Rearranged files (#17)

* removed unused file * change field import * change import of field package * changed field import * moved hash to poseidon and some changes to the field package * changed file structure
2026-01-12 09:01:32 +01:00 · 2023-05-19 19:49:14 -07:00
parent a415c95f6f
commit cf84b032e2
72 changed files with 2376 additions and 2228 deletions
--- a/verifier/internal/plonk/challenger.go
+++ b/verifier/internal/plonk/challenger.go
@@ -0,0 +1,153 @@
+package plonk
+
+import (
+	"fmt"
+
+	"github.com/consensys/gnark/frontend"
+	"github.com/succinctlabs/gnark-plonky2-verifier/field"
+	"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
+	"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
+	"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/fri"
+)
+
+type ChallengerChip struct {
+	api          frontend.API `gnark:"-"`
+	field        frontend.API `gnark:"-"`
+	poseidonChip *poseidon.PoseidonChip
+	spongeState  [poseidon.SPONGE_WIDTH]field.F
+	inputBuffer  []field.F
+	outputBuffer []field.F
+}
+
+func NewChallengerChip(api frontend.API, fieldAPI frontend.API, poseidonChip *poseidon.PoseidonChip) *ChallengerChip {
+	var spongeState [poseidon.SPONGE_WIDTH]field.F
+	var inputBuffer []field.F
+	var outputBuffer []field.F
+
+	for i := 0; i < poseidon.SPONGE_WIDTH; i++ {
+		spongeState[i] = field.ZERO_F
+	}
+
+	return &ChallengerChip{
+		api:          api,
+		field:        fieldAPI,
+		poseidonChip: poseidonChip,
+		spongeState:  spongeState,
+		inputBuffer:  inputBuffer,
+		outputBuffer: outputBuffer,
+	}
+}
+
+func (c *ChallengerChip) ObserveElement(element field.F) {
+	c.outputBuffer = clearBuffer(c.outputBuffer)
+	c.inputBuffer = append(c.inputBuffer, element)
+	if len(c.inputBuffer) == poseidon.SPONGE_RATE {
+		c.duplexing()
+	}
+}
+
+func (c *ChallengerChip) ObserveElements(elements []field.F) {
+	for i := 0; i < len(elements); i++ {
+		c.ObserveElement(elements[i])
+	}
+}
+
+func (c *ChallengerChip) ObserveHash(hash poseidon.Hash) {
+	c.ObserveElements(hash[:])
+}
+
+func (c *ChallengerChip) ObserveCap(cap []poseidon.Hash) {
+	for i := 0; i < len(cap); i++ {
+		c.ObserveHash(cap[i])
+	}
+}
+
+func (c *ChallengerChip) ObserveExtensionElement(element field.QuadraticExtension) {
+	c.ObserveElements(element[:])
+}
+
+func (c *ChallengerChip) ObserveExtensionElements(elements []field.QuadraticExtension) {
+	for i := 0; i < len(elements); i++ {
+		c.ObserveExtensionElement(elements[i])
+	}
+}
+
+func (c *ChallengerChip) ObserveOpenings(openings fri.FriOpenings) {
+	for i := 0; i < len(openings.Batches); i++ {
+		c.ObserveExtensionElements(openings.Batches[i].Values)
+	}
+}
+
+func (c *ChallengerChip) GetChallenge() field.F {
+	if len(c.inputBuffer) != 0 || len(c.outputBuffer) == 0 {
+		c.duplexing()
+	}
+
+	challenge := c.outputBuffer[len(c.outputBuffer)-1]
+	c.outputBuffer = c.outputBuffer[:len(c.outputBuffer)-1]
+
+	return challenge
+}
+
+func (c *ChallengerChip) GetNChallenges(n uint64) []field.F {
+	challenges := make([]field.F, n)
+	for i := uint64(0); i < n; i++ {
+		challenges[i] = c.GetChallenge()
+	}
+	return challenges
+}
+
+func (c *ChallengerChip) GetExtensionChallenge() field.QuadraticExtension {
+	values := c.GetNChallenges(2)
+	return field.QuadraticExtension{values[0], values[1]}
+}
+
+func (c *ChallengerChip) GetHash() poseidon.Hash {
+	return [4]field.F{c.GetChallenge(), c.GetChallenge(), c.GetChallenge(), c.GetChallenge()}
