arnaucube
/
gnark-plonky2-verifier
mirror of https://github.com/arnaucube/gnark-plonky2-verifier.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Poseidon BN128 (#20) 

* initial commit of poseidon bn128

* got challenger working

* deserialize is working

* cleaned up deserialization function a bit

* fixed challenger

* add in the hack to the challenges

* fixed some bugs in poseidon_bn128

* fri verification is working

* some changes for benchmarking

* added decode_block plonky2 data

* initial commit for poseidon_mds_gate

* updated gate test cases

* working poseidon mds gate

* full verifier test case working
main
Kevin Jue 2 years ago
committed by GitHub
parent
302b5f5bf1
commit
a516925ad8
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
49 changed files with 16965 additions and 150849 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +0
    -53
      poseidon/hash.go
  2. +7
    -4
      poseidon/poseidon.go
  3. +197
    -0
      poseidon/poseidon_bn128.go
  4. +537
    -0
      poseidon/poseidon_bn128_constants.go
  5. +98
    -0
      poseidon/poseidon_bn128_test.go
  6. +0
    -0
      poseidon/poseidon_constants.go
  7. +1
    -1
      verifier/common/config.go
  8. +4
    -4
      verifier/common/types.go
  9. BIN
      verifier/data/.DS_Store
  10. +9
    -7
      verifier/data/decode_block/common_circuit_data.json
  11. +15082
    -0
      verifier/data/decode_block/proof_with_public_inputs.json
  12. +21
    -0
      verifier/data/decode_block/verifier_only_circuit_data.json
  13. +0
    -150
      verifier/data/dummy_2^14_gates/common_circuit_data.json
  14. +0
    -31140
      verifier/data/dummy_2^14_gates/proof_with_public_inputs.json
  15. +0
    -140
      verifier/data/dummy_2^14_gates/verifier_only_circuit_data.json
  16. +0
    -1
      verifier/data/dummy_small/common_circuit_data.json
  17. +0
    -1
      verifier/data/dummy_small/proof_with_public_inputs.json
  18. +0
    -1
      verifier/data/dummy_small/verifier_only_circuit_data.json
  19. +0
    -152
      verifier/data/fibonacci/common_circuit_data.json
  20. +0
    -11509
      verifier/data/fibonacci/proof_with_public_inputs.json
  21. +0
    -140
      verifier/data/fibonacci/verifier_only_circuit_data.json
  22. +0
    -173
      verifier/data/recursive/common_circuit_data.json
  23. +0
    -26194
      verifier/data/recursive/proof_with_public_inputs.json
  24. +0
    -140
      verifier/data/recursive/verifier_only_circuit_data.json
  25. +0
    -172
      verifier/data/recursive_small/common_circuit_data.json
  26. +0
    -3024
      verifier/data/recursive_small/proof_with_public_inputs.json
  27. +0
    -140
      verifier/data/recursive_small/verifier_only_circuit_data.json
  28. +0
    -27634
      verifier/data/recursive_step/proof_with_public_inputs.json
  29. +0
    -140
      verifier/data/recursive_step/verifier_only_circuit_data.json
  30. +0
    -174
      verifier/data/recursive_very_small/common_circuit_data.json
  31. +0
    -2373
      verifier/data/recursive_very_small/proof_with_public_inputs.json
  32. +0
    -140
      verifier/data/recursive_very_small/verifier_only_circuit_data.json
  33. +0
    -205
      verifier/data/step/common_circuit_data.json
  34. +0
    -45430
      verifier/data/step/proof_with_public_inputs.json
  35. +0
    -140
      verifier/data/step/verifier_only_circuit_data.json
  36. +19
    -72
      verifier/internal/fri/fri.go
  37. +61
    -182
      verifier/internal/fri/fri_test.go
  38. +1
    -0
      verifier/internal/gates/gate.go
  39. +622
    -666
      verifier/internal/gates/gate_test.go
  40. +86
    -0
      verifier/internal/gates/poseidon_mds_gate.go
  41. +2
    -2
      verifier/internal/gates/vars.go
  42. +27
    -21
      verifier/internal/plonk/challenger.go
  43. +99
    -136
      verifier/internal/plonk/challenger_test.go
  44. +1
    -1
      verifier/internal/plonk/plonk.go
  45. +4
    -21
      verifier/internal/plonk/plonk_test.go
  46. +57
    -64
      verifier/utils/deserialize.go
  47. +3
    -3
      verifier/utils/deserialize_test.go
  48. +23
    -19
      verifier/verifier.go
  49. +4
    -280
      verifier/verifier_test.go

+ 0
- 53
poseidon/hash.go
View File

@ -1,53 +0,0 @@
package poseidon
import (
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
type Hash = [4]field.F
type HashAPI struct {
fieldAPI field.FieldAPI
}
func NewHashAPI(
fieldAPI field.FieldAPI,
) *HashAPI {
return &HashAPI{
fieldAPI: fieldAPI,
}
}
func (h *HashAPI) SelectHash(bit frontend.Variable, leftHash, rightHash Hash) Hash {
var returnHash Hash
for i := 0; i < 4; i++ {
returnHash[i] = h.fieldAPI.Select(bit, leftHash[i], rightHash[i])
}
return returnHash
}
func (h *HashAPI) Lookup2Hash(b0 frontend.Variable, b1 frontend.Variable, h0, h1, h2, h3 Hash) Hash {
var returnHash Hash
for i := 0; i < 4; i++ {
returnHash[i] = h.fieldAPI.Lookup2(b0, b1, h0[i], h1[i], h2[i], h3[i])
}
return returnHash
}
func (h *HashAPI) AssertIsEqualHash(h1, h2 Hash) {
for i := 0; i < 4; i++ {
h.fieldAPI.AssertIsEqual(h1[0], h2[0])
}
}
func Uint64ArrayToHashArray(input [][]uint64) []Hash {
var output []Hash
for i := 0; i < len(input); i++ {
output = append(output, [4]field.F{field.NewFieldConst(input[i][0]), field.NewFieldConst(input[i][1]), field.NewFieldConst(input[i][2]), field.NewFieldConst(input[i][3])})
}
return output
}

+ 7
- 4
poseidon/poseidon.go
View File

@ -6,15 +6,14 @@ import (
)
const HALF_N_FULL_ROUNDS = 4
const N_FULL_ROUNDS_TOTAL = 2 * HALF_N_FULL_ROUNDS
const N_PARTIAL_ROUNDS = 22
const N_ROUNDS = N_FULL_ROUNDS_TOTAL + N_PARTIAL_ROUNDS
const MAX_WIDTH = 12
const SPONGE_WIDTH = 12
const SPONGE_RATE = 8
type PoseidonState = [SPONGE_WIDTH]field.F
type PoseidonStateExtension = [SPONGE_WIDTH]field.QuadraticExtension
type PoseidonHashOut = [4]field.F
type PoseidonChip struct {
api frontend.API `gnark:"-"`
@ -64,12 +63,16 @@ func (c *PoseidonChip) HashNToMNoPad(input []field.F, nbOutputs int) []field.F {
}
}
func (c *PoseidonChip) HashNoPad(input []field.F) Hash {
var hash Hash
func (c *PoseidonChip) HashNoPad(input []field.F) PoseidonHashOut {
var hash PoseidonHashOut
copy(hash[:], c.HashNToMNoPad(input, 4))
return hash
}
func (c *PoseidonChip) ToVec(hash PoseidonHashOut) []field.F {
return hash[:]
}
func (c *PoseidonChip) FullRounds(state PoseidonState, roundCounter *int) PoseidonState {
for i := 0; i < HALF_N_FULL_ROUNDS; i++ {
state = c.ConstantLayer(state, roundCounter)

+ 197
- 0
poseidon/poseidon_bn128.go
View File

@ -0,0 +1,197 @@
package poseidon
import (
"math/big"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
)
const fullRounds = 8
const partialRounds = 56
const spongeWidth = 4
const spongeRate = 3
type PoseidonBN128Chip struct {
api frontend.API `gnark:"-"`
fieldAPI field.FieldAPI `gnark:"-"`
}
type PoseidonBN128State = [spongeWidth]frontend.Variable
type PoseidonBN128HashOut = frontend.Variable
func NewPoseidonBN128Chip(api frontend.API, fieldAPI field.FieldAPI) *PoseidonBN128Chip {
return &PoseidonBN128Chip{api: api, fieldAPI: fieldAPI}
}
func (c *PoseidonBN128Chip) Poseidon(state PoseidonBN128State) PoseidonBN128State {
state = c.ark(state, 0)
state = c.fullRounds(state, true)
state = c.partialRounds(state)
state = c.fullRounds(state, false)
return state
}
func (c *PoseidonBN128Chip) HashNoPad(input []field.F) PoseidonBN128HashOut {
state := PoseidonBN128State{
frontend.Variable(0),
frontend.Variable(0),
frontend.Variable(0),
frontend.Variable(0),
}
for i := 0; i < len(input); i += spongeRate * 3 {
endI := c.min(len(input), i+spongeRate*3)
rateChunk := input[i:endI]
for j, stateIdx := 0, 0; j < len(rateChunk); j, stateIdx = j+3, stateIdx+1 {
endJ := c.min(len(rateChunk), j+3)
bn128Chunk := rateChunk[j:endJ]
bits := []frontend.Variable{}
for k := 0; k < len(bn128Chunk); k++ {
bn128Chunk[k] = c.fieldAPI.Reduce(bn128Chunk[k])
bits = append(bits, c.fieldAPI.ToBits(bn128Chunk[k])...)
}
state[stateIdx+1] = c.api.FromBinary(bits...)
}
state = c.Poseidon(state)
}
return PoseidonBN128HashOut(state[0])
}
func (c *PoseidonBN128Chip) HashOrNoop(input []field.F) PoseidonBN128HashOut {
if len(input) <= 3 {
returnVal := frontend.Variable(0)
alpha := new(big.Int).SetInt64(1 << 32)
for i, inputElement := range input {
returnVal = c.api.Add(returnVal, c.api.Mul(inputElement, alpha.Exp(alpha, big.NewInt(int64(i)), nil)))
}
return PoseidonBN128HashOut(returnVal)
} else {
return c.HashNoPad(input)
}
}
func (c *PoseidonBN128Chip) TwoToOne(left PoseidonBN128HashOut, right PoseidonBN128HashOut) PoseidonBN128HashOut {
var inputs PoseidonBN128State
inputs[0] = frontend.Variable(0)
inputs[1] = frontend.Variable(0)
inputs[2] = left
inputs[3] = right
state := c.Poseidon(inputs)
return state[0]
}
func (c *PoseidonBN128Chip) ToVec(hash PoseidonBN128HashOut) []field.F {
bits := c.api.ToBinary(hash)
returnElements := []field.F{}
// Split into 7 byte chunks, since 8 byte chunks can result in collisions
chunkSize := 56
for i := 0; i < len(bits); i += chunkSize {
maxIdx := c.min(len(bits), i+chunkSize)
bitChunk := bits[i:maxIdx]
returnElements = append(returnElements, c.fieldAPI.FromBits(bitChunk...))
}
return returnElements
}
func (c *PoseidonBN128Chip) min(x, y int) int {
if x < y {
return x
}
return y
}
func (c *PoseidonBN128Chip) fullRounds(state PoseidonBN128State, isFirst bool) PoseidonBN128State {
for i := 0; i < fullRounds/2-1; i++ {
state = c.exp5state(state)
if isFirst {
state = c.ark(state, (i+1)*spongeWidth)
} else {
state = c.ark(state, (fullRounds/2+1)*spongeWidth+partialRounds+i*spongeWidth)
}
state = c.mix(state, mMatrix)
}
state = c.exp5state(state)
if isFirst {
state = c.ark(state, (fullRounds/2)*spongeWidth)
state = c.mix(state, pMatrix)
} else {
state = c.mix(state, mMatrix)
}
return state
}
func (c *PoseidonBN128Chip) partialRounds(state PoseidonBN128State) PoseidonBN128State {
for i := 0; i < partialRounds; i++ {
state[0] = c.exp5(state[0])
state[0] = c.api.Add(state[0], cConstants[(fullRounds/2+1)*spongeWidth+i])
var mul frontend.Variable
newState0 := frontend.Variable(0)
for j := 0; j < spongeWidth; j++ {
mul = c.api.Mul(sConstants[(spongeWidth*2-1)*i+j], state[j])
newState0 = c.api.Add(newState0, mul)
}
for k := 1; k < spongeWidth; k++ {
mul = c.api.Mul(state[0], sConstants[(spongeWidth*2-1)*i+spongeWidth+k-1])
state[k] = c.api.Add(state[k], mul)
}
state[0] = newState0
}
return state
}
func (c *PoseidonBN128Chip) ark(state PoseidonBN128State, it int) PoseidonBN128State {
var result PoseidonBN128State
for i := 0; i < len(state); i++ {
result[i] = c.api.Add(state[i], cConstants[it+i])
}
return result
}
func (c *PoseidonBN128Chip) exp5(x frontend.Variable) frontend.Variable {
x2 := c.api.Mul(x, x)
x4 := c.api.Mul(x2, x2)
return c.api.Mul(x4, x)
}
func (c *PoseidonBN128Chip) exp5state(state PoseidonBN128State) PoseidonBN128State {
for i := 0; i < spongeWidth; i++ {
state[i] = c.exp5(state[i])
}
return state
}
func (c *PoseidonBN128Chip) mix(state_ PoseidonBN128State, constantMatrix [][]*big.Int) PoseidonBN128State {
var mul frontend.Variable
var result PoseidonBN128State
for i := 0; i < spongeWidth; i++ {
result[i] = frontend.Variable(0)
}
for i := 0; i < spongeWidth; i++ {
for j := 0; j < spongeWidth; j++ {
mul = c.api.Mul(constantMatrix[j][i], state_[j])
result[i] = c.api.Add(result[i], mul)
}
}
return result
}

