From c7486c93fcd8037739906874737fe69b6525d73f Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 10 Sep 2025 12:24:36 +0000 Subject: [PATCH 01/15] chore: update gnark-crypto dependency --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 341e196ae..15d4769be 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/blang/semver/v4 v4.0.0 github.com/consensys/bavard v0.2.1 github.com/consensys/compress v0.2.5 - github.com/consensys/gnark-crypto v0.19.1 + github.com/consensys/gnark-crypto v0.19.1-0.20250910093443-1260d09a6a7d github.com/fxamacker/cbor/v2 v2.9.0 github.com/google/go-cmp v0.7.0 github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 @@ -16,7 +16,7 @@ require ( github.com/leanovate/gopter v0.2.11 github.com/ronanh/intcomp v1.1.1 github.com/rs/zerolog v1.34.0 - github.com/stretchr/testify v1.10.0 + github.com/stretchr/testify v1.11.1 golang.org/x/crypto v0.41.0 golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b golang.org/x/sync v0.16.0 diff --git a/go.sum b/go.sum index b0de6a9c1..cb9caf82c 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/consensys/bavard v0.2.1 h1:i2/ZeLXpp7eblPWzUIWf+dtfBocKQIxuiqy9XZlNSf github.com/consensys/bavard v0.2.1/go.mod h1:k/zVjHHC4B+PQy1Pg7fgvG3ALicQw540Crag8qx+dZs= github.com/consensys/compress v0.2.5 h1:gJr1hKzbOD36JFsF1AN8lfXz1yevnJi1YolffY19Ntk= github.com/consensys/compress v0.2.5/go.mod h1:pyM+ZXiNUh7/0+AUjUf9RKUM6vSH7T/fsn5LLS0j1Tk= -github.com/consensys/gnark-crypto v0.19.1 h1:FWO1JDs7A2OajswzwMG7f8l2Zrxc/yOkxSTByKTc3O0= -github.com/consensys/gnark-crypto v0.19.1/go.mod h1:rT23F0XSZqE0mUA0+pRtnL56IbPxs6gp4CeRsBk4XS0= +github.com/consensys/gnark-crypto v0.19.1-0.20250910093443-1260d09a6a7d h1:RgalXrEtn4LcHOx2+NYGS4RN6ju5RMP3VOjQue/QtMk= +github.com/consensys/gnark-crypto v0.19.1-0.20250910093443-1260d09a6a7d/go.mod h1:OgCH7cSoJ46c+nOzvQuwOrIE9fawpXMYOQFzj22Vy3E= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -272,8 +272,8 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= -github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= From 0de4192f3dbf4684661775598e7f4c55b0f4c478 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 10 Sep 2025 12:24:57 +0000 Subject: [PATCH 02/15] chore: go generate --- internal/smallfields/tinyfield/element.go | 30 +++++++++++++- .../smallfields/tinyfield/element_purego.go | 4 +- internal/smallfields/tinyfield/vector.go | 39 +++++++++++++++++++ internal/smallfields/tinyfield/vector_test.go | 19 +++++++++ 4 files changed, 88 insertions(+), 4 deletions(-) diff --git a/internal/smallfields/tinyfield/element.go b/internal/smallfields/tinyfield/element.go index 67ecea6c7..5668136a1 100644 --- a/internal/smallfields/tinyfield/element.go +++ b/internal/smallfields/tinyfield/element.go @@ -482,8 +482,8 @@ func Hash(msg, dst []byte, count int) ([]Element, error) { // Exp z = xᵏ (mod q) func (z *Element) Exp(x Element, k *big.Int) *Element { - if k.IsUint64() && k.Uint64() == 0 { - return z.SetOne() + if k.IsInt64() { + return z.ExpInt64(x, k.Int64()) } e := k @@ -511,6 +511,32 @@ func (z *Element) Exp(x Element, k *big.Int) *Element { return z } +// ExpInt64 z = xᵏ (mod q) +func (z *Element) ExpInt64(x Element, k int64) *Element { + if k == 0 { + return z.SetOne() + } + + if k < 0 { + // negative k, we invert + // if k < 0: xᵏ (mod q) == (x⁻¹)⁻ᵏ (mod q) + x.Inverse(&x) + k = -k // if k == math.MinInt64, -k overflows, but uint64(-k) is correct + } + e := uint64(k) + + z.Set(&x) + + for i := int(bits.Len64(e)) - 2; i >= 0; i-- { + z.Square(z) + if (e>>i)&1 == 1 { + z.Mul(z, &x) + } + } + + return z +} + // rSquare where r is the Montgommery constant // see section 2.3.2 of Tolga Acar's thesis // https://www.microsoft.com/en-us/research/wp-content/uploads/1998/06/97Acar.pdf diff --git a/internal/smallfields/tinyfield/element_purego.go b/internal/smallfields/tinyfield/element_purego.go index f2c070d09..fa36e9ec1 100644 --- a/internal/smallfields/tinyfield/element_purego.go +++ b/internal/smallfields/tinyfield/element_purego.go @@ -8,8 +8,8 @@ package tinyfield // MulBy3 x *= 3 (mod q) func MulBy3(x *Element) { var y Element - y.SetUint64(3) - x.Mul(x, &y) + y.Double(x) + x.Add(x, &y) } // MulBy5 x *= 5 (mod q) diff --git a/internal/smallfields/tinyfield/vector.go