Significant refactor and all tests passing, as well as optimized range check for Goldilocks (#37)

2026-01-12 09:01:32 +01:00 · 2023-10-11 18:02:46 -07:00
parent 13624e4daf
commit 940c81b212
50 changed files with 1089 additions and 1146 deletions
--- a/variables/circuit.go
+++ b/variables/circuit.go
@@ -0,0 +1,24 @@
+package variables
+
+import (
+	gl "github.com/succinctlabs/gnark-plonky2-verifier/goldilocks"
+	"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
+)
+
+type Proof struct {
+	WiresCap                  FriMerkleCap // length = 2^CircuitConfig.FriConfig.CapHeight
+	PlonkZsPartialProductsCap FriMerkleCap // length = 2^CircuitConfig.FriConfig.CapHeight
+	QuotientPolysCap          FriMerkleCap // length = 2^CircuitConfig.FriConfig.CapHeight
+	Openings                  OpeningSet
+	OpeningProof              FriProof
+}
+
+type ProofWithPublicInputs struct {
+	Proof        Proof
+	PublicInputs []gl.Variable // Length = CommonCircuitData.NumPublicInputs
+}
+
+type VerifierOnlyCircuitData struct {
+	ConstantSigmasCap FriMerkleCap
+	CircuitDigest     poseidon.BN254HashOut
+}
--- a/variables/deserialize.go
+++ b/variables/deserialize.go
@@ -0,0 +1,156 @@
+package variables
+
+import (
+	"math/big"
+
+	"github.com/consensys/gnark/frontend"
+	gl "github.com/succinctlabs/gnark-plonky2-verifier/goldilocks"
+	"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
+	"github.com/succinctlabs/gnark-plonky2-verifier/types"
+)
+
+func DeserializeMerkleCap(merkleCapRaw []string) FriMerkleCap {
+	n := len(merkleCapRaw)
+	merkleCap := make([]poseidon.BN254HashOut, n)
+	for i := 0; i < n; i++ {
+		capBigInt, _ := new(big.Int).SetString(merkleCapRaw[i], 10)
+		merkleCap[i] = frontend.Variable(capBigInt)
+	}
+	return merkleCap
+}
+
+func DeserializeMerkleProof(merkleProofRaw struct{ Siblings []interface{} }) FriMerkleProof {
+	n := len(merkleProofRaw.Siblings)
+	var mp FriMerkleProof
+	mp.Siblings = make([]poseidon.BN254HashOut, n)
+	for i := 0; i < n; i++ {
+		element := merkleProofRaw.Siblings[i].(struct{ Elements []uint64 })
+		mp.Siblings[i] = gl.Uint64ArrayToVariableArray(element.Elements)
+	}
+	return mp
+}
+
+func DeserializeOpeningSet(openingSetRaw struct {
+	Constants       [][]uint64
+	PlonkSigmas     [][]uint64
+	Wires           [][]uint64
+	PlonkZs         [][]uint64
+	PlonkZsNext     [][]uint64
+	PartialProducts [][]uint64
+	QuotientPolys   [][]uint64
+}) OpeningSet {
+	return OpeningSet{
+		Constants:       gl.Uint64ArrayToQuadraticExtensionArray(openingSetRaw.Constants),
+		PlonkSigmas:     gl.Uint64ArrayToQuadraticExtensionArray(openingSetRaw.PlonkSigmas),
+		Wires:           gl.Uint64ArrayToQuadraticExtensionArray(openingSetRaw.Wires),
+		PlonkZs:         gl.Uint64ArrayToQuadraticExtensionArray(openingSetRaw.PlonkZs),
+		PlonkZsNext:     gl.Uint64ArrayToQuadraticExtensionArray(openingSetRaw.PlonkZsNext),
+		PartialProducts: gl.Uint64ArrayToQuadraticExtensionArray(openingSetRaw.PartialProducts),
+		QuotientPolys:   gl.Uint64ArrayToQuadraticExtensionArray(openingSetRaw.QuotientPolys),
+	}
+}
+
+func StringArrayToHashBN254Array(rawHashes []string) []poseidon.BN254HashOut {
+	hashes := []poseidon.BN254HashOut{}
+
+	for i := 0; i < len(rawHashes); i++ {
+		hashBigInt, _ := new(big.Int).SetString(rawHashes[i], 10)
