReducingFactorTarget::new(zeta_pow_deg); - // for (i, chunk) in quotient_polys - // .chunks(stark.quotient_degree_factor()) - // .enumerate() - // { - // let recombined_quotient = scale.reduce(chunk, builder); - // let computed_vanishing_poly = builder.mul_extension(z_h_zeta, - // recombined_quotient); builder. - // connect_extension(vanishing_polys_zeta[i], computed_vanishing_poly); - // } - - // let merkle_caps = vec![ - // proof_with_public_inputs.proof.trace_cap.clone(), - // proof_with_public_inputs.proof.ctl_zs_cap.clone(), - // proof_with_public_inputs.proof.quotient_polys_cap.clone(), - // ]; - - // let fri_instance = stark.fri_instance_target( - // builder, - // challenges.stark_zeta, - // F::primitive_root_of_unity(degree_bits), - // 0, - // 0, - // inner_config, - // Some(&LookupConfig { - // degree_bits, - // num_zs: ctl_zs_last.len(), - // }), - // ); - // builder.verify_fri_proof::( - // &fri_instance, - // &proof_with_public_inputs - // .proof - // .openings - // .to_fri_openings(zero), - // &challenges.fri_challenges, - // &merkle_caps, - // &proof_with_public_inputs.proof.opening_proof, - // &inner_config.fri_params(degree_bits), - // ); -} - -fn eval_l_0_and_l_last_circuit, const D: usize>( - builder: &mut CircuitBuilder, - log_n: usize, - x: ExtensionTarget, - z_x: ExtensionTarget, -) -> (ExtensionTarget, ExtensionTarget) { - let n = builder.constant_extension(F::Extension::from_canonical_usize(1 << log_n)); - let g = builder.constant_extension(F::Extension::primitive_root_of_unity(log_n)); - let one = builder.one_extension(); - let l_0_deno = builder.mul_sub_extension(n, x, n); - let l_last_deno = builder.mul_sub_extension(g, x, one); - let l_last_deno = builder.mul_extension(n, l_last_deno); - - ( - builder.div_extension(z_x, l_0_deno), - builder.div_extension(z_x, l_last_deno), - ) -} - pub fn add_virtual_stark_proof_with_pis< F: RichField + Extendable, S: Stark, diff --git a/examples/Cargo.lock b/examples/Cargo.lock index 474e79ab7..1d13e699d 100644 --- a/examples/Cargo.lock +++ b/examples/Cargo.lock @@ -435,7 +435,7 @@ dependencies = [ [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" dependencies = [ "ahash", "anyhow", @@ -457,7 +457,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" dependencies = [ "anyhow", "itertools", @@ -472,12 +472,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#0ae1f4fabbbbdb5f41c8cc9228711f1dc23b8df5" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" [[package]] name = "ppv-lite86" diff --git a/sdk/Cargo.lock b/sdk/Cargo.lock index 9fe57e7a8..785d06ed6 100644 --- a/sdk/Cargo.lock +++ b/sdk/Cargo.lock @@ -308,7 +308,7 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" dependencies = [ "ahash", "anyhow", @@ -330,7 +330,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" dependencies = [ "anyhow", "itertools", @@ -345,12 +345,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#96c937ba5478ede85d7636b4500dcbe48944ba39" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" [[package]] name = "ppv-lite86" From 84bac18dfcfd721e4bc868d690c9a44b883e558a Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 18:34:05 +0800 Subject: [PATCH 34/46] Fix from_u32 --- circuits/src/utils.