Skip to content
This repository has been archived by the owner on Feb 21, 2024. It is now read-only.

Commit

Permalink
Revert "Remove StarkProofWithMetadata (0xPolygonZero#1497)" (0xPolygo…
Browse files Browse the repository at this point in the history
…nZero#1502)

This reverts commit af0259c.
  • Loading branch information
Nashtare authored Feb 8, 2024
1 parent 1a08e78 commit d2598bd
Show file tree
Hide file tree
Showing 7 changed files with 57 additions and 27 deletions.
8 changes: 4 additions & 4 deletions evm/src/cross_table_lookup.rs
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ use crate::lookup::{
eval_helper_columns, eval_helper_columns_circuit, get_helper_cols, Column, ColumnFilter,
Filter, GrandProductChallenge,
};
use crate::proof::{StarkProof, StarkProofTarget};
use crate::proof::{StarkProofTarget, StarkProofWithMetadata};
use crate::stark::Stark;

/// An alias for `usize`, to represent the index of a STARK table in a multi-STARK setting.
Expand Down Expand Up @@ -494,7 +494,7 @@ impl<'a, F: RichField + Extendable<D>, const D: usize>
{
/// Extracts the `CtlCheckVars` for each STARK.
pub(crate) fn from_proofs<C: GenericConfig<D, F = F>, const N: usize>(
proofs: &[StarkProof<F, C, D>; N],
proofs: &[StarkProofWithMetadata<F, C, D>; N],
cross_table_lookups: &'a [CrossTableLookup<F>],
ctl_challenges: &'a GrandProductChallengeSet<F>,
num_lookup_columns: &[usize; N],
Expand All @@ -511,8 +511,8 @@ impl<'a, F: RichField + Extendable<D>, const D: usize>
let ctl_zs = proofs
.iter()
.zip(num_lookup_columns)
.map(|(proof, &num_lookup)| {
let openings = &proof.openings;
.map(|(p, &num_lookup)| {
let openings = &p.proof.openings;

let ctl_zs = &openings.auxiliary_polys[num_lookup..];
let ctl_zs_next = &openings.auxiliary_polys_next[num_lookup..];
Expand Down
10 changes: 6 additions & 4 deletions evm/src/fixed_recursive_verifier.rs
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ use crate::generation::GenerationInputs;
use crate::get_challenges::observe_public_values_target;
use crate::proof::{
AllProof, BlockHashesTarget, BlockMetadataTarget, ExtraBlockData, ExtraBlockDataTarget,
PublicValues, PublicValuesTarget, StarkProof, TrieRoots, TrieRootsTarget,
PublicValues, PublicValuesTarget, StarkProofWithMetadata, TrieRoots, TrieRootsTarget,
};
use crate::prover::{check_abort_signal, prove};
use crate::recursive_verifier::{
Expand Down Expand Up @@ -1003,7 +1003,7 @@ where

for table in 0..NUM_TABLES {
let stark_proof = &all_proof.stark_proofs[table];
let original_degree_bits = stark_proof.recover_degree_bits(config);
let original_degree_bits = stark_proof.proof.recover_degree_bits(config);
let table_circuits = &self.by_table[table];
let shrunk_proof = table_circuits
.by_stark_size
Expand Down Expand Up @@ -1629,10 +1629,12 @@ where

pub fn shrink(
&self,
stark_proof: &StarkProof<F, C, D>,
stark_proof_with_metadata: &StarkProofWithMetadata<F, C, D>,
ctl_challenges: &GrandProductChallengeSet<F>,
) -> anyhow::Result<ProofWithPublicInputs<F, C, D>> {
let mut proof = self.initial_wrapper.prove(stark_proof, ctl_challenges)?;
let mut proof = self
.initial_wrapper
.prove(stark_proof_with_metadata, ctl_challenges)?;
for wrapper_circuit in &self.shrinking_wrappers {
proof = wrapper_circuit.prove(&proof)?;
}
Expand Down
6 changes: 4 additions & 2 deletions evm/src/get_challenges.rs
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> A
let mut challenger = Challenger::<F, C::Hasher>::new();

for proof in &self.stark_proofs {
challenger.observe_cap(&proof.trace_cap);
challenger.observe_cap(&proof.proof.trace_cap);
}