+ 537
- 0
poseidon/poseidon_bn128_constants.go
View File

@ -0,0 +1,537 @@
package poseidon
import (
"math/big"
)
var cConstants []*big.Int
var sConstants []*big.Int
var mMatrix [][]*big.Int
var pMatrix = make([][]*big.Int, 4)
func init() {
cConstants = make([]*big.Int, 88)
sConstants = make([]*big.Int, 392)
mMatrix = make([][]*big.Int, 4)
pMatrix = make([][]*big.Int, 4)
for i := 0; i < 4; i++ {
mMatrix[i] = make([]*big.Int, 4)
pMatrix[i] = make([]*big.Int, 4)
}
cConstants[0], _ = new(big.Int).SetString("11633431549750490989983886834189948010834808234699737327785600195936805266405", 10)
cConstants[1], _ = new(big.Int).SetString("17353750182810071758476407404624088842693631054828301270920107619055744005334", 10)
cConstants[2], _ = new(big.Int).SetString("11575173631114898451293296430061690731976535592475236587664058405912382527658", 10)
cConstants[3], _ = new(big.Int).SetString("9724643380371653925020965751082872123058642683375812487991079305063678725624", 10)
cConstants[4], _ = new(big.Int).SetString("12239673881776349871068957838196514517245834187939809998544709168112271341816", 10)
cConstants[5], _ = new(big.Int).SetString("8213756851595907076282161124887805623974269954849888814703174589291971114278", 10)
cConstants[6], _ = new(big.Int).SetString("10700856158409047630150108954036764855084229282872224809993001752389888794123", 10)
cConstants[7], _ = new(big.Int).SetString("4309412763160017434705250214903006191171337994199861518317363388963372067759", 10)
cConstants[8], _ = new(big.Int).SetString("13621360205860636764861614843016050680668828136032459556937427803817198955108", 10)
cConstants[9], _ = new(big.Int).SetString("18132744072298259781740650630118713682311962872833394850644922000343506947506", 10)
cConstants[10], _ = new(big.Int).SetString("10497941627597965031241580959233976924443640728463059894693130666064841012508", 10)
cConstants[11], _ = new(big.Int).SetString("6417221626367515719470057497947343409306030587855174225463612195298058047522", 10)
cConstants[12], _ = new(big.Int).SetString("4674983908670004491400354631773389862914788156614497726528237310334040582090", 10)
cConstants[13], _ = new(big.Int).SetString("873340198155297459771531732108476825755499970277106398541966195153210717293", 10)
cConstants[14], _ = new(big.Int).SetString("9133482302270339304679323394649165596260136537041379860642176850815828132593", 10)
cConstants[15], _ = new(big.Int).SetString("19667464340426349564507575767837635537801536066735594705258884488718315050710", 10)
cConstants[16], _ = new(big.Int).SetString("331000697881161076911287227440410522823531125482651243929873545789686252480", 10)
cConstants[17], _ = new(big.Int).SetString("2272743329483520819389104778389979623160875907321267447635586085241433137026", 10)
cConstants[18], _ = new(big.Int).SetString("20056061746422267419826865443608176291944892343638717421077672390127627926748", 10)
cConstants[19], _ = new(big.Int).SetString("21689171326367195475219251979604515804697103534428737460300868676042327355863", 10)
cConstants[20], _ = new(big.Int).SetString("7810259695400914964411387917274296266504340291833964145271847716091273468172", 10)
cConstants[21], _ = new(big.Int).SetString("14020998353215410538067420885522582505027736982810754116099481711825941220642", 10)
cConstants[22], _ = new(big.Int).SetString("9245012796693900213810598954108273676196337302084957472786966340245263275743", 10)
cConstants[23], _ = new(big.Int).SetString("8962981905074764319938168719738488892057352527537684271935935864821273084600", 10)
cConstants[24], _ = new(big.Int).SetString("17332843516965697478516240137711403804881134130964557790940490781033584077729", 10)
cConstants[25], _ = new(big.Int).SetString("2962481512633005781617177153208165597038681617596047875933934580338169170271", 10)
cConstants[26], _ = new(big.Int).SetString("3545583524837641414415308887998349399894575957283448040799889114001300580510", 10)
cConstants[27], _ = new(big.Int).SetString("9825748584719861837046057557518727684444343953070352817632834283853645430055", 10)
cConstants[28], _ = new(big.Int).SetString("17858606226144476516342911398749600850253621768390773635294560290497927852949", 10)
cConstants[29], _ = new(big.Int).SetString("19407543101519936976076786599565778993379293656069417288311522496519916759844", 10)
cConstants[30], _ = new(big.Int).SetString("21548305854518815463471937514130615108218483277778620473090880308362072806993", 10)
cConstants[31], _ = new(big.Int).SetString("5027201548230124209007202023859059041801516590630988556095211824751904956552", 10)
cConstants[32], _ = new(big.Int).SetString("1278320788183053034261211126815207721315633476390581364649595040979423239088", 10)
cConstants[33], _ = new(big.Int).SetString("21021340095589643000573495115924922630807303076545481383969066202975724043976", 10)
cConstants[34], _ = new(big.Int).SetString("918385069628188207001966014851379853961258262104472252966637722307728618311", 10)
cConstants[35], _ = new(big.Int).SetString("7965072539100037475925090906281896901763370093075915840665305317760262942154", 10)
cConstants[36], _ = new(big.Int).SetString("7378267415483811789102866201206786220747449921553565182362543937740633252433", 10)
cConstants[37], _ = new(big.Int).SetString("21420063039401631492872969377050715448026482027341082733718950945529081119315", 10)
cConstants[38], _ = new(big.Int).SetString("6984186848935723943941543006673172228872682933412337752165652636767411415446", 10)
cConstants[39], _ = new(big.Int).SetString("12107134736452640457370020100579770521541376434013671407419563526253119375027", 10)
cConstants[40], _ = new(big.Int).SetString("8454625495310558663140928634608422027208548557279385097066005785045755903417", 10)
cConstants[41], _ = new(big.Int).SetString("8017631723660250252193376543593224884977313136061388836952991492888330231080", 10)
cConstants[42], _ = new(big.Int).SetString("19995498935394919030796805510514577077319475365066948284951310616396837691603", 10)
cConstants[43], _ = new(big.Int).SetString("10247653874740427181312035102426523630476005333120089103526343619029364327967", 10)
cConstants[44], _ = new(big.Int).SetString("13160967777591563201117493157286130579932067039961943416358165521611018318814", 10)
cConstants[45], _ = new(big.Int).SetString("5676293694146750080963041160092533338992482128392885932218516813947476623756", 10)
cConstants[46], _ = new(big.Int).SetString("11945330020489343984352429388118756789915736454422495317728221749575540363130", 10)
cConstants[47], _ = new(big.Int).SetString("16575755931296600565681989782918578103656201270919325693721999523168590365097", 10)
cConstants[48], _ = new(big.Int).SetString("6507448101913175376269537672277524478400652962306200709943614250998845221975", 10)
cConstants[49], _ = new(big.Int).SetString("20000756050339437189232666465591830538666897533492662864197332257508545696504", 10)
cConstants[50], _ = new(big.Int).SetString("2538139500492919467696560596150779916859394629326537877502980743087004819534", 10)
cConstants[51], _ = new(big.Int).SetString("7871037999774788273525866585990542333245923983722339125599991222477852815605", 10)
cConstants[52], _ = new(big.Int).SetString("8368558409504001796987467259514778517606739110778427183378433173780120985763", 10)
cConstants[53], _ = new(big.Int).SetString("10459885623117973980697126416757555084518174957115744579590957904857119054380", 10)
cConstants[54], _ = new(big.Int).SetString("3384626976854176329065296334831532874977246373363627584425356985964639685936", 10)
cConstants[55], _ = new(big.Int).SetString("14737139139809423972873213065253246598075451131478157534053817909649707346105", 10)
cConstants[56], _ = new(big.Int).SetString("5793030407008346395600962336988545239125310160053522248574303463872647020425", 10)
cConstants[57], _ = new(big.Int).SetString("161797721038773165886882501305032811420344793568022002686671602943345085701", 10)
cConstants[58], _ = new(big.Int).SetString("16804762399165090393770239542398927686244163302041099831597167085216405440289", 10)
cConstants[59], _ = new(big.Int).SetString("15440431301017924367171251352865716677435047477418739126248587843926419339250", 10)
cConstants[60], _ = new(big.Int).SetString("15570353803062363582500010627498291625214012654155408601153435169223922455380", 10)
cConstants[61], _ = new(big.Int).SetString("15115601269705628455987152258857868396524812969878723314685224929600383566277", 10)
cConstants[62], _ = new(big.Int).SetString("6356053248039389904799735666848118481514593163165587256076018940751965212118", 10)
cConstants[63], _ = new(big.Int).SetString("16309790196305846370580640353745827882351273732480869449701807093685497609128", 10)
cConstants[64], _ = new(big.Int).SetString("18447296906230039277288210321788736138216936478488032824595044533456671231353", 10)
cConstants[65], _ = new(big.Int).SetString("6105351805879633605209308509080121925171118411225835503106175078539279138153", 10)
cConstants[66], _ = new(big.Int).SetString("19852645406205681222287243787651048897744424465454177194550461625744671602479", 10)
cConstants[67], _ = new(big.Int).SetString("9007786282651237028773725177593860474523832555275407287854317958939412791659", 10)
cConstants[68], _ = new(big.Int).SetString("18947127426470143546676956069733014228119216644326548862881450999285087652129", 10)
cConstants[69], _ = new(big.Int).SetString("4006307826238987763983990462011007258305618881936961734589789440938853470615", 10)
cConstants[70], _ = new(big.Int).SetString("6924385845051163089352800210788743599810236082363643773698057309137019167115", 10)
cConstants[71], _ = new(big.Int).SetString("2561599182344380405085465588284140808385687895597384476955417835636116225821", 10)
cConstants[72], _ = new(big.Int).SetString("18225048309586676741223646736155757525087799474840323150729701492173705507839", 10)
cConstants[73], _ = new(big.Int).SetString("16007480414415489869989133828107467718966566156219711380836971295459227141818", 10)
cConstants[74], _ = new(big.Int).SetString("1248906006044888441798838825685606393060257012284188943868730340563960780866", 10)
cConstants[75], _ = new(big.Int).SetString("20912864018050627133842158245163422113261374878008212512322853267715626252916", 10)
cConstants[76], _ = new(big.Int).SetString("13216486202690474504584820948167785518004498504229717602814280132903612841969", 10)
cConstants[77], _ = new(big.Int).SetString("17416264900059210810716133407170753459272974595675494034944092509584936747655", 10)
cConstants[78], _ = new(big.Int).SetString("15395940772659312642272628762657023074462358708226101085466723152641135097674", 10)
cConstants[79], _ = new(big.Int).SetString("4690442806047481777095177614992497363041188209965731514747362442612318535595", 10)
cConstants[80], _ = new(big.Int).SetString("12980185426778583997022610696582563821013078583440402121868121411086576741088", 10)
cConstants[81], _ = new(big.Int).SetString("19436953581443472871973830882428624449045305494959438365629984120779166561614", 10)
cConstants[82], _ = new(big.Int).SetString("7021128259021787032633332177524933222338330182720924079777325144523649322812", 10)
cConstants[83], _ = new(big.Int).SetString("18561291417991436986590120557027289864572049192245689357046574683519049533637", 10)
cConstants[84], _ = new(big.Int).SetString("12019749240411640852887001467406069824508276240179427493437313074459156379732", 10)
cConstants[85], _ = new(big.Int).SetString("19007581091212404202795325684108744075320879284650517772195719617120941682734", 10)
cConstants[86], _ = new(big.Int).SetString("8172766643075822491744127151779052248074930479661223662192995838879026989201", 10)
cConstants[87], _ = new(big.Int).SetString("1885998770792872998306340529689960371653339961062025442813774917754800650781", 10)
sConstants[0], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[1], _ = new(big.Int).SetString("20198106103550706280267600199190750325504745188750640438654177959939538483777", 10)
sConstants[2], _ = new(big.Int).SetString("20760367756622597472566835313508896628444391801225538453375145392828630013190", 10)
sConstants[3], _ = new(big.Int).SetString("4560321026325826558577463029506577497226940849420215249948019116691014248443", 10)
sConstants[4], _ = new(big.Int).SetString("14542348742554217629977259301175635295381723358917389768274600005636270665372", 10)
sConstants[5], _ = new(big.Int).SetString("15896375770890915929312334597144922470201903000282577832977222171710825960733", 10)
sConstants[6], _ = new(big.Int).SetString("12252597347102015743878803847985560878912969150828000392862427919235870760323", 10)
sConstants[7], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[8], _ = new(big.Int).SetString("7179342059755701265188463641990689102412444920238824560515276276968272417627", 10)
sConstants[9], _ = new(big.Int).SetString("4291630597779640477035256747339007105528129889017831542003293220100844273045", 10)
sConstants[10], _ = new(big.Int).SetString("7155591457893668398581213488670279080694237456746471479962759104308162960346", 10)
sConstants[11], _ = new(big.Int).SetString("18018059843853960571576693455761079306078638316240126846230125992269221919628", 10)
sConstants[12], _ = new(big.Int).SetString("17192953047291854075450899126062621814148699654417386994738494022353693631044", 10)
sConstants[13], _ = new(big.Int).SetString("21569358698233938087179836388127293183598397710122666685148766859224500701833", 10)
sConstants[14], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[15], _ = new(big.Int).SetString("767999929530270249383649002937499906068820748885293476546946323828660462871", 10)
sConstants[16], _ = new(big.Int).SetString("5621566033978712522450054985133362876999740181849707666504220417128301048308", 10)
sConstants[17], _ = new(big.Int).SetString("7047587043137472855909285569331719962122602952080655968507950635506526200417", 10)
sConstants[18], _ = new(big.Int).SetString("4106788926932251085789923064963212794107963499320782851030491954062548275037", 10)
sConstants[19], _ = new(big.Int).SetString("4545465201904739898734767265726940896371623586331600641370124254775978068067", 10)
sConstants[20], _ = new(big.Int).SetString("10998902844068831181439895790460185435489188976722435541316954293463196661627", 10)
sConstants[21], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[22], _ = new(big.Int).SetString("4376836298206152573581217002448306554373223213053980459591637689821900483336", 10)
sConstants[23], _ = new(big.Int).SetString("5063873841797552329477290331693185729765297320248590815860571737190009344755", 10)
sConstants[24], _ = new(big.Int).SetString("17220054068062949177158788546035218460663984286240089601095376499170326046885", 10)
sConstants[25], _ = new(big.Int).SetString("6096091793679274146365056037005290512891839764898244154356695047489211507312", 10)
sConstants[26], _ = new(big.Int).SetString("20208154436430351332345105187219062318903703844357504892008088901754085119783", 10)
sConstants[27], _ = new(big.Int).SetString("20838511199557042422189066592494164230774524176144133560311285338373104325885", 10)
sConstants[28], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[29], _ = new(big.Int).SetString("16227720862704770803579874423899491820268073980006154670796744520986650305964", 10)
sConstants[30], _ = new(big.Int).SetString("3929921339874032224077598341189960169422821598221170533707987779964278253429", 10)
sConstants[31], _ = new(big.Int).SetString("11676522033799786037262769984406232796495555956069794755879715792396951198318", 10)
sConstants[32], _ = new(big.Int).SetString("7762519209385193303450585425818218327021377088446472105589371562364474259645", 10)
sConstants[33], _ = new(big.Int).SetString("12228816136730871104506419752649367119045148103237539623130531869347941136043", 10)
sConstants[34], _ = new(big.Int).SetString("5506740114091186508725306313701186842841118936086047703119202768266996591645", 10)
sConstants[35], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[36], _ = new(big.Int).SetString("14813919600103919291484875851986720548476220511386386518354061356196294952105", 10)
sConstants[37], _ = new(big.Int).SetString("19412665928425989269357649645392922518929142728556361947563991549129986237680", 10)
sConstants[38], _ = new(big.Int).SetString("7745252322635388376641759428229975035032852732127464661605110457073217385072", 10)
sConstants[39], _ = new(big.Int).SetString("12066184602104703003390387343585316865507822321930012054206126015745471356816", 10)
sConstants[40], _ = new(big.Int).SetString("12620273762884289038844321186080149434615909817652953074992148689167338466281", 10)
sConstants[41], _ = new(big.Int).SetString("11751773042154924867322926561716263630089863992083485679779160826117120630730", 10)
sConstants[42], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[43], _ = new(big.Int).SetString("5787863126296931978637454491180421506307265052288386136386997720537089333357", 10)
sConstants[44], _ = new(big.Int).SetString("4359270971608384879625804007684881130504862820820494966964908818477035866962", 10)
sConstants[45], _ = new(big.Int).SetString("19213956561377299828591097862016633994148464565683346498602915228516385038972", 10)
sConstants[46], _ = new(big.Int).SetString("10661554072824488477243358897537934080796136449622029441506710580786939692047", 10)
sConstants[47], _ = new(big.Int).SetString("3607791084285905641943446462342879718459787316113396877697968017015606720718", 10)
sConstants[48], _ = new(big.Int).SetString("21380267103954285713588504655257961830793460465329761560308765483331070823566", 10)
sConstants[49], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[50], _ = new(big.Int).SetString("16335017324810170896233622441986531365208293021101073775522004006769586788569", 10)
sConstants[51], _ = new(big.Int).SetString("8596452296160802102282257210844234154821630615259613589128211738647312221536", 10)
sConstants[52], _ = new(big.Int).SetString("16301372420970040998092568156060757300799008373690279794165397142889066306513", 10)
sConstants[53], _ = new(big.Int).SetString("11903327405072234929619206491534763321300297227799575111355508350177812704304", 10)
sConstants[54], _ = new(big.Int).SetString("14821948344368180716550312221723948572649473361813001292505502225087596775887", 10)
sConstants[55], _ = new(big.Int).SetString("5285692778454746827266147532131677990565304365953070750869571432820529495914", 10)
sConstants[56], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[57], _ = new(big.Int).SetString("10012872528823706988605864950067342792516562023507005612462537243496467566252", 10)
sConstants[58], _ = new(big.Int).SetString("21446538914812609684138720355481253195782233393805940184895189253411195275222", 10)
sConstants[59], _ = new(big.Int).SetString("6967738095634646257690113616580876555259467406702097184326306034350680240041", 10)
sConstants[60], _ = new(big.Int).SetString("4106908293164276270299730590107104728631886925545072356564726466348010934176", 10)
sConstants[61], _ = new(big.Int).SetString("20927688665665429774877287472467937369033546230576320387423016374665584172634", 10)
sConstants[62], _ = new(big.Int).SetString("9961827048684904093454156105462119035870307939873087416648411282423867596401", 10)
sConstants[63], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[64], _ = new(big.Int).SetString("17625964999746898246984332334222740240090489215775011285534890391099108738991", 10)
sConstants[65], _ = new(big.Int).SetString("6756403122817134101960922940971569987994537470470008333055210502063290961967", 10)
sConstants[66], _ = new(big.Int).SetString("18209952059360034384023720860507712662310034604843833483955548867331649086618", 10)
sConstants[67], _ = new(big.Int).SetString("8749953392298305294875888962184156769810429880914465959429873281709868501522", 10)
sConstants[68], _ = new(big.Int).SetString("13903906876414887303860424108888965657645488675119946001291096608021846549241", 10)
sConstants[69], _ = new(big.Int).SetString("8884215530056835002390372161442569149992192407996136723184495322116314590715", 10)
sConstants[70], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[71], _ = new(big.Int).SetString("15368493359884894356742361670810465111377869951487306983186672135817808040059", 10)
sConstants[72], _ = new(big.Int).SetString("16469301592941427332568429408115015498659452810956369922459344407975076653255", 10)
sConstants[73], _ = new(big.Int).SetString("11953776125042477689669753843214783238996317490452913722906886945106240528752", 10)
sConstants[74], _ = new(big.Int).SetString("4850027575321262255650746466350338325012270813222547784484958365303358175196", 10)
sConstants[75], _ = new(big.Int).SetString("7167191208528939112939986630484202425436947674819310704476597678688297314160", 10)
sConstants[76], _ = new(big.Int).SetString("14743993805036761996537001252852408745345655735519736268834200732992754437162", 10)
sConstants[77], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[78], _ = new(big.Int).SetString("2193200656642352685118935602989839715339339245164998181015765438900681320425", 10)
sConstants[79], _ = new(big.Int).SetString("4952431971730605970338760580694476897050208114543185599136664869372496356437", 10)
sConstants[80], _ = new(big.Int).SetString("11345335340256434787038072013242069397625261572269911025596723263652849081076", 10)
sConstants[81], _ = new(big.Int).SetString("19160419866562146325212161338497565927215049171520418417356683157217751672139", 10)
sConstants[82], _ = new(big.Int).SetString("1906154907657701464044944280274832161539842850674948965456024456273947429115", 10)
sConstants[83], _ = new(big.Int).SetString("16149082223365808325093364716798557120316343643236068373217398223890421952409", 10)
sConstants[84], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[85], _ = new(big.Int).SetString("15043765472887378252850447725400426753906560153686308918666838116627815818554", 10)
sConstants[86], _ = new(big.Int).SetString("12358170975909062301667468450513761096746838254885629802196667786117625700681", 10)
sConstants[87], _ = new(big.Int).SetString("8976079215643004959353142348700280485976874920070539486194110584442767827768", 10)
sConstants[88], _ = new(big.Int).SetString("16076674040958582640238476383964669465698501606063044308184974525408139269248", 10)
sConstants[89], _ = new(big.Int).SetString("21647594485928619120181355125322770225837180985764869124047447620451714635371", 10)
sConstants[90], _ = new(big.Int).SetString("21615565593822404396628787247811190031843657706885317097074400292994831686718", 10)
sConstants[91], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[92], _ = new(big.Int).SetString("7285489402319904168831455790041657959272324796876172356990227907987038622155", 10)
sConstants[93], _ = new(big.Int).SetString("8211470967679835460786450636871651606756811185450731546421075600179331665168", 10)
sConstants[94], _ = new(big.Int).SetString("13120324752637151731834041425113532499273467426551390593296677993139082244188", 10)
sConstants[95], _ = new(big.Int).SetString("6490061383110696131545774076292741528427005211177990719476969041145673265422", 10)
sConstants[96], _ = new(big.Int).SetString("21671644951532628690769713999772810624944081525303128765668379478511313095702", 10)
sConstants[97], _ = new(big.Int).SetString("17491948871201042934988514071862478178478080786921680019735540941776855947714", 10)
sConstants[98], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[99], _ = new(big.Int).SetString("20875198681143976093301585336441600786893116178926266185909922467347281090330", 10)
sConstants[100], _ = new(big.Int).SetString("3598136009866557326049002438338730052625336381410025235713569185700458778346", 10)
sConstants[101], _ = new(big.Int).SetString("10257854050179821094359263633511835293496268374135163743255999829573090463793", 10)
sConstants[102], _ = new(big.Int).SetString("8709186608235401140998284233255708538357614560705220346211132868280137795418", 10)
sConstants[103], _ = new(big.Int).SetString("1259589977644258611864841556278758814462356863769029941139050408715640323060", 10)
sConstants[104], _ = new(big.Int).SetString("4938787097541166466238757186525276546940957932147842294635573194784914432374", 10)
sConstants[105], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[106], _ = new(big.Int).SetString("16717728254520320964463545682641729805489575123710417403982868570393738171908", 10)
sConstants[107], _ = new(big.Int).SetString("9748879216547249587937312403683718221531596047715540576918379577191876140829", 10)
sConstants[108], _ = new(big.Int).SetString("14944874834710321794079457580123143945012638912293883509561999360499542827539", 10)
sConstants[109], _ = new(big.Int).SetString("18031584503513589779232867929321541667009512801047020067337884181460183159789", 10)
sConstants[110], _ = new(big.Int).SetString("18414164542389736964053830253126595155017280572430646030445262089460883013232", 10)
sConstants[111], _ = new(big.Int).SetString("2610402018952962996318994974332047870945223376199918653423836750745739531230", 10)
sConstants[112], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[113], _ = new(big.Int).SetString("14009467204580838343058201541088761048498359505808795311724314678689480323211", 10)
sConstants[114], _ = new(big.Int).SetString("21469776223413224601890303218554639233147301494161934252153679844173746974667", 10)
sConstants[115], _ = new(big.Int).SetString("20647680658876691843280356403387803136370174824153696476894283712779784940833", 10)
sConstants[116], _ = new(big.Int).SetString("7936850548423967572066326867280341951424312865893525326890769023431047320991", 10)
sConstants[117], _ = new(big.Int).SetString("12722969395702657985023075505830677750286440950878333627607092139722193056708", 10)
sConstants[118], _ = new(big.Int).SetString("11321152935530907374770739017822060871862163756958501641453518139130228537202", 10)
sConstants[119], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[120], _ = new(big.Int).SetString("4094512680835093637766266255807831961532213986166871807693377951477711786051", 10)
sConstants[121], _ = new(big.Int).SetString("18178389385096689665303225717280896610765865274508135228632006790574677752293", 10)
sConstants[122], _ = new(big.Int).SetString("5003815887613767774717115773943502417144707145760897577207221259749678760892", 10)
sConstants[123], _ = new(big.Int).SetString("11395014411676120154590806918236444089801092874462769558428488274754488682814", 10)
sConstants[124], _ = new(big.Int).SetString("5043626533165824802355651303240938472427342475587368271803664178703751133184", 10)
sConstants[125], _ = new(big.Int).SetString("20737661798231456194286427103806996346683878567029159134024210934417745289241", 10)
sConstants[126], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[127], _ = new(big.Int).SetString("17885807983183478128547293344015669882824716934567927629992464147210758449961", 10)
sConstants[128], _ = new(big.Int).SetString("4491530859611985170204284394599169523531547745924230349900720023555385570566", 10)
sConstants[129], _ = new(big.Int).SetString("10590405810993997824904026910850308084431468206425947323744908163083992870845", 10)
sConstants[130], _ = new(big.Int).SetString("14773696309507449928652967351151268377421083281901294044684766706170272145134", 10)
sConstants[131], _ = new(big.Int).SetString("8012817909803347753036095373079065441540540870790316296905616948358031128489", 10)
sConstants[132], _ = new(big.Int).SetString("15953294845538540694147122390548121234862217402440162841644474763770065752954", 10)
sConstants[133], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[134], _ = new(big.Int).SetString("19330308615634016202275470394593918283291746889176278663184951919223544096896", 10)
sConstants[135], _ = new(big.Int).SetString("15105179537685942573078046208371583063999793255578601214915887961329652398190", 10)
sConstants[136], _ = new(big.Int).SetString("21709064542465141520669973714950919003335169451362947708974082912187480247791", 10)
sConstants[137], _ = new(big.Int).SetString("460683998482756280912187509737431365362650506162063605585420395591986395093", 10)
sConstants[138], _ = new(big.Int).SetString("8528936230636059063848306774318500923209521695610089597282351580188192653610", 10)
sConstants[139], _ = new(big.Int).SetString("8893687738651874055934077641258880070065696892648906132887857010931807062812", 10)
sConstants[140], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[141], _ = new(big.Int).SetString("9353521397201520020163669559110959732855095088196767785130221250369398534266", 10)
sConstants[142], _ = new(big.Int).SetString("16613542657585137487151470980837461302153210762614545024991732555481490683814", 10)
sConstants[143], _ = new(big.Int).SetString("2204502375207887950205548277458704596225935813112150868324282564135082293291", 10)
sConstants[144], _ = new(big.Int).SetString("21254675318867619388160936117044327276221059873039333971338260709002243972836", 10)
sConstants[145], _ = new(big.Int).SetString("16665573707712654499163134682677891418056405526644611110898762937899356502949", 10)
sConstants[146], _ = new(big.Int).SetString("14267552583056171982269630733147008270458243455399509417719716681547925602990", 10)
sConstants[147], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[148], _ = new(big.Int).SetString("16367942369253394098422648739247412041658904846897825274155468251740735622582", 10)
sConstants[149], _ = new(big.Int).SetString("3109601755423487827090460933116495844768178403907542635843078881599579349417", 10)
sConstants[150], _ = new(big.Int).SetString("13070881723095523414228674713428974685755915412664044005891151350338033029052", 10)
sConstants[151], _ = new(big.Int).SetString("10259475086157775344414603146661739080464638100961174958014154428063344142346", 10)
sConstants[152], _ = new(big.Int).SetString("14392919515768311705876085292469557682647137722466492884286386263408604670613", 10)
sConstants[153], _ = new(big.Int).SetString("517834877649467900881483483632287988070398657044896986690867428743067995638", 10)
sConstants[154], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[155], _ = new(big.Int).SetString("19776116368291396730046653100175352607868202157614878715709943043429632352654", 10)
sConstants[156], _ = new(big.Int).SetString("5905125865653916927083238886025287246947738553282644091380121061742003257962", 10)
sConstants[157], _ = new(big.Int).SetString("21028910015562338297173802587144293023870505593218986935232089708700866548848", 10)
sConstants[158], _ = new(big.Int).SetString("13395944831564259671405922878791909538223635993323846275946092882663526594615", 10)
sConstants[159], _ = new(big.Int).SetString("7995249236543262914206397633444491535498682241246319919218592002459454218505", 10)
sConstants[160], _ = new(big.Int).SetString("20437702676708041916002540544749140197744801315911882559568865094949905456106", 10)
sConstants[161], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[162], _ = new(big.Int).SetString("18122990859780045886774524690965061785055534365091244948379358057402402367696", 10)
sConstants[163], _ = new(big.Int).SetString("7828598613589603783167146853068200035787559469554903457639957531866407371355", 10)
sConstants[164], _ = new(big.Int).SetString("9332650099915404377420203417011695963084742503430897569811042552155208487972", 10)
sConstants[165], _ = new(big.Int).SetString("10307617695590426797520999316292503894130404130453293663650538793774250723792", 10)
sConstants[166], _ = new(big.Int).SetString("8835502107624355497501451075768318888448783969087607217992442118675676473235", 10)
sConstants[167], _ = new(big.Int).SetString("19120067314041132936628146578356142975011085061134316893491148167766430272263", 10)
sConstants[168], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[169], _ = new(big.Int).SetString("14131158550284047904306566770309132813679338145017696511713416041803712831947", 10)
sConstants[170], _ = new(big.Int).SetString("18278505503803771900469477275449664281120609236542416293497549235136781566441", 10)
sConstants[171], _ = new(big.Int).SetString("17153958308999151990078644296244213778962356073179462336659818419962234105847", 10)
sConstants[172], _ = new(big.Int).SetString("16626758607046130451896378742113613353140534310327816824141377148817543345317", 10)
sConstants[173], _ = new(big.Int).SetString("3253978674468876751813289588828587424582893573659628257653601068985274811195", 10)
sConstants[174], _ = new(big.Int).SetString("15124684821333452470068683925631859150599113099371600515189799092190905862045", 10)
sConstants[175], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[176], _ = new(big.Int).SetString("17554798861971373266763024346102515996719053781651720018946226608652696029966", 10)
sConstants[177], _ = new(big.Int).SetString("4673377481212178482442054929782481181148885179378220577674849430151263814812", 10)
sConstants[178], _ = new(big.Int).SetString("12802184117569856558550257245216015988375556783492060695287038701794605413493", 10)
sConstants[179], _ = new(big.Int).SetString("9519514614359898302883682133832551410294990399516042521409471023087274168403", 10)
sConstants[180], _ = new(big.Int).SetString("16836659443451056297630548550595506972721716824013972318987309735084892491057", 10)
sConstants[181], _ = new(big.Int).SetString("7395214083924359580241425985340483333597901523044123868756997584036793198254", 10)
sConstants[182], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[183], _ = new(big.Int).SetString("14399322858803900772257678181955451734179272552912056546775770413858440530384", 10)
sConstants[184], _ = new(big.Int).SetString("1909978450171978853529623580362647076357052571231552147289256161279685882392", 10)
sConstants[185], _ = new(big.Int).SetString("13281885756205124109513999931355079980393369422935519271174043924199138273390", 10)
sConstants[186], _ = new(big.Int).SetString("164209740719129725777909013206421786172977937257506729867551471718043494039", 10)
sConstants[187], _ = new(big.Int).SetString("16705691420580567376788433299746618119784690539139871305988345805972046012457", 10)
sConstants[188], _ = new(big.Int).SetString("5826800399196629549123275187565614318381497389323145097682684583838285855788", 10)
sConstants[189], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[190], _ = new(big.Int).SetString("8745700306539329869259196731866071878870577472742983713396535761464344570296", 10)
sConstants[191], _ = new(big.Int).SetString("508475125028636547085017721909144447367158867634347790363605834249994548305", 10)
sConstants[192], _ = new(big.Int).SetString("13308065070657129846765808536411368840800238227915085241160671109842614736069", 10)
sConstants[193], _ = new(big.Int).SetString("10019712566526881174916627302365233202635409302600998712624311257405295555967", 10)
sConstants[194], _ = new(big.Int).SetString("14948048658262145603596652021141019702423717894287496732011428902097682702613", 10)
sConstants[195], _ = new(big.Int).SetString("15039086326216274046991605161343057988750627388067276180888219462568845064229", 10)
sConstants[196], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[197], _ = new(big.Int).SetString("21096491705236217573638753819195066035854753372393176304524423503032224425998", 10)
sConstants[198], _ = new(big.Int).SetString("20540136431631199250453995588480387143164544354370046506703506396812372935282", 10)
sConstants[199], _ = new(big.Int).SetString("21186849459525281586750729801174049327027230971997759985511944731378352524720", 10)
sConstants[200], _ = new(big.Int).SetString("6848121885117228161216817594905430814981258429233967407187604355908721328558", 10)
sConstants[201], _ = new(big.Int).SetString("13037575047232910005715065472416622419305037510557664085418549453156900385456", 10)
sConstants[202], _ = new(big.Int).SetString("17833625863119365031315208055152981164942897924758710427636399886811449556740", 10)
sConstants[203], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[204], _ = new(big.Int).SetString("647623368236351122220409431799139859876095524525221664162752495435482065515", 10)
sConstants[205], _ = new(big.Int).SetString("12974365649211231492520765559798270821958589291536737829547558404742935791527", 10)
sConstants[206], _ = new(big.Int).SetString("15547534600512764170410743968922508315745715132682752278457116429781298799438", 10)
sConstants[207], _ = new(big.Int).SetString("20584726236425418677723102941610547182735385166462720350906478152233407640408", 10)
sConstants[208], _ = new(big.Int).SetString("14300225354615797067692544691787701642123233971394030871903066287215191118747", 10)
sConstants[209], _ = new(big.Int).SetString("16295678001265781880580526410222599033811623386008655132827551618100838695276", 10)
sConstants[210], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[211], _ = new(big.Int).SetString("20381043379079252254800770843787089884660790822955671220847236480297529336205", 10)
sConstants[212], _ = new(big.Int).SetString("9108894275082870067933192903079574663897324502580109505768620424181024287163", 10)
sConstants[213], _ = new(big.Int).SetString("5680820607864330888516377287072858105818590744368374152569440046457757684320", 10)
sConstants[214], _ = new(big.Int).SetString("11053473350105919249170169199500210854013326531260083017794490958609880379672", 10)
sConstants[215], _ = new(big.Int).SetString("12769075511883530146865321202033588214490414269703513464106497906236932124198", 10)
sConstants[216], _ = new(big.Int).SetString("18759973693942567196361351599844723429910867650807109887961315229008339652628", 10)
sConstants[217], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[218], _ = new(big.Int).SetString("16425700741812211675363235647687005029399366301071410733155116166884856887679", 10)
sConstants[219], _ = new(big.Int).SetString("19869702808216677847758761872487163621387473209265033304520824036210441934818", 10)
sConstants[220], _ = new(big.Int).SetString("14073988039965881048079447010526118226047246598254103612590470558684258186244", 10)
sConstants[221], _ = new(big.Int).SetString("886202035735213563046862324816018035210995137716997070920200120700003967134", 10)
sConstants[222], _ = new(big.Int).SetString("12027565694895224474791802234109034039772984880014776210441706322417559146489", 10)
sConstants[223], _ = new(big.Int).SetString("11972498202326440163586176809543524758264680802074662372615568024949824595702", 10)
sConstants[224], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[225], _ = new(big.Int).SetString("1348630117144789003644452314839072329750068133934739562703659359268389747985", 10)
sConstants[226], _ = new(big.Int).SetString("1396107425439796908939750972938223221605778648225762567016308314789520339962", 10)
sConstants[227], _ = new(big.Int).SetString("6173001858003427802042546706782122098835769939275305980271183297728965316942", 10)
sConstants[228], _ = new(big.Int).SetString("16943717877001499284920880255048707490719574351604140426529143119277836403129", 10)
sConstants[229], _ = new(big.Int).SetString("14254637476176032842487152448677962929592936990526843481247886860454775633326", 10)
sConstants[230], _ = new(big.Int).SetString("20112551263640702643495202387764478482489841288043250651308711396213637765954", 10)
sConstants[231], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[232], _ = new(big.Int).SetString("14580210729080456657697439135745213807214996922877431278225104041221322283144", 10)
sConstants[233], _ = new(big.Int).SetString("17944065522218783686971981171223808953317623885825040885897493399216933397441", 10)
sConstants[234], _ = new(big.Int).SetString("21672476111949246523929453701335722206799241314728447223788259504904156987147", 10)
sConstants[235], _ = new(big.Int).SetString("16427849329831493218262402566840933522542577642557896988530799384419530862522", 10)
sConstants[236], _ = new(big.Int).SetString("10752733058291453323011452726707429118120906743416692984681703374550581513882", 10)
sConstants[237], _ = new(big.Int).SetString("1120153114481280927826334009363750761062539786064908406397864613779304433308", 10)
sConstants[238], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[239], _ = new(big.Int).SetString("6657045611436002337943867733574742655960423094099745811786819937865742754593", 10)
sConstants[240], _ = new(big.Int).SetString("4548688566209049346950516871294343401334051071109430534058854346117866744739", 10)
sConstants[241], _ = new(big.Int).SetString("12004873649650240122663793814044887628092046288070805572287428956807094282568", 10)
sConstants[242], _ = new(big.Int).SetString("10376720357183386406622952185756280165877227546938927619561389051210153106592", 10)
sConstants[243], _ = new(big.Int).SetString("17932525558731721856340352992169746291760530992792261472641282908501604446811", 10)
sConstants[244], _ = new(big.Int).SetString("17590757077464321402178239743669088074723578712251925458853962272816312109152", 10)
sConstants[245], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[246], _ = new(big.Int).SetString("3209081991282167870383195969354868449640899668458993044016055038297543518657", 10)
sConstants[247], _ = new(big.Int).SetString("5864786650128394026837230220022650012182783025931675255391916679281913080366", 10)
sConstants[248], _ = new(big.Int).SetString("12439377586247860055183624555830288546667346442629775929405362799390541279515", 10)
sConstants[249], _ = new(big.Int).SetString("20249169533694211243074917072193953326307543430194777911574824077740409867889", 10)
sConstants[250], _ = new(big.Int).SetString("11955292991025510476129504480910338468553857092582960824101774602100105865508", 10)
sConstants[251], _ = new(big.Int).SetString("21233753658809258463246874948160331522087646774375604829374717282611108497353", 10)
sConstants[252], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[253], _ = new(big.Int).SetString("5299619631018824922731916064083443097684549422797706633258895684420281864108", 10)
sConstants[254], _ = new(big.Int).SetString("16213823392220550809755333072267867447553466481133861809088541225502993792933", 10)
sConstants[255], _ = new(big.Int).SetString("21774021022385158712853171484065240472428767308361650780051834129571232443113", 10)
sConstants[256], _ = new(big.Int).SetString("19519712983460247626783700627305949599146930344376818640048505866722051236075", 10)
sConstants[257], _ = new(big.Int).SetString("19201631020677948940033345574241839698570728570677190746232685184366085684755", 10)
sConstants[258], _ = new(big.Int).SetString("16950719963293537936274035069294977251884656006132028465274842882566872316866", 10)
sConstants[259], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[260], _ = new(big.Int).SetString("19155409025424437690664522806909434551970754598652921692474864449826455337216", 10)
sConstants[261], _ = new(big.Int).SetString("7680332789706498740282955823359712103361665361365018131178757219206780037124", 10)
sConstants[262], _ = new(big.Int).SetString("21076561076080209150759527181245666654056099483239360146471339739637030537201", 10)
sConstants[263], _ = new(big.Int).SetString("497501917138640900716963445320097032971939272734057482481699619406679852072", 10)
sConstants[264], _ = new(big.Int).SetString("219804352410528064548663406794875692377819157777555527292379890517994310898", 10)
sConstants[265], _ = new(big.Int).SetString("20650062109272119754567889432541551183228545711882667368558930819623066285550", 10)
sConstants[266], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[267], _ = new(big.Int).SetString("11946781549111733342374437686417901919881339755720725189559112628795817706603", 10)
sConstants[268], _ = new(big.Int).SetString("2484460820642436269798549252737235980435448156526237726927772714161779556117", 10)
sConstants[269], _ = new(big.Int).SetString("9131896045016416748829978568219748930005109068654516264093181558753767987250", 10)
sConstants[270], _ = new(big.Int).SetString("17539690836656056361902215257263592451628414553660709391600001441653830206065", 10)
sConstants[271], _ = new(big.Int).SetString("18680327085533119384849399232368527875194911756927197995064579410845089235626", 10)
sConstants[272], _ = new(big.Int).SetString("3733704884118300721043768874060062456481930803626613247865795986430463043840", 10)
sConstants[273], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[274], _ = new(big.Int).SetString("10869324612517034722196547288387911568763853980957190569709459262556333259802", 10)
sConstants[275], _ = new(big.Int).SetString("13541129633400691168270375425224652251629428845905913714872674429516061703834", 10)
sConstants[276], _ = new(big.Int).SetString("19566585716231282658157065399746041623123586124594568018338142400023247847175", 10)
sConstants[277], _ = new(big.Int).SetString("11129427786234676461186088751699468257665219195861018218716326589482169235738", 10)
sConstants[278], _ = new(big.Int).SetString("12587809912397784737743829505557561200040529463438352967575388905004140998345", 10)
sConstants[279], _ = new(big.Int).SetString("19808473521007223175388701036440740142351657866781216113100022591252318502799", 10)
sConstants[280], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[281], _ = new(big.Int).SetString("5873853271511157388891218086625116841039294307138994311967890057520246823262", 10)
sConstants[282], _ = new(big.Int).SetString("13003486326245606952057355171036271201855738149044785151305974666902939676968", 10)
sConstants[283], _ = new(big.Int).SetString("317822617317373237216981618014479686465697065761329030109475447686164721451", 10)
sConstants[284], _ = new(big.Int).SetString("10813741057848680550002438472132336318708520104631920434881565279665858338767", 10)
sConstants[285], _ = new(big.Int).SetString("1407947600055243217568670010193019554033099296398850283939346444151815545565", 10)
sConstants[286], _ = new(big.Int).SetString("10748165363652029592490593406190797442361550791106744394554436667603982640562", 10)
sConstants[287], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[288], _ = new(big.Int).SetString("3799831132390157900444549796610450353874750090914089848349537541361771448668", 10)
sConstants[289], _ = new(big.Int).SetString("1236474870532132985977600728058617189131963342170879994970972386547660462416", 10)
sConstants[290], _ = new(big.Int).SetString("12129114991304316197801712028291571747667685822200300686411158807713612068935", 10)
sConstants[291], _ = new(big.Int).SetString("12452782504819389866332384374641397209636135503933026692197899235338769218420", 10)
sConstants[292], _ = new(big.Int).SetString("17177375615846222421363183777625422826542711334348976790999247784204226247153", 10)
sConstants[293], _ = new(big.Int).SetString("14724993254182752446999797852163908134432351958415665363281656992462126774682", 10)
sConstants[294], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[295], _ = new(big.Int).SetString("5334385037080506459192079464304402035717161708938461991741391759156701759962", 10)
sConstants[296], _ = new(big.Int).SetString("5839603057106324284245920895643629522252067410986057849259994788753287208289", 10)
sConstants[297], _ = new(big.Int).SetString("14326608902192980988016963288619186073396385273801977982209424374836032185437", 10)
sConstants[298], _ = new(big.Int).SetString("3833013442414862082598619907743002206819313202476167703686360031484342083849", 10)
sConstants[299], _ = new(big.Int).SetString("5782627886836397242604493658841762433123584410931373681442076300374639175204", 10)
sConstants[300], _ = new(big.Int).SetString("19713051315944380534324352563108780835417447391745041989823306798607010582122", 10)
sConstants[301], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[302], _ = new(big.Int).SetString("18432899792379962331910523191119990280606783016109716227581834102469679493864", 10)
sConstants[303], _ = new(big.Int).SetString("10114179315138932736747722408239325460537042542506605453447755151962569740761", 10)
sConstants[304], _ = new(big.Int).SetString("5821210875734924302116104693653963583724566141160222647210211530317113743846", 10)
sConstants[305], _ = new(big.Int).SetString("7272434816631750120284299385293876240257916908609412315349255596053274406936", 10)
sConstants[306], _ = new(big.Int).SetString("4212296281436173015983236952207520516627835095278776445938770899997037368424", 10)
sConstants[307], _ = new(big.Int).SetString("6955140567497387214231321978484207887660637811874868846921238176118501620416", 10)
sConstants[308], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[309], _ = new(big.Int).SetString("16897957031536287824842741409118604269531477953952068130977839056875990315078", 10)
sConstants[310], _ = new(big.Int).SetString("13928891481908488754724298520914059676632551457225054691072093686516662594704", 10)
sConstants[311], _ = new(big.Int).SetString("18609207589312797911981956932131451830029990404869237009695385065926468947990", 10)
sConstants[312], _ = new(big.Int).SetString("5536380863513150280191401661180648941427892275212253324640352848339521760494", 10)
sConstants[313], _ = new(big.Int).SetString("5599225957062546984064803248700291456577900100660883438352062938121375670876", 10)
sConstants[314], _ = new(big.Int).SetString("12727467597196655197125834858597394259624613129696376281662301390743901689826", 10)
sConstants[315], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[316], _ = new(big.Int).SetString("19163832296523160821274196616772872907137958231822436470531902352232904941115", 10)
sConstants[317], _ = new(big.Int).SetString("10312950311908120735753698174433012744274520178660214256070764297181492311529", 10)
sConstants[318], _ = new(big.Int).SetString("20378282857854630279466471430783739929226973027333858163427244408490964366943", 10)
sConstants[319], _ = new(big.Int).SetString("10377180064239448654317729091272064413356995963412409612959212677629982453181", 10)
sConstants[320], _ = new(big.Int).SetString("2933414924716564156600257176308187931324021696634706744075039747567264729208", 10)
sConstants[321], _ = new(big.Int).SetString("8493086687568016258498608482327521077256426060613869678446606139457160557731", 10)
sConstants[322], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[323], _ = new(big.Int).SetString("19381450024835411599145851239904096365633900646004460102189421850759351066697", 10)
sConstants[324], _ = new(big.Int).SetString("11953019744947469552190875928518181787128546459454153390773097887154577772396", 10)
sConstants[325], _ = new(big.Int).SetString("13376491371023193271031127665379748375688991534278974638471913598784726444357", 10)
sConstants[326], _ = new(big.Int).SetString("7542871725069391080270213343389444722683777408103033554143042828340526643887", 10)
sConstants[327], _ = new(big.Int).SetString("9502363618190826927264503377951186073033660324604374823531489866751694300021", 10)
sConstants[328], _ = new(big.Int).SetString("8942475100033900568271185100922618012810524607209352225513012701802010622336", 10)
sConstants[329], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[330], _ = new(big.Int).SetString("21672484879307704998081070986668301291593477229230485880081317733634466423656", 10)
sConstants[331], _ = new(big.Int).SetString("12560411374852110641761658167591216057124945743772728716943960683160724056822", 10)
sConstants[332], _ = new(big.Int).SetString("3722997355103511782752507300407310792223403249171458092438045493962181025019", 10)
sConstants[333], _ = new(big.Int).SetString("14433522510308019912373989177241241296955315520711007204668297246004835289367", 10)
sConstants[334], _ = new(big.Int).SetString("21074332145955362315628041254977693445345960799533333435986322886475303250112", 10)
sConstants[335], _ = new(big.Int).SetString("11688037814420019994761430124416432916208455640936309232737398596294520128684", 10)
sConstants[336], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[337], _ = new(big.Int).SetString("8413591227751150541157599965184931267423827079669402000298235589329872211968", 10)
sConstants[338], _ = new(big.Int).SetString("17650123658569960265162949890832225475263279247059954604797491790529432356321", 10)
sConstants[339], _ = new(big.Int).SetString("7032368326020336746840339437615845824739080336621780283569419873917360702928", 10)
sConstants[340], _ = new(big.Int).SetString("7385147306527643945794759599270778258162448657029306136967713046400437047254", 10)
sConstants[341], _ = new(big.Int).SetString("9164511581583407790134635624183479582650863721435788581639986518157210097971", 10)
sConstants[342], _ = new(big.Int).SetString("21232697956642675538653913718380508229639927919821094050264990131998515480363", 10)
sConstants[343], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[344], _ = new(big.Int).SetString("18766563503966172098056598342132389632908065386663557822565991028183540018003", 10)
sConstants[345], _ = new(big.Int).SetString("19588227650050881742478712753831458567447756852853785637599026881217455808917", 10)
sConstants[346], _ = new(big.Int).SetString("1397562335684000327360763239099474090628194083907387149001776134346855210172", 10)
sConstants[347], _ = new(big.Int).SetString("10198846647447159506242448434572704392281982267842998844531477628631237977793", 10)
sConstants[348], _ = new(big.Int).SetString("4082126476185956308289516001173247963427942564076732012191115788827109604670", 10)
sConstants[349], _ = new(big.Int).SetString("1259882007354573001457197686554861546488356012943826286439775962762529569759", 10)
sConstants[350], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[351], _ = new(big.Int).SetString("7716815769035341534093079824074304698185682494514188549310576878173077130022", 10)
sConstants[352], _ = new(big.Int).SetString("2044076383384167496824768664485547753134864604656664348421025061131743608977", 10)
sConstants[353], _ = new(big.Int).SetString("7774223140652128981941948651155326068745393941932597512012824767919719875428", 10)
sConstants[354], _ = new(big.Int).SetString("6679985805196174386295848216686508579276442390463151307353623646770660788584", 10)
sConstants[355], _ = new(big.Int).SetString("6774793209384233535964197412993868564894958211307656732015443437790617825766", 10)
sConstants[356], _ = new(big.Int).SetString("17867078843395024616403441485600115396944676013587205981831608189485186004136", 10)
sConstants[357], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[358], _ = new(big.Int).SetString("6918083713687670289412597323877415882006094844653186686554461196053948517650", 10)
sConstants[359], _ = new(big.Int).SetString("14794244995142016109988120927552904368673513765173156992855465350554201454520", 10)
sConstants[360], _ = new(big.Int).SetString("9469895491505210921132335959822444547950761948532088884408658386318765611458", 10)
sConstants[361], _ = new(big.Int).SetString("12410499443680346161671381257661336704947211959564338473797332912666796028788", 10)
sConstants[362], _ = new(big.Int).SetString("7926578664199378339557308917160770386201454695092254922901982085502190339711", 10)
sConstants[363], _ = new(big.Int).SetString("1074389802911575405482398726791994815320889352331411931514923735327800497648", 10)
sConstants[364], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[365], _ = new(big.Int).SetString("12660721219055881159942064421460786460560697520809352389013840987393603997135", 10)
sConstants[366], _ = new(big.Int).SetString("4257759001257681685309102971805195284424999843809187868418076529498991787195", 10)
sConstants[367], _ = new(big.Int).SetString("8970798405382398224814171740357247330369162836256360293947332566119181156885", 10)
sConstants[368], _ = new(big.Int).SetString("17958544420119383745643163073564878224834088412686597346123856987725643531187", 10)
sConstants[369], _ = new(big.Int).SetString("17738189036503307406862818984242172707709553320980438963253190315183389070671", 10)
sConstants[370], _ = new(big.Int).SetString("14287766641051399433873731520879849723607926081596701974021064214044740995654", 10)
sConstants[371], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[372], _ = new(big.Int).SetString("21558827418411379216994978187086694912014548431326761389965315489378942066021", 10)
sConstants[373], _ = new(big.Int).SetString("7136882485367499209618511242521887384194879969153189708025876500490677483273", 10)
sConstants[374], _ = new(big.Int).SetString("17220467566610801825959292161481147144970669500227722755203417787632930011521", 10)
sConstants[375], _ = new(big.Int).SetString("15644351871844947578414272909094033689340289967910075614127700893758848906931", 10)
sConstants[376], _ = new(big.Int).SetString("21741724266010931381264164854372691714176988715532516896804407315923532276434", 10)
sConstants[377], _ = new(big.Int).SetString("2419785684404332928492315984637322970326738862445167379156610994774664059995", 10)
sConstants[378], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[379], _ = new(big.Int).SetString("10339805366850086548361875185109456315271528882904249869004576409152632926693", 10)
sConstants[380], _ = new(big.Int).SetString("19066576437237017989921605377017982206044010175904765960860923934443601514592", 10)
sConstants[381], _ = new(big.Int).SetString("13822379132369217064164395859669265238386142106084498781870935216496751999075", 10)
sConstants[382], _ = new(big.Int).SetString("21216485273531618687167053274106121432450196094331038082541464436433083018343", 10)
sConstants[383], _ = new(big.Int).SetString("1540326880060266517508750499666125605454874001382251434794459985013783734049", 10)
sConstants[384], _ = new(big.Int).SetString("10979571635040509905158742852019305039752888804051338348133671756054719250675", 10)
sConstants[385], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
sConstants[386], _ = new(big.Int).SetString("17817950236968355275450565661453279500832679749582869473068209804712565393928", 10)
sConstants[387], _ = new(big.Int).SetString("4057227004326267443894866444790295439173752231112985308059870347643133047427", 10)
sConstants[388], _ = new(big.Int).SetString("9481547255077304194865834384522710415757401332737060279379100936057225542025", 10)
sConstants[389], _ = new(big.Int).SetString("19204974983793400699898444372535256207646557857575315905278218870961389967884", 10)
sConstants[390], _ = new(big.Int).SetString("14672613178263529785795301930884172260797190868602674472542654261498546023746", 10)
sConstants[391], _ = new(big.Int).SetString("21407770160218607278833379114951608489910182969042472165261557405353704846967", 10)
mMatrix[0][0], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
mMatrix[0][1], _ = new(big.Int).SetString("19204974983793400699898444372535256207646557857575315905278218870961389967884", 10)
mMatrix[0][2], _ = new(big.Int).SetString("14672613178263529785795301930884172260797190868602674472542654261498546023746", 10)
mMatrix[0][3], _ = new(big.Int).SetString("21407770160218607278833379114951608489910182969042472165261557405353704846967", 10)
mMatrix[1][0], _ = new(big.Int).SetString("17849615858846139011678879517964683507928512741474025695659909954675835121177", 10)
mMatrix[1][1], _ = new(big.Int).SetString("3722304780857845144568029505892077496425786544014166938942516810831732569870", 10)
mMatrix[1][2], _ = new(big.Int).SetString("20850178060552184587113773087797340350525370429749200838012809627359404457643", 10)
mMatrix[1][3], _ = new(big.Int).SetString("16058955581309173858487265533260133430557379878452348481750737813742488209262", 10)
mMatrix[2][0], _ = new(big.Int).SetString("1013663139540921998616312712475594638459213772728467613870351821911056489570", 10)
mMatrix[2][1], _ = new(big.Int).SetString("11920634922168932145084219049241528148129057802067880076377897257847125830511", 10)
mMatrix[2][2], _ = new(big.Int).SetString("7082289538076771741936674361200789891432311337766695368327626572220036527624", 10)
mMatrix[2][3], _ = new(big.Int).SetString("593311177550138061601452020934455734040559402531605836278498327468203888086", 10)
mMatrix[3][0], _ = new(big.Int).SetString("13211800058103802189838759488224684841774731021206389709687693993627918500545", 10)
mMatrix[3][1], _ = new(big.Int).SetString("6085682566123812000257211683010755099394491689511511633947011263229442977967", 10)
mMatrix[3][2], _ = new(big.Int).SetString("1787876543469562003404632310460227730887431311758627706450615128255538398187", 10)
mMatrix[3][3], _ = new(big.Int).SetString("341662423637860635938968460722645910313598807845686354625820505885069260074", 10)
pMatrix[0][0], _ = new(big.Int).SetString("16023668707004248971294664614290028914393192768609916554276071736843535714477", 10)
pMatrix[0][1], _ = new(big.Int).SetString("1219730950550419355108306775069417768387360853368230473071077119306046675572", 10)
pMatrix[0][2], _ = new(big.Int).SetString("15510244717642334318966561950951002886323209693558586261457615423770062424603", 10)
pMatrix[0][3], _ = new(big.Int).SetString("11219946567517274434615160614700308041943360069146893241486574665265822013129", 10)
pMatrix[1][0], _ = new(big.Int).SetString("17849615858846139011678879517964683507928512741474025695659909954675835121177", 10)
pMatrix[1][1], _ = new(big.Int).SetString("17895496371927328657913965415733510282704230821151428152183928968046205671575", 10)
pMatrix[1][2], _ = new(big.Int).SetString("12435993608134323226059776526130103965669300982573338632451717852485169465950", 10)
pMatrix[1][3], _ = new(big.Int).SetString("19939917978926080723093316474977996505935743392066675936804030819065420290084", 10)
pMatrix[2][0], _ = new(big.Int).SetString("1013663139540921998616312712475594638459213772728467613870351821911056489570", 10)
pMatrix[2][1], _ = new(big.Int).SetString("1028374094780216331619466080637054051304375033009771928288419347940821888279", 10)
pMatrix[2][2], _ = new(big.Int).SetString("5643605551164490740833629634586387123466682387363311974272188018328439695366", 10)
pMatrix[2][3], _ = new(big.Int).SetString("3961412593815053600853163531157674011892719679065160984658051723455387746952", 10)
pMatrix[3][0], _ = new(big.Int).SetString("13211800058103802189838759488224684841774731021206389709687693993627918500545", 10)
pMatrix[3][1], _ = new(big.Int).SetString("16436452107226347557423995353975118393704571960279031780622882419612847031696", 10)
pMatrix[3][2], _ = new(big.Int).SetString("11841890240732656097844244837012648335708695431011214021127380678644769978309", 10)
pMatrix[3][3], _ = new(big.Int).SetString("10936049757440664316304266313740303505981633272820388610540392640560764966725", 10)
}