+}
+
+func (c *ChallengerChip) GetFriChallenges(commitPhaseMerkleCaps []common.MerkleCap, finalPoly common.PolynomialCoeffs, powWitness field.F, degreeBits uint64, config common.FriConfig) common.FriChallenges {
+	numFriQueries := config.NumQueryRounds
+	friAlpha := c.GetExtensionChallenge()
+
+	var friBetas []field.QuadraticExtension
+	for i := 0; i < len(commitPhaseMerkleCaps); i++ {
+		c.ObserveCap(commitPhaseMerkleCaps[i])
+		friBetas = append(friBetas, c.GetExtensionChallenge())
+	}
+
+	c.ObserveExtensionElements(finalPoly.Coeffs)
+	c.ObserveElement(powWitness)
+
+	friPowResponse := c.GetChallenge()
+	friQueryIndices := c.GetNChallenges(numFriQueries)
+
+	return common.FriChallenges{
+		FriAlpha:        friAlpha,
+		FriBetas:        friBetas,
+		FriPowResponse:  friPowResponse,
+		FriQueryIndices: friQueryIndices,
+	}
+}
+
+func clearBuffer(buffer []field.F) []field.F {
+	return make([]field.F, 0)
+}
+
+func (c *ChallengerChip) duplexing() {
+	if len(c.inputBuffer) > poseidon.SPONGE_RATE {
+		fmt.Println(len(c.inputBuffer))
+		panic("something went wrong")
+	}
+
+	for i := 0; i < len(c.inputBuffer); i++ {
+		c.spongeState[i] = c.inputBuffer[i]
+	}
+	c.inputBuffer = clearBuffer(c.inputBuffer)
+	c.spongeState = c.poseidonChip.Poseidon(c.spongeState)
+	clearBuffer(c.outputBuffer)
+	for i := 0; i < poseidon.SPONGE_RATE; i++ {
+		c.outputBuffer = append(c.outputBuffer, c.spongeState[i])
+		// c.outputBuffer[i] = c.spongeState[i]
+	}
+}
--- a/verifier/internal/plonk/challenger_test.go
+++ b/verifier/internal/plonk/challenger_test.go
@@ -0,0 +1,225 @@
+package plonk
+
+import (
+	"testing"
+
+	"github.com/consensys/gnark/frontend"
+	"github.com/consensys/gnark/test"
+	"github.com/succinctlabs/gnark-plonky2-verifier/field"
+	"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
+	"github.com/succinctlabs/gnark-plonky2-verifier/utils"
+)
+
+type TestChallengerCircuit struct {
+	PublicInputs              [3]frontend.Variable
+	CircuitDigest             [4]frontend.Variable
+	WiresCap                  [16][4]frontend.Variable
+	PlonkZsPartialProductsCap [16][4]frontend.Variable
+	QuotientPolysCap          [16][4]frontend.Variable
+}
+
+func (circuit *TestChallengerCircuit) Define(api frontend.API) error {
+	fieldAPI := field.NewFieldAPI(api)
+	degreeBits := 3
+	qeAPI := field.NewQuadraticExtensionAPI(fieldAPI, uint64(degreeBits))
+	poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
+	challengerChip := NewChallengerChip(api, fieldAPI, poseidonChip)
+
+	var circuitDigest [4]field.F
+	for i := 0; i < len(circuitDigest); i++ {
+		circuitDigest[i] = fieldAPI.FromBinary(api.ToBinary(circuit.CircuitDigest[i], 64)).(field.F)
+	}
+
+	var publicInputs [3]field.F
+	for i := 0; i < len(publicInputs); i++ {
+		publicInputs[i] = fieldAPI.FromBinary(api.ToBinary(circuit.PublicInputs[i], 64)).(field.F)
+	}
+
+	var wiresCap [16][4]field.F
+	for i := 0; i < len(wiresCap); i++ {
+		for j := 0; j < len(wiresCap[0]); j++ {
+			wiresCap[i][j] = fieldAPI.FromBinary(api.ToBinary(circuit.WiresCap[i][j], 64)).(field.F)
+		}
+	}
+
+	var plonkZsPartialProductsCap [16][4]field.F
+	for i := 0; i < len(plonkZsPartialProductsCap); i++ {
+		for j := 0; j < len(plonkZsPartialProductsCap[0]); j++ {
+			plonkZsPartialProductsCap[i][j] = fieldAPI.FromBinary(api.ToBinary(circuit.PlonkZsPartialProductsCap[i][j], 64)).(field.F)
+		}
+	}
+
+	var quotientPolysCap [16][4]field.F