+		hashVar := frontend.Variable(hashBigInt)
+		hashes = append(hashes, poseidon.BN254HashOut(hashVar))
+	}
+
+	return hashes
+}
+
+func DeserializeFriProof(openingProofRaw struct {
+	CommitPhaseMerkleCaps [][]string
+	QueryRoundProofs      []struct {
+		InitialTreesProof struct {
+			EvalsProofs []types.EvalProofRaw
+		}
+		Steps []struct {
+			Evals       [][]uint64
+			MerkleProof struct {
+				Siblings []string
+			}
+		}
+	}
+	FinalPoly struct {
+		Coeffs [][]uint64
+	}
+	PowWitness uint64
+}) FriProof {
+	var openingProof FriProof
+	openingProof.PowWitness = gl.NewVariable(openingProofRaw.PowWitness)
+	openingProof.FinalPoly.Coeffs = gl.Uint64ArrayToQuadraticExtensionArray(openingProofRaw.FinalPoly.Coeffs)
+
+	openingProof.CommitPhaseMerkleCaps = make([]FriMerkleCap, len(openingProofRaw.CommitPhaseMerkleCaps))
+	for i := 0; i < len(openingProofRaw.CommitPhaseMerkleCaps); i++ {
+		openingProof.CommitPhaseMerkleCaps[i] = StringArrayToHashBN254Array(openingProofRaw.CommitPhaseMerkleCaps[i])
+	}
+
+	numQueryRoundProofs := len(openingProofRaw.QueryRoundProofs)
+	openingProof.QueryRoundProofs = make([]FriQueryRound, numQueryRoundProofs)
+
+	for i := 0; i < numQueryRoundProofs; i++ {
+		numEvalProofs := len(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs)
+		openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs = make([]FriEvalProof, numEvalProofs)
+		for j := 0; j < numEvalProofs; j++ {
+			openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].Elements = gl.Uint64ArrayToVariableArray(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].LeafElements)
+			openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].MerkleProof.Siblings = StringArrayToHashBN254Array(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].MerkleProof.Hash)
+		}
+
+		numSteps := len(openingProofRaw.QueryRoundProofs[i].Steps)
+		openingProof.QueryRoundProofs[i].Steps = make([]FriQueryStep, numSteps)
+		for j := 0; j < numSteps; j++ {
+			openingProof.QueryRoundProofs[i].Steps[j].Evals = gl.Uint64ArrayToQuadraticExtensionArray(openingProofRaw.QueryRoundProofs[i].Steps[j].Evals)
+			openingProof.QueryRoundProofs[i].Steps[j].MerkleProof.Siblings = StringArrayToHashBN254Array(openingProofRaw.QueryRoundProofs[i].Steps[j].MerkleProof.Siblings)
+		}
+	}
+
+	return openingProof
+}
+
+func DeserializeProofWithPublicInputs(raw types.ProofWithPublicInputsRaw) ProofWithPublicInputs {
+	var proofWithPis ProofWithPublicInputs
+	proofWithPis.Proof.WiresCap = DeserializeMerkleCap(raw.Proof.WiresCap)
+	proofWithPis.Proof.PlonkZsPartialProductsCap = DeserializeMerkleCap(raw.Proof.PlonkZsPartialProductsCap)
+	proofWithPis.Proof.QuotientPolysCap = DeserializeMerkleCap(raw.Proof.QuotientPolysCap)
+	proofWithPis.Proof.Openings = DeserializeOpeningSet(struct {
+		Constants       [][]uint64
+		PlonkSigmas     [][]uint64
+		Wires           [][]uint64
+		PlonkZs         [][]uint64
+		PlonkZsNext     [][]uint64
+		PartialProducts [][]uint64
+		QuotientPolys   [][]uint64
+	}(raw.Proof.Openings))
+	proofWithPis.Proof.OpeningProof = DeserializeFriProof(struct {
+		CommitPhaseMerkleCaps [][]string
+		QueryRoundProofs      []struct {
+			InitialTreesProof struct {
+				EvalsProofs []types.EvalProofRaw
+			}
+			Steps []struct {