+ 98
- 0
poseidon/poseidon_bn128_test.go
View File

@ -0,0 +1,98 @@
package poseidon
import (
"testing"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/utils"
)
type TestPoseidonBN128Circuit struct {
In [spongeWidth]frontend.Variable
Out [spongeWidth]frontend.Variable
}
func (circuit *TestPoseidonBN128Circuit) Define(api frontend.API) error {
fieldAPI := field.NewFieldAPI(api)
poseidonChip := NewPoseidonBN128Chip(api, fieldAPI)
output := poseidonChip.Poseidon(circuit.In)
for i := 0; i < spongeWidth; i++ {
api.AssertIsEqual(
output[i],
circuit.Out[i],
)
}
return nil
}
func TestPoseidonBN128(t *testing.T) {
assert := test.NewAssert(t)
testCaseFn := func(in [spongeWidth]frontend.Variable, out [spongeWidth]frontend.Variable) {
circuit := TestPoseidonBN128Circuit{In: in, Out: out}
witness := TestPoseidonBN128Circuit{In: in, Out: out}
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCases := [][2][]string{
{
{"0", "0", "0", "0"},
{
"5317387130258456662214331362918410991734007599705406860481038345552731150762",
"17768273200467269691696191901389126520069745877826494955630904743826040320364",
"19413739268543925182080121099097652227979760828059217876810647045303340666757",
"3717738800218482999400886888123026296874264026760636028937972004600663725187",
},
},
{
{"0", "1", "2", "3"},
{
"6542985608222806190361240322586112750744169038454362455181422643027100751666",
"3478427836468552423396868478117894008061261013954248157992395910462939736589",
"1904980799580062506738911865015687096398867595589699208837816975692422464009",
"11971464497515232077059236682405357499403220967704831154657374522418385384151",
},
},
{
{
"21888242871839275222246405745257275088548364400416034343698204186575808495616",
"21888242871839275222246405745257275088548364400416034343698204186575808495616",
"21888242871839275222246405745257275088548364400416034343698204186575808495616",
"21888242871839275222246405745257275088548364400416034343698204186575808495616",
},
{
"13055670547682322550638362580666986963569035646873545133474324633020685301274",
"19087936485076376314486368416882351797015004625427655501762827988254486144933",
"10391468779200270580383536396630001155994223659670674913170907401637624483385",
"17202557688472898583549180366140168198092766974201433936205272956998081177816",
},
},
{
{
"6542985608222806190361240322586112750744169038454362455181422643027100751666",
"3478427836468552423396868478117894008061261013954248157992395910462939736589",
"1904980799580062506738911865015687096398867595589699208837816975692422464009",
"11971464497515232077059236682405357499403220967704831154657374522418385384151",
},
{
"21792249080447013894140672594027696524030291802493510986509431008224624594361",
"3536096706123550619294332177231935214243656967137545251021848527424156573335",
"14869351042206255711434675256184369368509719143073814271302931417334356905217",
"5027523131326906886284185656868809493297314443444919363729302983434650240523",
},
},
}
for _, testCase := range testCases {
var in [spongeWidth]frontend.Variable
var out [spongeWidth]frontend.Variable
copy(in[:], utils.StrArrayToFrontendVariableArray(testCase[0]))
copy(out[:], utils.StrArrayToFrontendVariableArray(testCase[1]))
testCaseFn(in, out)
}
}

poseidon/constants.go → poseidon/poseidon_constants.go
View File


+ 1
- 1
verifier/common/config.go
View File

@ -8,7 +8,7 @@ import (
type VerifierOnlyCircuitData struct {
ConstantSigmasCap MerkleCap
CircuitDigest poseidon.Hash
CircuitDigest poseidon.PoseidonBN128HashOut
}
type CircuitConfig struct {

