deserialize ProofChallenges (now works with plonky2 randomizing PI wires)

plonky2_verifier/challenger.go

@@ -126,7 +126,7 @@ func (c *ChallengerChip) GetFriChallenges(commitPhaseMerkleCaps []MerkleCap, fin
 		FriAlpha:        friAlpha,
 		FriBetas:        friBetas,
 		FriPowResponse:  friPowResponse,
-		FriQueryIndicies: friQueryIndices,
+		FriQueryIndices: friQueryIndices,
 	}
 }
 

plonky2_verifier/data/dummy_2^14_gates/proof_challenges.json

@@ -0,0 +1 @@
+{"plonk_betas":[11216469004148781751,6201977337075152249],"plonk_gammas":[8369751006669847974,3610024170884289835],"plonk_alphas":[970160439138448145,2402201283787401921],"plonk_zeta":[17377750363769967882,11921191651424768462],"fri_challenges":{"fri_alpha":[14107038880704607350,2206343865181400103],"fri_betas":[],"fri_pow_response":189028802052971,"fri_query_indices":[14,19,40,37,6,4,23,18,34,22,43,35,12,45,52,50,23,9,31,61,48,37,10,37,38,7,2,48]}}

plonky2_verifier/data/fibonacci/challenges.json

@@ -1 +0,0 @@
-{"plonk_betas":[12973916988745913043,10729509799707823061],"plonk_gammas":[13357786390712427342,13733012568509939467],"plonk_alphas":[4421334860622890213,11104346062293008527],"plonk_zeta":[4417665616040947721,6032065041495623027],"fri_challenges":{"fri_alpha":[13781247504304639195,11230825432264195234],"fri_betas":[],"fri_pow_response":38184296491435,"fri_query_indices":[51,25,2,2,7,2,50,30,48,56,44,52,34,3,4,59,0,1,53,63,60,42,12,56,53,7,37,39]}}

plonky2_verifier/data/fibonacci/proof_challenges.json

@@ -0,0 +1 @@
+{"plonk_betas":[12971851817998460587,10437175405489723736],"plonk_gammas":[8479625606955782945,3810097167144316198],"plonk_alphas":[9298386058996050960,3314375019423950587],"plonk_zeta":[16024275880526593214,9166642105134614584],"fri_challenges":{"fri_alpha":[9179060524700746859,5307687266418646185],"fri_betas":[],"fri_pow_response":182691749083890,"fri_query_indices":[4,61,0,34,24,53,10,46,44,20,40,53,39,5,29,32,20,13,1,20,50,36,4,33,41,60,14,2]}}

plonky2_verifier/deserialize.go

@@ -149,6 +149,19 @@ type CommonCircuitDataRaw struct {
 	} `json:"circuit_digest"`
 }
 
+type ProofChallengesRaw struct {
+	PlonkBetas    []uint64 `json:"plonk_betas"`
+	PlonkGammas   []uint64 `json:"plonk_gammas"`
+	PlonkAlphas   []uint64 `json:"plonk_alphas"`
+	PlonkZeta     []uint64 `json:"plonk_zeta"`
+	FriChallenges struct {
+		FriAlpha        []uint64   `json:"fri_alpha"`
+		FriBetas        [][]uint64 `json:"fri_betas"`
+		FriPowResponse  uint64     `json:"fri_pow_response"`
+		FriQueryIndices []uint64   `json:"fri_query_indices"`
+	} `json:"fri_challenges"`
+}
+
 type VerifierOnlyCircuitDataRaw struct {
 	ConstantsSigmasCap []struct {
 		Elements []uint64 `json:"elements"`
@@ -289,6 +302,34 @@ func DeserializeProofWithPublicInputs(path string) ProofWithPublicInputs {
 	return proofWithPis
 }
 