+				Evals       [][]uint64
+				MerkleProof struct {
+					Siblings []string
+				}
+			}
+		}
+		FinalPoly  struct{ Coeffs [][]uint64 }
+		PowWitness uint64
+	}(raw.Proof.OpeningProof))
+	proofWithPis.PublicInputs = gl.Uint64ArrayToVariableArray(raw.PublicInputs)
+
+	return proofWithPis
+}
+
+func DeserializeVerifierOnlyCircuitData(raw types.VerifierOnlyCircuitDataRaw) VerifierOnlyCircuitData {
+	var verifierOnlyCircuitData VerifierOnlyCircuitData
+	verifierOnlyCircuitData.ConstantSigmasCap = DeserializeMerkleCap(raw.ConstantsSigmasCap)
+	circuitDigestBigInt, _ := new(big.Int).SetString(raw.CircuitDigest, 10)
+	circuitDigestVar := frontend.Variable(circuitDigestBigInt)
+	verifierOnlyCircuitData.CircuitDigest = poseidon.BN254HashOut(circuitDigestVar)
+	return verifierOnlyCircuitData
+}
--- a/variables/deserialize_test.go
+++ b/variables/deserialize_test.go
@@ -0,0 +1,17 @@
+package variables
+
+import (
+	"testing"
+
+	"github.com/succinctlabs/gnark-plonky2-verifier/types"
+)
+
+func TestDeserializeProofWithPublicInputs(t *testing.T) {
+	proofWithPis := DeserializeProofWithPublicInputs(types.ReadProofWithPublicInputs("../testdata/decode_block/proof_with_public_inputs.json"))
+	t.Logf("%+v\n", proofWithPis)
+}
+
+func TestDeserializeVerifierOnlyCircuitData(t *testing.T) {
+	verifierOnlyCircuitData := DeserializeVerifierOnlyCircuitData(types.ReadVerifierOnlyCircuitData("../testdata/decode_block/verifier_only_circuit_data.json"))
+	t.Logf("%+v\n", verifierOnlyCircuitData)
+}
--- a/variables/fri.go
+++ b/variables/fri.go
@@ -0,0 +1,80 @@
+package variables
+
+import (
+	gl "github.com/succinctlabs/gnark-plonky2-verifier/goldilocks"
+	"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
+)
+
+type PolynomialCoeffs struct {
+	Coeffs []gl.QuadraticExtensionVariable
+}
+
+func NewPolynomialCoeffs(numCoeffs uint64) PolynomialCoeffs {
+	return PolynomialCoeffs{Coeffs: make([]gl.QuadraticExtensionVariable, numCoeffs)}
+}
+
+type FriMerkleCap = []poseidon.BN254HashOut
+
+func NewFriMerkleCap(capHeight uint64) FriMerkleCap {
+	return make([]poseidon.BN254HashOut, 1<<capHeight)
+}
+
+type FriMerkleProof struct {
+	Siblings []poseidon.BN254HashOut // Length = CircuitConfig.FriConfig.DegreeBits + CircuitConfig.FriConfig.RateBits - CircuitConfig.FriConfig.CapHeight
+}
+
+func NewFriMerkleProof(merkleProofLen uint64) FriMerkleProof {
+	return FriMerkleProof{Siblings: make([]poseidon.BN254HashOut, merkleProofLen)}
+}
+
+type FriEvalProof struct {
+	Elements    []gl.Variable // Length = [CommonCircuitData.Constants + CommonCircuitData.NumRoutedWires, CommonCircuitData.NumWires + CommonCircuitData.FriParams.Hiding ? 4 : 0, CommonCircuitData.NumChallenges * (1 + CommonCircuitData.NumPartialProducts) + salt, CommonCircuitData.NumChallenges * CommonCircuitData.QuotientDegreeFactor + salt]
+	MerkleProof FriMerkleProof
+}
+
+func NewFriEvalProof(elements []gl.Variable, merkleProof FriMerkleProof) FriEvalProof {
+	return FriEvalProof{Elements: elements, MerkleProof: merkleProof}
+}
+
+type FriInitialTreeProof struct {
+	EvalsProofs []FriEvalProof // Length = 4
+}
+
+func NewFriInitialTreeProof(evalsProofs []FriEvalProof) FriInitialTreeProof {
+	return FriInitialTreeProof{EvalsProofs: evalsProofs}
+}
+
+type FriQueryStep struct {
