Skip to content

Commit

Permalink
Create proofs for Cairo
Browse files Browse the repository at this point in the history
  • Loading branch information
andrewmilson committed Nov 25, 2024
1 parent f8983b3 commit cb5c34a
Show file tree
Hide file tree
Showing 7 changed files with 184 additions and 29 deletions.
28 changes: 12 additions & 16 deletions crates/prover/src/core/fri.rs
Original file line number Diff line number Diff line change
Expand Up @@ -423,7 +423,7 @@ impl<MC: MerkleChannel> FriVerifier<MC> {

/// Verifies the decommitment stage of FRI.
///
/// The decommitment values need to be provided in the same order as their commitment.
/// The query evals need to be provided in the same order as their commitment.
///
/// # Panics
///
Expand Down Expand Up @@ -550,10 +550,9 @@ impl<MC: MerkleChannel> FriVerifier<MC> {
}
}

/// Returns the column query positions needed for verification.
/// Returns the column query positions mapped by sample domain log size.
///
/// The column log sizes must be unique and in descending order.
/// Returned column query positions are mapped by their log size.
/// Query positions are in ascending order.
fn get_query_positions_by_log_size(
queries: &Queries,
column_log_sizes: BTreeSet<u32>,
Expand Down Expand Up @@ -654,7 +653,7 @@ pub const CIRCLE_TO_LINE_FOLD_STEP: u32 = 1;
/// Proof of an individual FRI layer.
#[derive(Debug, Serialize, Deserialize)]
pub struct FriLayerProof<H: MerkleHasher> {
/// values that the verifier needs but cannot deduce from previous computations, in the
/// Values that the verifier needs but cannot deduce from previous computations, in the
/// order they are needed. This complements the values that were queried. These must be
/// supplied directly to the verifier.
pub fri_witness: Vec<SecureField>,
Expand Down Expand Up @@ -688,7 +687,7 @@ impl<H: MerkleHasher> FriFirstLayerVerifier<H> {
fn verify_and_fold(
&self,
queries: &Queries,
evals_at_queries_by_column: ColumnVec<Vec<SecureField>>,
query_evals_by_column: ColumnVec<Vec<SecureField>>,
) -> Result<(Queries, ColumnVec<Vec<SecureField>>), FriVerificationError> {
// Columns are provided in descending order by size.
let max_column_log_size = self.column_commitment_domains[0].log_size();
Expand All @@ -699,18 +698,17 @@ impl<H: MerkleHasher> FriFirstLayerVerifier<H> {
let mut all_column_decommitment_values = Vec::new();
let mut folded_evals_by_column = Vec::new();

for (&column_domain, column_evals_at_queries) in
zip_eq(&self.column_commitment_domains, evals_at_queries_by_column)
for (&column_domain, column_query_evals) in
zip_eq(&self.column_commitment_domains, query_evals_by_column)
{
let column_queries = queries.fold(queries.log_domain_size - column_domain.log_size());

let (column_decommitment_positions, sparse_evaluation) =
compute_decommitment_positions_and_rebuild_evals(
&column_queries.positions,
&column_evals_at_queries,
&column_queries,
&column_query_evals,
&mut fri_witness,
CIRCLE_TO_LINE_FOLD_STEP,
column_domain.log_size(),
)
.map_err(|InsufficientWitnessError| {
FriVerificationError::FirstLayerEvaluationsInvalid
Expand Down Expand Up @@ -794,11 +792,10 @@ impl<H: MerkleHasher> FriInnerLayerVerifier<H> {

let (decommitment_positions, sparse_evaluation) =
compute_decommitment_positions_and_rebuild_evals(
&queries.positions,
&queries,
&evals_at_queries,
&mut fri_witness,
FOLD_STEP,
self.domain.log_size(),
)
.map_err(|InsufficientWitnessError| {
FriVerificationError::InnerLayerEvaluationsInvalid {
Expand Down Expand Up @@ -1009,11 +1006,10 @@ fn compute_decommitment_positions_and_witness_evals(
///
/// Panics if the number of queries doesn't match the number of query evals.
fn compute_decommitment_positions_and_rebuild_evals(
queries: &[usize],
queries: &Queries,
query_evals: &[QM31],
mut witness_evals: impl Iterator<Item = QM31>,
fold_step: u32,
column_log_size: u32,
) -> Result<(Vec<usize>, SparseEvaluation), InsufficientWitnessError> {
let mut query_evals = query_evals.iter().copied();