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/circuits/src/utils.rs b/circuits/src/utils.rs index aaf9800f7..302b27715 100644 --- a/circuits/src/utils.rs +++ b/circuits/src/utils.rs @@ -49,7 +49,7 @@ pub fn pad_trace_with_default(trace: Vec) -> Vec } #[must_use] -pub(crate) fn from_u32(x: u32) -> F { Field::from_noncanonical_u64(x.into()) } +pub(crate) fn from_u32(x: u32) -> F { Field::from_canonical_u32(x) } #[must_use] #[allow(clippy::cast_possible_wrap)] From 545575fe666291e4effe38dd180cf9c2a37d17fa Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 18:46:11 +0800 Subject: [PATCH 35/46] Progress --- circuits/src/stark/recursive_verifier.rs | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/circuits/src/stark/recursive_verifier.rs b/circuits/src/stark/recursive_verifier.rs index 4ce4b7735..ee9ec53d4 100644 --- a/circuits/src/stark/recursive_verifier.rs +++ b/circuits/src/stark/recursive_verifier.rs @@ -24,8 +24,7 @@ use super::mozak_stark::{all_starks, TableKindArray}; use crate::columns_view::{columns_view_impl, NumberOfColumns}; use crate::stark::mozak_stark::{MozakStark, TableKind}; use crate::stark::proof::{ - AllProof, StarkOpeningSetTarget, StarkProof, StarkProofTarget, - StarkProofWithPublicInputsTarget, + AllProof, StarkOpeningSetTarget, StarkProof, StarkProofTarget, StarkProofWithPublicInputsTarget, }; /// Plonky2's recursion threshold is 2^12 gates. @@ -201,7 +200,7 @@ where &mut challenger, inner_config.num_challenges, ); - // TODO(Matthias): use + // TODO(Matthias): use verify_stark_proof_with_challenges_circuit from upstream. // starky::recursive_verifier::verify_stark_proof_with_challenges_circuit( // &mut builder, @@ -218,7 +217,9 @@ where ); let targets = all_starks!(mozak_stark, |stark, kind| { - let (total_num_helpers, num_ctl_zs, num_helpers_by_ctl) = + // TODO(Matthias): we are already doing this above? + let num_lookup_columns = stark.num_lookup_helper_columns(inner_config); + let (total_num_helpers, _num_ctl_zs, num_helpers_by_ctl) = starky::cross_table_lookup::CrossTableLookup::num_ctl_helpers_zs_all( &mozak_stark.cross_table_lookups, kind as usize, @@ -230,7 +231,7 @@ where &stark_proof_with_pis_target[kind].proof, &mozak_stark.cross_table_lookups, &ctl_challenges, - num_ctl_zs, + num_lookup_columns, total_num_helpers, &num_helpers_by_ctl, ); From eee3932264f733c42e6c3d2bd2cd187f5034e97c Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 18:48:11 +0800 Subject: [PATCH 36/46] More progress --- circuits/src/stark/recursive_verifier.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/circuits/src/stark/recursive_verifier.rs b/circuits/src/stark/recursive_verifier.rs index ee9ec53d4..fad3e773e 100644 --- a/circuits/src/stark/recursive_verifier.rs +++ b/circuits/src/stark/recursive_verifier.rs @@ -174,13 +174,14 @@ where let mut challenger = RecursiveChallenger::::new(&mut builder); let stark_proof_with_pis_target = all_starks!(mozak_stark, |stark, kind| { - let (num_ctl_helper_zs, num_ctl_zs, _) = + let (total_num_helpers, num_ctl_zs, _) = starky::cross_table_lookup::CrossTableLookup::num_ctl_helpers_zs_all( &mozak_stark.cross_table_lookups, kind as usize, inner_config.num_challenges, stark.constraint_degree(), ); + let num_ctl_helper_zs = num_ctl_zs + total_num_helpers; starky::recursive_verifier::add_virtual_stark_proof_with_pis( &mut builder, stark, From ac41127ecac069f0f6b91745e1ec6e776d2eba17 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 23:11:09 +0800 Subject: [PATCH 37/46] Fix --- circuits/src/cpu_skeleton/stark.rs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/circuits/src/cpu_skeleton/stark.rs b/circuits/src/cpu_skeleton/stark.rs index 041dcc35f..057bdb13f 100644 --- a/circuits/src/cpu_skeleton/stark.rs +++ b/circuits/src/cpu_skeleton/stark.rs @@ -19,6 +19,7 @@ use crate::stark::mozak_stark::PublicInputs; #[derive(Clone, Copy, Default, StarkNameDisplay)] #[allow(clippy::module_name_repetitions)] pub struct CpuSkeletonStark { + pub