+	for i := 0; i < len(quotientPolysCap); i++ {
+		for j := 0; j < len(quotientPolysCap[0]); j++ {
+			quotientPolysCap[i][j] = fieldAPI.FromBinary(api.ToBinary(circuit.QuotientPolysCap[i][j], 64)).(field.F)
+		}
+	}
+
+	publicInputHash := poseidonChip.HashNoPad(publicInputs[:])
+	challengerChip.ObserveHash(circuitDigest)
+	challengerChip.ObserveHash(publicInputHash)
+	challengerChip.ObserveCap(wiresCap[:])
+
+	numChallenges := uint64(2)
+	plonkBetas := challengerChip.GetNChallenges(numChallenges)
+	plonkGammas := challengerChip.GetNChallenges(numChallenges)
+
+	expectedPublicInputHash := [4]field.F{
+		field.NewFieldElementFromString("8416658900775745054"),
+		field.NewFieldElementFromString("12574228347150446423"),
+		field.NewFieldElementFromString("9629056739760131473"),
+		field.NewFieldElementFromString("3119289788404190010"),
+	}
+
+	for i := 0; i < 4; i++ {
+		fieldAPI.AssertIsEqual(publicInputHash[i], expectedPublicInputHash[i])
+	}
+
+	expectedPlonkBetas := [2]field.F{
+		field.NewFieldElementFromString("4678728155650926271"),
+		field.NewFieldElementFromString("13611962404289024887"),
+	}
+
+	expectedPlonkGammas := [2]frontend.Variable{
+		field.NewFieldElementFromString("13237663823305715949"),
+		field.NewFieldElementFromString("15389314098328235145"),
+	}
+
+	for i := 0; i < 2; i++ {
+		fieldAPI.AssertIsEqual(plonkBetas[i], expectedPlonkBetas[i])
+		fieldAPI.AssertIsEqual(plonkGammas[i], expectedPlonkGammas[i])
+	}
+
+	challengerChip.ObserveCap(plonkZsPartialProductsCap[:])
+	plonkAlphas := challengerChip.GetNChallenges(numChallenges)
+
+	expectedPlonkAlphas := [2]field.F{
+		field.NewFieldElementFromString("14505919539124304197"),
+		field.NewFieldElementFromString("1695455639263736117"),
+	}
+
+	for i := 0; i < 2; i++ {
+		fieldAPI.AssertIsEqual(plonkAlphas[i], expectedPlonkAlphas[i])
+	}
+
+	challengerChip.ObserveCap(quotientPolysCap[:])
+	plonkZeta := challengerChip.GetExtensionChallenge()
+
+	expectedPlonkZeta := field.QuadraticExtension{
+		field.NewFieldElementFromString("14887793628029982930"),
+		field.NewFieldElementFromString("1136137158284059037"),
+	}
+
+	for i := 0; i < 2; i++ {
+		fieldAPI.AssertIsEqual(plonkZeta[i], expectedPlonkZeta[i])
+	}
+
+	return nil
+}
+
+func TestChallengerWitness(t *testing.T) {
+	assert := test.NewAssert(t)
+
+	testCase := func(
+		publicInputs [3]frontend.Variable,
+		circuitDigest [4]frontend.Variable,
+		wiresCap [16][4]frontend.Variable,
+		plonkZsPartialProductsCap [16][4]frontend.Variable,
+		quotientPolysCap [16][4]frontend.Variable,
+	) {
+		circuit := TestChallengerCircuit{
+			PublicInputs:              publicInputs,
+			CircuitDigest:             circuitDigest,
+			WiresCap:                  wiresCap,
+			PlonkZsPartialProductsCap: plonkZsPartialProductsCap,
+			QuotientPolysCap:          quotientPolysCap,
+		}
+		witness := TestChallengerCircuit{
+			PublicInputs:              publicInputs,
+			CircuitDigest:             circuitDigest,
+			WiresCap:                  wiresCap,
+			PlonkZsPartialProductsCap: plonkZsPartialProductsCap,
+			QuotientPolysCap:          quotientPolysCap,
+		}
+		err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
+		assert.NoError(err)
+	}
+
+	publicInputsStr := []string{"0", "1", "3736710860384812976"}
+	circuitDigestStr := []string{"7754113318730736048", "18436136620016916513", "18054530212389526288", "5893739326632906028"}
+	wiresCapStr := [][]string{