+ 4
- 4
verifier/common/types.go
View File

@ -5,18 +5,18 @@ import (
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
)
type MerkleCap = []poseidon.Hash
type MerkleCap = []poseidon.PoseidonBN128HashOut
func NewMerkleCap(capHeight uint64) MerkleCap {
return make([]poseidon.Hash, 1<<capHeight)
return make([]poseidon.PoseidonBN128HashOut, 1<<capHeight)
}
type MerkleProof struct {
Siblings []poseidon.Hash // Length = CircuitConfig.FriConfig.DegreeBits + CircuitConfig.FriConfig.RateBits - CircuitConfig.FriConfig.CapHeight
Siblings []poseidon.PoseidonBN128HashOut // Length = CircuitConfig.FriConfig.DegreeBits + CircuitConfig.FriConfig.RateBits - CircuitConfig.FriConfig.CapHeight
}
func NewMerkleProof(merkleProofLen uint64) MerkleProof {
return MerkleProof{Siblings: make([]poseidon.Hash, merkleProofLen)}
return MerkleProof{Siblings: make([]poseidon.PoseidonBN128HashOut, merkleProofLen)}
}
type EvalProof struct {

BIN
verifier/data/.DS_Store
View File


verifier/data/recursive_step/common_circuit_data.json → verifier/data/decode_block/common_circuit_data.json
View File

@ -35,7 +35,7 @@
"num_query_rounds": 28
},
"hiding": false,
"degree_bits": 13,
"degree_bits": 12,
"reduction_arity_bits": [
4,
4
@ -43,6 +43,8 @@
},
"gates": [
"NoopGate",
"ConstantGate { num_consts: 2 }",
"PoseidonMdsGate(PhantomData<plonky2_field::goldilocks_field::GoldilocksField>)<WIDTH=12>",
"PublicInputGate",
"BaseSumGate { num_limbs: 63 } + Base: 2",
"ReducingExtensionGate { num_coeffs: 33 }",
@ -50,7 +52,6 @@
"ArithmeticExtensionGate { num_ops: 10 }",
"ArithmeticGate { num_ops: 20 }",
"MulExtensionGate { num_ops: 13 }",
"ExponentiationGate { num_power_bits: 67, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>",
"RandomAccessGate { bits: 4, num_copies: 4, num_extra_constants: 2, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>",
"CosetInterpolationGate { subgroup_bits: 4, degree: 6, barycentric_weights: [17293822565076172801, 18374686475376656385, 18446744069413535745, 281474976645120, 17592186044416, 18446744069414584577, 18446744000695107601, 18446744065119617025, 1152921504338411520, 72057594037927936, 18446744069415632897, 18446462594437939201, 18446726477228539905, 18446744069414584065, 68719476720, 4294967296], _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>",
"PoseidonGate(PhantomData<plonky2_field::goldilocks_field::GoldilocksField>)<WIDTH=12>"
@ -63,6 +64,7 @@
0,
0,
0,
0,
1,
1,
1,
@ -73,15 +75,15 @@
"groups": [
{
"start": 0,
"end": 6
"end": 7
},
{
"start": 6,
"end": 10
"start": 7,
"end": 11
},
{
"start": 10,
"end": 12
"start": 11,
"end": 13
}
]
},

+ 15082
- 0
verifier/data/decode_block/proof_with_public_inputs.json
File diff suppressed because it is too large
View File


+ 21
- 0
verifier/data/decode_block/verifier_only_circuit_data.json
View File

@ -0,0 +1,21 @@
{
"constants_sigmas_cap": [
"1499622638644728537774239858053278546400257982434845489329927574295172033326",
"2930852415723089264561622935088329191815636786066772202039928107654951266023",
"14464526654918087476596183134411486973966295253353738267325575394304709517161",
"18983137502540745159803953284357786408225887846069384394220291955925143226141",
"1386895482273961356932873002155159178542488359092693049720219479086930861707",
"14771237880407068338879830535366644743003305760875598132537125639168034999022",
"19702788661528474550894036146582137462836271070153286539426392895353557950694",
"15334727368281990897779779337943379898609200739305205677598255362701124565320",
"21691768748620820719274018448050849816536829760110881140528389629789448704790",
"15262009449532190852183220678787716636953257578372619913911054925901367503449",
"18166082909492900359627895435428332272663141560067836935272838076830554017630",
"10686995103794494099325675278866631156892436169286799401423857508483307145846",
"7660138004813546044706396059680360544539623731113711012915164533145284575301",
"1616448650742704848585620443874003913130079345238283349517269437117477195625",
"5734773590975050772666682899969130545487941904460247131732227238307211841652",
"11959183492303708131395376843823862107323459381741154704909455973421596288592"
],
"circuit_digest": "11532502846882484230992726008257788785937565673229400981185786126842727172973"
}

+ 0
- 150
verifier/data/dummy_2^14_gates/common_circuit_data.json
View File

@ -1,150 +0,0 @@
{
"config": {
"num_wires": 135,
"num_routed_wires": 80,
"num_constants": 2,
"use_base_arithmetic_gate": true,
"security_bits": 100,
"num_challenges": 2,
"zero_knowledge": false,
"max_quotient_degree_factor": 8,
"fri_config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 28
}
},
"fri_params": {
"config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 28
},
"hiding": false,
"degree_bits": 14,
"reduction_arity_bits": [
4,
4,
4
]
},
"gates": [
"NoopGate",
"ConstantGate { num_consts: 2 }",
"PublicInputGate"
],
"selectors_info": {
"selector_indices": [
0,
0,
0
],
"groups": [
{
"start": 0,
"end": 3
}
]
},
"quotient_degree_factor": 8,
"num_gate_constraints": 4,
"num_constants": 3,
"num_public_inputs": 0,
"k_is": [
1,
7,
49,
343,
2401,
16807,
117649,
823543,
5764801,
40353607,
282475249,
1977326743,
13841287201,
96889010407,
678223072849,
4747561509943,
33232930569601,
232630513987207,
1628413597910449,
11398895185373143,
79792266297612001,
558545864083284007,
3909821048582988049,
8922003270666332022,
7113790686420571191,
12903046666114829695,
16534350385145470581,
5059988279530788141,
16973173887300932666,
8131752794619022736,
1582037354089406189,
11074261478625843323,
3732854072722565977,
7683234439643377518,
16889152938674473984,
7543606154233811962,
15911754940807515092,
701820169165099718,
4912741184155698026,
15942444219675301861,
916645121239607101,
6416515848677249707,
8022122801911579307,
814627405137302186,
5702391835961115302,
3023254712898638472,
2716038920875884983,
565528376716610560,
3958698637016273920,
9264146389699333119,
9508792519651578870,
11221315429317299127,
4762231727562756605,
14888878023524711914,
11988425817600061793,
10132004445542095267,
15583798910550913906,
16852872026783475737,
7289639770996824233,
14133990258148600989,
6704211459967285318,
10035992080941828584,
14911712358349047125,
12148266161370408270,
11250886851934520606,
4969231685883306958,
16337877731768564385,
3684679705892444769,
7346013871832529062,
14528608963998534792,
9466542400916821939,
10925564598174000610,
2691975909559666986,
397087297503084581,
2779611082521592067,
1010533508236560148,
7073734557655921036,
12622653764762278610,
14571600075677612986,
9767480182670369297
],
"num_partial_products": 9
}

+ 0
- 31140
verifier/data/dummy_2^14_gates/proof_with_public_inputs.json
File diff suppressed because it is too large
View File


+ 0
- 140
verifier/data/dummy_2^14_gates/verifier_only_circuit_data.json
View File

@ -1,140 +0,0 @@
{
"constants_sigmas_cap": [
{
"elements": [
4759797886241550041,
16047691004983234860,
9659762256552197216,
10112553966470275428
]
},
{
"elements": [
6580856520142680697,
17545262075403841780,
17375632104615520990,
7416977774732798943
]
},
{
"elements": [
16353512268073979322,
819827092644027799,
16690673607724368808,
15037968687422549712
]
},
{
"elements": [
8436504004905600346,
9803040091724299970,
13874489205559745161,
9113368467425613680
]
},
{
"elements": [
11091349953543466700,
16835828310505248580,
9401730018779004456,
16217511395210280637
]
},
{
"elements": [
14652613590798123935,
6513400524233583632,
14260635575060377802,
2934429662141013591
]
},
{
"elements": [
16079430466329685864,
15523825632000959289,
10929447713382773099,
13359117551990706652
]
},
{
"elements": [
3981642429220224195,
16563383270645026066,
11676626736400014113,
12391006943408842728
]
},
{
"elements": [
14534632951568236500,
6622950057448608217,
10317722778604321203,
16857091229989966532
]
},
{
"elements": [
1854667436830330051,
10698208885037992043,
8279000029256055765,
16473632613257578260
]
},
{
"elements": [
6112653519502862522,
16414985808267477185,
17212339018953338390,
2035088574051215606
]
},
{
"elements": [
283442216994125368,
5745335585396117672,
5374569058514548582,
10252700696576858963
]
},
{
"elements": [
9306370623805561429,
16251397047578608507,
14346837135739683212,
16134961398977435830
]
},
{
"elements": [
7908139687533230014,
868091850428391307,
17334379805830263268,
14344912333616841759
]
},
{
"elements": [
5694816422417791625,
1123655791248550867,
10759039854778271524,
14259550375971834217
]
},
{
"elements": [
8540856852870738366,
13653940430116418378,
12200920580995523853,
4531851613365767268
]
}
],
"circuit_digest": {
"elements": [
651333322065354824,
4413552684545354123,
11977324165034072678,
16531113439125733803
]
}
}

+ 0
- 1
verifier/data/dummy_small/common_circuit_data.json
View File

@ -1 +0,0 @@
{"config":{"num_wires":135,"num_routed_wires":80,"num_constants":2,"use_base_arithmetic_gate":true,"security_bits":100,"num_challenges":2,"zero_knowledge":false,"max_quotient_degree_factor":8,"fri_config":{"rate_bits":12,"cap_height":4,"proof_of_work_bits":16,"reduction_strategy":{"ConstantArityBits":[4,5]},"num_query_rounds":7}},"fri_params":{"config":{"rate_bits":12,"cap_height":4,"proof_of_work_bits":16,"reduction_strategy":{"ConstantArityBits":[4,5]},"num_query_rounds":7},"hiding":false,"degree_bits":2,"reduction_arity_bits":[]},"gates":["NoopGate","ConstantGate { num_consts: 2 }","PublicInputGate"],"selectors_info":{"selector_indices":[0,0,0],"groups":[{"start":0,"end":3}]},"quotient_degree_factor":8,"num_gate_constraints":4,"num_constants":3,"num_public_inputs":0,"k_is":[1,7,49,343,2401,16807,117649,823543,5764801,40353607,282475249,1977326743,13841287201,96889010407,678223072849,4747561509943,33232930569601,232630513987207,1628413597910449,11398895185373143,79792266297612001,558545864083284007,3909821048582988049,8922003270666332022,7113790686420571191,12903046666114829695,16534350385145470581,5059988279530788141,16973173887300932666,8131752794619022736,1582037354089406189,11074261478625843323,3732854072722565977,7683234439643377518,16889152938674473984,7543606154233811962,15911754940807515092,701820169165099718,4912741184155698026,15942444219675301861,916645121239607101,6416515848677249707,8022122801911579307,814627405137302186,5702391835961115302,3023254712898638472,2716038920875884983,565528376716610560,3958698637016273920,9264146389699333119,9508792519651578870,11221315429317299127,4762231727562756605,14888878023524711914,11988425817600061793,10132004445542095267,15583798910550913906,16852872026783475737,7289639770996824233,14133990258148600989,6704211459967285318,10035992080941828584,14911712358349047125,12148266161370408270,11250886851934520606,4969231685883306958,16337877731768564385,3684679705892444769,7346013871832529062,14528608963998534792,9466542400916821939,10925564598174000610,2691975909559666986,397087297503084581,2779611082521592067,1010533508236560148,7073734557655921036,12622653764762278610,14571600075677612986,9767480182670369297],"num_partial_products":9}

+ 0
- 1
verifier/data/dummy_small/proof_with_public_inputs.json
File diff suppressed because it is too large
View File


+ 0
- 1
verifier/data/dummy_small/verifier_only_circuit_data.json
View File

@ -1 +0,0 @@
{"constants_sigmas_cap":[{"elements":[12942050173360299287,15429129527496118608,11044804177370023771,17027862521442293343]},{"elements":[5129937521595676319,9249371000310776833,1698652619737853229,3597277235363989900]},{"elements":[9499069482602362280,6056775334288968735,9416720030884613634,8481612183293566397]},{"elements":[7444928464878659248,59632799137831308,6374428807271012784,12055696886890254745]},{"elements":[11760551261657627154,5292872815316944996,12187602224948210417,184439611357521062]},{"elements":[13972524877212598728,11420817450690243876,15994255466128604849,1311060574252414086]},{"elements":[16494325411515456931,18075355179587378715,4646724997371828866,1372832552151954570]},{"elements":[16387476627685153284,17032030743812759632,16808048043752991311,16788518620316721833]},{"elements":[4194862242212612774,364226560743618053,11438397620101696839,9286576348843874621]},{"elements":[6340101954898285234,10773051474343740098,6629082148740745229,3982094848619266494]},{"elements":[8009275308971482529,10105260369496924395,8987390598028905021,9739740379439925196]},{"elements":[13635364907274847648,1135616847056663194,6574618410485087638,11497429148813108159]},{"elements":[15405963465632273554,10983537026674671450,17181205620785852479,2598367474817225484]},{"elements":[16613943869767229638,8953767102519510969,2778482474224727871,835196900223386389]},{"elements":[213910466424313779,1036984933257510494,9766858993890477954,5836427172912690664]},{"elements":[1538574690328025715,2426907990630109879,8393881157947355071,8063812988973786255]}],"circuit_digest":{"elements":[18101853563531100136,12778281678899705371,12856635299514517756,11554767480547589421]}}

+ 0
- 152
verifier/data/fibonacci/common_circuit_data.json
View File

@ -1,152 +0,0 @@
{
"config": {
"num_wires": 135,
"num_routed_wires": 80,
"num_constants": 2,
"use_base_arithmetic_gate": true,
"security_bits": 100,
"num_challenges": 2,
"zero_knowledge": false,
"max_quotient_degree_factor": 8,
"fri_config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 28
}
},
"fri_params": {
"config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 28
},
"hiding": false,
"degree_bits": 3,
"reduction_arity_bits": []
},
"gates": [
"ConstantGate { num_consts: 2 }",
"PublicInputGate",
"ArithmeticGate { num_ops: 20 }",
"PoseidonGate(PhantomData<plonky2_field::goldilocks_field::GoldilocksField>)<WIDTH=12>"
],
"selectors_info": {
"selector_indices": [
0,
0,
0,
1
],
"groups": [
{
"start": 0,
"end": 3
},
{
"start": 3,
"end": 4
}
]
},
"quotient_degree_factor": 8,
"num_gate_constraints": 123,
"num_constants": 4,
"num_public_inputs": 3,
"k_is": [
1,
7,
49,
343,
2401,
16807,
117649,
823543,
5764801,
40353607,
282475249,
1977326743,
13841287201,
96889010407,
678223072849,
4747561509943,
33232930569601,
232630513987207,
1628413597910449,
11398895185373143,
79792266297612001,
558545864083284007,
3909821048582988049,
8922003270666332022,
7113790686420571191,
12903046666114829695,
16534350385145470581,
5059988279530788141,
16973173887300932666,
8131752794619022736,
1582037354089406189,
11074261478625843323,
3732854072722565977,
7683234439643377518,
16889152938674473984,
7543606154233811962,
15911754940807515092,
701820169165099718,
4912741184155698026,
15942444219675301861,
916645121239607101,
6416515848677249707,
8022122801911579307,
814627405137302186,
5702391835961115302,
3023254712898638472,
2716038920875884983,
565528376716610560,
3958698637016273920,
9264146389699333119,
9508792519651578870,
11221315429317299127,
4762231727562756605,
14888878023524711914,
11988425817600061793,
10132004445542095267,
15583798910550913906,
16852872026783475737,
7289639770996824233,
14133990258148600989,
6704211459967285318,
10035992080941828584,
14911712358349047125,
12148266161370408270,
11250886851934520606,
4969231685883306958,
16337877731768564385,
3684679705892444769,
7346013871832529062,
14528608963998534792,
9466542400916821939,
10925564598174000610,
2691975909559666986,
397087297503084581,
2779611082521592067,
1010533508236560148,
7073734557655921036,
12622653764762278610,
14571600075677612986,
9767480182670369297
],
"num_partial_products": 9
}

+ 0
- 11509
verifier/data/fibonacci/proof_with_public_inputs.json
File diff suppressed because it is too large
View File


+ 0
- 140
verifier/data/fibonacci/verifier_only_circuit_data.json
View File

@ -1,140 +0,0 @@
{
"constants_sigmas_cap": [
{
"elements": [
2913805118787558759,
15605217703384212484,
9293436862297178555,
10529947991695419448
]
},
{
"elements": [
1937331278189251620,
17537260089483183877,
10458485670158100707,
4116443229550247591
]
},
{
"elements": [
8142760542024755709,
3845244796524514577,
16191049345326767258,
7348433903875207214
]
},
{
"elements": [
18274477257392359471,
9341197367296335592,
14314312946600883535,
17431979896521737468
]
},
{
"elements": [
12713790163422286570,
9838614764658999419,
3024549327814176904,
6544549858431318793
]
},
{
"elements": [
17461063081201329467,
1929790214678747830,
14738190695567211833,
4502436664569676311
]
},
{
"elements": [
17446087997043032816,
17518692693064701003,
4915378766449394412,
10675325761198739044
]
},
{
"elements": [
11349186227918507635,
7105572536043210156,
13296927306801261929,
6138189381388819111
]
},
{
"elements": [
17427080957162886576,
4310228111529328877,
16109317445338921222,
11923676504992192083
]
},
{
"elements": [
11292141569337462929,
7213981967192374125,
4837353949249389782,
13157524938508720907
]
},
{
"elements": [
17221477633935993097,
7905315334616496868,
2950048088611741910,
16851660641249290423
]
},
{
"elements": [
1918571898367258879,
14473285549490778842,
16456257732802770188,
16611801325745795527
]
},
{
"elements": [
7880989808200689690,
16935107633380717766,
8956194191973051375,
1103945341495739535
]
},
{
"elements": [
4501339912027744074,
12142665268233044767,
9270990890291324944,
45374981263348191
]
},
{
"elements": [
13657768796246999470,
2899654677720502418,
7228867285602519410,
3363587770111123806
]
},
{
"elements": [
18227101298896629706,
12986849723013952028,
16815808278639394978,
16460725848109409638
]
}
],
"circuit_digest": {
"elements": [
15489309507512017401,
16244437215982314072,
10011620388767144997,
15394117319313330212
]
}
}

+ 0
- 173
verifier/data/recursive/common_circuit_data.json
View File

@ -1,173 +0,0 @@
{
"config": {
"num_wires": 135,
"num_routed_wires": 80,
"num_constants": 2,
"use_base_arithmetic_gate": true,
"security_bits": 100,
"num_challenges": 2,
"zero_knowledge": false,
"max_quotient_degree_factor": 8,
"fri_config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 28
}
},
"fri_params": {
"config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 28
},
"hiding": false,
"degree_bits": 12,
"reduction_arity_bits": [
4,
4
]
},
"gates": [
"NoopGate",
"PublicInputGate",
"BaseSumGate { num_limbs: 63 } + Base: 2",
"ReducingExtensionGate { num_coeffs: 32 }",
"ReducingGate { num_coeffs: 43 }",
"ArithmeticExtensionGate { num_ops: 10 }",
"ArithmeticGate { num_ops: 20 }",
"MulExtensionGate { num_ops: 13 }",
"RandomAccessGate { bits: 4, num_copies: 4, num_extra_constants: 2, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>",
"CosetInterpolationGate { subgroup_bits: 4, degree: 6, barycentric_weights: [17293822565076172801, 18374686475376656385, 18446744069413535745, 281474976645120, 17592186044416, 256, 18446744000695107601, 18446744065119617025, 1152921504338411520, 72057594037927936, 1048576, 18446462594437939201, 18446726477228539905, 18446744069414584065, 68719476720, 4294967296], _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>",
"PoseidonGate(PhantomData<plonky2_field::goldilocks_field::GoldilocksField>)<WIDTH=12>"
],
"selectors_info": {
"selector_indices": [
0,
0,
0,
0,
0,
0,
1,
1,
1,
2,
2
],
"groups": [
{
"start": 0,
"end": 6
},
{
"start": 6,
"end": 9
},
{
"start": 9,
"end": 11
}
]
},
"quotient_degree_factor": 8,
"num_gate_constraints": 123,
"num_constants": 5,
"num_public_inputs": 0,
"k_is": [
1,
7,
49,
343,
2401,
16807,
117649,
823543,
5764801,
40353607,
282475249,
1977326743,
13841287201,
96889010407,
678223072849,
4747561509943,
33232930569601,
232630513987207,
1628413597910449,
11398895185373143,
79792266297612001,
558545864083284007,
3909821048582988049,
8922003270666332022,
7113790686420571191,
12903046666114829695,
16534350385145470581,
5059988279530788141,
16973173887300932666,
8131752794619022736,
1582037354089406189,
11074261478625843323,
3732854072722565977,
7683234439643377518,
16889152938674473984,
7543606154233811962,
15911754940807515092,
701820169165099718,
4912741184155698026,
15942444219675301861,
916645121239607101,
6416515848677249707,
8022122801911579307,
814627405137302186,
5702391835961115302,
3023254712898638472,
2716038920875884983,
565528376716610560,
3958698637016273920,
9264146389699333119,
9508792519651578870,
11221315429317299127,
4762231727562756605,
14888878023524711914,
11988425817600061793,
10132004445542095267,
15583798910550913906,
16852872026783475737,
7289639770996824233,
14133990258148600989,
6704211459967285318,
10035992080941828584,
14911712358349047125,
12148266161370408270,
11250886851934520606,
4969231685883306958,
16337877731768564385,
3684679705892444769,
7346013871832529062,
14528608963998534792,
9466542400916821939,
10925564598174000610,
2691975909559666986,
397087297503084581,
2779611082521592067,
1010533508236560148,
7073734557655921036,
12622653764762278610,
14571600075677612986,
9767480182670369297
],
"num_partial_products": 9
}

+ 0
- 26194
verifier/data/recursive/proof_with_public_inputs.json
File diff suppressed because it is too large
View File