b/internal/smallfields/tinyfield/vector.go index ebd9091ef..89fc15b83 100644 --- a/internal/smallfields/tinyfield/vector.go +++ b/internal/smallfields/tinyfield/vector.go @@ -282,6 +282,45 @@ func (vector Vector) SetRandom() error { return nil } +// Exp sets vector[i] = a[i]ᵏ for all i +func (vector Vector) Exp(a Vector, k int64) { + N := len(a) + if N != len(vector) { + panic("vector.Exp: vectors don't have the same length") + } + if k == 0 { + for i := range vector { + vector[i].SetOne() + } + return + } + base := a + exp := k + if k < 0 { + // call batch inverse + base = BatchInvert(a) + exp = -k // if k == math.MinInt64, -k overflows, but uint64(-k) is correct + } else if N > 0 { + // ensure that vector and a are not the same slice; else we need to copy a into base + v0 := &vector[0] // #nosec G602 we check that N > 0 above + a0 := &a[0] // #nosec G602 we check that N > 0 above + if v0 == a0 { + base = make(Vector, N) + copy(base, a) + } + } + + copy(vector, base) + + // Use bits.Len64 to iterate only over significant bits + for i := bits.Len64(uint64(exp)) - 2; i >= 0; i-- { + vector.Mul(vector, vector) + if (uint64(exp)>>uint(i))&1 != 0 { + vector.Mul(vector, base) + } + } +} + // MustSetRandom sets the elements in vector to independent uniform random values in [0, q). // // It panics if reading from crypto/rand.Reader errors. diff --git a/internal/smallfields/tinyfield/vector_test.go b/internal/smallfields/tinyfield/vector_test.go index 965a16465..834a98df5 100644 --- a/internal/smallfields/tinyfield/vector_test.go +++ b/internal/smallfields/tinyfield/vector_test.go @@ -74,6 +74,25 @@ func TestVectorEmptyRoundTrip(t *testing.T) { assert.True(v3.Equal(v2), "vectors should be equal") } +func TestVectorEmptyOps(t *testing.T) { + assert := require.New(t) + + var sum, inner, scalar Element + scalar.SetUint64(42) + empty := make(Vector, 0) + result := make(Vector, 0) + + assert.NotPanics(func() { result.Add(empty, empty) }) + assert.NotPanics(func() { result.Sub(empty, empty) }) + assert.NotPanics(func() { result.ScalarMul(empty, &scalar) }) + assert.NotPanics(func() { result.Mul(empty, empty) }) + assert.NotPanics(func() { sum = empty.Sum() }) + assert.NotPanics(func() { inner = empty.InnerProduct(empty) }) + + assert.True(sum.IsZero()) + assert.True(inner.IsZero()) +} + func (vector *Vector) unmarshalBinaryAsync(data []byte) error { r := bytes.NewReader(data) _, err, chErr := vector.AsyncReadFrom(r) From 2bdcd133368ad340431c76e094e01d19a7772f7b Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 10 Sep 2025 13:02:33 +0000 Subject: [PATCH 03/15] chore: use generic bitreverse --- test/unsafekzg/kzgsrs.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/test/unsafekzg/kzgsrs.go b/test/unsafekzg/kzgsrs.go index 5378e971a..bcbdf9489 100644 --- a/test/unsafekzg/kzgsrs.go +++ b/test/unsafekzg/kzgsrs.go @@ -16,6 +16,7 @@ import ( "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/kzg" + gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/constraint" "github.com/consensys/gnark/internal/utils" "github.com/consensys/gnark/logger" @@ -209,7 +210,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bn254.NewDomain(size) d.FFTInverse(pAlpha, fft_bn254.DIF) - fft_bn254.BitReverse(pAlpha) + gcutils.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bn254.Generators() @@ -231,7 +232,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls12381.NewDomain(size) d.FFTInverse(pAlpha, fft_bls12381.DIF) - fft_bls12381.BitReverse(pAlpha) + gcutils.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bls12381.Generators() @@ -253,7 +254,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls12377.NewDomain(size) d.FFTInverse(pAlpha, fft_bls12377.DIF) - fft_bls12377.BitReverse(pAlpha) + gcutils.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bls12377.Generators() @@ -276,7 +277,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bw6761.NewDomain(size) d.FFTInverse(pAlpha, fft_bw6761.DIF) - fft_bw6761.BitReverse(pAlpha) + gcutils.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bw6761.Generators() @@ -299,7 +300,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls24317.NewDomain(size) d.FFTInverse(pAlpha, fft_bls24317.DIF) - fft_bls24317.BitReverse(pAlpha) + gcutils.