diff --git a/benchmark.go b/benchmark.go index 9b60a3b..7ba592f 100644 --- a/benchmark.go +++ b/benchmark.go @@ -22,7 +22,7 @@ import ( type BenchmarkPlonky2VerifierCircuit struct { Proof types.Proof - PublicInputs []gl.Variable `gnark:",public"` + PublicInputs []gl.GoldilocksVariable `gnark:",public"` verifierChip *verifier.VerifierChip `gnark:"-"` plonky2CircuitName string `gnark:"-"` diff --git a/benchmark_plonk.go b/benchmark_plonk.go index 6f7df12..d4bacfd 100644 --- a/benchmark_plonk.go +++ b/benchmark_plonk.go @@ -23,7 +23,7 @@ import ( type BenchmarkPlonky2VerifierCircuitPlonk struct { Proof types.Proof - PublicInputs []gl.Variable `gnark:",public"` + PublicInputs []gl.GoldilocksVariable `gnark:",public"` verifierChip *verifier.VerifierChip `gnark:"-"` plonky2CircuitName string `gnark:"-"` diff --git a/challenger/challenger.go b/challenger/challenger.go index b1af60b..85a35e5 100644 --- a/challenger/challenger.go +++ b/challenger/challenger.go @@ -14,15 +14,15 @@ type Chip struct { api frontend.API `gnark:"-"` poseidonChip *poseidon.GoldilocksChip poseidonBN254Chip *poseidon.BN254Chip - spongeState [poseidon.SPONGE_WIDTH]gl.Variable - inputBuffer []gl.Variable - outputBuffer []gl.Variable + spongeState [poseidon.SPONGE_WIDTH]gl.GoldilocksVariable + inputBuffer []gl.GoldilocksVariable + outputBuffer []gl.GoldilocksVariable } func NewChip(api frontend.API) *Chip { - var spongeState [poseidon.SPONGE_WIDTH]gl.Variable - var inputBuffer []gl.Variable - var outputBuffer []gl.Variable + var spongeState [poseidon.SPONGE_WIDTH]gl.GoldilocksVariable + var inputBuffer []gl.GoldilocksVariable + var outputBuffer []gl.GoldilocksVariable for i := 0; i < poseidon.SPONGE_WIDTH; i++ { spongeState[i] = gl.Zero() } @@ -38,7 +38,7 @@ func NewChip(api frontend.API) *Chip { } } -func (c *Chip) ObserveElement(element gl.Variable) { +func (c *Chip) ObserveElement(element gl.GoldilocksVariable) { c.outputBuffer = clearBuffer(c.outputBuffer) c.inputBuffer = append(c.inputBuffer, element) if len(c.inputBuffer) == poseidon.SPONGE_RATE { @@ -46,7 +46,7 @@ func (c *Chip) ObserveElement(element gl.Variable) { } } -func (c *Chip) ObserveElements(elements []gl.Variable) { +func (c *Chip) ObserveElements(elements []gl.GoldilocksVariable) { for i := 0; i < len(elements); i++ { c.ObserveElement(elements[i]) } @@ -84,7 +84,7 @@ func (c *Chip) ObserveOpenings(openings fri.Openings) { } } -func (c *Chip) GetChallenge() gl.Variable { +func (c *Chip) GetChallenge() gl.GoldilocksVariable { if len(c.inputBuffer) != 0 || len(c.outputBuffer) == 0 { c.duplexing() } @@ -95,8 +95,8 @@ func (c *Chip) GetChallenge() gl.Variable { return challenge } -func (c *Chip) GetNChallenges(n uint64) []gl.Variable { - challenges := make([]gl.Variable, n) +func (c *Chip) GetNChallenges(n uint64) []gl.GoldilocksVariable { + challenges := make([]gl.GoldilocksVariable, n) for i := uint64(0); i < n; i++ { challenges[i] = c.GetChallenge() } @@ -109,13 +109,13 @@ func (c *Chip) GetExtensionChallenge() gl.QuadraticExtensionVariable { } func (c *Chip) GetHash() poseidon.GoldilocksHashOut { - return [4]gl.Variable{c.GetChallenge(), c.GetChallenge(), c.GetChallenge(), c.GetChallenge()} + return [4]gl.GoldilocksVariable{c.GetChallenge(), c.GetChallenge(), c.GetChallenge(), c.GetChallenge()} } func (c *Chip) GetFriChallenges( commitPhaseMerkleCaps []types.FriMerkleCap, finalPoly types.PolynomialCoeffs, - powWitness gl.Variable, + powWitness gl.GoldilocksVariable, degreeBits uint64, config types.FriConfig, ) types.FriChallenges { @@ -142,8 +142,8 @@ func (c *Chip) GetFriChallenges( } } -func clearBuffer(buffer []gl.Variable) []gl.Variable { - return make([]gl.Variable, 0) +func clearBuffer(buffer []gl.GoldilocksVariable) []gl.GoldilocksVariable { + return make([]gl.GoldilocksVariable, 0) } func (c *Chip) duplexing() { @@ -152,7 +152,7 @@ func (c *Chip) duplexing() { panic("something went wrong") } - glApi := gl.NewChip(c.api) + glApi := gl.NewGoldilocksApi(c.api) for i := 0; i < len(c.inputBuffer); i++ { c.spongeState[i] = glApi.Reduce(c.inputBuffer[i]) diff --git a/fri/fri.go b/fri/fri.go index 373fe01..ab8255f 100644 --- a/fri/fri.go +++ b/fri/fri.go @@ -14,8 +14,8 @@ import ( ) type Chip struct { - api frontend.API `gnark:"-"` - gl gl.Chip `gnark:"-"` + api frontend.API `gnark:"-"` + gl gl.GoldilocksApi `gnark:"-"` poseidonBN254Chip *poseidon.BN254Chip friParams *types.FriParams `gnark:"-"` } @@ -29,11 +29,11 @@ func NewChip( api: api, poseidonBN254Chip: poseidonBN254Chip, friParams: friParams, - gl: *gl.NewChip(api), + gl: *gl.NewGoldilocksApi(api), } } -func (f *Chip) assertLeadingZeros(powWitness gl.Variable, friConfig types.FriConfig) { +func (f *Chip) assertLeadingZeros(powWitness gl.GoldilocksVariable, friConfig types.FriConfig) { // Asserts that powWitness'es big-endian bit representation has at least `leading_zeros` leading zeros. // Note that this is assuming that the Goldilocks field is being used. Specfically that the // field is 64 bits long @@ -58,7 +58,7 @@ func (f *Chip) fromOpeningsAndAlpha( } func (f *Chip) verifyMerkleProofToCapWithCapIndex( - leafData []gl.Variable, + leafData []gl.GoldilocksVariable, leafIndexBits []frontend.Variable, capIndexBits []frontend.Variable, merkleCap types.FriMerkleCap, @@ -139,7 +139,7 @@ func (f *Chip) assertNoncanonicalIndicesOK() { func (f *Chip) expFromBitsConstBase( base goldilocks.Element, exponentBits []frontend.Variable, -) gl.Variable { +) gl.GoldilocksVariable { product := gl.One() for i, bit := range exponentBits { // If the bit is on, we multiply product by base^pow. @@ -167,7 +167,7 @@ func (f *Chip) expFromBitsConstBase( func (f *Chip) calculateSubgroupX( xIndexBits []frontend.Variable, nLog uint64, -) gl.Variable { +) gl.GoldilocksVariable { // Compute x from its index // `subgroup_x` is `subgroup[x_index]`, i.e., the actual field element in the domain. // TODO - Make these as global values @@ -284,7 +284,7 @@ func (f *Chip) interpolate( } func (f *Chip) computeEvaluation( - x gl.Variable, + x gl.GoldilocksVariable, xIndexWithinCosetBits []frontend.Variable, arityBits uint64, evals []gl.QuadraticExtensionVariable, @@ -359,7 +359,7 @@ func (f *Chip) verifyQueryRound( precomputedReducedEval []gl.QuadraticExtensionVariable, initialMerkleCaps []types.FriMerkleCap, proof *types.FriProof, - xIndex gl.Variable, + xIndex