+ 0
- 140
verifier/data/recursive/verifier_only_circuit_data.json
View File

@ -1,140 +0,0 @@
{
"constants_sigmas_cap": [
{
"elements": [
5792880812518408658,
2007865592137458435,
5118679776640867091,
13069431186724985571
]
},
{
"elements": [
620745627896223750,
11689482378865345226,
515625484560203909,
6594700411046985771
]
},
{
"elements": [
4288547219194413000,
13137436527356415412,
12622945773280822587,
650627082873761457
]
},
{
"elements": [
13506996103707830465,
8679821128676565111,
4223042913738287628,
9099197279443824593
]
},
{
"elements": [
14449575924890308633,
8733833351673036584,
16541374894852431819,
9332074455551145433
]
},
{
"elements": [
10076928807302913775,
3821138534617469739,
1717959071597020718,
17760656161674093717
]
},
{
"elements": [
2599426417611084017,
13871968726722310950,
1516291378797220061,
13799666340648349967
]
},
{
"elements": [
12663813165492321869,
14876506856106059016,
1242723042851988831,
2875934737469787816
]
},
{
"elements": [
17378423119286703930,
11222598627075744078,
9488528583590922099,
14157718813638267686
]
},
{
"elements": [
1071412395592558182,
18101728088624707784,
3182026360229291426,
14227530413232734538
]
},
{
"elements": [
726974142246132532,
15153315199262507247,
17940113059510197877,
16772587044853202303
]
},
{
"elements": [
12231534358502296703,
10511512947619127431,
16590010230992836643,
12522924984185338479
]
},
{
"elements": [
8037124124878150231,
7299067373190351508,
6928393757878692343,
14665216450327743533
]
},
{
"elements": [
8476349181260794151,
2992858515573144844,
12544833538408559347,
12322593314271890822
]
},
{
"elements": [
17452538538131258483,
16559982778748471691,
7832234514212696397,
7687737265950783860
]
},
{
"elements": [
5386649132465675374,
15880918294706587722,
12305658309516685089,
1973473830101720437
]
}
],
"circuit_digest": {
"elements": [
7986243079228529757,
6431975618990554147,
3826625528654889031,
10807866526356205171
]
}
}

+ 0
- 172
verifier/data/recursive_small/common_circuit_data.json
View File

@ -1,172 +0,0 @@
{
"config": {
"num_wires": 135,
"num_routed_wires": 80,
"num_constants": 2,
"use_base_arithmetic_gate": true,
"security_bits": 100,
"num_challenges": 2,
"zero_knowledge": false,
"max_quotient_degree_factor": 8,
"fri_config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 2
}
},
"fri_params": {
"config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 2
},
"hiding": false,
"degree_bits": 9,
"reduction_arity_bits": [
4
]
},
"gates": [
"NoopGate",
"ConstantGate { num_consts: 2 }",
"PublicInputGate",
"BaseSumGate { num_limbs: 63 } + Base: 2",
"ReducingExtensionGate { num_coeffs: 32 }",
"ReducingGate { num_coeffs: 43 }",
"ArithmeticExtensionGate { num_ops: 10 }",
"ArithmeticGate { num_ops: 20 }",
"MulExtensionGate { num_ops: 13 }",
"RandomAccessGate { bits: 4, num_copies: 4, num_extra_constants: 2, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>",
"PoseidonGate(PhantomData<plonky2_field::goldilocks_field::GoldilocksField>)<WIDTH=12>"
],
"selectors_info": {
"selector_indices": [
0,
0,
0,
0,
0,
0,
1,
1,
1,
1,
2
],
"groups": [
{
"start": 0,
"end": 6
},
{
"start": 6,
"end": 10
},
{
"start": 10,
"end": 11
}
]
},
"quotient_degree_factor": 8,
"num_gate_constraints": 123,
"num_constants": 5,
"num_public_inputs": 0,
"k_is": [
1,
7,
49,
343,
2401,
16807,
117649,
823543,
5764801,
40353607,
282475249,
1977326743,
13841287201,
96889010407,
678223072849,
4747561509943,
33232930569601,
232630513987207,
1628413597910449,
11398895185373143,
79792266297612001,
558545864083284007,
3909821048582988049,
8922003270666332022,
7113790686420571191,
12903046666114829695,
16534350385145470581,
5059988279530788141,
16973173887300932666,
8131752794619022736,
1582037354089406189,
11074261478625843323,
3732854072722565977,
7683234439643377518,
16889152938674473984,
7543606154233811962,
15911754940807515092,
701820169165099718,
4912741184155698026,
15942444219675301861,
916645121239607101,
6416515848677249707,
8022122801911579307,
814627405137302186,
5702391835961115302,
3023254712898638472,
2716038920875884983,
565528376716610560,
3958698637016273920,
9264146389699333119,
9508792519651578870,
11221315429317299127,
4762231727562756605,
14888878023524711914,
11988425817600061793,
10132004445542095267,
15583798910550913906,
16852872026783475737,
7289639770996824233,
14133990258148600989,
6704211459967285318,
10035992080941828584,
14911712358349047125,
12148266161370408270,
11250886851934520606,
4969231685883306958,
16337877731768564385,
3684679705892444769,
7346013871832529062,
14528608963998534792,
9466542400916821939,
10925564598174000610,
2691975909559666986,
397087297503084581,
2779611082521592067,
1010533508236560148,
7073734557655921036,
12622653764762278610,
14571600075677612986,
9767480182670369297
],
"num_partial_products": 9
}

+ 0
- 3024
verifier/data/recursive_small/proof_with_public_inputs.json
File diff suppressed because it is too large
View File


+ 0
- 140
verifier/data/recursive_small/verifier_only_circuit_data.json
View File

@ -1,140 +0,0 @@
{
"constants_sigmas_cap": [
{
"elements": [
158845205314874220,
9668380905015929998,
1411954196422652535,
16261560315091018602
]
},
{
"elements": [
10819768878069205512,
10806329121382974236,
4449962652936030991,
3437130958683867731
]
},
{
"elements": [
13409308832792573752,
5142428395608775971,
8304804561534366563,
3333782371953158323
]
},
{
"elements": [
18228625912291347825,
10166925566614695203,
18158685652491144528,
5812383934966268838
]
},
{
"elements": [
9826807818157299303,
16982355347088639655,
9164194217012055587,
2807644941373961188
]
},
{
"elements": [
14310741273297755831,
12981827714166111968,
4530737992662289685,
18335773668219568846
]
},
{
"elements": [
7917966912899515534,
17667717333057450416,
952641997971486450,
428804504796282154
]
},
{
"elements": [
6150969121154358920,
8533162538572915310,
13902780732405127329,
10048329503515769882
]
},
{
"elements": [
17799006350046251788,
10571037994954145577,
16382491710544403234,
8887053452984223370
]
},
{
"elements": [
3963886065503765705,
2739764768577488879,
5343505536176223500,
9151432391854309795
]
},
{
"elements": [
4165310799113686308,
10915634867031695254,
5813235613342911366,
17907275021812350449
]
},
{
"elements": [
12954911538188629834,
6738667513261916639,
12025960525821021496,
3765915660295958137
]
},
{
"elements": [
15699732256890621800,
14355912053969064032,
9559845752177194786,
6008684051170164157
]
},
{
"elements": [
5973104887002336129,
15822297470108300955,
1285855046140391788,
8567304882129939594
]
},
{
"elements": [
531701086966465293,
13988001761158611208,
10640541520023034000,
12368315472470450606
]
},
{
"elements": [
16726108137472169650,
9400941780708454743,
2656080070909638220,
10262921538692249992
]
}
],
"circuit_digest": {
"elements": [
7291397556757192596,
149044718719699113,
14214393601687894808,
15901190186686913364
]
}
}

+ 0
- 27634
verifier/data/recursive_step/proof_with_public_inputs.json
File diff suppressed because it is too large
View File


+ 0
- 140
verifier/data/recursive_step/verifier_only_circuit_data.json
View File

@ -1,140 +0,0 @@
{
"constants_sigmas_cap": [
{
"elements": [
11953454831364282697,
1780640713616741507,
9332530534753348552,
17084282210745809382
]
},
{
"elements": [
17758681460299977814,
15435331084685806694,
7766646160278036540,
5345072798617230589
]
},
{
"elements": [
8802797469535268068,
3037505332513657608,
16030922155257393390,
13188886177244942097
]
},
{
"elements": [
2357959411935908456,
1458480601790550366,
11949473050563493262,
1836765554619785226
]
},
{
"elements": [
17907165543584078363,
9893605436382885449,
6670152476736706784,
562838117712837468
]
},
{
"elements": [
5744223185797504102,
13743400022410455956,
6205029693922586080,
15336463778776378871
]
},
{
"elements": [
14723206064376829937,
13180213430291675472,
5411273601294455899,
8840354110576908600
]
},
{
"elements": [
10897208927347958232,
2388900836403833331,
13400951517389305038,
2629935461033320568
]
},
{
"elements": [
6382278241197748160,
2864721123412042365,
1383065474344220868,
2692411485496850147
]
},
{
"elements": [
4198408477591504932,
8255926325330378434,
14022111482748940978,
8650742941998823647
]
},
{
"elements": [
6235912550116348485,
1591288015265630569,
6942981485091244971,
9620918527217246407
]
},
{
"elements": [
8301265937387597891,
13822840883914340904,
13370707368391237777,
15118584100319351289
]
},
{
"elements": [
12805136189787682184,
14515274878974073778,
15431575651860817805,
1563913167146652597
]
},
{
"elements": [
6512639279406449383,
15697846660972222282,
5729086478860256848,
1818341437677547274
]
},
{
"elements": [
4116477618393991081,
604123225308335767,
459683656323372900,
10069219213626177582
]
},
{
"elements": [
7335240546348323257,
12233386866476119728,
4755043335297619337,
2281707033870644336
]
}
],
"circuit_digest": {
"elements": [
14321013545913480595,
17038401155010977967,
2998069758835997053,
10198464630670001962
]
}
}

+ 0
- 174
verifier/data/recursive_very_small/common_circuit_data.json
View File

@ -1,174 +0,0 @@
{
"config": {
"num_wires": 136,
"num_routed_wires": 80,
"num_constants": 2,
"use_base_arithmetic_gate": true,
"security_bits": 100,
"num_challenges": 2,
"zero_knowledge": false,
"max_quotient_degree_factor": 8,
"fri_config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 1
}
},
"fri_params": {
"config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 1
},
"hiding": false,
"degree_bits": 9,
"reduction_arity_bits": [
4
]
},
"gates": [
"NoopGate",
"ConstantGate { num_consts: 2 }",
"PublicInputGate",
"BaseSumGate { num_limbs: 63 } + Base: 2",
"ReducingExtensionGate { num_coeffs: 33 }",
"ReducingGate { num_coeffs: 44 }",
"ArithmeticExtensionGate { num_ops: 10 }",
"ArithmeticGate { num_ops: 20 }",
"MulExtensionGate { num_ops: 13 }",
"RandomAccessGate { bits: 4, num_copies: 4, num_extra_constants: 2, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>",
"CosetInterpolationGate { subgroup_bits: 4, degree: 6, barycentric_weights: [17293822565076172801, 18374686475376656385, 18446744069413535745, 281474976645120, 17592186044416, 256, 18446744000695107601, 18446744065119617025, 1152921504338411520, 72057594037927936, 1048576, 18446462594437939201, 18446726477228539905, 18446744069414584065, 68719476720, 4294967296], _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>",
"PoseidonGate(PhantomData<plonky2_field::goldilocks_field::GoldilocksField>)<WIDTH=12>"
],
"selectors_info": {
"selector_indices": [
0,
0,
0,
0,
0,
0,
1,
1,
1,
1,
2,
2
],
"groups": [
{
"start": 0,
"end": 6
},
{
"start": 6,
"end": 10
},
{
"start": 10,
"end": 12
}
]
},
"quotient_degree_factor": 8,
"num_gate_constraints": 123,
"num_constants": 5,
"num_public_inputs": 0,
"k_is": [
1,
7,
49,
343,
2401,
16807,
117649,
823543,
5764801,
40353607,
282475249,
1977326743,
13841287201,
96889010407,
678223072849,
4747561509943,
33232930569601,
232630513987207,
1628413597910449,
11398895185373143,
79792266297612001,
558545864083284007,
3909821048582988049,
8922003270666332022,
7113790686420571191,
12903046666114829695,
16534350385145470581,
5059988279530788141,
16973173887300932666,
8131752794619022736,
1582037354089406189,
11074261478625843323,
3732854072722565977,
7683234439643377518,
16889152938674473984,
7543606154233811962,
15911754940807515092,
701820169165099718,
4912741184155698026,
15942444219675301861,
916645121239607101,
6416515848677249707,
8022122801911579307,
814627405137302186,
5702391835961115302,
3023254712898638472,
2716038920875884983,
565528376716610560,
3958698637016273920,
9264146389699333119,
9508792519651578870,
11221315429317299127,
4762231727562756605,
14888878023524711914,
11988425817600061793,
10132004445542095267,
15583798910550913906,
16852872026783475737,
7289639770996824233,
14133990258148600989,
6704211459967285318,
10035992080941828584,
14911712358349047125,
12148266161370408270,
11250886851934520606,
4969231685883306958,
16337877731768564385,
3684679705892444769,
7346013871832529062,
14528608963998534792,
9466542400916821939,
10925564598174000610,
2691975909559666986,
397087297503084581,
2779611082521592067,
1010533508236560148,
7073734557655921036,
12622653764762278610,
14571600075677612986,
9767480182670369297
],
"num_partial_products": 9
}

+ 0
- 2373
verifier/data/recursive_very_small/proof_with_public_inputs.json
File diff suppressed because it is too large
View File


+ 0
- 140
verifier/data/recursive_very_small/verifier_only_circuit_data.json
View File

@ -1,140 +0,0 @@
{
"constants_sigmas_cap": [
{
"elements": [
18341772251201060973,
8863499337164177585,
3680903997187631396,
12765086892713286422
]
},
{
"elements": [
10011842595440383490,
16803433616479820503,
5116105297375993895,
1284372878762986134
]
},
{
"elements": [
9771429197922126084,
11795709479898502019,
9760789605311014828,
14587465303757273799
]
},
{
"elements": [
14268034713225276697,
18296479136879705605,
10850612887933280806,
9639487702530117083
]
},
{
"elements": [
9754005887238773284,
5374369974939340944,
4959182047845142644,
1120709750910555570
]
},
{
"elements": [
7250035629074136036,
15739653461985901088,
14987756440121950753,
9158371711408827053
]
},
{
"elements": [
13216298745969283339,
16888689116176782846,
12982122889871085039,
5211135798140140360
]
},
{
"elements": [
1504326644701451030,
8409612476357826852,
7563553194601621378,
11995034742915891064
]
},
{
"elements": [
5488329807694506217,
18091194776727670160,
17052473172701400255,
16236156822718879559
]
},
{
"elements": [
17715347985838125739,
3615805299049017601,
8585175301607696636,
1968868157246799025
]
},
{
"elements": [
13447598860253889564,
6631647170626609560,
2112142850806037543,
14266806193129176172
]
},
{
"elements": [
2730627694247012781,
17236598033654074636,
4452557557605684638,
468430371172463963
]
},
{
"elements": [
6798850231787296859,
16600632819568012939,
11299208732485603538,
15684010143706607232
]
},
{
"elements": [
3144604974895131192,
4061404887662630886,
5007128585099235364,
16758955485500576037
]
},
{
"elements": [
4096461731986790461,
12546978492628150144,
18147834661139732319,
4737766556076016924
]
},
{
"elements": [
14221961188679542125,
17198447421299265716,
4429176582749668482,
3028817214334434508
]
}
],
"circuit_digest": {
"elements": [
10592544746408303090,
6263847280826784938,
13362953309332334276,
1690911406899164489
]
}
}

+ 0
- 205
verifier/data/step/common_circuit_data.json
View File

@ -1,205 +0,0 @@
{
"config": {
"num_wires": 136,
"num_routed_wires": 80,
"num_constants": 2,
"use_base_arithmetic_gate": true,
"security_bits": 100,
"num_challenges": 2,
"zero_knowledge": false,
"max_quotient_degree_factor": 8,
"fri_config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 28
}
},
"fri_params": {
"config": {
"rate_bits": 3,
"cap_height": 4,
"proof_of_work_bits": 16,
"reduction_strategy": {
"ConstantArityBits": [
4,
5
]
},
"num_query_rounds": 28
},
"hiding": false,
"degree_bits": 21,
"reduction_arity_bits": [
4,
4,
4,
4
]
},
"gates": [
"NoopGate",
"ConstantGate { num_consts: 2 }",
"PublicInputGate",
"BaseSumGate { num_limbs: 32 } + Base: 2",
"BaseSumGate { num_limbs: 63 } + Base: 2",
"ArithmeticGate { num_ops: 20 }",
"RandomAccessGate { bits: 2, num_copies: 13, num_extra_constants: 2, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>",
"XOR3Gate { num_xors: 16 }",
"BaseSumGate { num_limbs: 16 } + Base: 4",
"ComparisonGate { num_bits: 32, num_chunks: 16, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>",
"U32AddManyGate { num_addends: 11, num_ops: 4, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"U32AddManyGate { num_addends: 13, num_ops: 4, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"U32AddManyGate { num_addends: 15, num_ops: 3, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"U32AddManyGate { num_addends: 16, num_ops: 3, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"U32AddManyGate { num_addends: 3, num_ops: 5, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"U32AddManyGate { num_addends: 5, num_ops: 5, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"U32AddManyGate { num_addends: 7, num_ops: 4, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"U32AddManyGate { num_addends: 9, num_ops: 4, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"U32ArithmeticGate { num_ops: 3, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"U32RangeCheckGate { num_input_limbs: 8, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"U32SubtractionGate { num_ops: 6, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }",
"RandomAccessGate { bits: 4, num_copies: 4, num_extra_constants: 2, _phantom: PhantomData<plonky2_field::goldilocks_field::GoldilocksField> }<D=2>"
],
"selectors_info": {
"selector_indices": [
0,
0,
0,
0,
0,
0,
1,
1,
1,
1,
1,
2,
2,
2,
2,
2,
3,
3,
3,
3,
3,
4
],
"groups": [
{
"start": 0,
"end": 6
},
{
"start": 6,
"end": 11
},
{
"start": 11,
"end": 16
},
{
"start": 16,
"end": 21
},
{
"start": 21,
"end": 22
}
]
},
"quotient_degree_factor": 8,
"num_gate_constraints": 136,
"num_constants": 7,
"num_public_inputs": 0,
"k_is": [
1,
7,
49,
343,
2401,
16807,
117649,
823543,
5764801,
40353607,
282475249,
1977326743,
13841287201,
96889010407,
678223072849,
4747561509943,
33232930569601,
232630513987207,
1628413597910449,
11398895185373143,
79792266297612001,
558545864083284007,
3909821048582988049,
8922003270666332022,
7113790686420571191,
12903046666114829695,
16534350385145470581,
5059988279530788141,
16973173887300932666,
8131752794619022736,
1582037354089406189,
11074261478625843323,
3732854072722565977,
7683234439643377518,
16889152938674473984,
7543606154233811962,
15911754940807515092,
701820169165099718,
4912741184155698026,
15942444219675301861,
916645121239607101,
6416515848677249707,
8022122801911579307,
814627405137302186,
5702391835961115302,
3023254712898638472,
2716038920875884983,
565528376716610560,
3958698637016273920,
9264146389699333119,
9508792519651578870,
11221315429317299127,
4762231727562756605,
14888878023524711914,
11988425817600061793,
10132004445542095267,
15583798910550913906,
16852872026783475737,
7289639770996824233,
14133990258148600989,
6704211459967285318,
10035992080941828584,
14911712358349047125,
12148266161370408270,
11250886851934520606,
4969231685883306958,
16337877731768564385,
3684679705892444769,
7346013871832529062,
14528608963998534792,
9466542400916821939,
10925564598174000610,
2691975909559666986,
397087297503084581,
2779611082521592067,
1010533508236560148,
7073734557655921036,
12622653764762278610,
14571600075677612986,
9767480182670369297
],
"num_partial_products": 9
}

+ 0
- 45430
verifier/data/step/proof_with_public_inputs.json
File diff suppressed because it is too large
View File


+ 0
- 140
verifier/data/step/verifier_only_circuit_data.json
View File

@ -1,140 +0,0 @@
{
"constants_sigmas_cap": [
{
"elements": [
9037422181318074482,
13844553280258601189,
14013690396566737561,
14600533186953608428
]
},
{
"elements": [
3891365497285560518,
6785071445101560305,
7146616719154245281,
8484433928946731576
]
},
{
"elements": [
15935467950899360740,
1041659913562170406,
11898906592313038819,
7940456224436700998
]
},
{
"elements": [
17420135248456983,
10686061014804565544,
17782021355470763205,
12726022340820773339
]
},
{
"elements": [
13322967402317526249,
12119892482906381301,
1483851501277040422,
17519911664522741561
]
},
{
"elements": [
3901474702590233137,
16494478574194405372,
3644962804006307872,
7967195830112920768
]
},
{
"elements": [
15532816309418050992,
11198055639421810456,
7449000032233257165,
6080646728225911938
]
},
{
"elements": [
7944791944524511304,
15470849481646525511,
11102721978231118523,
10011467322465036320
]
},
{
"elements": [
14679375199524381062,
9219647684485300612,
8902882543708912876,
6737676211275058717
]
},
{
"elements": [
15215848762718399329,
9538467614418882672,
7337952705707955964,
17932579689749986997
]
},
{
"elements": [
3111383469397480110,
17276616486884637185,
10511216595022742027,
3343575652946909638
]
},
{
"elements": [
2417848701164748156,
7846191940051381446,
4363725272084187306,
3143323624098735830
]
},
{
"elements": [
7639597922146523429,
14015537888097194053,
10449936634441844342,
3897071524048579556
]
},
{
"elements": [
12445360068819311840,
4910166437012489060,
9670875686931891121,
5569206524147441284
]
},
{
"elements": [
6965775890897127688,
14853930701622190781,
2643689027677976461,
1883768007952536249
]
},
{
"elements": [
6771363979354677578,
6567107174924251028,
15758449129319031800,
6619880945043941329
]
}
],
"circuit_digest": {
"elements": [
8574090053162898339,
2808971464690312489,
14807704193989191909,
14951686172889873386
]
}
}