standalone_proving: bool, pub _f: PhantomData, } @@ -77,6 +78,8 @@ impl, const D: usize> Stark for CpuSkeletonSt type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { !self.standalone_proving } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, From 7ef8f6658536211b1d755ce8411a65d80e93b203 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 23:14:28 +0800 Subject: [PATCH 38/46] requires_ctl --- circuits/src/ops/add/stark.rs | 3 +++ circuits/src/ops/lw/stark.rs | 3 +++ circuits/src/ops/sw/stark.rs | 3 +++ 3 files changed, 9 insertions(+) diff --git a/circuits/src/ops/add/stark.rs b/circuits/src/ops/add/stark.rs index f4a19e966..4d74f7b3b 100644 --- a/circuits/src/ops/add/stark.rs +++ b/circuits/src/ops/add/stark.rs @@ -19,6 +19,7 @@ use crate::expr::{build_ext, build_packed, ConstraintBuilder}; #[allow(clippy::module_name_repetitions)] pub struct AddStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for AddStark { @@ -54,6 +55,8 @@ impl, const D: usize> Stark for AddStark, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { !self.standalone_proving } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/ops/lw/stark.rs b/circuits/src/ops/lw/stark.rs index cb1033c84..b7ca01282 100644 --- a/circuits/src/ops/lw/stark.rs +++ b/circuits/src/ops/lw/stark.rs @@ -20,6 +20,7 @@ use crate::unstark::NoColumns; #[allow(clippy::module_name_repetitions)] pub struct LoadWordStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for LoadWordStark { @@ -55,6 +56,8 @@ impl, const D: usize> Stark for LoadWordStark type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { !self.standalone_proving } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, diff --git a/circuits/src/ops/sw/stark.rs b/circuits/src/ops/sw/stark.rs index a9d17cfc4..61dc2cce1 100644 --- a/circuits/src/ops/sw/stark.rs +++ b/circuits/src/ops/sw/stark.rs @@ -20,6 +20,7 @@ use crate::unstark::NoColumns; #[allow(clippy::module_name_repetitions)] pub struct StoreWordStark { pub _f: PhantomData, + pub standalone_proving: bool, } impl HasNamedColumns for StoreWordStark { @@ -53,6 +54,8 @@ impl, const D: usize> Stark for StoreWordStar type EvaluationFrameTarget = StarkFrame, ExtensionTarget, COLUMNS, PUBLIC_INPUTS>; + fn requires_ctls(&self) -> bool { !self.standalone_proving } + fn eval_packed_generic( &self, vars: &Self::EvaluationFrame, From 1f2e72aab4c30d71ebf8a3b29c0bbeff9d1c02bb Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 23:34:36 +0800 Subject: [PATCH 39/46] Parallel --- circuits/src/stark/prover.rs | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index 70b9aa80d..96f4bf74a 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -20,10 +20,12 @@ use starky::config::StarkConfig; use starky::proof::StarkProofWithMetadata; use starky::stark::Stark; -use super::mozak_stark::{MozakStark, TableKind, TableKindArray, TableKindSetBuilder}; +use super::mozak_stark::{ + all_starks_par, MozakStark, TableKind, TableKindArray, TableKindSetBuilder, +}; use super::proof::AllProof; use crate::generation::{debug_traces, generate_traces}; -use crate::stark::mozak_stark::{all_starks, PublicInputs}; +use crate::stark::mozak_stark::PublicInputs; /// Prove the execution of a given [Program] /// @@ -92,7 +94,8 @@ where traces_poly_values .clone() .with_kind() - .map(|(trace, table)| { + .par_map(|(trace, table)| { + let mut timing = TimingTree::default(); timed!( timing, &format!("compute trace commitment for {table:?