+func DeserializeProofChallenges(path string) ProofChallenges {
+	jsonFile, err := os.Open(path)
+	if err != nil {
+		panic(err)
+	}
+
+	defer jsonFile.Close()
+	rawBytes, _ := ioutil.ReadAll(jsonFile)
+
+	var raw ProofChallengesRaw
+	err = json.Unmarshal(rawBytes, &raw)
+	if err != nil {
+		panic(err)
+	}
+
+	var proofChallenges ProofChallenges
+	proofChallenges.PlonkBetas = utils.Uint64ArrayToFArray(raw.PlonkBetas)
+	proofChallenges.PlonkGammas = utils.Uint64ArrayToFArray(raw.PlonkGammas)
+	proofChallenges.PlonkAlphas = utils.Uint64ArrayToFArray(raw.PlonkAlphas)
+	proofChallenges.PlonkZeta = utils.Uint64ArrayToQuadraticExtension(raw.PlonkZeta)
+	proofChallenges.FriChallenges.FriAlpha = utils.Uint64ArrayToQuadraticExtension(raw.FriChallenges.FriAlpha)
+	proofChallenges.FriChallenges.FriBetas = utils.Uint64ArrayToQuadraticExtensionArray(raw.FriChallenges.FriBetas)
+	proofChallenges.FriChallenges.FriPowResponse = NewFieldElement(raw.FriChallenges.FriPowResponse)
+	proofChallenges.FriChallenges.FriQueryIndices = utils.Uint64ArrayToFArray(raw.FriChallenges.FriQueryIndices)
+
+	return proofChallenges
+}
+
 func ReductionArityBits(
 	arityBits uint64,
 	finalPolyBits uint64,

plonky2_verifier/fri.go

@@ -546,15 +546,15 @@ func (f *FriChip) VerifyFriProof(
 	nLog := f.friParams.DegreeBits + f.friParams.Config.RateBits
 	n := uint64(math.Pow(2, float64(nLog)))
 
-	if len(friChallenges.FriQueryIndicies) != len(friProof.QueryRoundProofs) {
+	if len(friChallenges.FriQueryIndices) != len(friProof.QueryRoundProofs) {
 		panic(fmt.Sprintf(
 			"Number of query indices (%d) should equal number of query round proofs (%d)",
-			len(friChallenges.FriQueryIndicies),
+			len(friChallenges.FriQueryIndices),
 			len(friProof.QueryRoundProofs),
 		))
 	}
 
-	for idx, xIndex := range friChallenges.FriQueryIndicies {
+	for idx, xIndex := range friChallenges.FriQueryIndices {
 		roundProof := friProof.QueryRoundProofs[idx]
 
 		f.verifyQueryRound(

plonky2_verifier/fri_test.go

@@ -36,7 +36,7 @@ func (circuit *TestFriCircuit) Define(api frontend.API) error {
 		FriAlpha:        circuit.friAlpha,
 		FriBetas:        circuit.friBetas,
 		FriPowResponse:  circuit.friPOWResponse,
-		FriQueryIndicies: circuit.friQueryIndices,
+		FriQueryIndices: circuit.friQueryIndices,
 	}
 
 	initialMerkleCaps := []MerkleCap{

plonky2_verifier/plonk.go

@@ -169,7 +169,6 @@ func (p *PlonkChip) evalVanishingPoly(vars EvaluationVars, proofChallenges Proof
 		for j := uint64(0); j < p.commonData.Config.NumRoutedWires; j++ {
 			// The numerator is `beta * s_id + wire_value + gamma`, and the denominator is
 			// `beta * s_sigma + wire_value + gamma`.
-
 			wireValuePlusGamma := p.qeAPI.AddExtension(
 				openings.Wires[j],
 				p.qeAPI.FieldToQE(proofChallenges.PlonkGammas[i]),

plonky2_verifier/plonk_test.go

@@ -12,27 +12,17 @@ import (
 type TestPlonkCircuit struct {
 	proofWithPIsFilename      string `gnark:"-"`
 	commonCircuitDataFilename string `gnark:"-"`
-
+	proofChallengesFilename   string `gnark:"-"`
-	plonkBetas  []F
-	plonkGammas []F
-	plonkAlphas []F
-	plonkZeta   QuadraticExtension
 }
 
 func (circuit *TestPlonkCircuit) Define(api frontend.API) error {
 	proofWithPis := DeserializeProofWithPublicInputs(circuit.proofWithPIsFilename)
 	commonCircuitData := DeserializeCommonCircuitData(circuit.commonCircuitDataFilename)
+	proofChallenges := DeserializeProofChallenges(circuit.proofChallengesFilename)
 
 	fieldAPI := NewFieldAPI(api)
 	qeAPI := NewQuadraticExtensionAPI(fieldAPI, commonCircuitData.DegreeBits)
 