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bls24317.Generators() @@ -322,7 +323,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls24315.NewDomain(size) d.FFTInverse(pAlpha, fft_bls24315.DIF) - fft_bls24315.BitReverse(pAlpha) + gcutils.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bls24315.Generators() @@ -345,7 +346,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bw6633.NewDomain(size) d.FFTInverse(pAlpha, fft_bw6633.DIF) - fft_bw6633.BitReverse(pAlpha) + gcutils.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bw6633.Generators() From 873e4a50ae5dabeaaa91311b0e2d751983b0ec35 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 10 Sep 2025 13:13:14 +0000 Subject: [PATCH 04/15] chore: more uses of BitReverse --- backend/plonk/bls12-377/prove.go | 5 +++-- backend/plonk/bls12-381/prove.go | 5 +++-- backend/plonk/bls24-315/prove.go | 5 +++-- backend/plonk/bls24-317/prove.go | 5 +++-- backend/plonk/bn254/prove.go | 5 +++-- backend/plonk/bw6-633/prove.go | 5 +++-- backend/plonk/bw6-761/prove.go | 5 +++-- internal/generator/backend/template/gkr/gate_testing.go.tmpl | 3 ++- .../backend/template/zkpschemes/plonk/plonk.prove.go.tmpl | 5 +++-- internal/gkr/bls12-377/gate_testing.go | 3 ++- internal/gkr/bls12-381/gate_testing.go | 3 ++- internal/gkr/bls24-315/gate_testing.go | 3 ++- internal/gkr/bls24-317/gate_testing.go | 3 ++- internal/gkr/bn254/gate_testing.go | 3 ++- internal/gkr/bw6-633/gate_testing.go | 3 ++- internal/gkr/bw6-761/gate_testing.go | 3 ++- 16 files changed, 40 insertions(+), 24 deletions(-) diff --git a/backend/plonk/bls12-377/prove.go b/backend/plonk/bls12-377/prove.go index 94dddc9c8..021f5cafd 100644 --- a/backend/plonk/bls12-377/prove.go +++ b/backend/plonk/bls12-377/prove.go @@ -19,6 +19,7 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" + gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bls12-377" @@ -907,7 +908,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +949,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bls12-381/prove.go b/backend/plonk/bls12-381/prove.go index 7792f9dd6..f43ea777e 100644 --- a/backend/plonk/bls12-381/prove.go +++ b/backend/plonk/bls12-381/prove.go @@ -19,6 +19,7 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" + gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bls12-381" @@ -907,7 +908,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +949,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bls24-315/prove.go b/backend/plonk/bls24-315/prove.go index 5b1653c4c..2e1cab6bb 100644 --- a/backend/plonk/bls24-315/prove.go +++ b/backend/plonk/bls24-315/prove.go @@ -19,6 +19,7 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" + gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bls24-315" @@ -907,7 +908,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +949,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bls24-317/prove.go b/backend/plonk/bls24-317/prove.go index 8d81908be..7bd092701 100644 --- a/backend/plonk/bls24-317/prove.go +++ b/backend/plonk/bls24-317/prove.go @@ -19,6 +19,7 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" + gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bls24-317" @@ -907,7 +908,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +949,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bn254/prove.go b/backend/plonk/bn254/prove.go index 9b52a4c71..c510d2956 100644 --- a/backend/plonk/bn254/prove.go +++ b/backend/plonk/bn254/prove.go @@ -19,6 +19,7 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" + gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bn254" @@ -907,7 +908,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +949,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bw6-633/prove.go b/backend/plonk/bw6-633/prove.go index e3079d805..25b295d5d 100644 --- a/backend/plonk/bw6-633/prove.go +++ b/backend/plonk/bw6-633/prove.go @@ -19,6 +19,7 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" + gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bw6-633" @@ -907,7 +908,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +949,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bw6-761/prove.go b/backend/plonk/bw6-761/prove.go index cc44cac2a..a87e2589b 100644 --- a/backend/plonk/bw6-761/prove.go +++ b/backend/plonk/bw6-761/prove.go @@ -19,6 +19,7 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" + gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bw6-761" @@ -907,7 +908,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +949,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/internal/generator/backend/template/gkr/gate_testing.go.tmpl b/internal/generator/backend/template/gkr/gate_testing.go.tmpl index 8c78af347..bb272e1a7 100644 --- a/internal/generator/backend/template/gkr/gate_testing.go.tmpl +++ b/internal/generator/backend/template/gkr/gate_testing.go.tmpl @@ -6,6 +6,7 @@ import ( "github.com/consensys/gnark/std/gkrapi/gkr" "{{.FieldPackagePath}}" {{- if .CanUseFFT }} + gcutils "github.com/consensys/gnark-crypto/utils" "{{.FieldPackagePath}}/fft" "sync"{{- else}} "errors"{{- end }} @@ -89,7 +90,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + gcutils.BitReverse(p) {{- else }} x := make({{.FieldPackageName}}.Vector, degreeBound) x.MustSetRandom() diff --git a/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl b/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl index f3cf53a4f..6d6f4fd03 100644 --- a/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl @@ -12,6 +12,7 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" + gcutils "github.com/consensys/gnark-crypto/utils" {{ template "import_curve" . }} {{ template "import_fr" . }} {{ template "import_fft" . }} @@ -895,7 +896,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -936,7 +937,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + gcutils.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/internal/gkr/bls12-377/gate_testing.go b/internal/gkr/bls12-377/gate_testing.go index 415a5ff5b..4b6751c3f 100644 --- a/internal/gkr/bls12-377/gate_testing.go +++ b/internal/gkr/bls12-377/gate_testing.go @@ -16,6 +16,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial" + gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -94,7 +95,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + gcutils.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bls12-381/gate_testing.go b/internal/gkr/bls12-381/gate_testing.go index ef7694dc1..78fd205b1 100644 --- a/internal/gkr/bls12-381/gate_testing.go +++ b/internal/gkr/bls12-381/gate_testing.go @@ -16,6 +16,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial" + gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -94,7 +95,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + gcutils.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bls24-315/gate_testing.go b/internal/gkr/bls24-315/gate_testing.go index 1682d2477..8f842b6b8 100644 --- a/internal/gkr/bls24-315/gate_testing.go +++ b/internal/gkr/bls24-315/gate_testing.go @@ -16,6 +16,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial" + gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -94,7 +95,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + gcutils.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bls24-317/gate_testing.go b/internal/gkr/bls24-317/gate_testing.go index 1bffab29e..f4ac945e0 100644 --- a/internal/gkr/bls24-317/gate_testing.go +++ b/internal/gkr/bls24-317/gate_testing.go @@ -16,6 +16,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr/polynomial" + gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -94,7 +95,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + gcutils.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bn254/gate_testing.go b/internal/gkr/bn254/gate_testing.go index 716ba3891..b156f8727 100644 --- a/internal/gkr/bn254/gate_testing.go +++ b/internal/gkr/bn254/gate_testing.go @@ -16,6 +16,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bn254/fr" "github.com/consensys/gnark-crypto/ecc/bn254/fr/fft" "github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial" + gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -94,7 +95,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + gcutils.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bw6-633/gate_testing.go b/internal/gkr/bw6-633/gate_testing.go index 0fafa45a0..3897d3fde 100644 --- a/internal/gkr/bw6-633/gate_testing.go +++ b/internal/gkr/bw6-633/gate_testing.go @@ -16,6 +16,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr/fft" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr/polynomial" + gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -94,7 +95,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + gcutils.