observe_public_values::<F, C, D>(&mut challenger, &self.public_values)?;
Expand All @@ -210,7 +210,9 @@ impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> A
Ok(AllProofChallenges {
stark_challenges: core::array::from_fn(|i| {
challenger.compact();
self.stark_proofs[i].get_challenges(&mut challenger, config)
self.stark_proofs[i]
.proof
.get_challenges(&mut challenger, config)
}),
ctl_challenges,
})
Expand Down
18 changes: 16 additions & 2 deletions evm/src/proof.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ use crate::util::{get_h160, get_h256, h2u};
#[derive(Debug, Clone)]
pub struct AllProof<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> {
/// Proofs for all the different STARK modules.
pub stark_proofs: [StarkProof<F, C, D>; NUM_TABLES],
pub stark_proofs: [StarkProofWithMetadata<F, C, D>; NUM_TABLES],
/// Cross-table lookup challenges.
pub(crate) ctl_challenges: GrandProductChallengeSet<F>,
/// Public memory values used for the recursive proofs.
Expand All @@ -35,7 +35,7 @@ pub struct AllProof<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, co
impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> AllProof<F, C, D> {
/// Returns the degree (i.e. the trace length) of each STARK.
pub fn degree_bits(&self, config: &StarkConfig) -> [usize; NUM_TABLES] {
core::array::from_fn(|i| self.stark_proofs[i].recover_degree_bits(config))
core::array::from_fn(|i| self.stark_proofs[i].proof.recover_degree_bits(config))
}
}

Expand Down Expand Up @@ -837,6 +837,20 @@ pub struct StarkProof<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>,
pub opening_proof: FriProof<F, C::Hasher, D>,
}

/// A `StarkProof` along with some metadata about the initial Fiat-Shamir state, which is used when
/// creating a recursive wrapper proof around a STARK proof.
#[derive(Debug, Clone)]
pub struct StarkProofWithMetadata<F, C, const D: usize>
where
F: RichField + Extendable<D>,
C: GenericConfig<D, F = F>,
{
/// Initial Fiat-Shamir state.
pub(crate) init_challenger_state: <C::Hasher as Hasher<F>>::Permutation,
/// Proof for a single STARK.
pub(crate) proof: StarkProof<F, C, D>,
}

impl<F: RichField + Extendable<D>, C: GenericConfig<D, F = F>, const D: usize> StarkProof<F, C, D> {
/// Recover the length of the trace from a STARK proof and a STARK config.
pub fn recover_degree_bits(&self, config: &StarkConfig) -> usize {
Expand Down
14 changes: 10 additions & 4 deletions evm/src/prover.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ use crate::evaluation_frame::StarkEvaluationFrame;
use crate::generation::{generate_traces, GenerationInputs};
use crate::get_challenges::observe_public_values;
use crate::lookup::{lookup_helper_columns, Lookup, LookupCheckVars};
use crate::proof::{AllProof, PublicValues, StarkOpeningSet, StarkProof};
use crate::proof::{AllProof, PublicValues, StarkOpeningSet, StarkProof, StarkProofWithMetadata};
use crate::stark::Stark;
use crate::vanishing_poly::eval_vanishing_poly;
#[cfg(test)]
Expand Down Expand Up @@ -187,7 +187,7 @@ fn prove_with_commitments<F, C, const D: usize>(
ctl_challenges: &GrandProductChallengeSet<F>,
timing: &mut TimingTree,
abort_signal: Option<Arc<AtomicBool>>,
) -> Result<[StarkProof<F, C, D>; NUM_TABLES]>
) -> Result<[StarkProofWithMetadata<F, C, D>; NUM_TABLES]>
where
F: RichField + Extendable<D>,
C: GenericConfig<D, F = F>,
Expand Down Expand Up @@ -323,7 +323,7 @@ pub(crate) fn prove_single_table<F, C, S, const D: usize>(
challenger: &mut Challenger<F, C::Hasher>,
timing: &mut TimingTree,
abort_signal: Option<Arc<AtomicBool>>,
) -> Result<StarkProof<F, C, D>>
) -> Result<StarkProofWithMetadata<F, C, D>>
where
F: RichField + Extendable<D>,
C: GenericConfig<D, F = F>,
Expand All @@ -341,6 +341,8 @@ where
"FRI total reduction arity is too large.",
);

let init_challenger_state = challenger.compact();

let constraint_degree = stark.constraint_degree();
let lookup_challenges = stark.uses_lookups().then(|| {
ctl_challenges
Expand Down Expand Up @@ -518,12 +520,16 @@ where
)
);

Ok(StarkProof {
let proof = StarkProof {
trace_cap: trace_commitment.merkle_tree.cap.clone(),
auxiliary_polys_cap,
quotient_polys_cap,
openings,
opening_proof,
};
Ok(StarkProofWithMetadata {
init_challenger_state,
proof,
})
}