+		{"13884351014873073118", "5174249846243191862", "2208632528791973868", "1071582828677910652"},
+		{"11475361245556894879", "14867351574926692044", "17013374066934071379", "1027671036932569748"},
+		{"5604634992452399010", "3684464596850094189", "5565599237356852406", "4136295609943151014"},
+		{"8463721840990025805", "5922588965472526198", "8096699027533803435", "2210089353004111478"},
+		{"17531628199677307555", "11513452064460680964", "1482441508929181375", "5139566233781982440"},
+		{"13271417993289093233", "17257193898955790413", "16883807866578566670", "7423179920948669117"},
+		{"13462567520785358202", "15555103598281658890", "5859961276885232601", "4464568704709749394"},
+		{"153012620162729043", "14072764618167122665", "3025694603779494447", "15948104906680148838"},
+		{"18050235253694287284", "11467396424826912141", "11302553396166323353", "10976271719722841224"},
+		{"15208241660644051470", "8520722208187871063", "10775022596056682771", "16048513824198271730"},
+		{"6929477084755896240", "11382029470138215117", "13205948643259905511", "9421863267852221772"},
+		{"15449187573546292268", "10216729601353604194", "9493934392442974211", "9848643714440191835"},
+		{"2172475758127444753", "16681095938683502188", "9983383760611275566", "2603547977557388755"},
+		{"17440301588003279095", "11799356585691460705", "1386003375936412946", "11059100806278290279"},
+		{"10758265002546797581", "1374136260999724547", "7200401521491969338", "219493657547391496"},
+		{"5995963332181008902", "4442996285152250372", "2005936434281221193", "6869325719052666642"},
+	}
+	plonkZsPartialProductsCapStr := [][]string{
+		{"1209867952068639569", "4958824272276746373", "8278739766347565702", "1966940898171663504"},
+		{"12599305286358028697", "8932511136775685440", "5376267558248004641", "6313904687311555884"},
+		{"11190791343943249124", "4016631697385248176", "10356629842603047568", "10968099068686195317"},
+		{"1963983823153667719", "6333891613271539690", "12318891063769180636", "10443318253972130654"},
+		{"7799898099378084347", "2751829638242157622", "8351904444410446701", "5284662773710644867"},
+		{"1588568181448440843", "10836321455257423751", "5543952383542989142", "12946954522116753258"},
+		{"15710202198621978057", "13746115173212319217", "6103259182317700987", "17589471289629134988"},
+		{"12877950969971815168", "4963889190939310439", "8868772654550990048", "11774978531783219015"},
+		{"16832740767463005599", "15040340114131672027", "7469306538360789573", "3154855824233652432"},
+		{"9383568437827143152", "1741060064145647394", "17668587021570420286", "5241789470902809114"},
+		{"2087729156816989530", "8248918881937854542", "8673194597758568216", "10710697836634846115"},
+		{"11253371860840267365", "16818881664594712299", "11933553751682199585", "1936353232880935379"},
+		{"12163553231829171860", "17244267969759347515", "2003902333564157189", "6934019871173840760"},
+		{"2082141893879862527", "18267460725569427782", "1129651898415533808", "14011240934155569890"},
+		{"2526273401266876282", "6955959191669943337", "5926536548217021446", "17949337312612691782"},
+		{"8858882459906353593", "5813258279939597857", "6320047506247573502", "15969724232572328561"},
+	}
+	quotientPolysCapStr := [][]string{
+		{"9435614145733021495", "1742717829476348934", "11178548223985487003", "14531951007568589725"},
+		{"11747844681527676730", "3089691012847802165", "5887135310661642077", "13943570416123664971"},