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bw6-761/gate_testing.go b/internal/gkr/bw6-761/gate_testing.go index 6eda2ebe7..6148a4955 100644 --- a/internal/gkr/bw6-761/gate_testing.go +++ b/internal/gkr/bw6-761/gate_testing.go @@ -16,6 +16,7 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/fft" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial" + gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -94,7 +95,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + gcutils.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() From 9c630845e026f01aaf087189d3ad287afc3aa7f1 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Fri, 14 Nov 2025 11:30:47 +0000 Subject: [PATCH 05/15] Revert "chore: more uses of BitReverse" This reverts commit 0e6e75cff7dba263013e5aaef4969bde51092c30. --- backend/plonk/bls12-377/prove.go | 5 ++--- backend/plonk/bls12-381/prove.go | 5 ++--- backend/plonk/bls24-315/prove.go | 5 ++--- backend/plonk/bls24-317/prove.go | 5 ++--- backend/plonk/bn254/prove.go | 5 ++--- backend/plonk/bw6-633/prove.go | 5 ++--- backend/plonk/bw6-761/prove.go | 5 ++--- internal/generator/backend/template/gkr/gate_testing.go.tmpl | 3 +-- .../backend/template/zkpschemes/plonk/plonk.prove.go.tmpl | 5 ++--- internal/gkr/bls12-377/gate_testing.go | 3 +-- internal/gkr/bls12-381/gate_testing.go | 3 +-- internal/gkr/bls24-315/gate_testing.go | 3 +-- internal/gkr/bls24-317/gate_testing.go | 3 +-- internal/gkr/bn254/gate_testing.go | 3 +-- internal/gkr/bw6-633/gate_testing.go | 3 +-- internal/gkr/bw6-761/gate_testing.go | 3 +-- 16 files changed, 24 insertions(+), 40 deletions(-) diff --git a/backend/plonk/bls12-377/prove.go b/backend/plonk/bls12-377/prove.go index 021f5cafd..94dddc9c8 100644 --- a/backend/plonk/bls12-377/prove.go +++ b/backend/plonk/bls12-377/prove.go @@ -19,7 +19,6 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" - gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bls12-377" @@ -908,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -949,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bls12-381/prove.go b/backend/plonk/bls12-381/prove.go index f43ea777e..7792f9dd6 100644 --- a/backend/plonk/bls12-381/prove.go +++ b/backend/plonk/bls12-381/prove.go @@ -19,7 +19,6 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" - gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bls12-381" @@ -908,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -949,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bls24-315/prove.go b/backend/plonk/bls24-315/prove.go index 2e1cab6bb..5b1653c4c 100644 --- a/backend/plonk/bls24-315/prove.go +++ b/backend/plonk/bls24-315/prove.go @@ -19,7 +19,6 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" - gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bls24-315" @@ -908,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -949,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bls24-317/prove.go b/backend/plonk/bls24-317/prove.go index 7bd092701..8d81908be 100644 --- a/backend/plonk/bls24-317/prove.go +++ b/backend/plonk/bls24-317/prove.go @@ -19,7 +19,6 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" - gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bls24-317" @@ -908,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -949,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bn254/prove.go b/backend/plonk/bn254/prove.go index c510d2956..9b52a4c71 100644 --- a/backend/plonk/bn254/prove.go +++ b/backend/plonk/bn254/prove.go @@ -19,7 +19,6 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" - gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bn254" @@ -908,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -949,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bw6-633/prove.go b/backend/plonk/bw6-633/prove.go index 25b295d5d..e3079d805 100644 --- a/backend/plonk/bw6-633/prove.go +++ b/backend/plonk/bw6-633/prove.go @@ -19,7 +19,6 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" - gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bw6-633" @@ -908,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -949,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bw6-761/prove.go b/backend/plonk/bw6-761/prove.go index a87e2589b..cc44cac2a 100644 --- a/backend/plonk/bw6-761/prove.go +++ b/backend/plonk/bw6-761/prove.go @@ -19,7 +19,6 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" - gcutils "github.com/consensys/gnark-crypto/utils" curve "github.com/consensys/gnark-crypto/ecc/bw6-761" @@ -908,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -949,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/internal/generator/backend/template/gkr/gate_testing.go.tmpl b/internal/generator/backend/template/gkr/gate_testing.go.tmpl index bb272e1a7..8c78af347 100644 --- a/internal/generator/backend/template/gkr/gate_testing.go.tmpl +++ b/internal/generator/backend/template/gkr/gate_testing.go.tmpl @@ -6,7 +6,6 @@ import ( "github.com/consensys/gnark/std/gkrapi/gkr" "{{.FieldPackagePath}}" {{- if .CanUseFFT }} - gcutils "github.com/consensys/gnark-crypto/utils" "{{.FieldPackagePath}}/fft" "sync"{{- else}} "errors"{{- end }} @@ -90,7 +89,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - gcutils.BitReverse(p) + fft.BitReverse(p) {{- else }} x := make({{.FieldPackageName}}.Vector, degreeBound) x.MustSetRandom() diff --git a/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl b/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl index 6d6f4fd03..f3cf53a4f 100644 --- a/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl @@ -12,7 +12,6 @@ import ( "golang.org/x/sync/errgroup" "github.com/consensys/gnark-crypto/ecc" - gcutils "github.com/consensys/gnark-crypto/utils" {{ template "import_curve" . }} {{ template "import_fr" . }} {{ template "import_fft" . }} @@ -896,7 +895,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) // pre-computed to compute the bit reverse index // of the result polynomial @@ -937,7 +936,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - gcutils.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) } // we do **a lot** of FFT here, but on the small domain. diff --git a/internal/gkr/bls12-377/gate_testing.go b/internal/gkr/bls12-377/gate_testing.go index 4b6751c3f..415a5ff5b 100644 --- a/internal/gkr/bls12-377/gate_testing.go +++ b/internal/gkr/bls12-377/gate_testing.go @@ -16,7 +16,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-377/fr" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls12-377/fr/polynomial" - gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -95,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - gcutils.BitReverse(p) + fft.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bls12-381/gate_testing.go b/internal/gkr/bls12-381/gate_testing.go index 78fd205b1..ef7694dc1 100644 --- a/internal/gkr/bls12-381/gate_testing.go +++ b/internal/gkr/bls12-381/gate_testing.go @@ -16,7 +16,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls12-381/fr" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls12-381/fr/polynomial" - gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -95,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - gcutils.BitReverse(p) + fft.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bls24-315/gate_testing.go b/internal/gkr/bls24-315/gate_testing.go index 8f842b6b8..1682d2477 100644 --- a/internal/gkr/bls24-315/gate_testing.go +++ b/internal/gkr/bls24-315/gate_testing.go @@ -16,7 +16,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-315/fr" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls24-315/fr/polynomial" - gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -95,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - gcutils.BitReverse(p) + fft.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bls24-317/gate_testing.go b/internal/gkr/bls24-317/gate_testing.go index f4ac945e0..1bffab29e 100644 --- a/internal/gkr/bls24-317/gate_testing.go +++ b/internal/gkr/bls24-317/gate_testing.go @@ -16,7 +16,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bls24-317/fr" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr/fft" "github.com/consensys/gnark-crypto/ecc/bls24-317/fr/polynomial" - gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -95,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - gcutils.BitReverse(p) + fft.