+	Evals       []gl.QuadraticExtensionVariable // Length = [2^arityBit for arityBit in CommonCircuitData.FriParams.ReductionArityBits]
+	MerkleProof FriMerkleProof                  // Length = [regularSize - arityBit for arityBit in CommonCircuitData.FriParams.ReductionArityBits]
+}
+
+func NewFriQueryStep(arityBit uint64, merkleProofLen uint64) FriQueryStep {
+	return FriQueryStep{
+		Evals:       make([]gl.QuadraticExtensionVariable, 1<<arityBit),
+		MerkleProof: NewFriMerkleProof(merkleProofLen),
+	}
+}
+
+type FriQueryRound struct {
+	InitialTreesProof FriInitialTreeProof
+	Steps             []FriQueryStep // Length = Len(CommonCircuitData.FriParams.ReductionArityBits)
+}
+
+func NewFriQueryRound(steps []FriQueryStep, initialTreesProof FriInitialTreeProof) FriQueryRound {
+	return FriQueryRound{InitialTreesProof: initialTreesProof, Steps: steps}
+}
+
+type FriProof struct {
+	CommitPhaseMerkleCaps []FriMerkleCap  // Length = Len(CommonCircuitData.FriParams.ReductionArityBits)
+	QueryRoundProofs      []FriQueryRound // Length = CommonCircuitData.FriConfig.FriParams.NumQueryRounds
+	FinalPoly             PolynomialCoeffs
+	PowWitness            gl.Variable
+}
+
+type FriChallenges struct {
+	FriAlpha        gl.QuadraticExtensionVariable
+	FriBetas        []gl.QuadraticExtensionVariable
+	FriPowResponse  gl.Variable
+	FriQueryIndices []gl.Variable
+}
--- a/variables/plonk.go
+++ b/variables/plonk.go
@@ -0,0 +1,33 @@
+package variables
+
+import gl "github.com/succinctlabs/gnark-plonky2-verifier/goldilocks"
+
+type OpeningSet struct {
+	Constants       []gl.QuadraticExtensionVariable // Length = CommonCircuitData.Constants
+	PlonkSigmas     []gl.QuadraticExtensionVariable // Length = CommonCircuitData.NumRoutedWires
+	Wires           []gl.QuadraticExtensionVariable // Length = CommonCircuitData.NumWires
+	PlonkZs         []gl.QuadraticExtensionVariable // Length = CommonCircuitData.NumChallenges
+	PlonkZsNext     []gl.QuadraticExtensionVariable // Length = CommonCircuitData.NumChallenges
+	PartialProducts []gl.QuadraticExtensionVariable // Length = CommonCircuitData.NumChallenges * CommonCircuitData.NumPartialProducts
+	QuotientPolys   []gl.QuadraticExtensionVariable // Length = CommonCircuitData.NumChallenges * CommonCircuitData.QuotientDegreeFactor
+}
+
+func NewOpeningSet(numConstants uint64, numRoutedWires uint64, numWires uint64, numChallenges uint64, numPartialProducts uint64, quotientDegreeFactor uint64) OpeningSet {
+	return OpeningSet{
+		Constants:       make([]gl.QuadraticExtensionVariable, numConstants),
+		PlonkSigmas:     make([]gl.QuadraticExtensionVariable, numRoutedWires),
+		Wires:           make([]gl.QuadraticExtensionVariable, numWires),
+		PlonkZs:         make([]gl.QuadraticExtensionVariable, numChallenges),
+		PlonkZsNext:     make([]gl.QuadraticExtensionVariable, numChallenges),
+		PartialProducts: make([]gl.QuadraticExtensionVariable, numChallenges*numPartialProducts),
+		QuotientPolys:   make([]gl.QuadraticExtensionVariable, numChallenges*quotientDegreeFactor),
+	}
+}
+
+type ProofChallenges struct {
+	PlonkBetas    []gl.Variable
+	PlonkGammas   []gl.Variable
+	PlonkAlphas   []gl.Variable
+	PlonkZeta     gl.QuadraticExtensionVariable
+	FriChallenges FriChallenges
+}