+ 19
- 72
verifier/internal/fri/fri.go
View File

@ -17,9 +17,8 @@ type FriChip struct {
api frontend.API `gnark:"-"`
fieldAPI field.FieldAPI `gnark:"-"`
qeAPI *field.QuadraticExtensionAPI `gnark:"-"`
hashAPI *poseidon.HashAPI `gnark:"-"`
poseidonChip *poseidon.PoseidonChip
poseidonBN128Chip *poseidon.PoseidonBN128Chip
friParams *common.FriParams `gnark:"-"`
}
@ -28,17 +27,15 @@ func NewFriChip(
api frontend.API,
fieldAPI field.FieldAPI,
qeAPI *field.QuadraticExtensionAPI,
hashAPI *poseidon.HashAPI,
poseidonChip *poseidon.PoseidonChip,
poseidonBN128Chip *poseidon.PoseidonBN128Chip,
friParams *common.FriParams,
) *FriChip {
return &FriChip{
api: api,
fieldAPI: fieldAPI,
qeAPI: qeAPI,
hashAPI: hashAPI,
poseidonChip: poseidonChip,
friParams: friParams,
api: api,
fieldAPI: fieldAPI,
qeAPI: qeAPI,
poseidonBN128Chip: poseidonBN128Chip,
friParams: friParams,
}
}
@ -63,66 +60,15 @@ func (f *FriChip) fromOpeningsAndAlpha(openings *FriOpenings, alpha field.Quadra
return reducedOpenings
}
func (f *FriChip) hashOrNoop(data []field.F) poseidon.Hash {
var elements poseidon.Hash
if len(data) <= 4 {
// Pad the data to have a size of 4
for i, inputElement := range data {
elements[i] = inputElement
}
for i := len(data); i < 4; i++ {
elements[i] = field.ZERO_F
}
return elements
} else {
hashOutput := f.poseidonChip.HashNToMNoPad(data, 4)
if len(hashOutput) != len(elements) {
panic("The length of hashOutput and elements is different")
}
for i, hashField := range hashOutput {
elements[i] = hashField
}
return elements
}
}
func (f *FriChip) verifyMerkleProofToCapWithCapIndex(leafData []field.F, leafIndexBits []frontend.Variable, capIndexBits []frontend.Variable, merkleCap common.MerkleCap, proof *common.MerkleProof) {
currentDigest := f.hashOrNoop(leafData)
fourZeros := [4]field.F{field.ZERO_F, field.ZERO_F, field.ZERO_F, field.ZERO_F}
currentDigest := f.poseidonBN128Chip.HashOrNoop(leafData)
for i, sibling := range proof.Siblings {
bit := leafIndexBits[i]
var leftSiblingState poseidon.PoseidonState
copy(leftSiblingState[0:4], sibling[0:4])
copy(leftSiblingState[4:8], currentDigest[0:4])
copy(leftSiblingState[8:12], fourZeros[0:4])
leftHash := f.poseidonChip.Poseidon(leftSiblingState)
var leftHashCompress poseidon.Hash
leftHashCompress[0] = leftHash[0]
leftHashCompress[1] = leftHash[1]
leftHashCompress[2] = leftHash[2]
leftHashCompress[3] = leftHash[3]
var rightSiblingState poseidon.PoseidonState
copy(rightSiblingState[0:4], currentDigest[0:4])
copy(rightSiblingState[4:8], sibling[0:4])
copy(rightSiblingState[8:12], fourZeros[0:4])
rightHash := f.poseidonChip.Poseidon(rightSiblingState)
var rightHashCompress poseidon.Hash
rightHashCompress[0] = rightHash[0]
rightHashCompress[1] = rightHash[1]
rightHashCompress[2] = rightHash[2]
rightHashCompress[3] = rightHash[3]
currentDigest = f.hashAPI.SelectHash(bit, leftHashCompress, rightHashCompress)
// TODO: Don't need to do two hashes by using a trick that the plonky2 verifier circuit does
// https://github.com/mir-protocol/plonky2/blob/973624f12d2d12d74422b3ea051358b9eaacb050/plonky2/src/gates/poseidon.rs#L298
leftHash := f.poseidonBN128Chip.TwoToOne(sibling, currentDigest)
rightHash := f.poseidonBN128Chip.TwoToOne(currentDigest, sibling)
currentDigest = f.api.Select(bit, leftHash, rightHash)
}
// We assume that the cap_height is 4. Create two levels of the Lookup2 circuit
@ -136,19 +82,19 @@ func (f *FriChip) verifyMerkleProofToCapWithCapIndex(leafData []field.F, leafInd
}
const NUM_LEAF_LOOKUPS = 4
var leafLookups [NUM_LEAF_LOOKUPS]poseidon.Hash
var leafLookups [NUM_LEAF_LOOKUPS]poseidon.PoseidonBN128HashOut
// First create the "leaf" lookup2 circuits
// The will use the least significant bits of the capIndexBits array
for i := 0; i < NUM_LEAF_LOOKUPS; i++ {
leafLookups[i] = f.hashAPI.Lookup2Hash(
leafLookups[i] = f.api.Lookup2(
capIndexBits[0], capIndexBits[1],
merkleCap[i*NUM_LEAF_LOOKUPS], merkleCap[i*NUM_LEAF_LOOKUPS+1], merkleCap[i*NUM_LEAF_LOOKUPS+2], merkleCap[i*NUM_LEAF_LOOKUPS+3],
)
}
// Use the most 2 significant bits of the capIndexBits array for the "root" lookup
merkleCapEntry := f.hashAPI.Lookup2Hash(capIndexBits[2], capIndexBits[3], leafLookups[0], leafLookups[1], leafLookups[2], leafLookups[3])
f.hashAPI.AssertIsEqualHash(currentDigest, merkleCapEntry)
merkleCapEntry := f.api.Lookup2(capIndexBits[2], capIndexBits[3], leafLookups[0], leafLookups[1], leafLookups[2], leafLookups[3])
f.api.AssertIsEqual(currentDigest, merkleCapEntry)
}
func (f *FriChip) verifyInitialProof(xIndexBits []frontend.Variable, proof *common.FriInitialTreeProof, initialMerkleCaps []common.MerkleCap, capIndexBits []frontend.Variable) {
@ -422,7 +368,8 @@ func (f *FriChip) verifyQueryRound(
roundProof *common.FriQueryRound,
) {
f.assertNoncanonicalIndicesOK()
xIndexBits := f.fieldAPI.ToBits(xIndex)
xIndex = f.fieldAPI.Reduce(xIndex)
xIndexBits := f.fieldAPI.ToBits(xIndex)[0 : f.friParams.DegreeBits+f.friParams.Config.RateBits]
capIndexBits := xIndexBits[len(xIndexBits)-int(f.friParams.Config.CapHeight):]
f.verifyInitialProof(xIndexBits, &roundProof.InitialTreesProof, initialMerkleCaps, capIndexBits)

+ 61
- 182
verifier/internal/fri/fri_test.go
View File

@ -9,6 +9,7 @@ import (
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/fri"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/plonk"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/utils"
)
@ -16,12 +17,6 @@ type TestFriCircuit struct {
proofWithPIsFilename string `gnark:"-"`
commonCircuitDataFilename string `gnark:"-"`
verifierOnlyCircuitDataFilename string `gnark:"-"`
PlonkZeta field.QuadraticExtension
FriAlpha field.QuadraticExtension
FriBetas []field.QuadraticExtension
FriPOWResponse field.F
FriQueryIndices []field.F
}
func (circuit *TestFriCircuit) Define(api frontend.API) error {
@ -31,16 +26,44 @@ func (circuit *TestFriCircuit) Define(api frontend.API) error {
fieldAPI := field.NewFieldAPI(api)
qeAPI := field.NewQuadraticExtensionAPI(api, fieldAPI, commonCircuitData.DegreeBits)
hashAPI := poseidon.NewHashAPI(fieldAPI)
poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
friChip := fri.NewFriChip(api, fieldAPI, qeAPI, hashAPI, poseidonChip, &commonCircuitData.FriParams)
poseidonBN128Chip := poseidon.NewPoseidonBN128Chip(api, fieldAPI)
friChip := fri.NewFriChip(api, fieldAPI, qeAPI, poseidonBN128Chip, &commonCircuitData.FriParams)
challengerChip := plonk.NewChallengerChip(api, fieldAPI, poseidonChip, poseidonBN128Chip)
challengerChip.ObserveBN128Hash(verifierOnlyCircuitData.CircuitDigest)
challengerChip.ObserveHash(poseidonChip.HashNoPad(proofWithPis.PublicInputs))
challengerChip.ObserveCap(proofWithPis.Proof.WiresCap)
plonkBetas := challengerChip.GetNChallenges(commonCircuitData.Config.NumChallenges) // For plonk betas
fieldAPI.AssertIsEqual(plonkBetas[0], field.NewFieldConst(17615363392879944733))
plonkGammas := challengerChip.GetNChallenges(commonCircuitData.Config.NumChallenges) // For plonk gammas
fieldAPI.AssertIsEqual(plonkGammas[0], field.NewFieldConst(15174493176564484303))
challengerChip.ObserveCap(proofWithPis.Proof.PlonkZsPartialProductsCap)
plonkAlphas := challengerChip.GetNChallenges(commonCircuitData.Config.NumChallenges) // For plonk alphas
fieldAPI.AssertIsEqual(plonkAlphas[0], field.NewFieldConst(9276470834414745550))
challengerChip.ObserveCap(proofWithPis.Proof.QuotientPolysCap)
plonkZeta := challengerChip.GetExtensionChallenge()
fieldAPI.AssertIsEqual(plonkZeta[0], field.NewFieldConst(3892795992421241388))
challengerChip.ObserveOpenings(fri.ToFriOpenings(proofWithPis.Proof.Openings))
friChallenges := challengerChip.GetFriChallenges(
proofWithPis.Proof.OpeningProof.CommitPhaseMerkleCaps,
proofWithPis.Proof.OpeningProof.FinalPoly,
proofWithPis.Proof.OpeningProof.PowWitness,
commonCircuitData.DegreeBits,
commonCircuitData.Config.FriConfig,
)
friChallenges := common.FriChallenges{
FriAlpha: circuit.FriAlpha,
FriBetas: circuit.FriBetas,
FriPowResponse: circuit.FriPOWResponse,
FriQueryIndices: circuit.FriQueryIndices,
}
fieldAPI.AssertIsEqual(friChallenges.FriAlpha[0], field.NewFieldConst(885535811531859621))
fieldAPI.AssertIsEqual(friChallenges.FriBetas[0][0], field.NewFieldConst(5231781384587895507))
fieldAPI.AssertIsEqual(friChallenges.FriPowResponse, field.NewFieldConst(70715523064019))
fieldAPI.AssertIsEqual(friChallenges.FriQueryIndices[0], field.NewFieldConst(11890500485816111017))
initialMerkleCaps := []common.MerkleCap{
verifierOnlyCircuitData.ConstantSigmasCap,
@ -49,8 +72,27 @@ func (circuit *TestFriCircuit) Define(api frontend.API) error {
proofWithPis.Proof.QuotientPolysCap,
}
// Seems like there is a bug in the emulated field code.
// Add ZERO to all of the fri challenges values to reduce them.
plonkZeta[0] = fieldAPI.Add(plonkZeta[0], field.ZERO_F)
plonkZeta[1] = fieldAPI.Add(plonkZeta[1], field.ZERO_F)
friChallenges.FriAlpha[0] = fieldAPI.Add(friChallenges.FriAlpha[0], field.ZERO_F)
friChallenges.FriAlpha[1] = fieldAPI.Add(friChallenges.FriAlpha[1], field.ZERO_F)
for i := 0; i < len(friChallenges.FriBetas); i++ {
friChallenges.FriBetas[i][0] = fieldAPI.Add(friChallenges.FriBetas[i][0], field.ZERO_F)
friChallenges.FriBetas[i][1] = fieldAPI.Add(friChallenges.FriBetas[i][1], field.ZERO_F)
}
friChallenges.FriPowResponse = fieldAPI.Add(friChallenges.FriPowResponse, field.ZERO_F)
for i := 0; i < len(friChallenges.FriQueryIndices); i++ {
friChallenges.FriQueryIndices[i] = fieldAPI.Add(friChallenges.FriQueryIndices[i], field.ZERO_F)
}
friChip.VerifyFriProof(
fri.GetFriInstance(&commonCircuitData, qeAPI, circuit.PlonkZeta, commonCircuitData.DegreeBits),
fri.GetFriInstance(&commonCircuitData, qeAPI, plonkZeta, commonCircuitData.DegreeBits),
fri.ToFriOpenings(proofWithPis.Proof.Openings),
&friChallenges,
initialMerkleCaps,
@ -60,182 +102,19 @@ func (circuit *TestFriCircuit) Define(api frontend.API) error {
return nil
}
func TestFibonacciFriProof(t *testing.T) {
func TestDecodeBlockFriVerification(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestFriCircuit{
proofWithPIsFilename: "./data/fibonacci/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/fibonacci/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/fibonacci/verifier_only_circuit_data.json",
PlonkZeta: field.QuadraticExtension{
field.NewFieldConstFromString("14887793628029982930"),
field.NewFieldConstFromString("1136137158284059037"),
},
FriAlpha: field.QuadraticExtension{
field.NewFieldConstFromString("14641715242626918707"),
field.NewFieldConstFromString("10574243340537902930"),
},
FriBetas: []field.QuadraticExtension{},
FriPOWResponse: field.NewFieldConst(82451580476419),
FriQueryIndices: []field.F{
field.NewFieldConst(6790812084677375942),
field.NewFieldConst(12394212020331474798),
field.NewFieldConst(16457600747000998582),
field.NewFieldConst(1543271328932331916),
field.NewFieldConst(12115726870906958644),
field.NewFieldConst(6775897107605342797),
field.NewFieldConst(15989401564746021030),
field.NewFieldConst(10691676456016926845),
field.NewFieldConst(1632499470630032007),
field.NewFieldConst(1317292355445098328),
field.NewFieldConst(18391440812534384252),
field.NewFieldConst(17321705613231354333),
field.NewFieldConst(6176487551308859603),
field.NewFieldConst(7119835651572002873),
field.NewFieldConst(3903019169623116693),
field.NewFieldConst(4886491111111487546),
field.NewFieldConst(4087641893164620518),
field.NewFieldConst(13801643080324181364),
field.NewFieldConst(16993775312274189321),
field.NewFieldConst(9268202926222765679),
field.NewFieldConst(10683001302406181735),
field.NewFieldConst(13359465725531647963),
field.NewFieldConst(4523327590105620849),
field.NewFieldConst(4883588003760409588),
field.NewFieldConst(187699146998097671),
field.NewFieldConst(14489263557623716717),
field.NewFieldConst(11748359318238148146),
field.NewFieldConst(13636347200053048758),
},
}
witness := TestFriCircuit{}
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}
func TestDummyFriProof(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestFriCircuit{
proofWithPIsFilename: "../../data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "../../data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "../../data/dummy_2^14_gates/verifier_only_circuit_data.json",
PlonkZeta: field.QuadraticExtension{
field.NewFieldConstFromString("17377750363769967882"),
field.NewFieldConstFromString("11921191651424768462"),
},
FriAlpha: field.QuadraticExtension{
field.NewFieldConstFromString("16721004555774385479"),
field.NewFieldConstFromString("10688151135543754663"),
},
FriBetas: []field.QuadraticExtension{
{
field.NewFieldConstFromString("3312441922957827805"),
field.NewFieldConstFromString("15128092514958289671"),
},
{
field.NewFieldConstFromString("13630530769060141802"),
field.NewFieldConstFromString("14559883974933163008"),
},
{
field.NewFieldConstFromString("16146508250083930687"),
field.NewFieldConstFromString("5176346568444408396"),
},
},
FriPOWResponse: field.NewFieldConst(4389),
FriQueryIndices: []field.F{
field.NewFieldConstFromString("16334967868590615051"),
field.NewFieldConstFromString("2911473540496037915"),
field.NewFieldConstFromString("14887216056886344225"),
field.NewFieldConstFromString("7808811227805914295"),
field.NewFieldConstFromString("2018594961417375749"),
field.NewFieldConstFromString("3733368398777208435"),
field.NewFieldConstFromString("2623035669037055104"),
field.NewFieldConstFromString("299243030573481514"),
field.NewFieldConstFromString("7189789717962704433"),
field.NewFieldConstFromString("14566344026886816268"),
field.NewFieldConstFromString("12555390069003437453"),
field.NewFieldConstFromString("17225508403199418233"),
field.NewFieldConstFromString("5088797913879903292"),
field.NewFieldConstFromString("9715691392773433023"),
field.NewFieldConstFromString("7565836764713256165"),
field.NewFieldConstFromString("1500143546029322929"),
field.NewFieldConstFromString("1245802417104422080"),
field.NewFieldConstFromString("6831959786661245110"),
field.NewFieldConstFromString("17271054758535453780"),
field.NewFieldConstFromString("6225460404576395409"),
field.NewFieldConstFromString("15932661092896277351"),
field.NewFieldConstFromString("12452534049198240575"),
field.NewFieldConstFromString("4225199666055520177"),
field.NewFieldConstFromString("13235091290587791090"),
field.NewFieldConstFromString("2562357622728700774"),
field.NewFieldConstFromString("17676678042980201498"),
field.NewFieldConstFromString("5837067135702409874"),
field.NewFieldConstFromString("11238419549114325157"),
},
proofWithPIsFilename: "../../data/decode_block/proof_with_public_inputs.json",
commonCircuitDataFilename: "../../data/decode_block//common_circuit_data.json",
verifierOnlyCircuitDataFilename: "../../data/decode_block//verifier_only_circuit_data.json",
}
witness := TestFriCircuit{
proofWithPIsFilename: "../../data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "../../data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: ".../../data/dummy_2^14_gates/verifier_only_circuit_data.json",
PlonkZeta: field.QuadraticExtension{
field.NewFieldConstFromString("17377750363769967882"),
field.NewFieldConstFromString("11921191651424768462"),
},
FriAlpha: field.QuadraticExtension{
field.NewFieldConstFromString("16721004555774385479"),
field.NewFieldConstFromString("10688151135543754663"),
},
FriBetas: []field.QuadraticExtension{
{
field.NewFieldConstFromString("3312441922957827805"),
field.NewFieldConstFromString("15128092514958289671"),
},
{
field.NewFieldConstFromString("13630530769060141802"),
field.NewFieldConstFromString("14559883974933163008"),
},
{
field.NewFieldConstFromString("16146508250083930687"),
field.NewFieldConstFromString("5176346568444408396"),
},
},
FriPOWResponse: field.NewFieldConst(4389),
FriQueryIndices: []field.F{
field.NewFieldConstFromString("16334967868590615051"),
field.NewFieldConstFromString("2911473540496037915"),
field.NewFieldConstFromString("14887216056886344225"),
field.NewFieldConstFromString("7808811227805914295"),
field.NewFieldConstFromString("2018594961417375749"),
field.NewFieldConstFromString("3733368398777208435"),
field.NewFieldConstFromString("2623035669037055104"),
field.NewFieldConstFromString("299243030573481514"),
field.NewFieldConstFromString("7189789717962704433"),
field.NewFieldConstFromString("14566344026886816268"),
field.NewFieldConstFromString("12555390069003437453"),
field.NewFieldConstFromString("17225508403199418233"),
field.NewFieldConstFromString("5088797913879903292"),
field.NewFieldConstFromString("9715691392773433023"),
field.NewFieldConstFromString("7565836764713256165"),
field.NewFieldConstFromString("1500143546029322929"),
field.NewFieldConstFromString("1245802417104422080"),
field.NewFieldConstFromString("6831959786661245110"),
field.NewFieldConstFromString("17271054758535453780"),
field.NewFieldConstFromString("6225460404576395409"),
field.NewFieldConstFromString("15932661092896277351"),
field.NewFieldConstFromString("12452534049198240575"),
field.NewFieldConstFromString("4225199666055520177"),
field.NewFieldConstFromString("13235091290587791090"),
field.NewFieldConstFromString("2562357622728700774"),
field.NewFieldConstFromString("17676678042980201498"),
field.NewFieldConstFromString("5837067135702409874"),
field.NewFieldConstFromString("11238419549114325157"),
},
}
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)

+ 1
- 0
verifier/internal/gates/gate.go
View File

@ -23,6 +23,7 @@ var gateRegexHandlers = map[*regexp.Regexp]func(parameters map[string]string) Ga
mulExtensionGateRegex: deserializeMulExtensionGate,
noopGateRegex: deserializeNoopGate,
poseidonGateRegex: deserializePoseidonGate,
poseidonMdsGateRegex: deserializePoseidonMdsGate,
publicInputGateRegex: deserializePublicInputGate,
randomAccessGateRegex: deserializeRandomAccessGate,
reducingExtensionGateRegex: deserializeReducingExtensionGate,

+ 622
- 666
verifier/internal/gates/gate_test.go
File diff suppressed because it is too large
View File


+ 86
- 0
verifier/internal/gates/poseidon_mds_gate.go
View File

@ -0,0 +1,86 @@
package gates
import (
"regexp"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
)
var poseidonMdsGateRegex = regexp.MustCompile("PoseidonMdsGate.*")
func deserializePoseidonMdsGate(parameters map[string]string) Gate {
// Has the format "PoseidonMdsGate(PhantomData<plonky2_field::goldilocks_field::GoldilocksField>)<WIDTH=12>"
return NewPoseidonMdsGate()
}
type PoseidonMdsGate struct {
}
func NewPoseidonMdsGate() *PoseidonMdsGate {
return &PoseidonMdsGate{}
}
func (g *PoseidonMdsGate) Id() string {
return "PoseidonMdsGate"
}
func (g *PoseidonMdsGate) WireInput(i uint64) Range {
if i >= poseidon.SPONGE_WIDTH {
panic("Input less than sponge width")
}
return Range{i * field.D, (i + 1) * field.D}
}
func (g *PoseidonMdsGate) WireOutput(i uint64) Range {
if i >= poseidon.SPONGE_WIDTH {
panic("Input less than sponge width")
}
return Range{(poseidon.SPONGE_WIDTH + i) * field.D, (poseidon.SPONGE_WIDTH + i + 1) * field.D}
}
func (g *PoseidonMdsGate) mdsRowShfAlgebra(r uint64, v [poseidon.SPONGE_WIDTH]field.QEAlgebra, qeAPI *field.QuadraticExtensionAPI) field.QEAlgebra {
if r >= poseidon.SPONGE_WIDTH {
panic("MDS row index out of range")
}
res := qeAPI.ZERO_QE_ALGEBRA
for i := uint64(0); i < poseidon.SPONGE_WIDTH; i++ {
coeff := qeAPI.FieldToQE(poseidon.MDS_MATRIX_CIRC[i])
res = qeAPI.AddExtensionAlgebra(res, qeAPI.ScalarMulExtensionAlgebra(coeff, v[(i+r)%poseidon.SPONGE_WIDTH]))
}
coeff := qeAPI.FieldToQE(poseidon.MDS_MATRIX_DIAG[r])
res = qeAPI.AddExtensionAlgebra(res, qeAPI.ScalarMulExtensionAlgebra(coeff, v[r]))
return res
}
func (g *PoseidonMdsGate) mdsLayerAlgebra(state [poseidon.SPONGE_WIDTH]field.QEAlgebra, qeAPI *field.QuadraticExtensionAPI) [poseidon.SPONGE_WIDTH]field.QEAlgebra {
var result [poseidon.SPONGE_WIDTH]field.QEAlgebra
for r := uint64(0); r < poseidon.SPONGE_WIDTH; r++ {
result[r] = g.mdsRowShfAlgebra(r, state, qeAPI)
}
return result
}
func (g *PoseidonMdsGate) EvalUnfiltered(api frontend.API, qeAPI *field.QuadraticExtensionAPI, vars EvaluationVars) []field.QuadraticExtension {
constraints := []field.QuadraticExtension{}
var inputs [poseidon.SPONGE_WIDTH]field.QEAlgebra
for i := uint64(0); i < poseidon.SPONGE_WIDTH; i++ {
inputs[i] = vars.GetLocalExtAlgebra(g.WireInput(i))
}
computed_outputs := g.mdsLayerAlgebra(inputs, qeAPI)
for i := uint64(0); i < poseidon.SPONGE_WIDTH; i++ {
output := vars.GetLocalExtAlgebra(g.WireOutput(i))
diff := qeAPI.SubExtensionAlgebra(output, computed_outputs[i])
constraints = append(constraints, diff[0], diff[1])
}
return constraints
}

+ 2
- 2
verifier/internal/gates/vars.go
View File

@ -8,13 +8,13 @@ import (
type EvaluationVars struct {
localConstants []field.QuadraticExtension
localWires []field.QuadraticExtension
publicInputsHash poseidon.Hash
publicInputsHash poseidon.PoseidonHashOut
}
func NewEvaluationVars(
localConstants []field.QuadraticExtension,
localWires []field.QuadraticExtension,
publicInputsHash poseidon.Hash,
publicInputsHash poseidon.PoseidonHashOut,
) *EvaluationVars {
return &EvaluationVars{
localConstants: localConstants,

+ 27
- 21
verifier/internal/plonk/challenger.go
View File

@ -11,15 +11,16 @@ import (
)
type ChallengerChip struct {
api frontend.API `gnark:"-"`
field field.FieldAPI `gnark:"-"`
poseidonChip *poseidon.PoseidonChip
spongeState [poseidon.SPONGE_WIDTH]field.F
inputBuffer []field.F
outputBuffer []field.F
api frontend.API `gnark:"-"`
field field.FieldAPI `gnark:"-"`
poseidonChip *poseidon.PoseidonChip
poseidonBN128Chip *poseidon.PoseidonBN128Chip
spongeState [poseidon.SPONGE_WIDTH]field.F
inputBuffer []field.F
outputBuffer []field.F
}
func NewChallengerChip(api frontend.API, fieldAPI field.FieldAPI, poseidonChip *poseidon.PoseidonChip) *ChallengerChip {
func NewChallengerChip(api frontend.API, fieldAPI field.FieldAPI, poseidonChip *poseidon.PoseidonChip, poseidonBN128Chip *poseidon.PoseidonBN128Chip) *ChallengerChip {
var spongeState [poseidon.SPONGE_WIDTH]field.F
var inputBuffer []field.F
var outputBuffer []field.F
@ -29,12 +30,13 @@ func NewChallengerChip(api frontend.API, fieldAPI field.FieldAPI, poseidonChip *
}
return &ChallengerChip{
api: api,
field: fieldAPI,
poseidonChip: poseidonChip,
spongeState: spongeState,
inputBuffer: inputBuffer,
outputBuffer: outputBuffer,
api: api,
field: fieldAPI,
poseidonChip: poseidonChip,
poseidonBN128Chip: poseidonBN128Chip,
spongeState: spongeState,
inputBuffer: inputBuffer,
outputBuffer: outputBuffer,
}
}
@ -52,13 +54,19 @@ func (c *ChallengerChip) ObserveElements(elements []field.F) {
}
}
func (c *ChallengerChip) ObserveHash(hash poseidon.Hash) {
c.ObserveElements(hash[:])
func (c *ChallengerChip) ObserveHash(hash poseidon.PoseidonHashOut) {
elements := c.poseidonChip.ToVec(hash)
c.ObserveElements(elements)
}
func (c *ChallengerChip) ObserveCap(cap []poseidon.Hash) {
func (c *ChallengerChip) ObserveBN128Hash(hash poseidon.PoseidonBN128HashOut) {
elements := c.poseidonBN128Chip.ToVec(hash)
c.ObserveElements(elements)
}
func (c *ChallengerChip) ObserveCap(cap []poseidon.PoseidonBN128HashOut) {
for i := 0; i < len(cap); i++ {
c.ObserveHash(cap[i])
c.ObserveBN128Hash(cap[i])
}
}
@ -102,7 +110,7 @@ func (c *ChallengerChip) GetExtensionChallenge() field.QuadraticExtension {
return field.QuadraticExtension{values[0], values[1]}
}
func (c *ChallengerChip) GetHash() poseidon.Hash {
func (c *ChallengerChip) GetHash() poseidon.PoseidonHashOut {
return [4]field.F{c.GetChallenge(), c.GetChallenge(), c.GetChallenge(), c.GetChallenge()}
}
@ -140,9 +148,7 @@ func (c *ChallengerChip) duplexing() {
panic("something went wrong")
}
for i := 0; i < len(c.inputBuffer); i++ {
c.spongeState[i] = c.inputBuffer[i]
}
copy(c.spongeState[:], c.inputBuffer)
c.inputBuffer = clearBuffer(c.inputBuffer)
c.spongeState = c.poseidonChip.Poseidon(c.spongeState)
clearBuffer(c.outputBuffer)