-	proofChallenges := ProofChallenges{
-		PlonkBetas:  circuit.plonkBetas,
-		PlonkGammas: circuit.plonkGammas,
-		PlonkAlphas: circuit.plonkAlphas,
-		PlonkZeta:   circuit.plonkZeta,
-	}
-
 	plonkChip := NewPlonkChip(api, qeAPI, commonCircuitData)
 
 	poseidonChip := poseidon.NewPoseidonChip(api, fieldAPI, qeAPI)
@@ -49,23 +39,7 @@ func TestPlonkFibonacci(t *testing.T) {
 		circuit := TestPlonkCircuit{
 			proofWithPIsFilename:      "./data/fibonacci/proof_with_public_inputs.json",
 			commonCircuitDataFilename: "./data/fibonacci/common_circuit_data.json",
-
+			proofChallengesFilename:   "./data/fibonacci/proof_challenges.json",
-			plonkBetas: []F{
-				NewFieldElementFromString("12973916988745913043"),
-				NewFieldElementFromString("10729509799707823061"),
-			},
-			plonkGammas: []F{
-				NewFieldElementFromString("13357786390712427342"),
-				NewFieldElementFromString("13733012568509939467"),
-			},
-			plonkAlphas: []F{
-				NewFieldElementFromString("4421334860622890213"),
-				NewFieldElementFromString("11104346062293008527"),
-			},
-			plonkZeta: QuadraticExtension{
-				NewFieldElementFromString("18168831211174576204"),
-				NewFieldElementFromString("14207073590853934065"),
-			},
 		}
 		witness := TestPlonkCircuit{}
 		err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())
@@ -82,23 +56,7 @@ func TestPlonkDummy(t *testing.T) {
 		circuit := TestPlonkCircuit{
 			proofWithPIsFilename:      "./data/dummy_2^14_gates/proof_with_public_inputs.json",
 			commonCircuitDataFilename: "./data/dummy_2^14_gates/common_circuit_data.json",
-
+			proofChallengesFilename:   "./data/dummy_2^14_gates/proof_challenges.json",
-			plonkBetas: []F{
-				NewFieldElementFromString("11216469004148781751"),
-				NewFieldElementFromString("6201977337075152249"),
-			},
-			plonkGammas: []F{
-				NewFieldElementFromString("8369751006669847974"),
-				NewFieldElementFromString("3610024170884289835"),
-			},
-			plonkAlphas: []F{
-				NewFieldElementFromString("970160439138448145"),
-				NewFieldElementFromString("2402201283787401921"),
-			},
-			plonkZeta: QuadraticExtension{
-				NewFieldElementFromString("17377750363769967882"),
-				NewFieldElementFromString("11921191651424768462"),
-			},
 		}
 		witness := TestPlonkCircuit{}
 		err := test.IsSolved(&circuit, &witness, TEST_CURVE.ScalarField())

plonky2_verifier/structs.go

@@ -125,5 +125,5 @@ type FriChallenges struct {
 	FriAlpha        QuadraticExtension
 	FriBetas        []QuadraticExtension
 	FriPowResponse  F
-	FriQueryIndicies []F
+	FriQueryIndices []F
 }

plonky2_verifier/verifier.go

@@ -97,8 +97,8 @@ func (c *VerifierChip) Verify(proofWithPis ProofWithPublicInputs, verifierData V
 
 	proofChallenges.FriChallenges.FriPowResponse = c.fieldAPI.Add(proofChallenges.FriChallenges.FriPowResponse, ZERO_F).(F)
 
-	for i := 0; i < len(proofChallenges.FriChallenges.FriQueryIndicies); i++ {
+	for i := 0; i < len(proofChallenges.FriChallenges.FriQueryIndices); i++ {
-		proofChallenges.FriChallenges.FriQueryIndicies[i] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriQueryIndicies[i], ZERO_F).(F)
+		proofChallenges.FriChallenges.FriQueryIndices[i] = c.fieldAPI.Add(proofChallenges.FriChallenges.FriQueryIndices[i], ZERO_F).(F)
 	}
 
 	c.friChip.VerifyFriProof(

plonky2_verifier/verifier_test.go

@@ -81,12 +81,12 @@ func (c *TestVerifierChallengesCircuit) GetChallengesSanityCheck(
 	// expectedPowResponse := NewFieldElementFromString("92909863298412")
 	// c.field.AssertIsEqual(proofChallenges.FriChallenges.FriPowResponse, expectedPowResponse)
 
-	if len(proofChallenges.FriChallenges.FriQueryIndicies) != int(c.numFriQueries) {
+	if len(proofChallenges.FriChallenges.FriQueryIndices) != int(c.numFriQueries) {
 		c.t.Errorf("len(expectedFriQueryIndices) should equal num fri queries")
 	}
 
 	for i := 0; i < int(c.numFriQueries); i++ {
-		c.fieldAPI.AssertIsEqual(c.expectedFriQueryIndices[i], proofChallenges.FriChallenges.FriQueryIndicies[i])
+		c.fieldAPI.AssertIsEqual(c.expectedFriQueryIndices[i], proofChallenges.FriChallenges.FriQueryIndices[i])
 	}
 }