}"), @@ -101,7 +104,7 @@ where rate_bits, false, cap_height, - timing, + &mut timing, None, ) ) @@ -120,6 +123,7 @@ where .cross_table_lookups .clone() .map(starky::cross_table_lookup::CrossTableLookup::from); + // TODO(Matthias): parallelise `get_ctl_data` in starky. let (starky_ctl_challenges, starky_ctl_datas) = { starky::cross_table_lookup::get_ctl_data::( config, @@ -228,7 +232,7 @@ pub fn prove_with_commitments( traces_poly_values: &TableKindArray>>, trace_commitments: &TableKindArray>, challenger: &mut Challenger, - timing: &mut TimingTree, + _timing: &mut TimingTree, starky_ctl_challenges: &starky::lookup::GrandProductChallengeSet, starky_ctl_datas: &[starky::cross_table_lookup::CtlData<'_, F>; TableKind::COUNT], ) -> Result>> @@ -244,8 +248,12 @@ where // Clear buffered outputs. challenger.compact(); - Ok(all_starks!(mozak_stark, |stark, kind| { - let mut challenger = challenger.clone(); + // let challenger = challenger.clone(); + let challenger = &challenger; + let public_inputs = &public_inputs; + Ok(all_starks_par!(mozak_stark, |stark, kind| { + let mut timing = TimingTree::default(); + let mut challenger = (*challenger).clone(); prove_single_table( stark, config, @@ -253,7 +261,7 @@ where &trace_commitments[kind], &mut challenger, public_inputs[kind], - timing, + &mut timing, starky_ctl_challenges, &starky_ctl_datas[kind as usize], ) From f40b479081bad8a87e984dfcc0844cd4886c0ffc Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Wed, 24 Apr 2024 23:54:08 +0800 Subject: [PATCH 40/46] Time more --- circuits/src/stark/prover.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index 96f4bf74a..3f0378037 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -124,7 +124,9 @@ where .clone() .map(starky::cross_table_lookup::CrossTableLookup::from); // TODO(Matthias): parallelise `get_ctl_data` in starky. - let (starky_ctl_challenges, starky_ctl_datas) = { + let (starky_ctl_challenges, starky_ctl_datas) = timed!( + timing, + "CTL data generation", starky::cross_table_lookup::get_ctl_data::( config, &traces_poly_values.0, @@ -132,7 +134,7 @@ where &mut challenger, 3, ) - }; + ); let proofs = timed!( timing, From 88b312970335448ba6ae801568c8c1f72c671460 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Thu, 25 Apr 2024 09:48:32 +0800 Subject: [PATCH 41/46] Use from --- circuits/src/linear_combination.rs | 8 ++++++++ circuits/src/stark/mozak_stark.rs | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/circuits/src/linear_combination.rs b/circuits/src/linear_combination.rs index 7a8804851..e8cb7041d 100644 --- a/circuits/src/linear_combination.rs +++ b/circuits/src/linear_combination.rs @@ -74,6 +74,14 @@ pub fn zip_with( pub type ColumnI64 = ColumnSparse; pub use ColumnI64 as Column; +impl From<&Column> for starky_lookup::Column { + fn from(val: &Column) -> Self { val.to_starky() } +} + +impl From for starky_lookup::Column { + fn from(val: Column) -> Self { Self::from(&val) } +} + impl Column { #[must_use] pub fn to_starky(&self) -> starky_lookup::Column { diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index 8742882e0..e15db78ff 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -534,7 +534,7 @@ impl From<&Table> for starky_ctl::TableWithColumns { let columns = table .columns .iter() - .map(Column::to_starky) + .map(starky_lookup::Column::from) .collect::>(); // TODO(Matthias): figure out why they take a vector of filters. let filter = starky_lookup::Filter::new(vec![], vec![table.filter_column.to_starky()]); From 900da21163517c3c81b912530e26b5948a6a9267 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Thu, 25 Apr 2024 09:49:31 +0800 Subject: [PATCH 42/46] Use from --- circuits/src/stark/mozak_stark.