Expand Down
12 changes: 9 additions & 3 deletions evm/src/recursive_verifier.rs
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,8 @@ use crate::memory::VALUE_LIMBS;
use crate::proof::{
BlockHashes, BlockHashesTarget, BlockMetadata, BlockMetadataTarget, ExtraBlockData,
ExtraBlockDataTarget, PublicValues, PublicValuesTarget, StarkOpeningSetTarget, StarkProof,
StarkProofChallengesTarget, StarkProofTarget, TrieRoots, TrieRootsTarget,
StarkProofChallengesTarget, StarkProofTarget, StarkProofWithMetadata, TrieRoots,
TrieRootsTarget,
};
use crate::stark::Stark;
use crate::util::{h256_limbs, u256_limbs, u256_to_u32, u256_to_u64};
Expand Down Expand Up @@ -146,15 +147,15 @@ where

pub(crate) fn prove(
&self,
proof: &StarkProof<F, C, D>,
proof_with_metadata: &StarkProofWithMetadata<F, C, D>,
ctl_challenges: &GrandProductChallengeSet<F>,
) -> Result<ProofWithPublicInputs<F, C, D>> {
let mut inputs = PartialWitness::new();

set_stark_proof_target(
&mut inputs,
&self.stark_proof_target,
proof,
&proof_with_metadata.proof,
self.zero_target,
);

Expand All @@ -168,6 +169,11 @@ where
inputs.set_target(challenge_target.gamma, challenge.gamma);
}

inputs.set_target_arr(
self.init_challenger_state_target.as_ref(),
proof_with_metadata.init_challenger_state.as_ref(),
);

self.circuit.prove(inputs)
}
}
Expand Down
16 changes: 8 additions & 8 deletions evm/src/verifier.rs
Original file line number Diff line number Diff line change
Expand Up @@ -72,55 +72,55 @@ where

verify_stark_proof_with_challenges(
arithmetic_stark,
&all_proof.stark_proofs[Table::Arithmetic as usize],
&all_proof.stark_proofs[Table::Arithmetic as usize].proof,
&stark_challenges[Table::Arithmetic as usize],
&ctl_vars_per_table[Table::Arithmetic as usize],
&ctl_challenges,
config,
)?;
verify_stark_proof_with_challenges(
byte_packing_stark,
&all_proof.stark_proofs[Table::BytePacking as usize],
&all_proof.stark_proofs[Table::BytePacking as usize].proof,
&stark_challenges[Table::BytePacking as usize],
&ctl_vars_per_table[Table::BytePacking as usize],
&ctl_challenges,
config,
)?;
verify_stark_proof_with_challenges(
cpu_stark,
&all_proof.stark_proofs[Table::Cpu as usize],
&all_proof.stark_proofs[Table::Cpu as usize].proof,
&stark_challenges[Table::Cpu as usize],
&ctl_vars_per_table[Table::Cpu as usize],
&ctl_challenges,
config,
)?;
verify_stark_proof_with_challenges(
keccak_stark,
&all_proof.stark_proofs[Table::Keccak as usize],
&all_proof.stark_proofs[Table::Keccak as usize].proof,
&stark_challenges[Table::Keccak as usize],
&ctl_vars_per_table[Table::Keccak as usize],
&ctl_challenges,
config,
)?;
verify_stark_proof_with_challenges(
keccak_sponge_stark,
&all_proof.stark_proofs[Table::KeccakSponge as usize],
&all_proof.stark_proofs[Table::KeccakSponge as usize].proof,
&stark_challenges[Table::KeccakSponge as usize],
&ctl_vars_per_table[Table::KeccakSponge as usize],
&ctl_challenges,
config,
)?;
verify_stark_proof_with_challenges(
logic_stark,
&all_proof.stark_proofs[Table::Logic as usize],
&all_proof.stark_proofs[Table::Logic as usize].proof,
&stark_challenges[Table::Logic as usize],
&ctl_vars_per_table[Table::Logic as usize],
&ctl_challenges,
config,
)?;
verify_stark_proof_with_challenges(
memory_stark,
&all_proof.stark_proofs[Table::Memory as usize],
&all_proof.stark_proofs[Table::Memory as usize].proof,
&stark_challenges[Table::Memory as usize],
&ctl_vars_per_table[Table::Memory as usize],
&ctl_challenges,
Expand All @@ -142,7 +142,7 @@ where
cross_table_lookups,
all_proof
.stark_proofs
.map(|proof| proof.openings.ctl_zs_first),
.map(|p| p.proof.openings.ctl_zs_first),
extra_looking_sums,
config,
)
Expand Down

0 comments on commit d2598bd

Please sign in to comment.