From b6bbf5174aa594de7e3a7ac108309dfed7fda499 Mon Sep 17 00:00:00 2001 From: Michael Zhu Date: Sat, 24 Feb 2024 13:36:56 -0500 Subject: [PATCH] Sprinkle in from_u64 in more places --- jolt-core/src/jolt/subtable/and.rs | 4 +- jolt-core/src/jolt/subtable/identity.rs | 4 +- jolt-core/src/jolt/subtable/lt_abs.rs | 2 +- jolt-core/src/jolt/subtable/ltu.rs | 2 +- jolt-core/src/jolt/subtable/or.rs | 4 +- jolt-core/src/jolt/subtable/sll.rs | 6 +- jolt-core/src/jolt/subtable/sra_sign.rs | 10 +- jolt-core/src/jolt/subtable/srl.rs | 8 +- .../src/jolt/subtable/truncate_overflow.rs | 4 +- jolt-core/src/jolt/subtable/xor.rs | 4 +- jolt-core/src/jolt/subtable/zero_lsb.rs | 6 +- jolt-core/src/jolt/vm/bytecode.rs | 174 ++++++++++-------- jolt-core/src/jolt/vm/instruction_lookups.rs | 29 +-- jolt-core/src/jolt/vm/mod.rs | 79 +++++--- jolt-core/src/jolt/vm/read_write_memory.rs | 26 ++- .../src/jolt/vm/timestamp_range_check.rs | 36 ++-- jolt-core/src/lasso/surge.rs | 2 +- jolt-core/src/poly/identity_poly.rs | 2 +- jolt-core/src/poly/unipoly.rs | 2 +- jolt-core/src/utils/instruction_utils.rs | 2 +- 20 files changed, 240 insertions(+), 166 deletions(-) diff --git a/jolt-core/src/jolt/subtable/and.rs b/jolt-core/src/jolt/subtable/and.rs index 0153a489e..fbd489dc0 100644 --- a/jolt-core/src/jolt/subtable/and.rs +++ b/jolt-core/src/jolt/subtable/and.rs @@ -26,7 +26,7 @@ impl LassoSubtable for AndSubtable { // Materialize table entries in order where (x | y) ranges 0..M for idx in 0..M { let (x, y) = split_bits(idx, bits_per_operand); - let row = F::from((x & y) as u64); + let row = F::from_u64((x & y) as u64).unwrap(); entries.push(row); } entries @@ -42,7 +42,7 @@ impl LassoSubtable for AndSubtable { for i in 0..b { let x = x[b - i - 1]; let y = y[b - i - 1]; - result += F::from(1u64 << i) * x * y; + result += F::from_u64(1u64 << i).unwrap() * x * y; } result } diff --git a/jolt-core/src/jolt/subtable/identity.rs b/jolt-core/src/jolt/subtable/identity.rs index e42a8befb..ee039f35e 100644 --- a/jolt-core/src/jolt/subtable/identity.rs +++ b/jolt-core/src/jolt/subtable/identity.rs @@ -18,13 +18,13 @@ impl IdentitySubtable { impl LassoSubtable for IdentitySubtable { fn materialize(&self, M: usize) -> Vec { - (0..M).map(|i| F::from(i as u64)).collect() + (0..M).map(|i| F::from_u64(i as u64).unwrap()).collect() } fn evaluate_mle(&self, point: &[F]) -> F { let mut result = F::zero(); for i in 0..point.len() { - result += F::from(1u64 << i) * point[point.len() - 1 - i]; + result += F::from_u64(1u64 << i).unwrap() * point[point.len() - 1 - i]; } result } diff --git a/jolt-core/src/jolt/subtable/lt_abs.rs b/jolt-core/src/jolt/subtable/lt_abs.rs index 4c76f0cf7..2973280f4 100644 --- a/jolt-core/src/jolt/subtable/lt_abs.rs +++ b/jolt-core/src/jolt/subtable/lt_abs.rs @@ -49,7 +49,7 @@ impl LassoSubtable for LtAbsSubtable { // Skip i=0 for i in 1..b { result += (F::one() - x[i]) * y[i] * eq_term; - eq_term *= F::one() - x[i] - y[i] + F::from(2u64) * x[i] * y[i]; + eq_term *= F::one() - x[i] - y[i] + F::from_u64(2u64).unwrap() * x[i] * y[i]; } result } diff --git a/jolt-core/src/jolt/subtable/ltu.rs b/jolt-core/src/jolt/subtable/ltu.rs index d26628a42..48a239b7a 100644 --- a/jolt-core/src/jolt/subtable/ltu.rs +++ b/jolt-core/src/jolt/subtable/ltu.rs @@ -42,7 +42,7 @@ impl LassoSubtable for LtuSubtable { let mut eq_term = F::one(); for i in 0..b { result += (F::one() - x[i]) * y[i] * eq_term; - eq_term *= F::one() - x[i] - y[i] + F::from(2u64) * x[i] * y[i]; + eq_term *= F::one() - x[i] - y[i] + F::from_u64(2u64).unwrap() * x[i] * y[i]; } result } diff --git a/jolt-core/src/jolt/subtable/or.rs b/jolt-core/src/jolt/subtable/or.rs index 419fb9c38..8bea07730 100644 --- a/jolt-core/src/jolt/subtable/or.rs +++ b/jolt-core/src/jolt/subtable/or.rs @@ -26,7 +26,7 @@ impl LassoSubtable for OrSubtable { // Materialize table entries in order where (x | y) ranges 0..M for idx in 0..M { let (x, y) = split_bits(idx, bits_per_operand); - let row = F::from((x | y) as u64); + let row = F::from_u64((x | y) as u64).unwrap(); entries.push(row); } entries @@ -42,7 +42,7 @@ impl LassoSubtable for OrSubtable { for i in 0..b { let x = x[b - i - 1]; let y = y[b - i - 1]; - result += F::from(1u64 << i) * (x + y - x * y); + result += F::from_u64(1u64 << i).unwrap() * (x + y - x * y); } result } diff --git a/jolt-core/src/jolt/subtable/sll.rs b/jolt-core/src/jolt/subtable/sll.rs index 7606116c2..1af4fd711 100644 --- a/jolt-core/src/jolt/subtable/sll.rs +++ b/jolt-core/src/jolt/subtable/sll.rs @@ -42,7 +42,7 @@ impl LassoSubta .checked_shr(suffix_length as u32) .unwrap_or(0); - entries.push(F::from(row as u64)); + entries.push(F::from_u64(row as u64).unwrap()); } entries } @@ -64,7 +64,7 @@ impl LassoSubta let k_bits = (k as usize) .get_bits(log_WORD_SIZE) .iter() - .map(|bit| F::from(*bit as u64)) + .map(|bit| F::from_u64(*bit as u64).unwrap()) .collect::>(); // big-endian let mut eq_term = F::one(); @@ -84,7 +84,7 @@ impl LassoSubta let shift_x_by_k = (0..m_prime) .enumerate() - .map(|(j, _)| F::from(1_u64 << (j + k)) * x[b - 1 - j]) + .map(|(j, _)| F::from_u64(1_u64 << (j + k)).unwrap() * x[b - 1 - j]) .fold(F::zero(), |acc, val| acc + val); result += eq_term * shift_x_by_k; diff --git a/jolt-core/src/jolt/subtable/sra_sign.rs b/jolt-core/src/jolt/subtable/sra_sign.rs index c15f79c8c..68321e2ca 100644 --- a/jolt-core/src/jolt/subtable/sra_sign.rs +++ b/jolt-core/src/jolt/subtable/sra_sign.rs @@ -31,15 +31,15 @@ impl LassoSubtable for SraSignSubtable for idx in 0..M { let (x, y) = split_bits(idx, operand_chunk_width); - let x_sign = F::from(((x >> sign_bit_index) & 1) as u64); + let x_sign = F::from_u64(((x >> sign_bit_index) & 1) as u64).unwrap(); let row = (0..(y % WORD_SIZE) as u32) .into_iter() .fold(F::zero(), |acc, i: u32| { - acc + F::from(1_u64 << (WORD_SIZE as u32 - 1 - i)) * x_sign + acc + F::from_u64(1_u64 << (WORD_SIZE as u32 - 1 - i)).unwrap() * x_sign }); - entries.push(F::from(row)); + entries.push(row); } entries } @@ -64,7 +64,7 @@ impl LassoSubtable for SraSignSubtable let k_bits = (k as usize) .get_bits(log_WORD_SIZE) .iter() - .map(|bit| F::from(*bit as u64)) + .map(|bit| F::from(*bit)) .collect::>(); // big-endian let mut eq_term = F::one(); @@ -75,7 +75,7 @@ impl LassoSubtable for SraSignSubtable } let x_sign_upper = (0..k).into_iter().fold(F::zero(), |acc, i| { - acc + F::from(1_u64 << (WORD_SIZE - 1 - i)) * x_sign + acc + F::from_u64(1_u64 << (WORD_SIZE - 1 - i)).unwrap() * x_sign }); result += eq_term * x_sign_upper; diff --git a/jolt-core/src/jolt/subtable/srl.rs b/jolt-core/src/jolt/subtable/srl.rs index 2bace711f..08aa36336 100644 --- a/jolt-core/src/jolt/subtable/srl.rs +++ b/jolt-core/src/jolt/subtable/srl.rs @@ -39,7 +39,7 @@ impl LassoSubta .checked_shr((y % WORD_SIZE) as u32) .unwrap_or(0); - entries.push(F::from(row as u64)); + entries.push(F::from_u64(row as u64).unwrap()); } entries } @@ -61,7 +61,7 @@ impl LassoSubta let k_bits = (k as usize) .get_bits(log_WORD_SIZE) .iter() - .map(|bit| F::from(*bit as u64)) + .map(|bit| F::from(*bit)) .collect::>(); // big-endian let mut eq_term = F::one(); @@ -86,7 +86,9 @@ impl LassoSubta let shift_x_by_k = (m..chunk_length) .enumerate() - .map(|(_, j)| F::from(1_u64 << (b * CHUNK_INDEX + j - k)) * x[b - 1 - j]) + .map(|(_, j)| { + F::from_u64(1_u64 << (b * CHUNK_INDEX + j - k)).unwrap() * x[b - 1 - j] + }) .fold(F::zero(), |acc, val: F| acc + val); result += eq_term * shift_x_by_k; diff --git a/jolt-core/src/jolt/subtable/truncate_overflow.rs b/jolt-core/src/jolt/subtable/truncate_overflow.rs index 24eebf7ce..e8cd6aa33 100644 --- a/jolt-core/src/jolt/subtable/truncate_overflow.rs +++ b/jolt-core/src/jolt/subtable/truncate_overflow.rs @@ -31,7 +31,7 @@ impl LassoSubtable let mut entries: Vec = Vec::with_capacity(M); for idx in 0..M { let (_, lower_bits) = split_bits(idx, cutoff); - let row = F::from(lower_bits as u64); + let row = F::from_u64(lower_bits as u64).unwrap(); entries.push(row); } entries @@ -43,7 +43,7 @@ impl LassoSubtable let mut result = F::zero(); for i in 0..cutoff { - result += F::from(1u64 << i) * point[point.len() - 1 - i]; + result += F::from_u64(1u64 << i).unwrap() * point[point.len() - 1 - i]; } result } diff --git a/jolt-core/src/jolt/subtable/xor.rs b/jolt-core/src/jolt/subtable/xor.rs index 1363e6a72..ec51ea963 100644 --- a/jolt-core/src/jolt/subtable/xor.rs +++ b/jolt-core/src/jolt/subtable/xor.rs @@ -26,7 +26,7 @@ impl LassoSubtable for XorSubtable { // Materialize table entries in order where (x | y) ranges 0..M for idx in 0..M { let (x, y) = split_bits(idx, bits_per_operand); - let row = F::from((x ^ y) as u64); + let row = F::from_u64((x ^ y) as u64).unwrap(); entries.push(row); } entries @@ -42,7 +42,7 @@ impl LassoSubtable for XorSubtable { for i in 0..b { let x = x[b - i - 1]; let y = y[b - i - 1]; - result += F::from(1u64 << i) * ((F::one() - x) * y + x * (F::one() - y)); + result += F::from_u64(1u64 << i).unwrap() * ((F::one() - x) * y + x * (F::one() - y)); } result } diff --git a/jolt-core/src/jolt/subtable/zero_lsb.rs b/jolt-core/src/jolt/subtable/zero_lsb.rs index a3a7aaed1..60390b4c0 100644 --- a/jolt-core/src/jolt/subtable/zero_lsb.rs +++ b/jolt-core/src/jolt/subtable/zero_lsb.rs @@ -19,14 +19,16 @@ impl ZeroLSBSubtable { impl LassoSubtable for ZeroLSBSubtable { fn materialize(&self, M: usize) -> Vec { // always set LSB to 0 - (0..M).map(|i| F::from((i - (i % 2)) as u64)).collect() + (0..M) + .map(|i| F::from_u64((i - (i % 2)) as u64).unwrap()) + .collect() } fn evaluate_mle(&self, point: &[F]) -> F { let mut result = F::zero(); // skip LSB for i in 1..point.len() { - result += F::from(1u64 << i) * point[point.len() - 1 - i]; + result += F::from_u64(1u64 << i).unwrap() * point[point.len() - 1 - i]; } result } diff --git a/jolt-core/src/jolt/vm/bytecode.rs b/jolt-core/src/jolt/vm/bytecode.rs index b947ebfc9..3e664c2c3 100644 --- a/jolt-core/src/jolt/vm/bytecode.rs +++ b/jolt-core/src/jolt/vm/bytecode.rs @@ -180,11 +180,11 @@ impl FiveTuplePoly { let mut imms = Vec::with_capacity(len); for row in elf { - opcodes.push(F::from(row.opcode)); - rds.push(F::from(row.rd)); - rs1s.push(F::from(row.rs1)); - rs2s.push(F::from(row.rs2)); - imms.push(F::from(row.imm)); + opcodes.push(F::from_u64(row.opcode).unwrap()); + rds.push(F::from_u64(row.rd).unwrap()); + rs1s.push(F::from_u64(row.rs1).unwrap()); + rs2s.push(F::from_u64(row.rs2).unwrap()); + imms.push(F::from_u64(row.imm).unwrap()); } // Padding for _ in elf.len()..len { @@ -233,11 +233,11 @@ impl FiveTuplePoly { // let mut circuit_flags = Vec::with_capacity(len * 15); for row in elf { - opcodes.push(F::from(row.opcode)); - rds.push(F::from(row.rd)); - rs1s.push(F::from(row.rs1)); - rs2s.push(F::from(row.rs2)); - imms.push(F::from(row.imm)); + opcodes.push(F::from_u64(row.opcode).unwrap()); + rds.push(F::from_u64(row.rd).unwrap()); + rs1s.push(F::from_u64(row.rs1).unwrap()); + rs2s.push(F::from_u64(row.rs2).unwrap()); + imms.push(F::from_u64(row.imm).unwrap()); // circuit_flags.push(row.circuit_flags_packed::()); } @@ -346,8 +346,11 @@ impl> BytecodePolynomials { } // create a closure to convert usize to F vector - let to_f_vec = - |vec: &Vec| -> Vec { vec.iter().map(|x| F::from(*x as u64)).collect() }; + let to_f_vec = |vec: &Vec| -> Vec { + vec.iter() + .map(|x| F::from_u64(*x as u64).unwrap()) + .collect() + }; let v_read_write = FiveTuplePoly::from_elf_r1cs(&trace); @@ -463,7 +466,10 @@ where } #[tracing::instrument(skip_all, name = "BytecodePolynomials::commit")] - fn commit(batched_polys: &Self::BatchedPolynomials, initializer: &PedersenInit) -> Self::Commitment { + fn commit( + batched_polys: &Self::BatchedPolynomials, + initializer: &PedersenInit, + ) -> Self::Commitment { let read_write_commitments = batched_polys .combined_read_write .combined_commit(initializer); @@ -515,76 +521,84 @@ where let num_ops = polynomials.a_read_write.len(); let memory_size = polynomials.v_init_final.opcode.len(); - let read_fingerprints = (0..num_ops).into_par_iter().map(|i| { - >>::fingerprint( - &[ - polynomials.a_read_write[i], - polynomials.v_read_write.opcode[i], - polynomials.v_read_write.rd[i], - polynomials.v_read_write.rs1[i], - polynomials.v_read_write.rs2[i], - polynomials.v_read_write.imm[i], - polynomials.t_read[i], - ], - gamma, - tau, - ) - }) - .collect(); + let read_fingerprints = (0..num_ops) + .into_par_iter() + .map(|i| { + >>::fingerprint( + &[ + polynomials.a_read_write[i], + polynomials.v_read_write.opcode[i], + polynomials.v_read_write.rd[i], + polynomials.v_read_write.rs1[i], + polynomials.v_read_write.rs2[i], + polynomials.v_read_write.imm[i], + polynomials.t_read[i], + ], + gamma, + tau, + ) + }) + .collect(); let read_leaves = DensePolynomial::new(read_fingerprints); - let init_fingerprints = (0..memory_size).into_par_iter().map(|i| { - >>::fingerprint( - &[ - F::from(i as u64), - polynomials.v_init_final.opcode[i], - polynomials.v_init_final.rd[i], - polynomials.v_init_final.rs1[i], - polynomials.v_init_final.rs2[i], - polynomials.v_init_final.imm[i], - F::zero(), - ], - gamma, - tau, - ) - }) - .collect(); + let init_fingerprints = (0..memory_size) + .into_par_iter() + .map(|i| { + >>::fingerprint( + &[ + F::from_u64(i as u64).unwrap(), + polynomials.v_init_final.opcode[i], + polynomials.v_init_final.rd[i], + polynomials.v_init_final.rs1[i], + polynomials.v_init_final.rs2[i], + polynomials.v_init_final.imm[i], + F::zero(), + ], + gamma, + tau, + ) + }) + .collect(); let init_leaves = DensePolynomial::new(init_fingerprints); - let write_fingerprints = (0..num_ops).into_par_iter().map(|i| { - >>::fingerprint( - &[ - polynomials.a_read_write[i], - polynomials.v_read_write.opcode[i], - polynomials.v_read_write.rd[i], - polynomials.v_read_write.rs1[i], - polynomials.v_read_write.rs2[i], - polynomials.v_read_write.imm[i], - polynomials.t_read[i] + F::one(), - ], - gamma, - tau, - ) - }) - .collect(); + let write_fingerprints = (0..num_ops) + .into_par_iter() + .map(|i| { + >>::fingerprint( + &[ + polynomials.a_read_write[i], + polynomials.v_read_write.opcode[i], + polynomials.v_read_write.rd[i], + polynomials.v_read_write.rs1[i], + polynomials.v_read_write.rs2[i], + polynomials.v_read_write.imm[i], + polynomials.t_read[i] + F::one(), + ], + gamma, + tau, + ) + }) + .collect(); let write_leaves = DensePolynomial::new(write_fingerprints); - let final_fingerprints = (0..memory_size).into_par_iter().map(|i| { - >>::fingerprint( - &[ - F::from(i as u64), - polynomials.v_init_final.opcode[i], - polynomials.v_init_final.rd[i], - polynomials.v_init_final.rs1[i], - polynomials.v_init_final.rs2[i], - polynomials.v_init_final.imm[i], - polynomials.t_final[i], - ], - gamma, - tau, - ) - }) - .collect(); + let final_fingerprints = (0..memory_size) + .into_par_iter() + .map(|i| { + >>::fingerprint( + &[ + F::from_u64(i as u64).unwrap(), + polynomials.v_init_final.opcode[i], + polynomials.v_init_final.rd[i], + polynomials.v_init_final.rs1[i], + polynomials.v_init_final.rs2[i], + polynomials.v_init_final.imm[i], + polynomials.t_final[i], + ], + gamma, + tau, + ) + }) + .collect(); let final_leaves = DensePolynomial::new(final_fingerprints); ( @@ -866,7 +880,8 @@ mod tests { let mut transcript = Transcript::new(b"test_transcript"); let batched_polys = polys.batch(); - let initializer: PedersenInit = HyraxGenerators::new_initializer(10, b"test"); + let initializer: PedersenInit = + HyraxGenerators::new_initializer(10, b"test"); let commitments = BytecodePolynomials::commit(&batched_polys, &initializer); let proof = polys.prove_memory_checking(&polys, &batched_polys, &mut transcript); @@ -893,7 +908,8 @@ mod tests { let polys: BytecodePolynomials = BytecodePolynomials::new(program, trace); let batch = polys.batch(); - let initializer: PedersenInit = HyraxGenerators::new_initializer(8, b"test"); + let initializer: PedersenInit = + HyraxGenerators::new_initializer(8, b"test"); let commitments = BytecodePolynomials::commit(&batch, &initializer); let mut transcript = Transcript::new(b"test_transcript"); diff --git a/jolt-core/src/jolt/vm/instruction_lookups.rs b/jolt-core/src/jolt/vm/instruction_lookups.rs index 848619733..4a238a88d 100644 --- a/jolt-core/src/jolt/vm/instruction_lookups.rs +++ b/jolt-core/src/jolt/vm/instruction_lookups.rs @@ -133,16 +133,13 @@ where } #[tracing::instrument(skip_all, name = "InstructionPolynomials::commit")] - fn commit(batched_polys: &Self::BatchedPolynomials, initializer: &PedersenInit) -> Self::Commitment { - let dim_read_commitment = batched_polys - .batched_dim_read - .combined_commit(initializer); - let final_commitment = batched_polys - .batched_final - .combined_commit(initializer); - let E_flag_commitment = batched_polys - .batched_E_flag - .combined_commit(initializer); + fn commit( + batched_polys: &Self::BatchedPolynomials, + initializer: &PedersenInit, + ) -> Self::Commitment { + let dim_read_commitment = batched_polys.batched_dim_read.combined_commit(initializer); + let final_commitment = batched_polys.batched_final.combined_commit(initializer); + let E_flag_commitment = batched_polys.batched_E_flag.combined_commit(initializer); Self::Commitment { dim_read_commitment, @@ -156,7 +153,10 @@ where let final_num_vars = batched_polys.batched_final.get_num_vars(); let E_flag_num_vars = batched_polys.batched_E_flag.get_num_vars(); - std::cmp::max(std::cmp::max(dim_read_num_vars, final_num_vars), E_flag_num_vars) + std::cmp::max( + std::cmp::max(dim_read_num_vars, final_num_vars), + E_flag_num_vars, + ) } } @@ -499,7 +499,7 @@ where .flat_map_iter(|(subtable_index, subtable)| { let init_fingerprints: Vec = (0..M) .map(|i| { - let a = &F::from(i as u64); + let a = &F::from_u64(i as u64).unwrap(); let v = &subtable[i]; // let t = F::zero(); // Compute h(a,v,t) where t == 0 @@ -818,7 +818,10 @@ where let polynomials = self.polynomialize(); let batched_polys = polynomials.batch(); - let initializer: PedersenInit = HyraxGenerators::new_initializer(InstructionPolynomials::::max_generator_size(&batched_polys), b"LassoV1"); + let initializer: PedersenInit = HyraxGenerators::new_initializer( + InstructionPolynomials::::max_generator_size(&batched_polys), + b"LassoV1", + ); let commitment = InstructionPolynomials::commit(&batched_polys, &initializer); commitment diff --git a/jolt-core/src/jolt/vm/mod.rs b/jolt-core/src/jolt/vm/mod.rs index 91cc7d1ec..3964131ca 100644 --- a/jolt-core/src/jolt/vm/mod.rs +++ b/jolt-core/src/jolt/vm/mod.rs @@ -7,15 +7,18 @@ use rayon::iter::{IntoParallelRefIterator, ParallelIterator}; use std::any::TypeId; use strum::{EnumCount, IntoEnumIterator}; -use crate::{jolt::{ - instruction::{JoltInstruction, Opcode}, - subtable::LassoSubtable, - vm::timestamp_range_check::TimestampValidityProof, -}, poly::{hyrax::HyraxGenerators, pedersen::PedersenInit}}; use crate::lasso::memory_checking::{MemoryCheckingProver, MemoryCheckingVerifier}; use crate::poly::structured_poly::BatchablePolynomials; use crate::r1cs::snark::R1CSProof; use crate::utils::errors::ProofVerifyError; +use crate::{ + jolt::{ + instruction::{JoltInstruction, Opcode}, + subtable::LassoSubtable, + vm::timestamp_range_check::TimestampValidityProof, + }, + poly::{hyrax::HyraxGenerators, pedersen::PedersenInit}, +}; use common::{constants::MEMORY_OPS_PER_INSTRUCTION, ELFInstruction}; use self::instruction_lookups::{ @@ -36,7 +39,7 @@ where bytecode: BytecodeProof, read_write_memory: ReadWriteMemoryProof, instruction_lookups: InstructionLookupsProof, - r1cs: R1CSProof + r1cs: R1CSProof, } pub struct JoltPolynomials @@ -69,39 +72,44 @@ pub trait Jolt<'a, F: PrimeField, G: CurveGroup, const C: usize ) -> (JoltProof, JoltCommitments) { let mut transcript = Transcript::new(b"Jolt transcript"); let bytecode_rows: Vec = bytecode.iter().map(ELFRow::from).collect(); - let (bytecode_proof, bytecode_polynomials, bytecode_commitment) = - Self::prove_bytecode(bytecode_rows.clone(), bytecode_trace.clone(), &mut transcript); - + let (bytecode_proof, bytecode_polynomials, bytecode_commitment) = Self::prove_bytecode( + bytecode_rows.clone(), + bytecode_trace.clone(), + &mut transcript, + ); // - prove_r1cs() memory_trace R1CS is not 2-padded // - prove_memory() memory_trace is 2-padded let mut padded_memory_trace = memory_trace.clone(); - padded_memory_trace.resize(memory_trace.len().next_power_of_two(), std::array::from_fn(|_| MemoryOp::no_op())); + padded_memory_trace.resize( + memory_trace.len().next_power_of_two(), + std::array::from_fn(|_| MemoryOp::no_op()), + ); let (memory_proof, memory_polynomials, memory_commitment) = Self::prove_memory(bytecode.clone(), padded_memory_trace, &mut transcript); - + let ( instruction_lookups_proof, instruction_lookups_polynomials, instruction_lookups_commitment, ) = Self::prove_instruction_lookups(instructions.clone(), &mut transcript); - let r1cs_proof = Self::prove_r1cs( - instructions, - bytecode_rows, - bytecode_trace, - bytecode, + instructions, + bytecode_rows, + bytecode_trace, + bytecode, memory_trace.into_iter().flatten().collect(), - circuit_flags, - &mut transcript); + circuit_flags, + &mut transcript, + ); let jolt_proof = JoltProof { bytecode: bytecode_proof, read_write_memory: memory_proof, instruction_lookups: instruction_lookups_proof, - r1cs: r1cs_proof + r1cs: r1cs_proof, }; let _jolt_polynomials = JoltPolynomials { bytecode: bytecode_polynomials, @@ -132,7 +140,10 @@ pub trait Jolt<'a, F: PrimeField, G: CurveGroup, const C: usize commitments.instruction_lookups, &mut transcript, )?; - proof.r1cs.verify().map_err(|e| ProofVerifyError::SpartanError(e.to_string()))?; + proof + .r1cs + .verify() + .map_err(|e| ProofVerifyError::SpartanError(e.to_string()))?; Ok(()) } @@ -173,7 +184,10 @@ pub trait Jolt<'a, F: PrimeField, G: CurveGroup, const C: usize ) { let polys: BytecodePolynomials = BytecodePolynomials::new(bytecode_rows, trace); let batched_polys = polys.batch(); - let initializer: PedersenInit = HyraxGenerators::new_initializer(BytecodePolynomials::::max_generator_size(&batched_polys), b"LassoV1"); + let initializer: PedersenInit = HyraxGenerators::new_initializer( + BytecodePolynomials::::max_generator_size(&batched_polys), + b"LassoV1", + ); let commitment = BytecodePolynomials::commit(&batched_polys, &initializer); let proof = polys.prove_memory_checking(&polys, &batched_polys, transcript); @@ -200,7 +214,10 @@ pub trait Jolt<'a, F: PrimeField, G: CurveGroup, const C: usize ) { let (memory, read_timestamps) = ReadWriteMemory::new(bytecode, memory_trace, transcript); let batched_polys = memory.batch(); - let initializer: PedersenInit = HyraxGenerators::new_initializer(ReadWriteMemory::::max_generator_size(&batched_polys), b"LassoV1"); + let initializer: PedersenInit = HyraxGenerators::new_initializer( + ReadWriteMemory::::max_generator_size(&batched_polys), + b"LassoV1", + ); let commitment: MemoryCommitment = ReadWriteMemory::commit(&batched_polys, &initializer); let memory_checking_proof = @@ -258,7 +275,7 @@ pub trait Jolt<'a, F: PrimeField, G: CurveGroup, const C: usize // Add circuit_flags_packed to prog_v_rw. Pack them in little-endian order. prog_v_rw.extend(circuit_flags.chunks(N_FLAGS).map(|x| { x.iter().enumerate().fold(F::zero(), |packed, (i, flag)| { - packed + *flag * F::from(2u64.pow((N_FLAGS - 1 - i) as u32)) + packed + *flag * F::from_u64(2u64.pow((N_FLAGS - 1 - i) as u32)).unwrap() }) })); @@ -290,7 +307,12 @@ pub trait Jolt<'a, F: PrimeField, G: CurveGroup, const C: usize let chunks_y = chunks_xy[1].clone(); chunks_x.into_iter().zip(chunks_y.into_iter()) }) - .map(|(x, y)| (F::from(x as u64), F::from(y as u64))) + .map(|(x, y)| { + ( + F::from_u64(x as u64).unwrap(), + F::from_u64(y as u64).unwrap(), + ) + }) .unzip(); let mut chunks_query = instructions @@ -316,10 +338,10 @@ pub trait Jolt<'a, F: PrimeField, G: CurveGroup, const C: usize assert_eq!(lookup_outputs.len(), TRACE_LEN); assert_eq!(circuit_flags.len(), TRACE_LEN * N_FLAGS); - // let padded_trace_len = next power of 2 from trace_eln + // let padded_trace_len = next power of 2 from trace_eln let PADDED_TRACE_LEN = TRACE_LEN.next_power_of_two(); - // pad each of the above vectors to be of length PADDED_TRACE_LEN * their multiple + // pad each of the above vectors to be of length PADDED_TRACE_LEN * their multiple prog_a_rw.resize(PADDED_TRACE_LEN, Default::default()); prog_v_rw.resize(PADDED_TRACE_LEN * 6, Default::default()); memreg_a_rw.resize(PADDED_TRACE_LEN * 7, Default::default()); @@ -331,7 +353,10 @@ pub trait Jolt<'a, F: PrimeField, G: CurveGroup, const C: usize lookup_outputs.resize(PADDED_TRACE_LEN, Default::default()); let mut circuit_flags_padded = circuit_flags.clone(); - circuit_flags_padded.extend(vec![F::from(0_u64); PADDED_TRACE_LEN * N_FLAGS - circuit_flags.len()]); + circuit_flags_padded.extend(vec![ + F::zero(); + PADDED_TRACE_LEN * N_FLAGS - circuit_flags.len() + ]); // circuit_flags.resize(PADDED_TRACE_LEN * N_FLAGS, Default::default()); let inputs = vec![ diff --git a/jolt-core/src/jolt/vm/read_write_memory.rs b/jolt-core/src/jolt/vm/read_write_memory.rs index b2f67e700..51e3735a6 100644 --- a/jolt-core/src/jolt/vm/read_write_memory.rs +++ b/jolt-core/src/jolt/vm/read_write_memory.rs @@ -15,7 +15,12 @@ use crate::{ MemoryCheckingProof, MemoryCheckingProver, MemoryCheckingVerifier, MultisetHashes, }, poly::{ - dense_mlpoly::DensePolynomial, eq_poly::EqPolynomial, hyrax::HyraxGenerators, identity_poly::IdentityPolynomial, pedersen::PedersenInit, structured_poly::{BatchablePolynomials, StructuredOpeningProof} + dense_mlpoly::DensePolynomial, + eq_poly::EqPolynomial, + hyrax::HyraxGenerators, + identity_poly::IdentityPolynomial, + pedersen::PedersenInit, + structured_poly::{BatchablePolynomials, StructuredOpeningProof}, }, subprotocols::batched_commitment::{ BatchedPolynomialCommitment, BatchedPolynomialOpeningProof, @@ -451,8 +456,11 @@ impl> ReadWriteMemory { drop(span); // create a closure to convert u64 to F vector - let to_f_vec = - |v: &Vec| -> Vec { v.iter().map(|i| F::from(*i)).collect::>() }; + let to_f_vec = |v: &Vec| -> Vec { + v.iter() + .map(|i| F::from_u64(*i).unwrap()) + .collect::>() + }; let un_remap_address = |a: &Vec| { a.iter() @@ -522,7 +530,10 @@ where } #[tracing::instrument(skip_all, name = "ReadWriteMemory::commit")] - fn commit(batched_polys: &Self::BatchedPolynomials, initializer: &PedersenInit) -> Self::Commitment { + fn commit( + batched_polys: &Self::BatchedPolynomials, + initializer: &PedersenInit, + ) -> Self::Commitment { let read_write_commitments = batched_polys .batched_read_write .combined_commit(initializer); @@ -776,14 +787,14 @@ where let init_fingerprints = (0..self.memory_size) .into_par_iter() - .map(|i| /* 0 * gamma^2 + */ mul_0_optimized(&polynomials.v_init[i], gamma) + F::from(i as u64) - *tau) + .map(|i| /* 0 * gamma^2 + */ mul_0_optimized(&polynomials.v_init[i], gamma) + F::from_u64(i as u64).unwrap() - *tau) .collect(); let final_fingerprints = (0..self.memory_size) .into_par_iter() .map(|i| { mul_0_optimized(&polynomials.t_final[i], &gamma_squared) + mul_0_optimized(&polynomials.v_final[i], gamma) - + F::from(i as u64) + + F::from_u64(i as u64).unwrap() - *tau }) .collect(); @@ -912,7 +923,8 @@ mod tests { let (rw_memory, _): (ReadWriteMemory, _) = ReadWriteMemory::new(bytecode, memory_trace, &mut transcript); let batched_polys = rw_memory.batch(); - let initializer: PedersenInit = HyraxGenerators::new_initializer(18, b"test"); + let initializer: PedersenInit = + HyraxGenerators::new_initializer(18, b"test"); let commitments = ReadWriteMemory::commit(&batched_polys, &initializer); let proof = rw_memory.prove_memory_checking(&rw_memory, &batched_polys, &mut transcript); diff --git a/jolt-core/src/jolt/vm/timestamp_range_check.rs b/jolt-core/src/jolt/vm/timestamp_range_check.rs index 066fc167f..e5051938f 100644 --- a/jolt-core/src/jolt/vm/timestamp_range_check.rs +++ b/jolt-core/src/jolt/vm/timestamp_range_check.rs @@ -14,7 +14,12 @@ use crate::{ MemoryCheckingProof, MemoryCheckingProver, MemoryCheckingVerifier, MultisetHashes, }, poly::{ - dense_mlpoly::DensePolynomial, eq_poly::EqPolynomial, hyrax::HyraxGenerators, identity_poly::IdentityPolynomial, pedersen::PedersenInit, structured_poly::{BatchablePolynomials, StructuredOpeningProof} + dense_mlpoly::DensePolynomial, + eq_poly::EqPolynomial, + hyrax::HyraxGenerators, + identity_poly::IdentityPolynomial, + pedersen::PedersenInit, + structured_poly::{BatchablePolynomials, StructuredOpeningProof}, }, subprotocols::{ batched_commitment::{BatchedPolynomialCommitment, BatchedPolynomialOpeningProof}, @@ -22,9 +27,7 @@ use crate::{ BatchedGrandProductArgument, BatchedGrandProductCircuit, GrandProductCircuit, }, }, - utils::{ - errors::ProofVerifyError, math::Math, mul_0_1_optimized, transcript::ProofTranscript - }, + utils::{errors::ProofVerifyError, math::Math, mul_0_1_optimized, transcript::ProofTranscript}, }; use super::read_write_memory::{ @@ -188,7 +191,10 @@ where } #[tracing::instrument(skip_all, name = "RangeCheckPolynomials::commit")] - fn commit(batched_polys: &Self::BatchedPolynomials, initializer: &PedersenInit) -> Self::Commitment { + fn commit( + batched_polys: &Self::BatchedPolynomials, + initializer: &PedersenInit, + ) -> Self::Commitment { batched_polys.combined_commit(initializer) } @@ -328,7 +334,8 @@ where let read_fingerprints_0: Vec = (0..M) .into_par_iter() .map(|j| { - let read_timestamp = F::from(polynomials.read_timestamps[i][j]); + let read_timestamp = + F::from_u64(polynomials.read_timestamps[i][j]).unwrap(); polynomials.read_cts_read_timestamp[i][j] * gamma_squared + read_timestamp * gamma + read_timestamp @@ -344,7 +351,7 @@ where .into_par_iter() .map(|j| { let global_minus_read = - F::from(j as u64 - polynomials.read_timestamps[i][j]); + F::from_u64(j as u64 - polynomials.read_timestamps[i][j]).unwrap(); polynomials.read_cts_global_minus_read[i][j] * gamma_squared + global_minus_read * gamma + global_minus_read @@ -368,7 +375,7 @@ where let init_fingerprints = (0..M) .into_par_iter() .map(|i| { - let index = F::from(i as u64); + let index = F::from_u64(i as u64).unwrap(); // 0 * gamma^2 + index * gamma + index - tau }) @@ -593,8 +600,12 @@ where let range_check_polys: RangeCheckPolynomials = RangeCheckPolynomials::new(read_timestamps); let batched_range_check_polys = range_check_polys.batch(); - let initializer: PedersenInit = HyraxGenerators::new_initializer(RangeCheckPolynomials::::max_generator_size(&batched_range_check_polys), b"LassoV1"); - let range_check_commitment = RangeCheckPolynomials::commit(&batched_range_check_polys, &initializer); + let initializer: PedersenInit = HyraxGenerators::new_initializer( + RangeCheckPolynomials::::max_generator_size(&batched_range_check_polys), + b"LassoV1", + ); + let range_check_commitment = + RangeCheckPolynomials::commit(&batched_range_check_polys, &initializer); let (batched_grand_product, multiset_hashes, r_grand_product) = TimestampValidityProof::prove_grand_products(&range_check_polys, transcript); @@ -841,7 +852,10 @@ mod tests { let (rw_memory, read_timestamps): (ReadWriteMemory, _) = ReadWriteMemory::new(bytecode, memory_trace, &mut transcript); let batched_polys = rw_memory.batch(); - let initializer: PedersenInit = HyraxGenerators::new_initializer(ReadWriteMemory::::max_generator_size(&batched_polys), b"LassoV1"); + let initializer: PedersenInit = HyraxGenerators::new_initializer( + ReadWriteMemory::::max_generator_size(&batched_polys), + b"LassoV1", + ); let commitments = ReadWriteMemory::commit(&batched_polys, &initializer); let mut timestamp_validity_proof = TimestampValidityProof::prove( diff --git a/jolt-core/src/lasso/surge.rs b/jolt-core/src/lasso/surge.rs index af9ef1b86..37acdd338 100644 --- a/jolt-core/src/lasso/surge.rs +++ b/jolt-core/src/lasso/surge.rs @@ -373,7 +373,7 @@ where .map(|i| { // 0 * gamma^2 + mul_0_1_optimized(&self.materialized_subtables[subtable_index][i], gamma) - + F::from(i as u64) + + F::from_u64(i as u64).unwrap() - *tau }) .collect(); diff --git a/jolt-core/src/poly/identity_poly.rs b/jolt-core/src/poly/identity_poly.rs index 0464ba56b..bb150be6b 100644 --- a/jolt-core/src/poly/identity_poly.rs +++ b/jolt-core/src/poly/identity_poly.rs @@ -15,7 +15,7 @@ impl IdentityPolynomial { let len = r.len(); assert_eq!(len, self.size_point); (0..len) - .map(|i| F::from((len - i - 1).pow2() as u64) * r[i]) + .map(|i| F::from_u64((len - i - 1).pow2() as u64).unwrap() * r[i]) .sum() } } diff --git a/jolt-core/src/poly/unipoly.rs b/jolt-core/src/poly/unipoly.rs index 08db152a0..c6bc27072 100644 --- a/jolt-core/src/poly/unipoly.rs +++ b/jolt-core/src/poly/unipoly.rs @@ -33,7 +33,7 @@ impl UniPoly { fn vandermonde_interpolation(evals: &[F]) -> Vec { let n = evals.len(); - let xs: Vec = (0..n).map(|x| F::from(x as u64)).collect(); + let xs: Vec = (0..n).map(|x| F::from_u64(x as u64).unwrap()).collect(); let mut vandermonde: Vec> = Vec::with_capacity(n); for i in 0..n { diff --git a/jolt-core/src/utils/instruction_utils.rs b/jolt-core/src/utils/instruction_utils.rs index aca80f775..7457b301d 100644 --- a/jolt-core/src/utils/instruction_utils.rs +++ b/jolt-core/src/utils/instruction_utils.rs @@ -13,7 +13,7 @@ pub fn concatenate_lookups(vals: &[F], C: usize, operand_bits: us let mut sum = F::zero(); let mut weight = F::one(); - let shift = F::from(1u64 << operand_bits); + let shift = F::from_u64(1u64 << operand_bits).unwrap(); for i in 0..C { sum += weight * vals[C - i - 1]; weight *= shift;