Expand All @@ -1037,7 +1033,7 @@ fn compute_decommitment_positions_and_rebuild_evals(
.collect::<Result<_, _>>()?;

subset_evals.push(subset_eval);
subset_domain_index_initials.push(bit_reverse_index(subset_start, column_log_size));
subset_domain_index_initials.push(bit_reverse_index(subset_start, queries.log_domain_size));
}

let sparse_evaluation = SparseEvaluation::new(subset_evals, subset_domain_index_initials);
Expand Down
2 changes: 1 addition & 1 deletion crates/prover/src/core/pcs/quotients.rs
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,6 @@ pub fn fri_answers_for_log_size(
query_positions: &[usize],
queried_values_per_column: &[&Vec<BaseField>],
) -> Result<Vec<SecureField>, VerificationError> {
let sample_batches = ColumnSampleBatch::new_vec(samples);
for queried_values in queried_values_per_column {
if queried_values.len() != query_positions.len() {
return Err(VerificationError::InvalidStructure(
Expand All @@ -140,6 +139,7 @@ pub fn fri_answers_for_log_size(
}
}

let sample_batches = ColumnSampleBatch::new_vec(samples);
let quotient_constants = quotient_constants(&sample_batches, random_coeff);
let commitment_domain = CanonicCoset::new(log_size).circle_domain();
let mut quotient_evals_at_queries = Vec::new();
Expand Down
2 changes: 1 addition & 1 deletion crates/prover/src/core/pcs/verifier.rs
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ impl<MC: MerkleChannel> CommitmentSchemeVerifier<MC> {
return Err(VerificationError::ProofOfWork);
}

// Get FRI query domains.
// Get FRI query positions.
let query_positions_per_log_size = fri_verifier.sample_query_positions(channel);

// Verify merkle decommitments.
Expand Down
4 changes: 2 additions & 2 deletions crates/prover/src/core/poly/line.rs
Original file line number Diff line number Diff line change
Expand Up @@ -114,9 +114,9 @@ pub struct LinePoly {
///
/// The coefficients are stored in bit-reversed order.
#[allow(rustdoc::private_intra_doc_links)]
coeffs: Vec<SecureField>,
pub coeffs: Vec<SecureField>,
/// The number of coefficients stored as `log2(len(coeffs))`.
log_size: u32,
pub log_size: u32,
}

impl LinePoly {
Expand Down
11 changes: 10 additions & 1 deletion crates/prover/src/examples/blake/air.rs
Original file line number Diff line number Diff line change
Expand Up @@ -529,6 +529,7 @@ pub fn verify_blake<MC: MerkleChannel>(
mod tests {
use std::env;

use crate::core::fri::FriConfig;
use crate::core::pcs::PcsConfig;
use crate::core::vcs::blake2_merkle::Blake2sMerkleChannel;
use crate::examples::blake::air::{prove_blake, verify_blake};
Expand All @@ -547,7 +548,15 @@ mod tests {
.unwrap_or_else(|_| "6".to_string())
.parse::<u32>()
.unwrap();
let config = PcsConfig::default();
// let config = PcsConfig::default();
let config = PcsConfig {
pow_bits: 10,
fri_config: FriConfig {
log_blowup_factor: 1,
log_last_layer_degree_bound: 6,
n_queries: 50,
},
};

// Prove.
let proof = prove_blake::<Blake2sMerkleChannel>(log_n_instances, config);
Expand Down
2 changes: 1 addition & 1 deletion crates/prover/src/examples/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@ pub mod plonk;
pub mod poseidon;
pub mod state_machine;
pub mod wide_fibonacci;
pub mod xor;
// pub mod xor;
Loading

0 comments on commit cb5c34a

Please sign in to comment.