gl.GoldilocksVariable, n uint64, nLog uint64, roundProof *types.FriQueryRound, @@ -437,7 +437,7 @@ func (f *Chip) verifyQueryRound( ) // Convert evals (array of QE) to fields by taking their 0th degree coefficients - fieldEvals := make([]gl.Variable, 0, 2*len(evals)) + fieldEvals := make([]gl.GoldilocksVariable, 0, 2*len(evals)) for j := 0; j < len(evals); j++ { fieldEvals = append(fieldEvals, evals[j][0]) fieldEvals = append(fieldEvals, evals[j][1]) diff --git a/fri/fri_test.go b/fri/fri_test.go index d5c0033..2faf638 100644 --- a/fri/fri_test.go +++ b/fri/fri_test.go @@ -25,7 +25,7 @@ func (circuit *TestFriCircuit) Define(api frontend.API) error { commonCircuitData := verifier.DeserializeCommonCircuitData(circuit.commonCircuitDataFilename) verifierOnlyCircuitData := verifier.DeserializeVerifierOnlyCircuitData(circuit.verifierOnlyCircuitDataFilename) - glApi := gl.NewChip(api) + glApi := gl.NewGoldilocksApi(api) poseidonChip := poseidon.NewGoldilocksChip(api) friChip := fri.NewChip(api, &commonCircuitData.FriParams) challengerChip := challenger.NewChip(api) diff --git a/fri/fri_utils.go b/fri/fri_utils.go index 962a36b..4f5cdc8 100644 --- a/fri/fri_utils.go +++ b/fri/fri_utils.go @@ -178,7 +178,7 @@ func friAllPolys(c *types.CommonCircuitData) []PolynomialInfo { return returnArr } -func GetInstance(c *types.CommonCircuitData, glApi *gl.Chip, zeta gl.QuadraticExtensionVariable, degreeBits uint64) InstanceInfo { +func GetInstance(c *types.CommonCircuitData, glApi *gl.GoldilocksApi, zeta gl.QuadraticExtensionVariable, degreeBits uint64) InstanceInfo { zetaBatch := BatchInfo{ Point: zeta, Polynomials: friAllPolys(c), diff --git a/goldilocks/base.go b/goldilocks/base.go index ad7b0c6..f3c4ef5 100644 --- a/goldilocks/base.go +++ b/goldilocks/base.go @@ -13,13 +13,14 @@ package goldilocks import ( "fmt" + "math" "math/big" "github.com/consensys/gnark-crypto/field/goldilocks" "github.com/consensys/gnark/constraint/solver" "github.com/consensys/gnark/frontend" - "github.com/consensys/gnark/std/math/bits" "github.com/consensys/gnark/std/math/emulated" + "github.com/consensys/gnark/std/rangecheck" ) // The multiplicative group generator of the field. @@ -45,77 +46,78 @@ func init() { solver.RegisterHint(MulAddHint) solver.RegisterHint(ReduceHint) solver.RegisterHint(InverseHint) + solver.RegisterHint(SplitLimbsHint) } // A type alias used to represent Goldilocks field elements. -type Variable struct { +type GoldilocksVariable struct { Limb frontend.Variable } // Creates a new Goldilocks field element from an existing variable. Assumes that the element is // already reduced. -func NewVariable(x frontend.Variable) Variable { - return Variable{Limb: x} +func NewVariable(x frontend.Variable) GoldilocksVariable { + return GoldilocksVariable{Limb: x} } // The zero element in the Golidlocks field. -func Zero() Variable { +func Zero() GoldilocksVariable { return NewVariable(0) } // The one element in the Goldilocks field. -func One() Variable { +func One() GoldilocksVariable { return NewVariable(1) } // The negative one element in the Goldilocks field. -func NegOne() Variable { +func NegOne() GoldilocksVariable { return NewVariable(MODULUS.Uint64() - 1) } // The chip used for Goldilocks field operations. -type Chip struct { +type GoldilocksApi struct { api frontend.API } // Creates a new Goldilocks chip. -func NewChip(api frontend.API) *Chip { - return &Chip{api: api} +func NewGoldilocksApi(api frontend.API) *GoldilocksApi { + return &GoldilocksApi{api: api} } // Adds two field elements such that x + y = z within the Golidlocks field. -func (p *Chip) Add(a Variable, b Variable) Variable { +func (p *GoldilocksApi) Add(a GoldilocksVariable, b GoldilocksVariable) GoldilocksVariable { return p.MulAdd(a, NewVariable(1), b) } // Adds two field elements such that x + y = z within the Golidlocks field without reducing. -func (p *Chip) AddNoReduce(a Variable, b Variable) Variable { +func (p *GoldilocksApi) AddNoReduce(a GoldilocksVariable, b GoldilocksVariable) GoldilocksVariable { return NewVariable(p.api.Add(a.Limb, b.Limb)) } // Subtracts two field elements such that x + y = z within the Golidlocks field. -func (p *Chip) Sub(a Variable, b Variable) Variable { +func (p *GoldilocksApi) Sub(a GoldilocksVariable, b GoldilocksVariable) GoldilocksVariable { return p.MulAdd(b, NewVariable(MODULUS.Uint64()-1), a) } // Subtracts two field elements such that x + y = z within the Golidlocks field without reducing. -func (p *Chip) SubNoReduce(a Variable, b Variable) Variable { +func (p *GoldilocksApi) SubNoReduce(a GoldilocksVariable, b GoldilocksVariable) GoldilocksVariable { return NewVariable(p.api.Add(a.Limb, p.api.Mul(b.Limb, MODULUS.Uint64()-1))) } // Multiplies two field elements such that x * y = z within the Golidlocks field. -func (p *Chip) Mul(a Variable, b Variable) Variable { +func (p *GoldilocksApi) Mul(a GoldilocksVariable, b GoldilocksVariable) GoldilocksVariable { return p.MulAdd(a, b, Zero()) } // Multiplies two field elements such that x * y = z within the Golidlocks field without reducing. -func (p *Chip) MulNoReduce(a Variable, b Variable) Variable { +func (p *GoldilocksApi) MulNoReduce(a GoldilocksVariable, b GoldilocksVariable) GoldilocksVariable { return NewVariable(p.api.Mul(a.Limb, b.Limb)) } // Multiplies two field elements and adds a field element such that x * y + z = c within the // Golidlocks field. -func (p *Chip) MulAdd(a Variable, b Variable, c Variable) Variable { +func (p *GoldilocksApi) MulAdd(a GoldilocksVariable, b GoldilocksVariable, c GoldilocksVariable) GoldilocksVariable { result, err := p.api.Compiler().NewHint(MulAddHint, 2, a.Limb, b.Limb, c.Limb) if err != nil { panic(err) @@ -136,7 +138,7 @@ func (p *Chip) MulAdd(a Variable, b Variable, c Variable) Variable { // Multiplies two field elements and adds a field element such that x * y + z = c within the // Golidlocks field without reducing. -func (p *Chip) MulAddNoReduce(a Variable, b Variable, c Variable) Variable { +func (p *GoldilocksApi) MulAddNoReduce(a GoldilocksVariable, b GoldilocksVariable, c GoldilocksVariable) GoldilocksVariable { return p.AddNoReduce(p.MulNoReduce(a, b), c) } @@ -164,7 +166,7 @@ func MulAddHint(_ *big.Int, inputs []*big.Int, results []*big.Int) error { } // Reduces a field element x such that x % MODULUS = y. -func (p *Chip) Reduce(x Variable) Variable { +func (p *GoldilocksApi) Reduce(x GoldilocksVariable) GoldilocksVariable { // Witness a `quotient` and `remainder` such that: // // MODULUS * quotient + remainder = x @@ -189,7 +191,7 @@ func (p *Chip) Reduce(x Variable) Variable { } // Reduces a field element x such that x % MODULUS = y. -func (p *Chip) ReduceWithMaxBits(x Variable, maxNbBits uint64) Variable { +func (p *GoldilocksApi) ReduceWithMaxBits(x GoldilocksVariable, maxNbBits uint64) GoldilocksVariable { // Witness a `quotient` and `remainder` such that: // // MODULUS * quotient + remainder = x @@ -224,7 +226,7 @@ func ReduceHint(_ *big.Int, inputs []*big.Int, results []*big.Int) error { } // Computes the inverse of a field element x such that x * x^-1 = 1. -func (p *Chip) Inverse(x Variable) Variable { +func (p *GoldilocksApi) Inverse(x GoldilocksVariable) GoldilocksVariable { result, err := p.api.Compiler().NewHint(InverseHint, 1, x.Limb) if err != nil { panic(err) @@ -258,7 +260,7 @@ func InverseHint(_ *big.Int, inputs []*big.Int, results []*big.Int) error { } // Computes a field element raised to some power. -func (p *Chip) Exp(x Variable, k *big.Int) Variable { +func (p *GoldilocksApi) Exp(x GoldilocksVariable, k *big.Int) GoldilocksVariable { if k.IsUint64() && k.Uint64() == 0 { return One() } @@ -279,8 +281,31 @@ func (p *Chip) Exp(x Variable, k *big.Int) Variable { return z } +// The hint used to split a GoldilocksVariable into 2 32 bit limbs. +func SplitLimbsHint(_ *big.Int, inputs []*big.Int, results []*big.Int) error { + if len(inputs) != 1 { + panic("SplitLimbsHint expects 1 input operand") + } + + // The Goldilocks field element + input := inputs[0] + + if input.Cmp(MODULUS) == 0 || input.Cmp(MODULUS) == 1 { + return fmt.Errorf("input is not in the field") + } + + two_32 := big.NewInt(int64(math.Pow(2, 32))) + + // The most significant bits + results[0] = new(big.Int).Quo(input, two_32) + // The least significant bits + results[1] = new(big.Int).Rem(input, two_32) + + return nil +} + // Range checks a field element x to be less than the Golidlocks modulus 2 ^ 64 - 2 ^ 32 + 1. -func (p *Chip) RangeCheck(x Variable) { +func (p *GoldilocksApi) RangeCheck(x GoldilocksVariable) { // The Goldilocks' modulus is 2^64 - 2^32 + 1, which is: // // 1111111111111111111111111111111100000000000000000000000000000001 @@ -288,47 +313,33 @@ func (p *Chip) RangeCheck(x Variable) { // in big endian binary. This function will first verify that x is at most 64 bits wide. Then it // checks that if the bits[0:31] (in big-endian) are all 1, then bits[32:64] are all zero. - // First decompose x into 64 bits. The bits will be in little-endian order. - bits := bits.ToBinary(p.api, x.Limb, bits.WithNbDigits(64)) - - // Those bits should compose back to x. - reconstructedX := frontend.Variable(0) - c := uint64(1) - for i := 0; i < 64; i++ { - reconstructedX = p.api.Add(reconstructedX, p.api.Mul(bits[i], c)) - c = c << 1 - p.api.AssertIsBoolean(bits[i]) - } - p.api.AssertIsEqual(x.Limb, reconstructedX) + // Use the range checker component to range-check the variable. + rangeChecker := rangecheck.New(p.api) + rangeChecker.Check(x.Limb, 64) - mostSigBits32Sum := frontend.Variable(0) - for i := 32; i < 64; i++ { - mostSigBits32Sum = p.api.Add(mostSigBits32Sum, bits[i]) + result, err := p.api.Compiler().NewHint(SplitLimbsHint, 2, x.Limb) + if err != nil { + panic(err) } - leastSigBits32Sum := frontend.Variable(0) - for i := 0; i < 32; i++ { - leastSigBits32Sum = p.api.Add(leastSigBits32Sum, bits[i]) - } + mostSigBits := result[0] + leastSigBits := result[1] - // If mostSigBits32Sum < 32, then we know that: - // - // x < (2^63 + ... + 2^32 + 0 * 2^31 + ... + 0 * 2^0) - // - // which equals to 2^64 - 2^32. So in that case, we don't need to do any more checks. If - // mostSigBits32Sum == 32, then we need to check that x == 2^64 - 2^32 (max GL value). - shouldCheck := p.api.IsZero(p.api.Sub(mostSigBits32Sum, 32)) + // If the most significant bits are all 1, then we need to check that the least significant bits are all zero + // in order for element to be less than the Goldilock's modulus. + // Otherwise, we don't need to do any checks, since we already know that the element is less than the Goldilocks modulus. + shouldCheck := p.api.IsZero(p.api.Sub(mostSigBits, uint64(math.Pow(2, 32))-1)) p.api.AssertIsEqual( p.api.Select( shouldCheck, - leastSigBits32Sum, + leastSigBits, frontend.Variable(0), ), frontend.Variable(0), ) } -func (p *Chip) AssertIsEqual(x, y Variable) { +func (p *GoldilocksApi) AssertIsEqual(x, y GoldilocksVariable) { p.api.AssertIsEqual(x.Limb, y.Limb) } diff --git a/goldilocks/base_test.go b/goldilocks/base_test.go index d2a34d3..44d3ec0 100644 --- a/goldilocks/base_test.go +++ b/goldilocks/base_test.go @@ -15,8 +15,8 @@ type TestGoldilocksRangeCheckCircuit struct { } func (c *TestGoldilocksRangeCheckCircuit) Define(api frontend.API) error { - chip := NewChip(api) - chip.RangeCheck(NewVariable(c.X)) + glApi := NewGoldilocksApi(api) + glApi.RangeCheck(NewVariable(c.X)) return nil } func TestGoldilocksRangeCheck(t *testing.T) { @@ -45,8 +45,8 @@ type TestGoldilocksMulAddCircuit struct { } func (c *TestGoldilocksMulAddCircuit) Define(api frontend.API) error { - chip := NewChip(api) - calculateValue := chip.MulAdd(NewVariable(c.X), NewVariable(c.Y), NewVariable(c.Z)) + glApi := NewGoldilocksApi(api) + calculateValue := glApi.MulAdd(NewVariable(c.X), NewVariable(c.Y), NewVariable(c.Z)) api.AssertIsEqual(calculateValue.Limb, c.ExpectedResult) return nil } diff --git a/goldilocks/quadratic_extension.go b/goldilocks/quadratic_extension.go index d384300..3a4c80d 100644 --- a/goldilocks/quadratic_extension.go +++ b/goldilocks/quadratic_extension.go @@ -9,13 +9,13 @@ import ( const W uint64 = 7 const DTH_ROOT uint64 = 18446744069414584320 -type QuadraticExtensionVariable [2]Variable +type QuadraticExtensionVariable [2]GoldilocksVariable -func NewQuadraticExtensionVariable(x Variable, y Variable) QuadraticExtensionVariable { +func NewQuadraticExtensionVariable(x GoldilocksVariable, y GoldilocksVariable) QuadraticExtensionVariable { return QuadraticExtensionVariable{x, y} } -func (p Variable) ToQuadraticExtension() QuadraticExtensionVariable { +func (p GoldilocksVariable) ToQuadraticExtension() QuadraticExtensionVariable { return NewQuadraticExtensionVariable(p, Zero()) } @@ -28,35 +28,35 @@ func OneExtension() QuadraticExtensionVariable { } // Adds two quadratic extension variables in the Goldilocks field. -func (p *Chip) AddExtension(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) AddExtension(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { c0 := p.Add(a[0], b[0]) c1 := p.Add(a[1], b[1]) return NewQuadraticExtensionVariable(c0, c1) } // Adds two quadratic extension variables in the Goldilocks field without reducing. -func (p *Chip) AddExtensionNoReduce(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) AddExtensionNoReduce(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { c0 := p.AddNoReduce(a[0], b[0]) c1 := p.AddNoReduce(a[1], b[1]) return NewQuadraticExtensionVariable(c0, c1) } // Subtracts two quadratic extension variables in the Goldilocks field. -func (p *Chip) SubExtension(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) SubExtension(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { c0 := p.Sub(a[0], b[0]) c1 := p.Sub(a[1], b[1]) return NewQuadraticExtensionVariable(c0, c1) } // Subtracts two quadratic extension variables in the Goldilocks field without reducing. -func (p *Chip) SubExtensionNoReduce(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) SubExtensionNoReduce(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { c0 := p.SubNoReduce(a[0], b[0]) c1 := p.SubNoReduce(a[1], b[1]) return NewQuadraticExtensionVariable(c0, c1) } // Multiplies quadratic extension variable in the Goldilocks field. -func (p *Chip) MulExtension(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) MulExtension(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { product := p.MulExtensionNoReduce(a, b) product[0] = p.Reduce(product[0]) product[1] = p.Reduce(product[1]) @@ -64,7 +64,7 @@ func (p *Chip) MulExtension(a, b QuadraticExtensionVariable) QuadraticExtensionV } // Multiplies quadratic extension variable in the Goldilocks field without reducing. -func (p *Chip) MulExtensionNoReduce(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) MulExtensionNoReduce(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { c0o0 := p.MulNoReduce(a[0], b[0]) c0o1 := p.MulNoReduce(p.MulNoReduce(NewVariable(7), a[1]), b[1]) c0 := p.AddNoReduce(c0o0, c0o1) @@ -74,7 +74,7 @@ func (p *Chip) MulExtensionNoReduce(a, b QuadraticExtensionVariable) QuadraticEx // Multiplies two operands a and b and adds to c in the Goldilocks extension field. a * b + c must // be less than RANGE_CHECK_NB_BITS bits. -func (p *Chip) MulAddExtension(a, b, c QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) MulAddExtension(a, b, c QuadraticExtensionVariable) QuadraticExtensionVariable { product := p.MulExtensionNoReduce(a, b) sum := p.AddExtensionNoReduce(product, c) sum[0] = p.Reduce(sum[0]) @@ -82,7 +82,7 @@ func (p *Chip) MulAddExtension(a, b, c QuadraticExtensionVariable) QuadraticExte return sum } -func (p *Chip) MulAddExtensionNoReduce(a, b, c QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) MulAddExtensionNoReduce(a, b, c QuadraticExtensionVariable) QuadraticExtensionVariable { product := p.MulExtensionNoReduce(a, b) sum := p.AddExtensionNoReduce(product, c) return sum @@ -90,7 +90,7 @@ func (p *Chip) MulAddExtensionNoReduce(a, b, c QuadraticExtensionVariable) Quadr // Multiplies two operands a and b and subtracts to c in the Goldilocks extension field. a * b - c must // be less than RANGE_CHECK_NB_BITS bits. -func (p *Chip) SubMulExtension(a, b, c QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) SubMulExtension(a, b, c QuadraticExtensionVariable) QuadraticExtensionVariable { difference := p.SubExtensionNoReduce(a, b) product := p.MulExtensionNoReduce(difference, c) product[0] = p.Reduce(product[0]) @@ -99,9 +99,9 @@ func (p *Chip) SubMulExtension(a, b, c QuadraticExtensionVariable) QuadraticExte } // Multiplies quadratic extension variable in the Goldilocks field by a scalar. -func (p *Chip) ScalarMulExtension( +func (p *GoldilocksApi) ScalarMulExtension( a QuadraticExtensionVariable, - b Variable, + b GoldilocksVariable, ) QuadraticExtensionVariable { return NewQuadraticExtensionVariable( p.Mul(a[0], b), @@ -110,8 +110,8 @@ func (p *Chip) ScalarMulExtension( } // Computes an inner product over quadratic extension variable vectors in the Goldilocks field. -func (p *Chip) InnerProductExtension( - constant Variable, +func (p *GoldilocksApi) InnerProductExtension( + constant GoldilocksVariable, startingAcc QuadraticExtensionVariable, pairs [][2]QuadraticExtensionVariable, ) QuadraticExtensionVariable { @@ -126,7 +126,7 @@ func (p *Chip) InnerProductExtension( } // Computes the inverse of a quadratic extension variable in the Goldilocks field. -func (p *Chip) InverseExtension(a QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) InverseExtension(a QuadraticExtensionVariable) QuadraticExtensionVariable { a0IsZero := p.api.IsZero(a[0].Limb) a1IsZero := p.api.IsZero(a[1].Limb) p.api.AssertIsEqual(p.api.Mul(a0IsZero, a1IsZero), frontend.Variable(0)) @@ -139,12 +139,12 @@ func (p *Chip) InverseExtension(a QuadraticExtensionVariable) QuadraticExtension } // Divides two quadratic extension variables in the Goldilocks field. -func (p *Chip) DivExtension(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) DivExtension(a, b QuadraticExtensionVariable) QuadraticExtensionVariable { return p.MulExtension(a, p.InverseExtension(b)) } // Exponentiates a quadratic extension variable to some exponent in the Golidlocks field. -func (p *Chip) ExpExtension( +func (p *GoldilocksApi) ExpExtension( a QuadraticExtensionVariable, exponent uint64, ) QuadraticExtensionVariable { @@ -173,12 +173,12 @@ func (p *Chip) ExpExtension( return product } -func (p *Chip) ReduceExtension(x QuadraticExtensionVariable) QuadraticExtensionVariable { +func (p *GoldilocksApi) ReduceExtension(x QuadraticExtensionVariable) QuadraticExtensionVariable { return NewQuadraticExtensionVariable(p.Reduce(x[0]), p.Reduce(x[1])) } // Reduces a list of extension field terms with a scalar power in the Goldilocks field. -func (p *Chip) ReduceWithPowers( +func (p *GoldilocksApi) ReduceWithPowers( terms []QuadraticExtensionVariable, scalar QuadraticExtensionVariable, ) QuadraticExtensionVariable { @@ -197,14 +197,14 @@ func (p *Chip) ReduceWithPowers( } // Outputs