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index e15db78ff..4e6b36543 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -536,8 +536,8 @@ impl From<&Table> for starky_ctl::TableWithColumns { .iter() .map(starky_lookup::Column::from) .collect::>(); - // TODO(Matthias): figure out why they take a vector of filters. - let filter = starky_lookup::Filter::new(vec![], vec![table.filter_column.to_starky()]); + let filter = + starky_lookup::Filter::new_simple(starky_lookup::Column::from(&table.filter_column)); starky_ctl::TableWithColumns::new(table.kind as usize, columns, filter) } } From 72f11d502a8308e84726e67424878f2cfe3da022 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Thu, 25 Apr 2024 09:52:28 +0800 Subject: [PATCH 43/46] Use from --- circuits/src/cross_table_lookup.rs | 7 +++++-- circuits/src/stark/mozak_stark.rs | 13 ------------- 2 files changed, 5 insertions(+), 15 deletions(-) diff --git a/circuits/src/cross_table_lookup.rs b/circuits/src/cross_table_lookup.rs index 8c1e2d955..c92bbad6f 100644 --- a/circuits/src/cross_table_lookup.rs +++ b/circuits/src/cross_table_lookup.rs @@ -16,7 +16,7 @@ use thiserror::Error; pub use crate::linear_combination::Column; use crate::linear_combination::ColumnSparse; pub use crate::linear_combination_typed::ColumnWithTypedInput; -use crate::stark::mozak_stark::{Table, TableKind, TableWithTypedOutput}; +use crate::stark::mozak_stark::{TableKind, TableWithTypedOutput}; use crate::stark::permutation::challenge::{GrandProductChallenge, GrandProductChallengeSet}; use crate::stark::proof::StarkProofTarget; @@ -60,7 +60,10 @@ pub use CrossTableLookupUntyped as CrossTableLookup; impl From<&CrossTableLookup> for starky_ctl::CrossTableLookup { fn from(ctl: &CrossTableLookup) -> Self { starky_ctl::CrossTableLookup::new_no_looked_table( - ctl.looking_tables.iter().map(Table::to_starky).collect(), + ctl.looking_tables + .iter() + .map(starky_ctl::TableWithColumns::from) + .collect(), ) } } diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index 4e6b36543..597898510 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -546,19 +546,6 @@ impl From

for starky_ctl::TableWithColumns { fn from(table: Table) -> Self { Self::from(&table) } } -impl Table { - #[must_use] - pub fn to_starky(&self) -> starky_ctl::TableWithColumns { - let columns = self - .columns - .iter() - .map(Column::to_starky) - .collect::>(); - let filter = starky_lookup::Filter::new_simple(self.filter_column.to_starky()); - starky_ctl::TableWithColumns::new(self.kind as usize, columns, filter) - } -} - impl> TableWithTypedOutput { pub fn to_untyped_output(self) -> Table { Table { From 563b709723d3da75e7281c9706bafb416849f42a Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Thu, 25 Apr 2024 09:57:44 +0800 Subject: [PATCH 44/46] Remove stuff --- circuits/src/cross_table_lookup.rs | 29 +---------------------------- 1 file changed, 1 insertion(+), 28 deletions(-) diff --git a/circuits/src/cross_table_lookup.rs b/circuits/src/cross_table_lookup.rs index c92bbad6f..b32c7eba0 100644 --- a/circuits/src/cross_table_lookup.rs +++ b/circuits/src/cross_table_lookup.rs @@ -1,6 +1,5 @@ use core::ops::Neg; -use itertools::{iproduct, izip, zip_eq}; use plonky2::field::extension::Extendable; use plonky2::field::types::Field; use plonky2::hash::hash_types::RichField; @@ -17,8 +16,7 @@ pub use crate::linear_combination::Column; use crate::linear_combination::ColumnSparse; pub use crate::linear_combination_typed::ColumnWithTypedInput; use crate::stark::mozak_stark::{TableKind, TableWithTypedOutput}; -use crate::stark::permutation::challenge::{GrandProductChallenge, GrandProductChallengeSet}; -use