+		{"11150071448774479229", "4486829025930200476", "9369448886033958276", "15757606153229850783"},
+		{"14603194410536469617", "11776185929725558373", "3122936423686490326", "10128277488128872810"},
+		{"4990578700975083076", "4997575606014863069", "14499603187047727337", "14028694557236527137"},
+		{"2279147899956815983", "16034899207717647338", "14763350037932939672", "10075834812570828076"},
+		{"1102006741007271956", "15242779529961262072", "6900547375301951311", "8631780317175902419"},
+		{"6299112770394539219", "6297397453582105768", "14148031335065995704", "3794733067587629405"},
+		{"7891039548997763820", "4260484126440019022", "6493066317319943586", "14775252570136307979"},
+		{"10790514248728420789", "14444029601980227412", "17514190309172155536", "12973059492411164965"},
+		{"8940755416742726696", "8469566845539112244", "7642612722784522739", "15276772682665052607"},
+		{"18306931819862706026", "14374659904694625207", "8609543532143656606", "17350044275494282679"},
+		{"9062024023737444614", "13780128979028684176", "6115495431779737008", "7170446003855284754"},
+		{"6191400598853400595", "7806485717076924017", "3225145303141729264", "3644550749005104128"},
+		{"15759718266801608721", "2406060174022670585", "15679263832775538866", "18066847192985300443"},
+		{"9184823221361582966", "4767786405185004644", "9827047623720647370", "993615002460432327"},
+	}
+
+	var publicInputs [3]frontend.Variable
+	var circuitDigest [4]frontend.Variable
+	var wiresCap [16][4]frontend.Variable
+	var plonkZsPartialProductsCap [16][4]frontend.Variable
+	var quotientPolysCap [16][4]frontend.Variable
+
+	copy(publicInputs[:], utils.StrArrayToFrontendVariableArray(publicInputsStr))
+	copy(circuitDigest[:], utils.StrArrayToFrontendVariableArray(circuitDigestStr))
+	for i := 0; i < len(wiresCapStr); i++ {
+		copy(wiresCap[i][:], utils.StrArrayToFrontendVariableArray(wiresCapStr[i]))
+	}
+	for i := 0; i < len(plonkZsPartialProductsCapStr); i++ {
+		copy(plonkZsPartialProductsCap[i][:], utils.StrArrayToFrontendVariableArray(plonkZsPartialProductsCapStr[i]))
+	}
+	for i := 0; i < len(quotientPolysCapStr); i++ {
+		copy(quotientPolysCap[i][:], utils.StrArrayToFrontendVariableArray(quotientPolysCapStr[i]))
+	}
+
+	testCase(publicInputs, circuitDigest, wiresCap, plonkZsPartialProductsCap, quotientPolysCap)
+}
--- a/verifier/internal/plonk/plonk.go
+++ b/verifier/internal/plonk/plonk.go
@@ -0,0 +1,225 @@
+package plonk
+
+import (
+	"github.com/consensys/gnark/frontend"
+	"github.com/succinctlabs/gnark-plonky2-verifier/field"
+	"github.com/succinctlabs/gnark-plonky2-verifier/poseidon"
+	"github.com/succinctlabs/gnark-plonky2-verifier/verifier/common"
+	"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/gates"
+)
+
+type PlonkChip struct {
+	api   frontend.API                 `gnark:"-"`
+	qeAPI *field.QuadraticExtensionAPI `gnark:"-"`
+
+	commonData common.CommonCircuitData `gnark:"-"`
+
+	DEGREE        field.F                  `gnark:"-"`
+	DEGREE_BITS_F field.F                  `gnark:"-"`
+	DEGREE_QE     field.QuadraticExtension `gnark:"-"`
+
+	evaluateGatesChip *gates.EvaluateGatesChip
+}
+
+func NewPlonkChip(api frontend.API, qeAPI *field.QuadraticExtensionAPI, commonData common.CommonCircuitData) *PlonkChip {
+	// TODO:  Should degreeBits be verified that it fits within the field and that degree is within uint64?