whether the quadratic extension variable is zero. -func (p *Chip) IsZero(x QuadraticExtensionVariable) frontend.Variable { +func (p *GoldilocksApi) IsZero(x QuadraticExtensionVariable) frontend.Variable { x0IsZero := p.api.IsZero(x[0].Limb) x1IsZero := p.api.IsZero(x[1].Limb) return p.api.Mul(x0IsZero, x1IsZero) } // Lookup is similar to select, but returns the first variable if the bit is zero and vice-versa. -func (p *Chip) Lookup( +func (p *GoldilocksApi) Lookup( b frontend.Variable, x, y QuadraticExtensionVariable, ) QuadraticExtensionVariable { @@ -214,7 +214,7 @@ func (p *Chip) Lookup( } // Lookup2 is similar to select2, but returns the first variable if the bit is zero and vice-versa. -func (p *Chip) Lookup2( +func (p *GoldilocksApi) Lookup2( b0 frontend.Variable, b1 frontend.Variable, qe0, qe1, qe2, qe3 QuadraticExtensionVariable, @@ -225,7 +225,7 @@ func (p *Chip) Lookup2( } // Asserts that two quadratic extension variables are equal. -func (p *Chip) AssertIsEqualExtension( +func (p *GoldilocksApi) AssertIsEqualExtension( a QuadraticExtensionVariable, b QuadraticExtensionVariable, ) { @@ -233,7 +233,7 @@ func (p *Chip) AssertIsEqualExtension( p.AssertIsEqual(a[1], b[1]) } -func (p *Chip) RangeCheckQE(a QuadraticExtensionVariable) { +func (p *GoldilocksApi) RangeCheckQE(a QuadraticExtensionVariable) { p.RangeCheck(a[0]) p.RangeCheck(a[1]) } diff --git a/goldilocks/quadratic_extension_algebra.go b/goldilocks/quadratic_extension_algebra.go index 9ce1028..668ed5f 100644 --- a/goldilocks/quadratic_extension_algebra.go +++ b/goldilocks/quadratic_extension_algebra.go @@ -25,7 +25,7 @@ func OneExtensionAlgebra() QuadraticExtensionAlgebraVariable { return OneExtension().ToQuadraticExtensionAlgebra() } -func (p *Chip) AddExtensionAlgebra( +func (p *GoldilocksApi) AddExtensionAlgebra( a QuadraticExtensionAlgebraVariable, b QuadraticExtensionAlgebraVariable, ) QuadraticExtensionAlgebraVariable { @@ -36,7 +36,7 @@ func (p *Chip) AddExtensionAlgebra( return sum } -func (p *Chip) SubExtensionAlgebra( +func (p *GoldilocksApi) SubExtensionAlgebra( a QuadraticExtensionAlgebraVariable, b QuadraticExtensionAlgebraVariable, ) QuadraticExtensionAlgebraVariable { @@ -47,7 +47,7 @@ func (p *Chip) SubExtensionAlgebra( return diff } -func (p Chip) MulExtensionAlgebra( +func (p GoldilocksApi) MulExtensionAlgebra( a QuadraticExtensionAlgebraVariable, b QuadraticExtensionAlgebraVariable, ) QuadraticExtensionAlgebraVariable { @@ -74,7 +74,7 @@ func (p Chip) MulExtensionAlgebra( return product } -func (p *Chip) ScalarMulExtensionAlgebra( +func (p *GoldilocksApi) ScalarMulExtensionAlgebra( a QuadraticExtensionVariable, b QuadraticExtensionAlgebraVariable, ) QuadraticExtensionAlgebraVariable { @@ -85,7 +85,7 @@ func (p *Chip) ScalarMulExtensionAlgebra( return product } -func (p *Chip) PartialInterpolateExtAlgebra( +func (p *GoldilocksApi) PartialInterpolateExtAlgebra( domain []goldilocks.Element, values []QuadraticExtensionAlgebraVariable, barycentricWeights []goldilocks.Element, diff --git a/goldilocks/quadratic_extension_test.go b/goldilocks/quadratic_extension_test.go index 0087ab6..1fbac49 100644 --- a/goldilocks/quadratic_extension_test.go +++ b/goldilocks/quadratic_extension_test.go @@ -15,7 +15,7 @@ type TestQuadraticExtensionMulCircuit struct { } func (c *TestQuadraticExtensionMulCircuit) Define(api frontend.API) error { - glApi := NewChip(api) + glApi := NewGoldilocksApi(api) actualRes := glApi.MulExtension(c.Operand1, c.Operand2) glApi.AssertIsEqual(actualRes[0], c.ExpectedResult[0]) glApi.AssertIsEqual(actualRes[1], c.ExpectedResult[1]) @@ -58,7 +58,7 @@ type TestQuadraticExtensionDivCircuit struct { } func (c *TestQuadraticExtensionDivCircuit) Define(api frontend.API) error { - glAPI := NewChip(api) + glAPI := NewGoldilocksApi(api) actualRes := glAPI.DivExtension(c.Operand1, c.Operand2) glAPI.AssertIsEqual(actualRes[0], c.ExpectedResult[0]) glAPI.AssertIsEqual(actualRes[1], c.ExpectedResult[1]) diff --git a/goldilocks/utils.go b/goldilocks/utils.go index 654230f..0101868 100644 --- a/goldilocks/utils.go +++ b/goldilocks/utils.go @@ -24,8 +24,8 @@ func StrArrayToFrontendVariableArray(input []string) []frontend.Variable { return output } -func Uint64ArrayToVariableArray(input []uint64) []Variable { - var output []Variable +func Uint64ArrayToVariableArray(input []uint64) []GoldilocksVariable { + var output []GoldilocksVariable for i := 0; i < len(input); i++ { output = append(output, NewVariable(input[i])) } diff --git a/plonk/gates/arithmetic_extension_gate.go b/plonk/gates/arithmetic_extension_gate.go index e09ed2a..91d4db1 100644 --- a/plonk/gates/arithmetic_extension_gate.go +++ b/plonk/gates/arithmetic_extension_gate.go @@ -58,7 +58,7 @@ func (g *ArithmeticExtensionGate) wiresIthOutput(i uint64) Range { func (g *ArithmeticExtensionGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { const0 := vars.localConstants[0] diff --git a/plonk/gates/arithmetic_gate.go b/plonk/gates/arithmetic_gate.go index 7867cb0..e7b78a7 100644 --- a/plonk/gates/arithmetic_gate.go +++ b/plonk/gates/arithmetic_gate.go @@ -59,7 +59,7 @@ func (g *ArithmeticGate) WireIthOutput(i uint64) uint64 { func (g *ArithmeticGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { const0 := vars.localConstants[0] diff --git a/plonk/gates/base_sum_gate.go b/plonk/gates/base_sum_gate.go index aff6db6..543953c 100644 --- a/plonk/gates/base_sum_gate.go +++ b/plonk/gates/base_sum_gate.go @@ -65,7 +65,7 @@ func (g *BaseSumGate) limbs() []uint64 { func (g *BaseSumGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { sum := vars.localWires[BASESUM_GATE_WIRE_SUM] diff --git a/plonk/gates/constant_gate.go b/plonk/gates/constant_gate.go index e263139..3771df0 100644 --- a/plonk/gates/constant_gate.go +++ b/plonk/gates/constant_gate.go @@ -56,7 +56,7 @@ func (g *ConstantGate) WireOutput(i uint64) uint64 { func (g *ConstantGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { constraints := []gl.QuadraticExtensionVariable{} diff --git a/plonk/gates/coset_interpolation_gate.go b/plonk/gates/coset_interpolation_gate.go index 58e53da..1e08a13 100644 --- a/plonk/gates/coset_interpolation_gate.go +++ b/plonk/gates/coset_interpolation_gate.go @@ -147,7 +147,7 @@ func (g *CosetInterpolationGate) wiresShiftedEvaluationPoint() Range { func (g *CosetInterpolationGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { constraints := []gl.QuadraticExtensionVariable{} diff --git a/plonk/gates/evaluate_gates.go b/plonk/gates/evaluate_gates.go index 8823cc9..b123765 100644 --- a/plonk/gates/evaluate_gates.go +++ b/plonk/gates/evaluate_gates.go @@ -36,7 +36,7 @@ func (g *EvaluateGatesChip) computeFilter( s gl.QuadraticExtensionVariable, manySelector bool, ) gl.QuadraticExtensionVariable { - glApi := gl.NewChip(g.api) + glApi := gl.NewGoldilocksApi(g.api) product := gl.OneExtension() for i := groupRange.start; i < groupRange.end; i++ { if i == uint64(row) { @@ -62,7 +62,7 @@ func (g *EvaluateGatesChip) evalFiltered( groupRange Range, numSelectors uint64, ) []gl.QuadraticExtensionVariable { - glApi := gl.NewChip(g.api) + glApi := gl.NewGoldilocksApi(g.api) filter := g.computeFilter(row, groupRange, vars.localConstants[selectorIndex], numSelectors > 1) vars.RemovePrefix(numSelectors) @@ -75,7 +75,7 @@ func (g *EvaluateGatesChip) evalFiltered( } func (g *EvaluateGatesChip) EvaluateGateConstraints(vars EvaluationVars) []gl.QuadraticExtensionVariable { - glApi := gl.NewChip(g.api) + glApi := gl.NewGoldilocksApi(g.api) constraints := make([]gl.QuadraticExtensionVariable, g.numGateConstraints) for i := range constraints { constraints[i] = gl.ZeroExtension() diff --git a/plonk/gates/exponentiation_gate.go b/plonk/gates/exponentiation_gate.go index ccf02e6..3d75301 100644 --- a/plonk/gates/exponentiation_gate.go +++ b/plonk/gates/exponentiation_gate.go @@ -65,7 +65,7 @@ func (g *ExponentiationGate) wireIntermediateValue(i uint64) uint64 { func (g *ExponentiationGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { base := vars.localWires[g.wireBase()] diff --git a/plonk/gates/gates.go b/plonk/gates/gates.go index edd98d4..b46e82d 100644 --- a/plonk/gates/gates.go +++ b/plonk/gates/gates.go @@ -12,7 +12,7 @@ type Gate interface { Id() string EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable } diff --git a/plonk/gates/gates_test.go b/plonk/gates/gates_test.go index 8bf99ba..91b4a37 100644 --- a/plonk/gates/gates_test.go +++ b/plonk/gates/gates_test.go @@ -693,7 +693,7 @@ func (circuit *TestGateCircuit) Define(api frontend.API) error { commonCircuitData := verifier.DeserializeCommonCircuitData("../../data/decode_block/common_circuit_data.json") numSelectors := commonCircuitData.SelectorsInfo.NumSelectors() - glApi := gl.NewChip(api) + glApi := gl.NewGoldilocksApi(api) vars := gates.NewEvaluationVars(localConstants[numSelectors:], localWires, publicInputsHash) diff --git a/plonk/gates/multiplication_extension_gate.go b/plonk/gates/multiplication_extension_gate.go index 37cec16..ce17821 100644 --- a/plonk/gates/multiplication_extension_gate.go +++ b/plonk/gates/multiplication_extension_gate.go @@ -54,7 +54,7 @@ func (g *MultiplicationExtensionGate) wiresIthOutput(i uint64) Range { func (g *MultiplicationExtensionGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { const0 := vars.localConstants[0] diff --git a/plonk/gates/noop_gate.go b/plonk/gates/noop_gate.go index f7c67e0..9b24291 100644 --- a/plonk/gates/noop_gate.go +++ b/plonk/gates/noop_gate.go @@ -27,7 +27,7 @@ func (g *NoopGate) Id() string { func (g *NoopGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { return []gl.QuadraticExtensionVariable{} diff --git a/plonk/gates/poseidon_gate.go b/plonk/gates/poseidon_gate.go index 4576b2f..be31caa 100644 --- a/plonk/gates/poseidon_gate.go +++ b/plonk/gates/poseidon_gate.go @@ -91,7 +91,7 @@ func (g *PoseidonGate) WiresEnd() uint64 { func (g *PoseidonGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { constraints := []gl.QuadraticExtensionVariable{} diff --git a/plonk/gates/poseidon_mds_gate.go b/plonk/gates/poseidon_mds_gate.go index 9efb2ef..f59ebb9 100644 --- a/plonk/gates/poseidon_mds_gate.go +++ b/plonk/gates/poseidon_mds_gate.go @@ -45,7 +45,7 @@ func (g *PoseidonMdsGate) mdsRowShfAlgebra( v [poseidon.SPONGE_WIDTH]gl.QuadraticExtensionAlgebraVariable, api frontend.API, ) gl.QuadraticExtensionAlgebraVariable { - glApi := gl.NewChip(api) + glApi := gl.NewGoldilocksApi(api) if r >= poseidon.SPONGE_WIDTH { panic("MDS row index out of range") } @@ -75,7 +75,7 @@ func (g *PoseidonMdsGate) mdsLayerAlgebra( func (g *PoseidonMdsGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { constraints := []gl.QuadraticExtensionVariable{} diff --git a/plonk/gates/public_input_gate.go b/plonk/gates/public_input_gate.go index 9fad5e7..f417217 100644 --- a/plonk/gates/public_input_gate.go +++ b/plonk/gates/public_input_gate.go @@ -31,7 +31,7 @@ func (g *PublicInputGate) WiresPublicInputsHash() []uint64 { func (g *PublicInputGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { constraints := []gl.QuadraticExtensionVariable{} diff --git a/plonk/gates/random_access_gate.go b/plonk/gates/random_access_gate.go index 5d1e0a8..82e30e9 100644 --- a/plonk/gates/random_access_gate.go +++ b/plonk/gates/random_access_gate.go @@ -116,7 +116,7 @@ func (g *RandomAccessGate) WireBit(i uint64, copy uint64) uint64 { func (g *RandomAccessGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { two := gl.NewVariable(2).ToQuadraticExtension() diff --git a/plonk/gates/reducing_extension_gate.go b/plonk/gates/reducing_extension_gate.go index 2d71c07..c75a810 100644 --- a/plonk/gates/reducing_extension_gate.go +++ b/plonk/gates/reducing_extension_gate.go @@ -76,7 +76,7 @@ func (g *ReducingExtensionGate) wiresAccs(i uint64) Range { func (g *ReducingExtensionGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { alpha := vars.GetLocalExtAlgebra(g.wiresAlpha()) diff --git a/plonk/gates/reducing_gate.go b/plonk/gates/reducing_gate.go index 2212f2b..2261c2f 100644 --- a/plonk/gates/reducing_gate.go +++ b/plonk/gates/reducing_gate.go @@ -76,7 +76,7 @@ func (g *ReducingGate) wiresAccs(i uint64) Range { func (g *ReducingGate) EvalUnfiltered( api frontend.API, - glApi gl.Chip, + glApi gl.GoldilocksApi, vars EvaluationVars, ) []gl.QuadraticExtensionVariable { alpha := vars.GetLocalExtAlgebra(g.wiresAlpha()) diff --git a/plonk/plonk.go b/plonk/plonk.go index 47494dd..4baaf8d 100644 --- a/plonk/plonk.go +++ b/plonk/plonk.go @@ -13,8 +13,8 @@ type PlonkChip struct { commonData types.CommonCircuitData `gnark:"-"` - DEGREE gl.Variable `gnark:"-"` - DEGREE_BITS_F gl.Variable `gnark:"-"` + DEGREE gl.GoldilocksVariable `gnark:"-"` + DEGREE_BITS_F gl.GoldilocksVariable `gnark:"-"` DEGREE_QE gl.QuadraticExtensionVariable `gnark:"-"` evaluateGatesChip *gates.EvaluateGatesChip @@ -44,7 +44,7 @@ func NewPlonkChip(api frontend.API, commonData types.CommonCircuitData) *PlonkCh } func (p *PlonkChip) expPowerOf2Extension(x gl.QuadraticExtensionVariable) gl.QuadraticExtensionVariable { - glApi := gl.NewChip(p.api) + glApi := gl.NewGoldilocksApi(p.api) for i := uint64(0); i < p.commonData.DegreeBits; i++ { x = glApi.MulExtension(x, x) } @@ -53,7 +53,7 @@ func (p *PlonkChip) expPowerOf2Extension(x gl.QuadraticExtensionVariable) gl.Qua func (p *PlonkChip) evalL0(x gl.QuadraticExtensionVariable, xPowN gl.QuadraticExtensionVariable) gl.QuadraticExtensionVariable { // L_0(x) = (x^n - 1) / (n * (x - 1)) - glApi := gl.NewChip(p.api) + glApi := gl.NewGoldilocksApi(p.api) evalZeroPoly := glApi.SubExtension( xPowN, gl.OneExtension(), @@ -74,7 +74,7 @@ func (p *PlonkChip) checkPartialProducts( challengeNum uint64, openings types.OpeningSet, ) []gl.QuadraticExtensionVariable { - glApi := gl.NewChip(p.api) + glApi := gl.NewGoldilocksApi(p.api) numPartProds := p.commonData.NumPartialProducts quotDegreeFactor := p.commonData.QuotientDegreeFactor @@ -110,7 +110,7 @@ func (p *PlonkChip) evalVanishingPoly( openings types.OpeningSet, zetaPowN gl.QuadraticExtensionVariable, ) []gl.QuadraticExtensionVariable { - glApi := gl.NewChip(p.api) + glApi := gl.NewGoldilocksApi(p.api) constraintTerms := p.evaluateGatesChip.EvaluateGateConstraints(vars) // Calculate the k[i] * x @@ -197,7 +197,7 @@ func (p *PlonkChip) Verify( openings types.OpeningSet, publicInputsHash poseidon.GoldilocksHashOut, ) { - glApi := gl.NewChip(p.api) + glApi := gl.NewGoldilocksApi(p.api) // Calculate zeta^n zetaPowN := p.expPowerOf2Extension(proofChallenges.PlonkZeta) diff --git a/poseidon/bn254.go b/poseidon/bn254.go index d28b7b6..51afe0f 100644 --- a/poseidon/bn254.go +++ b/poseidon/bn254.go @@ -20,15 +20,15 @@ const BN254_SPONGE_WIDTH int = 4 const BN254_SPONGE_RATE int = 3 type BN254Chip struct { - api frontend.API `gnark:"-"` - gl gl.Chip `gnark:"-"` + api frontend.API `gnark:"-"` + gl gl.GoldilocksApi `gnark:"-"` } type BN254State = [BN254_SPONGE_WIDTH]frontend.Variable type BN254HashOut = frontend.Variable func NewBN254Chip(api frontend.API) *BN254Chip { - return &BN254Chip{api: api, gl: *gl.NewChip(api)} + return &BN254Chip{api: api, gl: *gl.NewGoldilocksApi(api)} } func (c *BN254Chip) Poseidon(state BN254State) BN254State { @@ -39,7 +39,7 @@ func (c *BN254Chip) Poseidon(state BN254State) BN254State { return state } -func (c *BN254Chip) HashNoPad(input []gl.Variable) BN254HashOut { +func (c *BN254Chip) HashNoPad(input []gl.GoldilocksVariable) BN254HashOut { state := BN254State{ frontend.Variable(0), frontend.Variable(0), @@ -69,7 +69,7 @@ func (c *BN254Chip) HashNoPad(input []gl.Variable) BN254HashOut { return BN254HashOut(state[0]) } -func (c *BN254Chip) HashOrNoop(input []gl.Variable) BN254HashOut { +func (c *BN254Chip) HashOrNoop(input []gl.GoldilocksVariable) BN254HashOut { if len(input) <= 3 { returnVal := frontend.Variable(0) @@ -94,10 +94,10 @@ func (c *BN254Chip) TwoToOne(left BN254HashOut, right BN254HashOut) BN254HashOut return state[0] } -func (c *BN254Chip) ToVec(hash BN254HashOut) []gl.Variable { +func (c *BN254Chip) ToVec(hash BN254HashOut) []gl.GoldilocksVariable { bits := c.api.ToBinary(hash) - returnElements := []gl.Variable{} + returnElements := []gl.GoldilocksVariable{} // Split into 7 byte chunks, since 8 byte chunks can result in collisions chunkSize := 56 diff --git a/poseidon/goldilocks.go b/poseidon/goldilocks.go index ee27bcd..509ef55 100644 --- a/poseidon/goldilocks.go +++ b/poseidon/goldilocks.go @@ -11,17 +11,17 @@ const MAX_WIDTH = 12 const SPONGE_WIDTH = 12 const SPONGE_RATE = 8 -type GoldilocksState = [SPONGE_WIDTH]gl.Variable +type GoldilocksState = [SPONGE_WIDTH]gl.GoldilocksVariable type GoldilocksStateExtension = [SPONGE_WIDTH]gl.QuadraticExtensionVariable -type GoldilocksHashOut = [4]gl.Variable +type GoldilocksHashOut = [4]gl.GoldilocksVariable type GoldilocksChip struct { - api frontend.API `gnark:"-"` - gl gl.Chip `gnark:"-"` + api frontend.API `gnark:"-"` + gl gl.GoldilocksApi `gnark:"-"` } func NewGoldilocksChip(api frontend.API) *GoldilocksChip { - return &GoldilocksChip{api: api, gl: *gl.NewChip(api)} + return &GoldilocksChip{api: api, gl: *gl.NewGoldilocksApi(api)} } // The permutation function. @@ -38,7 +38,7 @@ func (c *GoldilocksChip) Poseidon(input GoldilocksState) GoldilocksState { // The input elements MUST have all it's elements be within Goldilocks field. // The returned slice's elements will all be within Goldilocks field. -func (c *GoldilocksChip) HashNToMNoPad(input []gl.Variable, nbOutputs int) []gl.Variable { +func (c *GoldilocksChip) HashNToMNoPad(input []gl.GoldilocksVariable, nbOutputs int) []gl.GoldilocksVariable { var state GoldilocksState for i := 0; i < SPONGE_WIDTH; i++ { @@ -54,7 +54,7 @@ func (c *GoldilocksChip) HashNToMNoPad(input []gl.Variable, nbOutputs int) []gl. state = c.Poseidon(state) } - var outputs []gl.Variable + var outputs []gl.GoldilocksVariable for { for i := 0; i < SPONGE_RATE; i++ { @@ -69,9 +69,9 @@ func (c *GoldilocksChip) HashNToMNoPad(input []gl.Variable, nbOutputs int) []gl. // The input elements can be outside of the Goldilocks field. // The returned slice's elements will all be within Goldilocks field. -func (c *GoldilocksChip) HashNoPad(input []gl.Variable) GoldilocksHashOut { +func (c *GoldilocksChip) HashNoPad(input []gl.GoldilocksVariable) GoldilocksHashOut { var hash GoldilocksHashOut - inputVars := []gl.Variable{} + inputVars := []gl.GoldilocksVariable{} for i := 0; i < len(input); i++ { inputVars = append(inputVars, c.gl.Reduce(input[i])) @@ -85,7 +85,7 @@ func (c *GoldilocksChip) HashNoPad(input []gl.Variable) GoldilocksHashOut { return hash } -func (c *GoldilocksChip) ToVec(hash GoldilocksHashOut) []gl.Variable { +func (c *GoldilocksChip) ToVec(hash GoldilocksHashOut) []gl.GoldilocksVariable { return hash[:] } @@ -135,7 +135,7 @@ func (c *GoldilocksChip) ConstantLayerExtension(state GoldilocksStateExtension, return state } -func (c *GoldilocksChip) sBoxMonomial(x gl.Variable) gl.Variable { +func (c *GoldilocksChip) sBoxMonomial(x gl.GoldilocksVariable) gl.GoldilocksVariable { x2 := c.gl.MulNoReduce(x, x) x3 := c.gl.MulNoReduce(x, x2) x3 = c.gl.ReduceWithMaxBits(x3, 192) @@ -169,7 +169,7 @@ func (c *GoldilocksChip) SBoxLayerExtension(state GoldilocksStateExtension) Gold return state } -func (c *GoldilocksChip) mdsRowShf(r int, v [SPONGE_WIDTH]gl.Variable) gl.Variable { +func (c *GoldilocksChip) mdsRowShf(r int, v [SPONGE_WIDTH]gl.GoldilocksVariable) gl.GoldilocksVariable { res := gl.Zero() for i := 0; i < 12; i++ { diff --git a/poseidon/goldilocks_test.go b/poseidon/goldilocks_test.go index 32be542..981aee3 100644 --- a/poseidon/goldilocks_test.go +++ b/poseidon/goldilocks_test.go @@ -25,7 +25,7 @@ func (circuit *TestPoseidonCircuit) Define(api frontend.API) error { poseidonChip := NewGoldilocksChip(api) output := poseidonChip.Poseidon(input) - glApi := gl.NewChip(api) + glApi := gl.NewGoldilocksApi(api) for i := 0; i < 12; i++ { glApi.AssertIsEqual(output[i], gl.NewVariable(circuit.Out[i])) diff --git a/poseidon/public_inputs_hash_test.go b/poseidon/public_inputs_hash_test.go index e68a3bc..a11d5a1 100644 --- a/poseidon/public_inputs_hash_test.go +++ b/poseidon/public_inputs_hash_test.go @@ -18,10 +18,10 @@ type TestPublicInputsHashCircuit struct { } func (circuit *TestPublicInputsHashCircuit) Define(api frontend.API) error { - glAPI := gl.NewChip(api) + glAPI := gl.NewGoldilocksApi(api) // BN254 -> Binary(64) -> F - var input [3]gl.Variable + var input [3]gl.GoldilocksVariable for i := 0; i < 3; i++ { input[i] = gl.NewVariable(api.FromBinary(api.ToBinary(circuit.In[i], 64)...)) } diff --git a/types/circuit.go b/types/circuit.go index 9e46d30..7b5fb9a 100644 --- a/types/circuit.go +++ b/types/circuit.go @@ -16,7 +16,7 @@ type Proof struct { type ProofWithPublicInputs struct { Proof Proof - PublicInputs []gl.Variable // Length = CommonCircuitData.NumPublicInputs + PublicInputs []gl.GoldilocksVariable // Length = CommonCircuitData.NumPublicInputs } type VerifierOnlyCircuitData struct { @@ -46,6 +46,6 @@ type CommonCircuitData struct { NumGateConstraints uint64 NumConstants uint64 NumPublicInputs uint64 - KIs []gl.Variable + KIs []gl.GoldilocksVariable NumPartialProducts uint64 } diff --git a/types/fri.go b/types/fri.go index aaea0f3..59e6fdc 100644 --- a/types/fri.go +++ b/types/fri.go @@ -47,11 +47,11 @@ func NewFriMerkleProof(merkleProofLen uint64) FriMerkleProof { } type FriEvalProof struct { - Elements []gl.Variable // Length = [CommonCircuitData.Constants + CommonCircuitData.NumRoutedWires, CommonCircuitData.NumWires + CommonCircuitData.FriParams.Hiding ? 4 : 0, CommonCircuitData.NumChallenges * (1 + CommonCircuitData.NumPartialProducts) + salt, CommonCircuitData.NumChallenges * CommonCircuitData.QuotientDegreeFactor + salt] + Elements []gl.GoldilocksVariable // Length = [CommonCircuitData.Constants + CommonCircuitData.NumRoutedWires, CommonCircuitData.NumWires + CommonCircuitData.FriParams.Hiding ? 4 : 0, CommonCircuitData.NumChallenges * (1 + CommonCircuitData.NumPartialProducts) + salt, CommonCircuitData.NumChallenges * CommonCircuitData.QuotientDegreeFactor + salt] MerkleProof FriMerkleProof } -func NewFriEvalProof(elements []gl.Variable, merkleProof FriMerkleProof) FriEvalProof { +func NewFriEvalProof(elements []gl.GoldilocksVariable, merkleProof FriMerkleProof) FriEvalProof { return FriEvalProof{Elements: elements, MerkleProof: merkleProof} } @@ -88,12 +88,12 @@ type FriProof struct { CommitPhaseMerkleCaps []FriMerkleCap // Length = Len(CommonCircuitData.FriParams.ReductionArityBits) QueryRoundProofs []FriQueryRound // Length = CommonCircuitData.FriConfig.FriParams.NumQueryRounds FinalPoly PolynomialCoeffs - PowWitness gl.Variable + PowWitness gl.GoldilocksVariable } type FriChallenges struct { FriAlpha gl.QuadraticExtensionVariable FriBetas []gl.QuadraticExtensionVariable - FriPowResponse gl.Variable - FriQueryIndices []gl.Variable + FriPowResponse gl.GoldilocksVariable + FriQueryIndices []gl.GoldilocksVariable } diff --git a/types/plonk.go b/types/plonk.go index f0b03b9..b9a36d1 100644 --- a/types/plonk.go +++ b/types/plonk.go @@ -25,9 +25,9 @@ func NewOpeningSet(numConstants uint64, numRoutedWires uint64, numWires uint64, } type ProofChallenges struct { - PlonkBetas []gl.Variable - PlonkGammas []gl.Variable - PlonkAlphas []gl.Variable + PlonkBetas []gl.GoldilocksVariable + PlonkGammas []gl.GoldilocksVariable + PlonkAlphas []gl.GoldilocksVariable PlonkZeta gl.QuadraticExtensionVariable FriChallenges FriChallenges } diff --git a/verifier/verifier.go b/verifier/verifier.go index ca0d0f7..68da5c7 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -12,7 +12,7 @@ import ( type VerifierChip struct { api frontend.API `gnark:"-"` - glChip *gl.Chip `gnark:"-"` + glChip *gl.GoldilocksApi `gnark:"-"` poseidonGlChip *poseidon.GoldilocksChip `gnark:"-"` poseidonBN254Chip *poseidon.BN254Chip `gnark:"-"` plonkChip *plonk.PlonkChip `gnark:"-"` @@ -20,7 +20,7 @@ type VerifierChip struct { } func NewVerifierChip(api frontend.API, commonCircuitData types.CommonCircuitData) *VerifierChip { - glChip := gl.NewChip(api) + glChip := gl.NewGoldilocksApi(api) friChip := fri.NewChip(api, &commonCircuitData.FriParams) plonkChip := plonk.NewPlonkChip(api, commonCircuitData) poseidonGlChip := poseidon.NewGoldilocksChip(api) @@ -35,7 +35,7 @@ func NewVerifierChip(api frontend.API, commonCircuitData types.CommonCircuitData } } -func (c *VerifierChip) GetPublicInputsHash(publicInputs []gl.Variable) poseidon.GoldilocksHashOut { +func (c *VerifierChip) GetPublicInputsHash(publicInputs []gl.GoldilocksVariable) poseidon.GoldilocksHashOut { return c.poseidonGlChip.HashNoPad(publicInputs) } @@ -206,7 +206,7 @@ func (c *VerifierChip) rangeCheckProof(proof types.Proof) { func (c *VerifierChip) Verify( proof types.Proof, - publicInputs []gl.Variable, + publicInputs []gl.GoldilocksVariable, verifierData types.VerifierOnlyCircuitData, commonData types.CommonCircuitData, ) { diff --git a/verifier/verifier_test.go b/verifier/verifier_test.go index e9cd2d5..4ca3924 100644 --- a/verifier/verifier_test.go +++ b/verifier/verifier_test.go @@ -15,7 +15,7 @@ import ( type TestVerifierCircuit struct { Proof types.Proof - PublicInputs []gl.Variable `gnark:",public"` + PublicInputs []gl.GoldilocksVariable `gnark:",public"` verifierChip *verifier.VerifierChip `gnark:"-"` plonky2CircuitName string `gnark:"-"`