crate::stark::proof::StarkProofTarget; +use crate::stark::permutation::challenge::GrandProductChallenge; #[derive(Error, Debug)] pub enum LookupError { @@ -116,31 +114,6 @@ pub struct CtlCheckVarsTarget<'a, const D: usize> { pub filter_column: &'a Column, } -impl<'a, const D: usize> CtlCheckVarsTarget<'a, D> { - #[must_use] - pub fn from_proof( - table: TableKind, - proof: &StarkProofTarget, - cross_table_lookups: &'a [CrossTableLookup], - ctl_challenges: &'a GrandProductChallengeSet, - ) -> Vec { - let ctl_zs = izip!(&proof.openings.ctl_zs, &proof.openings.ctl_zs_next); - - let ctl_chain = cross_table_lookups - .iter() - .flat_map(|ctl| ctl.looking_tables.iter().filter(|twc| twc.kind == table)); - zip_eq(ctl_zs, iproduct!(&ctl_challenges.challenges, ctl_chain)) - .map(|((&local_z, &next_z), (&challenges, table))| Self { - local_z, - next_z, - challenges, - columns: &table.columns, - filter_column: &table.filter_column, - }) - .collect() - } -} - pub fn eval_cross_table_lookup_checks_circuit< S: Stark, F: RichField + Extendable, From 5814f4eafa0b4f5b4d571ce0cad97c3c56a0ac8d Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Thu, 25 Apr 2024 10:20:47 +0800 Subject: [PATCH 45/46] One giant lookup --- Cargo.lock | 26 ++++++------- circuits/src/cross_table_lookup.rs | 13 +++++++ circuits/src/stark/mozak_stark.rs | 59 +++++++++++++++++++----------- circuits/src/stark/prover.rs | 6 +-- examples/Cargo.lock | 8 ++-- sdk/Cargo.lock | 8 ++-- 6 files changed, 73 insertions(+), 47 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f325b5c1f..f78900b29 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -128,9 +128,9 @@ checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" [[package]] name = "base64" -version = "0.21.7" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" +checksum = "9475866fec1451be56a3c2400fd081ff546538961565ccb5b7142cbd22bc7a51" [[package]] name = "bit-set" @@ -1148,7 +1148,7 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" dependencies = [ "ahash", "anyhow", @@ -1189,7 +1189,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" dependencies = [ "anyhow", "itertools 0.12.1", @@ -1204,7 +1204,7 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" dependencies = [ "rayon", ] @@ -1212,7 +1212,7 @@ dependencies = [ [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" [[package]] name = "plotters" @@ -1586,9 +1586,9 @@ dependencies = [ [[package]] name = "serde_with" -version = "3.7.0" +version = "3.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ee80b0e361bbf88fd2f6e242ccd19cfda072cb0faa6ae694ecee08199938569a" +checksum = "2c85f8e96d1d6857f13768fcbd895fcb06225510022a2774ed8b5150581847b0" dependencies = [ "base64", "chrono", @@ -1604,9 +1604,9 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "3.7.0" +version = "3.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6561dc161a9224638a31d876ccdfefbc1df91d3f3a8342eddb35f055d48c7655" +checksum = "c8b3a576c4eb2924262d5951a3b737ccaf16c931e39a2810c36f9a7e25575557" dependencies = [ "darling", "proc-macro2", @@ -1677,7 +1677,7 @@ dependencies = [ [[package]] name = "starky" version = "0.4.