+ 99
- 136
verifier/internal/plonk/challenger_test.go
View File

@ -1,21 +1,21 @@
package plonk
import (
"math/big"
"testing"
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/utils"
)
type TestChallengerCircuit struct {
PublicInputs [3]frontend.Variable
CircuitDigest [4]frontend.Variable
WiresCap [16][4]frontend.Variable
PlonkZsPartialProductsCap [16][4]frontend.Variable
QuotientPolysCap [16][4]frontend.Variable
PublicInputs []field.F
CircuitDigest poseidon.PoseidonBN128HashOut
WiresCap [16]poseidon.PoseidonBN128HashOut
PlonkZsPartialProductsCap [16]poseidon.PoseidonBN128HashOut
QuotientPolysCap [16]poseidon.PoseidonBN128HashOut
}
func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
@ -23,53 +23,23 @@ func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
degreeBits := 3
qeAPI := field.NewQuadraticExtensionAPI(api, fieldAPI, uint64(degreeBits))
poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
challengerChip := NewChallengerChip(api, fieldAPI, poseidonChip)
poseidonBN128Chip := poseidon.NewPoseidonBN128Chip(api, fieldAPI)
challengerChip := NewChallengerChip(api, fieldAPI, poseidonChip, poseidonBN128Chip)
var circuitDigest [4]field.F
for i := 0; i < len(circuitDigest); i++ {
circuitDigest[i] = fieldAPI.FromBits(api.ToBinary(circuit.CircuitDigest[i], 64)...)
}
var publicInputs [3]field.F
for i := 0; i < len(publicInputs); i++ {
publicInputs[i] = fieldAPI.FromBits(api.ToBinary(circuit.PublicInputs[i], 64)...)
}
var wiresCap [16][4]field.F
for i := 0; i < len(wiresCap); i++ {
for j := 0; j < len(wiresCap[0]); j++ {
wiresCap[i][j] = fieldAPI.FromBits(api.ToBinary(circuit.WiresCap[i][j], 64)...)
}
}
var plonkZsPartialProductsCap [16][4]field.F
for i := 0; i < len(plonkZsPartialProductsCap); i++ {
for j := 0; j < len(plonkZsPartialProductsCap[0]); j++ {
plonkZsPartialProductsCap[i][j] = fieldAPI.FromBits(api.ToBinary(circuit.PlonkZsPartialProductsCap[i][j], 64)...)
}
}
var quotientPolysCap [16][4]field.F
for i := 0; i < len(quotientPolysCap); i++ {
for j := 0; j < len(quotientPolysCap[0]); j++ {
quotientPolysCap[i][j] = fieldAPI.FromBits(api.ToBinary(circuit.QuotientPolysCap[i][j], 64)...)
}
}
publicInputHash := poseidonChip.HashNoPad(publicInputs[:])
challengerChip.ObserveHash(circuitDigest)
challengerChip.ObserveBN128Hash(circuit.CircuitDigest)
publicInputHash := poseidonChip.HashNoPad(circuit.PublicInputs[:])
challengerChip.ObserveHash(publicInputHash)
challengerChip.ObserveCap(wiresCap[:])
challengerChip.ObserveCap(circuit.WiresCap[:])
numChallenges := uint64(2)
plonkBetas := challengerChip.GetNChallenges(numChallenges)
plonkGammas := challengerChip.GetNChallenges(numChallenges)
expectedPublicInputHash := [4]field.F{
field.NewFieldConstFromString("8416658900775745054"),
field.NewFieldConstFromString("12574228347150446423"),
field.NewFieldConstFromString("9629056739760131473"),
field.NewFieldConstFromString("3119289788404190010"),
field.NewFieldConstFromString("0"),
field.NewFieldConstFromString("0"),
field.NewFieldConstFromString("0"),
field.NewFieldConstFromString("0"),
}
for i := 0; i < 4; i++ {
@ -77,13 +47,13 @@ func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
}
expectedPlonkBetas := [2]field.F{
field.NewFieldConstFromString("4678728155650926271"),
field.NewFieldConstFromString("13611962404289024887"),
field.NewFieldConstFromString("17615363392879944733"),
field.NewFieldConstFromString("9422446877322953047"),
}
expectedPlonkGammas := [2]field.F{
field.NewFieldConstFromString("13237663823305715949"),
field.NewFieldConstFromString("15389314098328235145"),
field.NewFieldConstFromString("15174493176564484303"),
field.NewFieldConstFromString("6175150444166239851"),
}
for i := 0; i < 2; i++ {
@ -91,24 +61,24 @@ func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
fieldAPI.AssertIsEqual(plonkGammas[i], expectedPlonkGammas[i])
}
challengerChip.ObserveCap(plonkZsPartialProductsCap[:])
challengerChip.ObserveCap(circuit.PlonkZsPartialProductsCap[:])
plonkAlphas := challengerChip.GetNChallenges(numChallenges)
expectedPlonkAlphas := [2]field.F{
field.NewFieldConstFromString("14505919539124304197"),
field.NewFieldConstFromString("1695455639263736117"),
field.NewFieldConstFromString("9276470834414745550"),
field.NewFieldConstFromString("5302812342351431915"),
}
for i := 0; i < 2; i++ {
fieldAPI.AssertIsEqual(plonkAlphas[i], expectedPlonkAlphas[i])
}
challengerChip.ObserveCap(quotientPolysCap[:])
challengerChip.ObserveCap(circuit.QuotientPolysCap[:])
plonkZeta := challengerChip.GetExtensionChallenge()
expectedPlonkZeta := field.QuadraticExtension{
field.NewFieldConstFromString("14887793628029982930"),
field.NewFieldConstFromString("1136137158284059037"),
field.NewFieldConstFromString("3892795992421241388"),
field.NewFieldConstFromString("15786647757418200302"),
}
for i := 0; i < 2; i++ {
@ -118,15 +88,25 @@ func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
return nil
}
func StringToBN128Hash(hashStr string) poseidon.PoseidonBN128HashOut {
hashBigInt, ok := new(big.Int).SetString(hashStr, 10)
if !(ok) {
panic("Invalid hash: " + hashStr)
}
hashVar := frontend.Variable(*hashBigInt)
return poseidon.PoseidonBN128HashOut(hashVar)
}
func TestChallengerWitness(t *testing.T) {
assert := test.NewAssert(t)
testCase := func(
publicInputs [3]frontend.Variable,
circuitDigest [4]frontend.Variable,
wiresCap [16][4]frontend.Variable,
plonkZsPartialProductsCap [16][4]frontend.Variable,
quotientPolysCap [16][4]frontend.Variable,
publicInputs []field.F,
circuitDigest poseidon.PoseidonBN128HashOut,
wiresCap [16]poseidon.PoseidonBN128HashOut,
plonkZsPartialProductsCap [16]poseidon.PoseidonBN128HashOut,
quotientPolysCap [16]poseidon.PoseidonBN128HashOut,
) {
circuit := TestChallengerCircuit{
PublicInputs: publicInputs,
@ -146,80 +126,63 @@ func TestChallengerWitness(t *testing.T) {
assert.NoError(err)
}
publicInputsStr := []string{"0", "1", "3736710860384812976"}
circuitDigestStr := []string{"7754113318730736048", "18436136620016916513", "18054530212389526288", "5893739326632906028"}
wiresCapStr := [][]string{
{"13884351014873073118", "5174249846243191862", "2208632528791973868", "1071582828677910652"},
{"11475361245556894879", "14867351574926692044", "17013374066934071379", "1027671036932569748"},
{"5604634992452399010", "3684464596850094189", "5565599237356852406", "4136295609943151014"},
{"8463721840990025805", "5922588965472526198", "8096699027533803435", "2210089353004111478"},
{"17531628199677307555", "11513452064460680964", "1482441508929181375", "5139566233781982440"},
{"13271417993289093233", "17257193898955790413", "16883807866578566670", "7423179920948669117"},
{"13462567520785358202", "15555103598281658890", "5859961276885232601", "4464568704709749394"},
{"153012620162729043", "14072764618167122665", "3025694603779494447", "15948104906680148838"},
{"18050235253694287284", "11467396424826912141", "11302553396166323353", "10976271719722841224"},
{"15208241660644051470", "8520722208187871063", "10775022596056682771", "16048513824198271730"},
{"6929477084755896240", "11382029470138215117", "13205948643259905511", "9421863267852221772"},
{"15449187573546292268", "10216729601353604194", "9493934392442974211", "9848643714440191835"},
{"2172475758127444753", "16681095938683502188", "9983383760611275566", "2603547977557388755"},
{"17440301588003279095", "11799356585691460705", "1386003375936412946", "11059100806278290279"},
{"10758265002546797581", "1374136260999724547", "7200401521491969338", "219493657547391496"},
{"5995963332181008902", "4442996285152250372", "2005936434281221193", "6869325719052666642"},
}
plonkZsPartialProductsCapStr := [][]string{
{"1209867952068639569", "4958824272276746373", "8278739766347565702", "1966940898171663504"},
{"12599305286358028697", "8932511136775685440", "5376267558248004641", "6313904687311555884"},
{"11190791343943249124", "4016631697385248176", "10356629842603047568", "10968099068686195317"},
{"1963983823153667719", "6333891613271539690", "12318891063769180636", "10443318253972130654"},
{"7799898099378084347", "2751829638242157622", "8351904444410446701", "5284662773710644867"},
{"1588568181448440843", "10836321455257423751", "5543952383542989142", "12946954522116753258"},
{"15710202198621978057", "13746115173212319217", "6103259182317700987", "17589471289629134988"},
{"12877950969971815168", "4963889190939310439", "8868772654550990048", "11774978531783219015"},
{"16832740767463005599", "15040340114131672027", "7469306538360789573", "3154855824233652432"},
{"9383568437827143152", "1741060064145647394", "17668587021570420286", "5241789470902809114"},
{"2087729156816989530", "8248918881937854542", "8673194597758568216", "10710697836634846115"},
{"11253371860840267365", "16818881664594712299", "11933553751682199585", "1936353232880935379"},
{"12163553231829171860", "17244267969759347515", "2003902333564157189", "6934019871173840760"},
{"2082141893879862527", "18267460725569427782", "1129651898415533808", "14011240934155569890"},
{"2526273401266876282", "6955959191669943337", "5926536548217021446", "17949337312612691782"},
{"8858882459906353593", "5813258279939597857", "6320047506247573502", "15969724232572328561"},
}
quotientPolysCapStr := [][]string{
{"9435614145733021495", "1742717829476348934", "11178548223985487003", "14531951007568589725"},
{"11747844681527676730", "3089691012847802165", "5887135310661642077", "13943570416123664971"},
{"11150071448774479229", "4486829025930200476", "9369448886033958276", "15757606153229850783"},
{"14603194410536469617", "11776185929725558373", "3122936423686490326", "10128277488128872810"},
{"4990578700975083076", "4997575606014863069", "14499603187047727337", "14028694557236527137"},
{"2279147899956815983", "16034899207717647338", "14763350037932939672", "10075834812570828076"},
{"1102006741007271956", "15242779529961262072", "6900547375301951311", "8631780317175902419"},
{"6299112770394539219", "6297397453582105768", "14148031335065995704", "3794733067587629405"},
{"7891039548997763820", "4260484126440019022", "6493066317319943586", "14775252570136307979"},
{"10790514248728420789", "14444029601980227412", "17514190309172155536", "12973059492411164965"},
{"8940755416742726696", "8469566845539112244", "7642612722784522739", "15276772682665052607"},
{"18306931819862706026", "14374659904694625207", "8609543532143656606", "17350044275494282679"},
{"9062024023737444614", "13780128979028684176", "6115495431779737008", "7170446003855284754"},
{"6191400598853400595", "7806485717076924017", "3225145303141729264", "3644550749005104128"},
{"15759718266801608721", "2406060174022670585", "15679263832775538866", "18066847192985300443"},
{"9184823221361582966", "4767786405185004644", "9827047623720647370", "993615002460432327"},
}
var publicInputs [3]frontend.Variable
var circuitDigest [4]frontend.Variable
var wiresCap [16][4]frontend.Variable
var plonkZsPartialProductsCap [16][4]frontend.Variable
var quotientPolysCap [16][4]frontend.Variable
copy(publicInputs[:], utils.StrArrayToFrontendVariableArray(publicInputsStr))
copy(circuitDigest[:], utils.StrArrayToFrontendVariableArray(circuitDigestStr))
for i := 0; i < len(wiresCapStr); i++ {
copy(wiresCap[i][:], utils.StrArrayToFrontendVariableArray(wiresCapStr[i]))
}
for i := 0; i < len(plonkZsPartialProductsCapStr); i++ {
copy(plonkZsPartialProductsCap[i][:], utils.StrArrayToFrontendVariableArray(plonkZsPartialProductsCapStr[i]))
}
for i := 0; i < len(quotientPolysCapStr); i++ {
copy(quotientPolysCap[i][:], utils.StrArrayToFrontendVariableArray(quotientPolysCapStr[i]))
}
testCase(publicInputs, circuitDigest, wiresCap, plonkZsPartialProductsCap, quotientPolysCap)
publicInputs := []field.F{}
circuitDigest := StringToBN128Hash("11532502846882484230992726008257788785937565673229400981185786126842727172973")
wiresCaps := [16]poseidon.PoseidonBN128HashOut{}
wiresCaps[0] = StringToBN128Hash("6232016528318542211523647364792867346449137823066292895075623303633330508214")
wiresCaps[1] = StringToBN128Hash("3849229275985461680629770572508259203226163621677714310355251582693130685288")
wiresCaps[2] = StringToBN128Hash("5987556171512366759354088598227343740440477791444099795740854232780130336082")
wiresCaps[3] = StringToBN128Hash("8523377779888975334090507575349048869294640263235559121841789718805736414837")
wiresCaps[4] = StringToBN128Hash("4173305429039088756536564029627250985745421317354666614089039608061166671898")
wiresCaps[5] = StringToBN128Hash("19514742808406256372169729907222415291809011606011679387563713660256488346125")
wiresCaps[6] = StringToBN128Hash("8519703011007005463193900985655355044586093539828702987016626948657512235078")
wiresCaps[7] = StringToBN128Hash("13337062986664638507390757043422262298890182385759661595000247205380836291424")
wiresCaps[8] = StringToBN128Hash("13956988298720968721248573872513053256190487207048215310365406791617256823071")
wiresCaps[9] = StringToBN128Hash("4139118776078237399422219240136866906229498819930564462151328936368637474741")
wiresCaps[10] = StringToBN128Hash("20010683036854145765538326917745039166608941517703057250025522185331298063240")
wiresCaps[11] = StringToBN128Hash("16542849340693186579674885260236043503488748690860552251132996633211111581047")
wiresCaps[12] = StringToBN128Hash("15340310232736118098606223218073833983285921571850333937460777227732109309104")
wiresCaps[13] = StringToBN128Hash("14370557250059545670244193708996703450518439828341533154117610442161777001185")
wiresCaps[14] = StringToBN128Hash("18844434454299441334771065219656682212700835025465734281792408139929868142021")
wiresCaps[15] = StringToBN128Hash("19676343740377898318702605893881480074303742058989194823248293456630167789460")
plonkZsPartialProductsCaps := [16]poseidon.PoseidonBN128HashOut{}
plonkZsPartialProductsCaps[0] = StringToBN128Hash("18630303757724954689095079665308152603926320437432442392614316813333911252124")
plonkZsPartialProductsCaps[1] = StringToBN128Hash("1941509032097423911575973752610668722198580889286836043016771886256831254944")
plonkZsPartialProductsCaps[2] = StringToBN128Hash("6147898094056673441182607282006528423230906496770003193057422314911254596722")
plonkZsPartialProductsCaps[3] = StringToBN128Hash("8711744418341460096856191310559061094028644913424948320707020455945693390966")
plonkZsPartialProductsCaps[4] = StringToBN128Hash("3170507894509162329082713944669012510679535839018490515228566075949014704871")
plonkZsPartialProductsCaps[5] = StringToBN128Hash("9513443633020527244719737008971091746535961947215556968735061932963144145728")
plonkZsPartialProductsCaps[6] = StringToBN128Hash("16440622144490342815400399751667969445057099157732990266662948140364680211732")
plonkZsPartialProductsCaps[7] = StringToBN128Hash("16904904288584890809819587275120157893767917607795020298373538872373275028362")
plonkZsPartialProductsCaps[8] = StringToBN128Hash("1322883689945010694042124537248103086068476085787048131689196755087178475099")
plonkZsPartialProductsCaps[9] = StringToBN128Hash("3859729225679954076862546769780866075152550721517632074656261209033111218654")
plonkZsPartialProductsCaps[10] = StringToBN128Hash("5995885491698588595978721670502011088690021401297557688057158353938846681398")
plonkZsPartialProductsCaps[11] = StringToBN128Hash("16957177478856199232404038751327729781816109007496656232207408246975862260922")
plonkZsPartialProductsCaps[12] = StringToBN128Hash("9422393668093911702915740702404346320943009100616501740579421944206639410155")
plonkZsPartialProductsCaps[13] = StringToBN128Hash("15680345727093646870610240619814271686346382346107751208797654607051065248818")
plonkZsPartialProductsCaps[14] = StringToBN128Hash("4939261448468032698521878059774016528161329965101885352386001950329280576201")
plonkZsPartialProductsCaps[15] = StringToBN128Hash("7003946111898359335505647195128523292498498760325513092978040051648331398446")
quotientPolysCaps := [16]poseidon.PoseidonBN128HashOut{}
quotientPolysCaps[0] = StringToBN128Hash("3918560082526903400389798118659365477465402367561322989181693953047280669646")
quotientPolysCaps[1] = StringToBN128Hash("496966935842756068593963213547105605432646958081400837931911611833297095727")
quotientPolysCaps[2] = StringToBN128Hash("8683297895986438077633020202252074142721819824824948690853505463451806801507")
quotientPolysCaps[3] = StringToBN128Hash("14623770060934618886104076268225324888644340537717836901769942847173950269850")
quotientPolysCaps[4] = StringToBN128Hash("902377468311802642056170073282349607767917979325737018777782566011948776523")
quotientPolysCaps[5] = StringToBN128Hash("12124340721627925810131860890689432371048624670798932303474977401990312142398")
quotientPolysCaps[6] = StringToBN128Hash("21656753786114693289615694183370749990935753681953197920766927707640495235100")
quotientPolysCaps[7] = StringToBN128Hash("4651674172794111060599611529192263627230814664669763852917839857516619530510")
quotientPolysCaps[8] = StringToBN128Hash("13161231355626784301812735677481006076469384200800574341495987998366265598910")
quotientPolysCaps[9] = StringToBN128Hash("20853590455948262404101100028402584187982204016660952863575312077951992942329")
quotientPolysCaps[10] = StringToBN128Hash("742867642166478273564934628555265381154191517824405375118170559554873960389")
quotientPolysCaps[11] = StringToBN128Hash("17617970388755497287414457313283777609067524774358298322461931046141926005038")
quotientPolysCaps[12] = StringToBN128Hash("55496208750959228576253470708262329602643441253143570259294790484739321332")
quotientPolysCaps[13] = StringToBN128Hash("18450079114184018679423491604333957974306902732410122012117555285853099024676")
quotientPolysCaps[14] = StringToBN128Hash("14403337493956171864251492809058241138806636992110526018123749007090024780352")
quotientPolysCaps[15] = StringToBN128Hash("252265115458024097842043026135110356285192501597856208375838682286051476335")
testCase(publicInputs, circuitDigest, wiresCaps, plonkZsPartialProductsCaps, quotientPolysCaps)
}

+ 1
- 1
verifier/internal/plonk/plonk.go
View File

@ -187,7 +187,7 @@ func (p *PlonkChip) evalVanishingPoly(vars gates.EvaluationVars, proofChallenges
return reducedValues
}
func (p *PlonkChip) Verify(proofChallenges common.ProofChallenges, openings common.OpeningSet, publicInputsHash poseidon.Hash) {
func (p *PlonkChip) Verify(proofChallenges common.ProofChallenges, openings common.OpeningSet, publicInputsHash poseidon.PoseidonHashOut) {
// Calculate zeta^n
zetaPowN := p.expPowerOf2Extension(proofChallenges.PlonkZeta)

+ 4
- 21
verifier/internal/plonk/plonk_test.go
View File

@ -38,31 +38,14 @@ func (circuit *TestPlonkCircuit) Define(api frontend.API) error {
return nil
}
func TestPlonkFibonacci(t *testing.T) {
func TestPlonkDecodeBlock(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestPlonkCircuit{
proofWithPIsFilename: "./data/fibonacci/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/fibonacci/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/fibonacci/verifier_only_circuit_data.json",
}
witness := TestPlonkCircuit{}
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}
func TestPlonkDummy(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestPlonkCircuit{
proofWithPIsFilename: "./data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
proofWithPIsFilename: "../../data/decode_block/proof_with_public_inputs.json",
commonCircuitDataFilename: "../../data/decode_block/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "../../data/decode_block/verifier_only_circuit_data.json",
}
witness := TestPlonkCircuit{}
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())