+
+	evaluateGatesChip := gates.NewEvaluateGatesChip(
+		api,
+		qeAPI,
+		commonData.Gates,
+		commonData.NumGateConstraints,
+		commonData.SelectorsInfo,
+	)
+
+	return &PlonkChip{
+		api:   api,
+		qeAPI: qeAPI,
+
+		commonData: commonData,
+
+		DEGREE:        field.NewFieldElement(1 << commonData.DegreeBits),
+		DEGREE_BITS_F: field.NewFieldElement(commonData.DegreeBits),
+		DEGREE_QE:     field.QuadraticExtension{field.NewFieldElement(1 << commonData.DegreeBits), field.ZERO_F},
+
+		evaluateGatesChip: evaluateGatesChip,
+	}
+}
+
+func (p *PlonkChip) expPowerOf2Extension(x field.QuadraticExtension) field.QuadraticExtension {
+	for i := uint64(0); i < p.commonData.DegreeBits; i++ {
+		x = p.qeAPI.SquareExtension(x)
+	}
+
+	return x
+}
+
+func (p *PlonkChip) evalL0(x field.QuadraticExtension, xPowN field.QuadraticExtension) field.QuadraticExtension {
+	// L_0(x) = (x^n - 1) / (n * (x - 1))
+	evalZeroPoly := p.qeAPI.SubExtension(
+		xPowN,
+		p.qeAPI.ONE_QE,
+	)
+	denominator := p.qeAPI.SubExtension(
+		p.qeAPI.ScalarMulExtension(x, p.DEGREE),
+		p.DEGREE_QE,
+	)
+	return p.qeAPI.DivExtension(
+		evalZeroPoly,
+		denominator,
+	)
+}
+
+func (p *PlonkChip) checkPartialProducts(
+	numerators []field.QuadraticExtension,
+	denominators []field.QuadraticExtension,
+	challengeNum uint64,
+	openings common.OpeningSet,
+) []field.QuadraticExtension {
+	numPartProds := p.commonData.NumPartialProducts
+	quotDegreeFactor := p.commonData.QuotientDegreeFactor
+
+	productAccs := make([]field.QuadraticExtension, 0, numPartProds+2)
+	productAccs = append(productAccs, openings.PlonkZs[challengeNum])
+	productAccs = append(productAccs, openings.PartialProducts[challengeNum*numPartProds:(challengeNum+1)*numPartProds]...)
+	productAccs = append(productAccs, openings.PlonkZsNext[challengeNum])
+
+	partialProductChecks := make([]field.QuadraticExtension, 0, numPartProds)
+
+	for i := uint64(0); i <= numPartProds; i += 1 {
+		ppStartIdx := i * quotDegreeFactor
+		numeProduct := numerators[ppStartIdx]
+		denoProduct := denominators[ppStartIdx]
+		for j := uint64(1); j < quotDegreeFactor; j++ {
+			numeProduct = p.qeAPI.MulExtension(numeProduct, numerators[ppStartIdx+j])
+			denoProduct = p.qeAPI.MulExtension(denoProduct, denominators[ppStartIdx+j])
+		}
+
+		partialProductCheck := p.qeAPI.SubExtension(
+			p.qeAPI.MulExtension(productAccs[i], numeProduct),
+			p.qeAPI.MulExtension(productAccs[i+1], denoProduct),
+		)
+
+		partialProductChecks = append(partialProductChecks, partialProductCheck)
+	}
+	return partialProductChecks
+}
+
+func (p *PlonkChip) evalVanishingPoly(vars gates.EvaluationVars, proofChallenges common.ProofChallenges, openings common.OpeningSet, zetaPowN field.QuadraticExtension) []field.QuadraticExtension {
+	constraintTerms := p.evaluateGatesChip.EvaluateGateConstraints(vars)
+
+	// Calculate the k[i] * x
+	sIDs := make([]field.QuadraticExtension, p.commonData.Config.NumRoutedWires)
+
+	for i := uint64(0); i < p.commonData.Config.NumRoutedWires; i++ {
+		sIDs[i] = p.qeAPI.ScalarMulExtension(proofChallenges.PlonkZeta, p.commonData.KIs[i])
+	}
+
+	// Calculate L_0(zeta)
+	l0Zeta := p.evalL0(proofChallenges.PlonkZeta, zetaPowN)
+
+	vanishingZ1Terms := make([]field.QuadraticExtension, 0, p.commonData.Config.NumChallenges)
+	vanishingPartialProductsTerms := make([]field.QuadraticExtension, 0, p.commonData.Config.NumChallenges*p.commonData.NumPartialProducts)
+	for i := uint64(0); i < p.commonData.Config.NumChallenges; i++ {
+		// L_0(zeta) (Z(zeta) - 1) = 0
+		z1_term := p.qeAPI.MulExtension(
+			l0Zeta,
+			p.qeAPI.SubExtension(openings.PlonkZs[i], p.qeAPI.ONE_QE))
+		vanishingZ1Terms = append(vanishingZ1Terms, z1_term)
+
+		numeratorValues := make([]field.QuadraticExtension, 0, p.commonData.Config.NumRoutedWires)
+		denominatorValues := make([]field.QuadraticExtension, 0, p.commonData.Config.NumRoutedWires)
+		for j := uint64(0); j < p.commonData.Config.NumRoutedWires; j++ {
+			// The numerator is `beta * s_id + wire_value + gamma`, and the denominator is
+			// `beta * s_sigma + wire_value + gamma`.