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" dependencies = [ "ahash", "anyhow", @@ -2081,9 +2081,9 @@ dependencies = [ [[package]] name = "winapi-util" -version = "0.1.7" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "134306a13c5647ad6453e8deaec55d3a44d6021970129e6188735e74bf546697" +checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" dependencies = [ "windows-sys 0.52.0", ] diff --git a/circuits/src/cross_table_lookup.rs b/circuits/src/cross_table_lookup.rs index b32c7eba0..fe51e178f 100644 --- a/circuits/src/cross_table_lookup.rs +++ b/circuits/src/cross_table_lookup.rs @@ -55,6 +55,19 @@ pub struct CrossTableLookupWithTypedOutput { pub type CrossTableLookupUntyped = CrossTableLookupWithTypedOutput>; pub use CrossTableLookupUntyped as CrossTableLookup; +impl CrossTableLookup { + #[must_use] + pub fn add_tag(self, tag: i64) -> Self { + Self { + looking_tables: self + .looking_tables + .into_iter() + .map(|table| table.add_tag(tag)) + .collect(), + } + } +} + impl From<&CrossTableLookup> for starky_ctl::CrossTableLookup { fn from(ctl: &CrossTableLookup) -> Self { starky_ctl::CrossTableLookup::new_no_looked_table( diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index 597898510..8b7e84cf5 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -24,6 +24,7 @@ use crate::cpu_skeleton::stark::CpuSkeletonStark; use crate::cross_table_lookup::{ Column, ColumnWithTypedInput, CrossTableLookup, CrossTableLookupWithTypedOutput, }; +use crate::linear_combination::ColumnSparse; use crate::memory::columns::{Memory, MemoryCtl}; use crate::memory::stark::MemoryStark; use crate::memory_halfword::columns::HalfWordMemory; @@ -75,7 +76,7 @@ use crate::{ register, xor, }; -const NUM_CROSS_TABLE_LOOKUP: usize = 17; +const NUM_CROSS_TABLE_LOOKUP: usize = 1; /// STARK Gadgets of Mozak-VM /// @@ -459,26 +460,31 @@ impl, const D: usize> Default for MozakStark // These tables contain only descriptions of the tables. // The values of the tables are generated as traces. - cross_table_lookups: [ - RangecheckTable::lookups(), - XorCpuTable::lookups(), - BitshiftCpuTable::lookups(), - InnerCpuTable::lookups(), - ProgramCpuTable::lookups(), - IntoMemoryTable::lookups(), - MemoryInitMemoryTable::lookups(), - RangeCheckU8LookupTable::lookups(), - HalfWordMemoryCpuTable::lookups(), - RegisterLookups::lookups(), - StorageDeviceToCpuTable::lookups(), - Poseidon2SpongeCpuTable::lookups(), - Poseidon2Poseidon2SpongeTable::lookups(), - Poseidon2OutputBytesPoseidon2SpongeTable::lookups(), - CpuToSkeletonTable::lookups(), - EventCommitmentTapeIOLookupTable::lookups(), - CastlistCommitmentTapeIOLookupTable::lookups(), - ] - .map(starky::cross_table_lookup::CrossTableLookup::from), + cross_table_lookups: [starky::cross_table_lookup::CrossTableLookup::from( + CrossTableLookup { + looking_tables: izip!(0.., [ + RangecheckTable::lookups(), + XorCpuTable::lookups(), + BitshiftCpuTable::lookups(), + InnerCpuTable::lookups(), + ProgramCpuTable::lookups(), + IntoMemoryTable::lookups(), + MemoryInitMemoryTable::lookups(), + RangeCheckU8LookupTable::lookups(), + HalfWordMemoryCpuTable::lookups(), + RegisterLookups::lookups(), + StorageDeviceToCpuTable::lookups(), + Poseidon2SpongeCpuTable::lookups(), + Poseidon2Poseidon2SpongeTable::lookups(), + Poseidon2OutputBytesPoseidon2SpongeTable::lookups(), + CpuToSkeletonTable::lookups(), + EventCommitmentTapeIOLookupTable::lookups(), + CastlistCommitmentTapeIOLookupTable::lookups(), + ]) + .flat_map(|(tag, lookup)| lookup.add_tag(tag).looking_tables) + .collect(), + }, + )], debug: false, } } @@ -529,6 +535,17 @@ pub struct TableWithTypedOutput { pub type TableUntyped = TableWithTypedOutput>; pub use TableUntyped as Table; +impl Table { + #[must_use] + pub fn add_tag(mut self, tag: i64) -> Self { + self.columns.push(ColumnSparse { + constant: tag, + ..Default::default() + }); + self + } +} + impl From<&Table> for starky_ctl::TableWithColumns { fn from(table: &Table) -> Self { let columns = table diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index 3f0378037..333d94680 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -119,10 +119,6 @@ where for cap in &trace_caps { challenger.observe_cap(cap); } - let starky_cross_table_lookups = mozak_stark - .cross_table_lookups - .clone() - .map(starky::cross_table_lookup::CrossTableLookup::from); // TODO(Matthias): parallelise `get_ctl_data` in starky. let (starky_ctl_challenges, starky_ctl_datas) = timed!