+ 57
- 64
verifier/utils/deserialize.go
View File

@ -3,8 +3,10 @@ package utils
import (
"encoding/json"
"io"
"math/big"
"os"
"github.com/consensys/gnark/frontend"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/utils"
@ -14,16 +16,10 @@ import (
type ProofWithPublicInputsRaw struct {
Proof struct {
WiresCap []struct {
Elements []uint64 `json:"elements"`
} `json:"wires_cap"`
PlonkZsPartialProductsCap []struct {
Elements []uint64 `json:"elements"`
} `json:"plonk_zs_partial_products_cap"`
QuotientPolysCap []struct {
Elements []uint64 `json:"elements"`
} `json:"quotient_polys_cap"`
Openings struct {
WiresCap []string `json:"wires_cap"`
PlonkZsPartialProductsCap []string `json:"plonk_zs_partial_products_cap"`
QuotientPolysCap []string `json:"quotient_polys_cap"`
Openings struct {
Constants [][]uint64 `json:"constants"`
PlonkSigmas [][]uint64 `json:"plonk_sigmas"`
Wires [][]uint64 `json:"wires"`
@ -33,14 +29,16 @@ type ProofWithPublicInputsRaw struct {
QuotientPolys [][]uint64 `json:"quotient_polys"`
} `json:"openings"`
OpeningProof struct {
CommitPhaseMerkleCaps []MerkleCapsRaw `json:"commit_phase_merkle_caps"`
CommitPhaseMerkleCaps [][]string `json:"commit_phase_merkle_caps"`
QueryRoundProofs []struct {
InitialTreesProof struct {
EvalsProofs []EvalProofRaw `json:"evals_proofs"`
} `json:"initial_trees_proof"`
Steps []struct {
Evals [][]uint64 `json:"evals"`
MerkleProof MerkleProofRaw `json:"merkle_proof"`
Evals [][]uint64 `json:"evals"`
MerkleProof struct {
Siblings []string `json:"siblings"`
} `json:"merkle_proof"`
} `json:"steps"`
} `json:"query_round_proofs"`
FinalPoly struct {
@ -52,39 +50,22 @@ type ProofWithPublicInputsRaw struct {
PublicInputs []uint64 `json:"public_inputs"`
}
type MerkleCapsRaw struct {
hashes [][]uint64
}
func (m *MerkleCapsRaw) UnmarshalJSON(data []byte) error {
var merkleCaps []map[string][]uint64
if err := json.Unmarshal(data, &merkleCaps); err != nil {
panic(err)
}
m.hashes = make([][]uint64, len(merkleCaps))
for i := 0; i < len(merkleCaps); i++ {
m.hashes[i] = merkleCaps[i]["elements"]
}
return nil
}
type EvalProofRaw struct {
leafElements []uint64
merkleProof MerkleProofRaw
LeafElements []uint64
MerkleProof MerkleProofRaw
}
func (e *EvalProofRaw) UnmarshalJSON(data []byte) error {
return json.Unmarshal(data, &[]interface{}{&e.leafElements, &e.merkleProof})
return json.Unmarshal(data, &[]interface{}{&e.LeafElements, &e.MerkleProof})
}
type MerkleProofRaw struct {
hash [][]uint64
Hash []string
}
func (m *MerkleProofRaw) UnmarshalJSON(data []byte) error {
type SiblingObject struct {
Siblings []map[string][]uint64 // "siblings"
Siblings []string // "siblings"
}
var siblings SiblingObject
@ -92,10 +73,8 @@ func (m *MerkleProofRaw) UnmarshalJSON(data []byte) error {
panic(err)
}
m.hash = make([][]uint64, len(siblings.Siblings))
for siblingIdx, sibling := range siblings.Siblings {
m.hash[siblingIdx] = sibling["elements"]
}
m.Hash = make([]string, len(siblings.Siblings))
copy(m.Hash[:], siblings.Siblings)
return nil
}
@ -164,19 +143,16 @@ type ProofChallengesRaw struct {
}
type VerifierOnlyCircuitDataRaw struct {
ConstantsSigmasCap []struct {
Elements []uint64 `json:"elements"`
} `json:"constants_sigmas_cap"`
CircuitDigest struct {
Elements []uint64 `json:"elements"`
} `json:"circuit_digest"`
ConstantsSigmasCap []string `json:"constants_sigmas_cap"`
CircuitDigest string `json:"circuit_digest"`
}
func DeserializeMerkleCap(merkleCapRaw []struct{ Elements []uint64 }) common.MerkleCap {
func DeserializeMerkleCap(merkleCapRaw []string) common.MerkleCap {
n := len(merkleCapRaw)
merkleCap := make([]poseidon.Hash, n)
merkleCap := make([]poseidon.PoseidonBN128HashOut, n)
for i := 0; i < n; i++ {
copy(merkleCap[i][:], utils.Uint64ArrayToFArray(merkleCapRaw[i].Elements))
capBigInt, _ := new(big.Int).SetString(merkleCapRaw[i], 10)
merkleCap[i] = frontend.Variable(capBigInt)
}
return merkleCap
}
@ -184,10 +160,10 @@ func DeserializeMerkleCap(merkleCapRaw []struct{ Elements []uint64 }) common.Mer
func DeserializeMerkleProof(merkleProofRaw struct{ Siblings []interface{} }) common.MerkleProof {
n := len(merkleProofRaw.Siblings)
var mp common.MerkleProof
mp.Siblings = make([]poseidon.Hash, n)
mp.Siblings = make([]poseidon.PoseidonBN128HashOut, n)
for i := 0; i < n; i++ {
element := merkleProofRaw.Siblings[i].(struct{ Elements []uint64 })
copy(mp.Siblings[i][:], utils.Uint64ArrayToFArray(element.Elements))
mp.Siblings[i] = utils.Uint64ArrayToFArray(element.Elements)
}
return mp
}
@ -212,15 +188,29 @@ func DeserializeOpeningSet(openingSetRaw struct {
}
}
func StringArrayToHashBN128Array(rawHashes []string) []poseidon.PoseidonBN128HashOut {
hashes := []poseidon.PoseidonBN128HashOut{}
for i := 0; i < len(rawHashes); i++ {
hashBigInt, _ := new(big.Int).SetString(rawHashes[i], 10)
hashVar := frontend.Variable(hashBigInt)
hashes = append(hashes, poseidon.PoseidonBN128HashOut(hashVar))
}
return hashes
}
func DeserializeFriProof(openingProofRaw struct {
CommitPhaseMerkleCaps []MerkleCapsRaw
CommitPhaseMerkleCaps [][]string
QueryRoundProofs []struct {
InitialTreesProof struct {
EvalsProofs []EvalProofRaw
}
Steps []struct {
Evals [][]uint64
MerkleProof MerkleProofRaw
MerkleProof struct {
Siblings []string
}
}
}
FinalPoly struct {
@ -234,7 +224,7 @@ func DeserializeFriProof(openingProofRaw struct {
openingProof.CommitPhaseMerkleCaps = make([]common.MerkleCap, len(openingProofRaw.CommitPhaseMerkleCaps))
for i := 0; i < len(openingProofRaw.CommitPhaseMerkleCaps); i++ {
openingProof.CommitPhaseMerkleCaps[i] = poseidon.Uint64ArrayToHashArray(openingProofRaw.CommitPhaseMerkleCaps[i].hashes)
openingProof.CommitPhaseMerkleCaps[i] = StringArrayToHashBN128Array(openingProofRaw.CommitPhaseMerkleCaps[i])
}
numQueryRoundProofs := len(openingProofRaw.QueryRoundProofs)
@ -244,15 +234,15 @@ func DeserializeFriProof(openingProofRaw struct {
numEvalProofs := len(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs)
openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs = make([]common.EvalProof, numEvalProofs)
for j := 0; j < numEvalProofs; j++ {
openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].Elements = utils.Uint64ArrayToFArray(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].leafElements)
openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].MerkleProof.Siblings = poseidon.Uint64ArrayToHashArray(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].merkleProof.hash)
openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].Elements = utils.Uint64ArrayToFArray(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].LeafElements)
openingProof.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].MerkleProof.Siblings = StringArrayToHashBN128Array(openingProofRaw.QueryRoundProofs[i].InitialTreesProof.EvalsProofs[j].MerkleProof.Hash)
}
numSteps := len(openingProofRaw.QueryRoundProofs[i].Steps)
openingProof.QueryRoundProofs[i].Steps = make([]common.FriQueryStep, numSteps)
for j := 0; j < numSteps; j++ {
openingProof.QueryRoundProofs[i].Steps[j].Evals = utils.Uint64ArrayToQuadraticExtensionArray(openingProofRaw.QueryRoundProofs[i].Steps[j].Evals)
openingProof.QueryRoundProofs[i].Steps[j].MerkleProof.Siblings = poseidon.Uint64ArrayToHashArray(openingProofRaw.QueryRoundProofs[i].Steps[j].MerkleProof.hash)
openingProof.QueryRoundProofs[i].Steps[j].MerkleProof.Siblings = StringArrayToHashBN128Array(openingProofRaw.QueryRoundProofs[i].Steps[j].MerkleProof.Siblings)
}
}
@ -275,9 +265,9 @@ func DeserializeProofWithPublicInputs(path string) common.ProofWithPublicInputs
}
var proofWithPis common.ProofWithPublicInputs
proofWithPis.Proof.WiresCap = DeserializeMerkleCap([]struct{ Elements []uint64 }(raw.Proof.WiresCap))
proofWithPis.Proof.PlonkZsPartialProductsCap = DeserializeMerkleCap([]struct{ Elements []uint64 }(raw.Proof.PlonkZsPartialProductsCap))
proofWithPis.Proof.QuotientPolysCap = DeserializeMerkleCap([]struct{ Elements []uint64 }(raw.Proof.QuotientPolysCap))
proofWithPis.Proof.WiresCap = DeserializeMerkleCap(raw.Proof.WiresCap)
proofWithPis.Proof.PlonkZsPartialProductsCap = DeserializeMerkleCap(raw.Proof.PlonkZsPartialProductsCap)
proofWithPis.Proof.QuotientPolysCap = DeserializeMerkleCap(raw.Proof.QuotientPolysCap)
proofWithPis.Proof.Openings = DeserializeOpeningSet(struct {
Constants [][]uint64
PlonkSigmas [][]uint64
@ -288,14 +278,16 @@ func DeserializeProofWithPublicInputs(path string) common.ProofWithPublicInputs
QuotientPolys [][]uint64
}(raw.Proof.Openings))
proofWithPis.Proof.OpeningProof = DeserializeFriProof(struct {
CommitPhaseMerkleCaps []MerkleCapsRaw
CommitPhaseMerkleCaps [][]string
QueryRoundProofs []struct {
InitialTreesProof struct {
EvalsProofs []EvalProofRaw
}
Steps []struct {
Evals [][]uint64
MerkleProof MerkleProofRaw
MerkleProof struct {
Siblings []string
}
}
}
FinalPoly struct{ Coeffs [][]uint64 }
@ -436,8 +428,9 @@ func DeserializeVerifierOnlyCircuitData(path string) common.VerifierOnlyCircuitD
}
var verifierOnlyCircuitData common.VerifierOnlyCircuitData
verifierOnlyCircuitData.ConstantSigmasCap = DeserializeMerkleCap([]struct{ Elements []uint64 }(raw.ConstantsSigmasCap))
copy(verifierOnlyCircuitData.CircuitDigest[:], utils.Uint64ArrayToFArray(raw.CircuitDigest.Elements))
verifierOnlyCircuitData.ConstantSigmasCap = DeserializeMerkleCap(raw.ConstantsSigmasCap)
circuitDigestBigInt, _ := new(big.Int).SetString(raw.CircuitDigest, 10)
circuitDigestVar := frontend.Variable(circuitDigestBigInt)
verifierOnlyCircuitData.CircuitDigest = poseidon.PoseidonBN128HashOut(circuitDigestVar)
return verifierOnlyCircuitData
}

+ 3
- 3
verifier/utils/deserialize_test.go
View File

@ -6,19 +6,19 @@ import (
)
func TestDeserializeProofWithPublicInputs(t *testing.T) {
proofWithPis := DeserializeProofWithPublicInputs("./data/fibonacci/proof_with_public_inputs.json")
proofWithPis := DeserializeProofWithPublicInputs("../data/decode_block/proof_with_public_inputs.json")
fmt.Printf("%+v\n", proofWithPis)
panic("look at stdout")
}
func TestDeserializeCommonCircuitData(t *testing.T) {
commonCircuitData := DeserializeCommonCircuitData("./data/fibonacci/common_circuit_data.json")
commonCircuitData := DeserializeCommonCircuitData("../data/decode_block/common_circuit_data.json")
fmt.Printf("%+v\n", commonCircuitData)
panic("look at stdout")
}
func TestDeserializeVerifierOnlyCircuitData(t *testing.T) {
verifierOnlyCircuitData := DeserializeVerifierOnlyCircuitData("./data/fibonacci/verifier_only_circuit_data.json")
verifierOnlyCircuitData := DeserializeVerifierOnlyCircuitData("../data/decode_block/verifier_only_circuit_data.json")
fmt.Printf("%+v\n", verifierOnlyCircuitData)
panic("look at stdout")
}

+ 23
- 19
verifier/verifier.go
View File

@ -10,51 +10,55 @@ import (
)
type VerifierChip struct {
api frontend.API `gnark:"-"`
fieldAPI field.FieldAPI `gnark:"-"`
qeAPI *field.QuadraticExtensionAPI `gnark:"-"`
poseidonChip *poseidon.PoseidonChip
plonkChip *plonk.PlonkChip
friChip *fri.FriChip
api frontend.API `gnark:"-"`
fieldAPI field.FieldAPI `gnark:"-"`
qeAPI *field.QuadraticExtensionAPI `gnark:"-"`
poseidonChip *poseidon.PoseidonChip
poseidonBN128Chip *poseidon.PoseidonBN128Chip
plonkChip *plonk.PlonkChip
friChip *fri.FriChip
}
func NewVerifierChip(api frontend.API, commonCircuitData common.CommonCircuitData) *VerifierChip {
fieldAPI := field.NewFieldAPI(api)
qeAPI := field.NewQuadraticExtensionAPI(api, fieldAPI, commonCircuitData.DegreeBits)
hashAPI := poseidon.NewHashAPI(fieldAPI)
poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
poseidonBN128Chip := poseidon.NewPoseidonBN128Chip(api, fieldAPI)
friChip := fri.NewFriChip(api, fieldAPI, qeAPI, hashAPI, poseidonChip, &commonCircuitData.FriParams)
friChip := fri.NewFriChip(api, fieldAPI, qeAPI, poseidonBN128Chip, &commonCircuitData.FriParams)
plonkChip := plonk.NewPlonkChip(api, qeAPI, commonCircuitData)
// We are using goldilocks poseidon for the challenge computation
poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
return &VerifierChip{
api: api,
fieldAPI: fieldAPI,
qeAPI: qeAPI,
poseidonChip: poseidonChip,
plonkChip: plonkChip,
friChip: friChip,
api: api,
fieldAPI: fieldAPI,
qeAPI: qeAPI,
poseidonChip: poseidonChip,
poseidonBN128Chip: poseidonBN128Chip,
plonkChip: plonkChip,
friChip: friChip,
}
}
func (c *VerifierChip) GetPublicInputsHash(publicInputs []field.F) poseidon.Hash {
func (c *VerifierChip) GetPublicInputsHash(publicInputs []field.F) poseidon.PoseidonHashOut {
return c.poseidonChip.HashNoPad(publicInputs)
}
func (c *VerifierChip) GetChallenges(
proofWithPis common.ProofWithPublicInputs,
publicInputsHash poseidon.Hash,
publicInputsHash poseidon.PoseidonHashOut,
commonData common.CommonCircuitData,
verifierData common.VerifierOnlyCircuitData,
) common.ProofChallenges {
config := commonData.Config
numChallenges := config.NumChallenges
challenger := plonk.NewChallengerChip(c.api, c.fieldAPI, c.poseidonChip)
challenger := plonk.NewChallengerChip(c.api, c.fieldAPI, c.poseidonChip, c.poseidonBN128Chip)
var circuitDigest = verifierData.CircuitDigest
challenger.ObserveHash(circuitDigest)
challenger.ObserveBN128Hash(circuitDigest)
challenger.ObserveHash(publicInputsHash)
challenger.ObserveCap(proofWithPis.Proof.WiresCap)
plonkBetas := challenger.GetNChallenges(numChallenges)

+ 4
- 280
verifier/verifier_test.go
View File

@ -6,286 +6,10 @@ import (
"github.com/consensys/gnark/frontend"
"github.com/consensys/gnark/test"
"github.com/succinctlabs/gnark-plonky2-verifier/field"
"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
"github.com/succinctlabs/gnark-plonky2-verifier/verifier/utils"
)
type TestVerifierChallengesCircuit struct {
fieldAPI frontend.API `gnark:"-"`
qeAPI *field.QuadraticExtensionAPI `gnark:"-"`
hashAPI *poseidon.HashAPI `gnark:"-"`
proofWithPIsFilename string `gnark:"-"`
commonCircuitDataFilename string `gnark:"-"`
verifierOnlyCircuitDataFilename string `gnark:"-"`
numChallenges uint64 `gnark:"-"`
numFriQueries uint64 `gnark:"-"`
t *testing.T `gnark:"-"`
expectedPublicInputsHash poseidon.Hash
expectedPlonkBetas []field.F // slice length == num challenges
expectedPlonkGammas []field.F // slice length == num challenges
expectedPlonkAlphas []field.F // slice length == num challenges
expectedPlonkZeta field.QuadraticExtension
expectedFriAlpha field.QuadraticExtension
expectedFriBetas []field.QuadraticExtension // slice length == num fri rounds
expectedFriQueryIndices []field.F // slice length == num fri queries
verifierChip *verifier.VerifierChip
}
func (c *TestVerifierChallengesCircuit) GetChallengesSanityCheck(
proofWithPis common.ProofWithPublicInputs,
verifierData common.VerifierOnlyCircuitData,
commonData common.CommonCircuitData,
) {
publicInputsHash := c.verifierChip.GetPublicInputsHash(proofWithPis.PublicInputs)
proofChallenges := c.verifierChip.GetChallenges(proofWithPis, publicInputsHash, commonData, verifierData)
c.hashAPI.AssertIsEqualHash(publicInputsHash, c.expectedPublicInputsHash)
if len(proofChallenges.PlonkBetas) != int(c.numChallenges) {
c.t.Errorf("len(PlonkBetas) should equal numChallenges")
}
for i := 0; i < int(c.numChallenges); i++ {
c.fieldAPI.AssertIsEqual(proofChallenges.PlonkBetas[i], c.expectedPlonkBetas[i])
}
if len(proofChallenges.PlonkGammas) != int(c.numChallenges) {
c.t.Errorf("len(PlonkGammas) should equal numChallenges")
}
for i := 0; i < int(c.numChallenges); i++ {
c.fieldAPI.AssertIsEqual(proofChallenges.PlonkGammas[i], c.expectedPlonkGammas[i])
}
if len(proofChallenges.PlonkAlphas) != int(c.numChallenges) {
c.t.Errorf("len(PlonkAlphas) should equal numChallenges")
}
for i := 0; i < int(c.numChallenges); i++ {
c.fieldAPI.AssertIsEqual(proofChallenges.PlonkAlphas[i], c.expectedPlonkAlphas[i])
}
c.qeAPI.AssertIsEqual(proofChallenges.PlonkZeta, c.expectedPlonkZeta)
c.qeAPI.AssertIsEqual(proofChallenges.FriChallenges.FriAlpha, c.expectedFriAlpha)
if len(proofChallenges.FriChallenges.FriBetas) != len(commonData.FriParams.ReductionArityBits) {
c.t.Errorf("len(PlonkAlphas) should equal num fri rounds")
}
for i := 0; i < len(commonData.FriParams.ReductionArityBits); i++ {
c.qeAPI.AssertIsEqual(proofChallenges.FriChallenges.FriBetas[i], c.expectedFriBetas[i])
}
// This test is commented out because pow_witness is randomized between runs of the prover.
// expectedPowResponse := field.NewFieldConstFromString("92909863298412")
// c.field.AssertIsEqual(proofChallenges.FriChallenges.FriPowResponse, expectedPowResponse)
if len(proofChallenges.FriChallenges.FriQueryIndices) != int(c.numFriQueries) {
c.t.Errorf("len(expectedFriQueryIndices) should equal num fri queries")
}
for i := 0; i < int(c.numFriQueries); i++ {
c.fieldAPI.AssertIsEqual(c.expectedFriQueryIndices[i], proofChallenges.FriChallenges.FriQueryIndices[i])
}
}
func (c *TestVerifierChallengesCircuit) Define(api frontend.API) error {
proofWithPis := utils.DeserializeProofWithPublicInputs(c.proofWithPIsFilename)
commonCircuitData := utils.DeserializeCommonCircuitData(c.commonCircuitDataFilename)
verfierOnlyCircuitData := utils.DeserializeVerifierOnlyCircuitData(c.verifierOnlyCircuitDataFilename)
c.numChallenges = commonCircuitData.Config.NumChallenges
c.numFriQueries = commonCircuitData.FriParams.Config.NumQueryRounds
c.verifierChip = verifier.NewVerifierChip(api, commonCircuitData)
c.GetChallengesSanityCheck(proofWithPis, verfierOnlyCircuitData, commonCircuitData)
return nil
}
func TestFibonacciVerifierWitness(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestVerifierChallengesCircuit{
proofWithPIsFilename: "./data/fibonacci/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/fibonacci/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/fibonacci/verifier_only_circuit_data.json",
t: t,
expectedPublicInputsHash: poseidon.Hash{
field.NewFieldConstFromString("8416658900775745054"),
field.NewFieldConstFromString("12574228347150446423"),
field.NewFieldConstFromString("9629056739760131473"),
field.NewFieldConstFromString("3119289788404190010"),
},
expectedPlonkBetas: []field.F{
field.NewFieldConstFromString("4678728155650926271"),
field.NewFieldConstFromString("13611962404289024887"),
},
expectedPlonkGammas: []field.F{
field.NewFieldConstFromString("13237663823305715949"),
field.NewFieldConstFromString("15389314098328235145"),
},
expectedPlonkAlphas: []field.F{
field.NewFieldConstFromString("14505919539124304197"),
field.NewFieldConstFromString("1695455639263736117"),
},
expectedPlonkZeta: field.QuadraticExtension{
field.NewFieldConstFromString("14887793628029982930"),
field.NewFieldConstFromString("1136137158284059037"),
},
expectedFriAlpha: field.QuadraticExtension{
field.NewFieldConstFromString("14641715242626918707"),
field.NewFieldConstFromString("10574243340537902930"),
},
expectedFriBetas: []field.QuadraticExtension{},
expectedFriQueryIndices: []field.F{
field.NewFieldConst(6790812084677375942),
field.NewFieldConst(12394212020331474798),
field.NewFieldConst(16457600747000998582),
field.NewFieldConst(1543271328932331916),
field.NewFieldConst(12115726870906958644),
field.NewFieldConst(6775897107605342797),
field.NewFieldConst(15989401564746021030),
field.NewFieldConst(10691676456016926845),
field.NewFieldConst(1632499470630032007),
field.NewFieldConst(1317292355445098328),
field.NewFieldConst(18391440812534384252),
field.NewFieldConst(17321705613231354333),
field.NewFieldConst(6176487551308859603),
field.NewFieldConst(7119835651572002873),
field.NewFieldConst(3903019169623116693),
field.NewFieldConst(4886491111111487546),
field.NewFieldConst(4087641893164620518),
field.NewFieldConst(13801643080324181364),
field.NewFieldConst(16993775312274189321),
field.NewFieldConst(9268202926222765679),
field.NewFieldConst(10683001302406181735),
field.NewFieldConst(13359465725531647963),
field.NewFieldConst(4523327590105620849),
field.NewFieldConst(4883588003760409588),
field.NewFieldConst(187699146998097671),
field.NewFieldConst(14489263557623716717),
field.NewFieldConst(11748359318238148146),
field.NewFieldConst(13636347200053048758),
},
}
witness := TestVerifierChallengesCircuit{}
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}
func TestDummyVerifierWitness(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestVerifierChallengesCircuit{
proofWithPIsFilename: "./data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
t: t,
expectedPublicInputsHash: poseidon.Hash{
field.NewFieldConstFromString("0"),
field.NewFieldConstFromString("0"),
field.NewFieldConstFromString("0"),
field.NewFieldConstFromString("0"),
},
expectedPlonkBetas: []field.F{
field.NewFieldConstFromString("11216469004148781751"),
field.NewFieldConstFromString("6201977337075152249"),
},
expectedPlonkGammas: []field.F{
field.NewFieldConstFromString("8369751006669847974"),
field.NewFieldConstFromString("3610024170884289835"),
},
expectedPlonkAlphas: []field.F{
field.NewFieldConstFromString("970160439138448145"),
field.NewFieldConstFromString("2402201283787401921"),
},
expectedPlonkZeta: field.QuadraticExtension{
field.NewFieldConstFromString("17377750363769967882"),
field.NewFieldConstFromString("11921191651424768462"),
},
expectedFriAlpha: field.QuadraticExtension{
field.NewFieldConstFromString("16721004555774385479"),
field.NewFieldConstFromString("10688151135543754663"),
},
expectedFriBetas: []field.QuadraticExtension{
{
field.NewFieldConstFromString("3312441922957827805"),
field.NewFieldConstFromString("15128092514958289671"),
},
{
field.NewFieldConstFromString("13630530769060141802"),
field.NewFieldConstFromString("14559883974933163008"),
},
{
field.NewFieldConstFromString("16146508250083930687"),
field.NewFieldConstFromString("5176346568444408396"),
},
},
expectedFriQueryIndices: []field.F{
field.NewFieldConst(16334967868590615051),
field.NewFieldConst(2911473540496037915),
field.NewFieldConst(14887216056886344225),
field.NewFieldConst(7808811227805914295),
field.NewFieldConst(2018594961417375749),
field.NewFieldConst(3733368398777208435),
field.NewFieldConst(2623035669037055104),
field.NewFieldConst(299243030573481514),
field.NewFieldConst(7189789717962704433),
field.NewFieldConst(14566344026886816268),
field.NewFieldConst(12555390069003437453),
field.NewFieldConst(17225508403199418233),
field.NewFieldConst(5088797913879903292),
field.NewFieldConst(9715691392773433023),
field.NewFieldConst(7565836764713256165),
field.NewFieldConst(1500143546029322929),
field.NewFieldConst(1245802417104422080),
field.NewFieldConst(6831959786661245110),
field.NewFieldConst(17271054758535453780),
field.NewFieldConst(6225460404576395409),
field.NewFieldConst(15932661092896277351),
field.NewFieldConst(12452534049198240575),
field.NewFieldConst(4225199666055520177),
field.NewFieldConst(13235091290587791090),
field.NewFieldConst(2562357622728700774),
field.NewFieldConst(17676678042980201498),
field.NewFieldConst(5837067135702409874),
field.NewFieldConst(11238419549114325157),
},
}
witness := TestVerifierChallengesCircuit{} // No real witness as the test circuit's Define function will inject in the witness
err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
assert.NoError(err)
}
testCase()
}
type TestVerifierCircuit struct {
proofWithPIsFilename string `gnark:"-"`
commonCircuitDataFilename string `gnark:"-"`
@ -302,14 +26,14 @@ func (c *TestVerifierCircuit) Define(api frontend.API) error {
return nil
}
func TestDummyVerifier(t *testing.T) {
func TestDecodeBlockVerifier(t *testing.T) {
assert := test.NewAssert(t)
testCase := func() {
circuit := TestVerifierCircuit{
proofWithPIsFilename: "./data/dummy_2^14_gates/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/dummy_2^14_gates/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
proofWithPIsFilename: "./data/decode_block/proof_with_public_inputs.json",
commonCircuitDataFilename: "./data/decode_block/common_circuit_data.json",
verifierOnlyCircuitDataFilename: "./data/decode_block/verifier_only_circuit_data.json",
}
witness := TestVerifierCircuit{}

Write Preview
Loading…
Cancel
Save