+			wireValuePlusGamma := p.qeAPI.AddExtension(
+				openings.Wires[j],
+				p.qeAPI.FieldToQE(proofChallenges.PlonkGammas[i]),
+			)
+
+			numerator := p.qeAPI.AddExtension(
+				p.qeAPI.MulExtension(
+					p.qeAPI.FieldToQE(proofChallenges.PlonkBetas[i]),
+					sIDs[j],
+				),
+				wireValuePlusGamma,
+			)
+
+			denominator := p.qeAPI.AddExtension(
+				p.qeAPI.MulExtension(
+					p.qeAPI.FieldToQE(proofChallenges.PlonkBetas[i]),
+					openings.PlonkSigmas[j],
+				),
+				wireValuePlusGamma,
+			)
+
+			numeratorValues = append(numeratorValues, numerator)
+			denominatorValues = append(denominatorValues, denominator)
+		}
+
+		vanishingPartialProductsTerms = append(
+			vanishingPartialProductsTerms,
+			p.checkPartialProducts(numeratorValues, denominatorValues, i, openings)...,
+		)
+	}
+
+	vanishingTerms := append(vanishingZ1Terms, vanishingPartialProductsTerms...)
+	vanishingTerms = append(vanishingTerms, constraintTerms...)
+
+	reducedValues := make([]field.QuadraticExtension, p.commonData.Config.NumChallenges)
+	for i := uint64(0); i < p.commonData.Config.NumChallenges; i++ {
+		reducedValues[i] = p.qeAPI.ZERO_QE
+	}
+
+	// reverse iterate the vanishingPartialProductsTerms array
+	for i := len(vanishingTerms) - 1; i >= 0; i-- {
+		for j := uint64(0); j < p.commonData.Config.NumChallenges; j++ {
+			reducedValues[j] = p.qeAPI.AddExtension(
+				vanishingTerms[i],
+				p.qeAPI.ScalarMulExtension(
+					reducedValues[j],
+					proofChallenges.PlonkAlphas[j],
+				),
+			)
+		}
+	}
+
+	return reducedValues
+}
+
+func (p *PlonkChip) Verify(proofChallenges common.ProofChallenges, openings common.OpeningSet, publicInputsHash poseidon.Hash) {
+	// Calculate zeta^n
+	zetaPowN := p.expPowerOf2Extension(proofChallenges.PlonkZeta)
+
+	localConstants := openings.Constants
+	localWires := openings.Wires
+	vars := gates.NewEvaluationVars(
+		localConstants,
+		localWires,
+		publicInputsHash,
+	)
+
+	vanishingPolysZeta := p.evalVanishingPoly(*vars, proofChallenges, openings, zetaPowN)
+
+	// Calculate Z(H)
+	zHZeta := p.qeAPI.SubExtension(zetaPowN, p.qeAPI.ONE_QE)
+
+	// `quotient_polys_zeta` holds `num_challenges * quotient_degree_factor` evaluations.
+	// Each chunk of `quotient_degree_factor` holds the evaluations of `t_0(zeta),...,t_{quotient_degree_factor-1}(zeta)`
+	// where the "real" quotient polynomial is `t(X) = t_0(X) + t_1(X)*X^n + t_2(X)*X^{2n} + ...`.
+	// So to reconstruct `t(zeta)` we can compute `reduce_with_powers(chunk, zeta^n)` for each
+	// `quotient_degree_factor`-sized chunk of the original evaluations.