( timing, @@ -130,7 +126,7 @@ where starky::cross_table_lookup::get_ctl_data::( config, &traces_poly_values.0, - &starky_cross_table_lookups, + &mozak_stark.cross_table_lookups, &mut challenger, 3, ) diff --git a/examples/Cargo.lock b/examples/Cargo.lock index 1d13e699d..4bf86d218 100644 --- a/examples/Cargo.lock +++ b/examples/Cargo.lock @@ -435,7 +435,7 @@ dependencies = [ [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" dependencies = [ "ahash", "anyhow", @@ -457,7 +457,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" dependencies = [ "anyhow", "itertools", @@ -472,12 +472,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" [[package]] name = "ppv-lite86" diff --git a/sdk/Cargo.lock b/sdk/Cargo.lock index 785d06ed6..ecb0e3540 100644 --- a/sdk/Cargo.lock +++ b/sdk/Cargo.lock @@ -308,7 +308,7 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "plonky2" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" dependencies = [ "ahash", "anyhow", @@ -330,7 +330,7 @@ dependencies = [ [[package]] name = "plonky2_field" version = "0.2.2" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" dependencies = [ "anyhow", "itertools", @@ -345,12 +345,12 @@ dependencies = [ [[package]] name = "plonky2_maybe_rayon" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" [[package]] name = "plonky2_util" version = "0.2.0" -source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#b550351ad1a5a61f8ffc4483c3f15bd0645b3cc1" +source = "git+https://github.com/0xmozak/plonky2.git?branch=matthias/looked-tables#938360ddbb7e9a61e92f5082ec6e07af96a304ef" [[package]] name = "ppv-lite86" From 8a6680fceaa7312663ea13ac7c9b6391d880d494 Mon Sep 17 00:00:00 2001 From: Matthias Goergens Date: Thu, 25 Apr 2024 11:18:22 +0800 Subject: [PATCH 46/46] One single lookup to get more batching --- circuits/src/stark/mozak_stark.rs | 4 +++- circuits/src/stark/prover.rs | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/circuits/src/stark/mozak_stark.rs b/circuits/src/stark/mozak_stark.rs index 8b7e84cf5..d74e95747 100644 --- a/circuits/src/stark/mozak_stark.rs +++ b/circuits/src/stark/mozak_stark.rs @@ -3,7 +3,7 @@ use std::ops::{Index, IndexMut, Neg}; extern crate serde; extern crate serde_json; use cpu::columns::CpuState; -use itertools::{chain, izip}; +use itertools::{chain, izip, Itertools}; use mozak_circuits_derive::StarkSet; use plonky2::field::extension::Extendable; use plonky2::field::types::Field; @@ -482,6 +482,8 @@ impl, const D: usize> Default for MozakStark CastlistCommitmentTapeIOLookupTable::lookups(), ]) .flat_map(|(tag, lookup)| lookup.add_tag(tag).looking_tables) + // Sorting by table kind is necessary to work around some plonky2 bugs. + .sorted_by_key(|table| table.kind as usize) .collect(), }, )], diff --git a/circuits/src/stark/prover.rs b/circuits/src/stark/prover.rs index 333d94680..1c4d77090 100644 --- a/circuits/src/stark/prover.rs +++ b/circuits/src/stark/prover.rs @@ -125,6 +125,7 @@ where "CTL data generation", starky::cross_table_lookup::get_ctl_data::( config, + // The .0 here is just to get at the underlying array. &traces_poly_values.0, &mozak_stark.cross_table_lookups, &mut challenger,