+	for i := 0; i < len(vanishingPolysZeta); i++ {
+		quotientPolysStartIdx := i * int(p.commonData.QuotientDegreeFactor)
+		quotientPolysEndIdx := quotientPolysStartIdx + int(p.commonData.QuotientDegreeFactor)
+		prod := p.qeAPI.MulExtension(
+			zHZeta,
+			p.qeAPI.ReduceWithPowers(
+				openings.QuotientPolys[quotientPolysStartIdx:quotientPolysEndIdx],
+				zetaPowN,
+			),
+		)
+
+		p.qeAPI.AssertIsEqual(vanishingPolysZeta[i], prod)
+	}
+}
--- a/verifier/internal/plonk/plonk_test.go
+++ b/verifier/internal/plonk/plonk_test.go
@@ -0,0 +1,73 @@
+package plonk_test
+
+import (
+	"testing"
+
+	"github.com/consensys/gnark/frontend"
+	"github.com/consensys/gnark/test"
+	"github.com/succinctlabs/gnark-plonky2-verifier/field"
+	"github.com/succinctlabs/gnark-plonky2-verifier/verifier"
+	"github.com/succinctlabs/gnark-plonky2-verifier/verifier/internal/plonk"
+	"github.com/succinctlabs/gnark-plonky2-verifier/verifier/utils"
+)
+
+type TestPlonkCircuit struct {
+	proofWithPIsFilename            string `gnark:"-"`
+	commonCircuitDataFilename       string `gnark:"-"`
+	verifierOnlyCircuitDataFilename string `gnark:"-"`
+}
+
+func (circuit *TestPlonkCircuit) Define(api frontend.API) error {
+	proofWithPis := utils.DeserializeProofWithPublicInputs(circuit.proofWithPIsFilename)
+	commonCircuitData := utils.DeserializeCommonCircuitData(circuit.commonCircuitDataFilename)
+	verifierOnlyCircuitData := utils.DeserializeVerifierOnlyCircuitData(circuit.verifierOnlyCircuitDataFilename)
+
+	verifierChip := verifier.NewVerifierChip(api, commonCircuitData)
+	publicInputsHash := verifierChip.GetPublicInputsHash(proofWithPis.PublicInputs)
+	proofChallenges := verifierChip.GetChallenges(proofWithPis, publicInputsHash, commonCircuitData, verifierOnlyCircuitData)
+
+	fieldAPI := field.NewFieldAPI(api)
+	qeAPI := field.NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
+	plonkChip := plonk.NewPlonkChip(
+		api,
+		qeAPI,
+		commonCircuitData,
+	)
+
+	plonkChip.Verify(proofChallenges, proofWithPis.Proof.Openings, publicInputsHash)
+	return nil
+}
+
+func TestPlonkFibonacci(t *testing.T) {
+	assert := test.NewAssert(t)
+
+	testCase := func() {
+		circuit := TestPlonkCircuit{
+			proofWithPIsFilename:            "./data/fibonacci/proof_with_public_inputs.json",
+			commonCircuitDataFilename:       "./data/fibonacci/common_circuit_data.json",
+			verifierOnlyCircuitDataFilename: "./data/fibonacci/verifier_only_circuit_data.json",
+		}
+		witness := TestPlonkCircuit{}
+		err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
+		assert.NoError(err)
+	}
+
+	testCase()
+}
+
+func TestPlonkDummy(t *testing.T) {
+	assert := test.NewAssert(t)
+
+	testCase := func() {
+		circuit := TestPlonkCircuit{
+			proofWithPIsFilename:            "./data/dummy_2^14_gates/proof_with_public_inputs.json",
+			commonCircuitDataFilename:       "./data/dummy_2^14_gates/common_circuit_data.json",
+			verifierOnlyCircuitDataFilename: "./data/dummy_2^14_gates/verifier_only_circuit_data.json",
+		}
+		witness := TestPlonkCircuit{}
+		err := test.IsSolved(&circuit, &witness, field.TEST_CURVE.ScalarField())
+		assert.NoError(err)
+	}
+
+	testCase()
+}
--- a/verifier/internal/plonk/types.go
+++ b/verifier/internal/plonk/types.go
@@ -0,0 +1,13 @@
+package plonk
+
+import "github.com/succinctlabs/gnark-plonky2-verifier/field"
+
+type OpeningSet struct {
+	Constants       []field.QuadraticExtension
+	PlonkSigmas     []field.QuadraticExtension
+	Wires           []field.QuadraticExtension
+	PlonkZs         []field.QuadraticExtension
+	PlonkZsNext     []field.QuadraticExtension
+	PartialProducts []field.QuadraticExtension
+	QuotientPolys   []field.QuadraticExtension
+}