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bn254/gate_testing.go b/internal/gkr/bn254/gate_testing.go index b156f8727..716ba3891 100644 --- a/internal/gkr/bn254/gate_testing.go +++ b/internal/gkr/bn254/gate_testing.go @@ -16,7 +16,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bn254/fr" "github.com/consensys/gnark-crypto/ecc/bn254/fr/fft" "github.com/consensys/gnark-crypto/ecc/bn254/fr/polynomial" - gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -95,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - gcutils.BitReverse(p) + fft.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bw6-633/gate_testing.go b/internal/gkr/bw6-633/gate_testing.go index 3897d3fde..0fafa45a0 100644 --- a/internal/gkr/bw6-633/gate_testing.go +++ b/internal/gkr/bw6-633/gate_testing.go @@ -16,7 +16,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-633/fr" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr/fft" "github.com/consensys/gnark-crypto/ecc/bw6-633/fr/polynomial" - gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -95,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - gcutils.BitReverse(p) + fft.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bw6-761/gate_testing.go b/internal/gkr/bw6-761/gate_testing.go index 6148a4955..6eda2ebe7 100644 --- a/internal/gkr/bw6-761/gate_testing.go +++ b/internal/gkr/bw6-761/gate_testing.go @@ -16,7 +16,6 @@ import ( "github.com/consensys/gnark-crypto/ecc/bw6-761/fr" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/fft" "github.com/consensys/gnark-crypto/ecc/bw6-761/fr/polynomial" - gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/std/gkrapi/gkr" ) @@ -95,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - gcutils.BitReverse(p) + fft.BitReverse(p) // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() From c2f483ed0a621f62e0c9f9343606ea8282ec5dde Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Fri, 14 Nov 2025 11:31:04 +0000 Subject: [PATCH 06/15] Revert "chore: use generic bitreverse" This reverts commit 8f6bfe80128af31bc5a5258cf2234f794e199a77. --- test/unsafekzg/kzgsrs.go | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/test/unsafekzg/kzgsrs.go b/test/unsafekzg/kzgsrs.go index bcbdf9489..5378e971a 100644 --- a/test/unsafekzg/kzgsrs.go +++ b/test/unsafekzg/kzgsrs.go @@ -16,7 +16,6 @@ import ( "github.com/consensys/gnark-crypto/ecc" "github.com/consensys/gnark-crypto/kzg" - gcutils "github.com/consensys/gnark-crypto/utils" "github.com/consensys/gnark/constraint" "github.com/consensys/gnark/internal/utils" "github.com/consensys/gnark/logger" @@ -210,7 +209,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bn254.NewDomain(size) d.FFTInverse(pAlpha, fft_bn254.DIF) - gcutils.BitReverse(pAlpha) + fft_bn254.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bn254.Generators() @@ -232,7 +231,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls12381.NewDomain(size) d.FFTInverse(pAlpha, fft_bls12381.DIF) - gcutils.BitReverse(pAlpha) + fft_bls12381.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bls12381.Generators() @@ -254,7 +253,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls12377.NewDomain(size) d.FFTInverse(pAlpha, fft_bls12377.DIF) - gcutils.BitReverse(pAlpha) + fft_bls12377.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bls12377.Generators() @@ -277,7 +276,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bw6761.NewDomain(size) d.FFTInverse(pAlpha, fft_bw6761.DIF) - gcutils.BitReverse(pAlpha) + fft_bw6761.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bw6761.Generators() @@ -300,7 +299,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls24317.NewDomain(size) d.FFTInverse(pAlpha, fft_bls24317.DIF) - gcutils.BitReverse(pAlpha) + fft_bls24317.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bls24317.Generators() @@ -323,7 +322,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls24315.NewDomain(size) d.FFTInverse(pAlpha, fft_bls24315.DIF) - gcutils.BitReverse(pAlpha) + fft_bls24315.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bls24315.Generators() @@ -346,7 +345,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bw6633.NewDomain(size) d.FFTInverse(pAlpha, fft_bw6633.DIF) - gcutils.BitReverse(pAlpha) + fft_bw6633.BitReverse(pAlpha) // bath scalar mul _, _, g1gen, _ := bw6633.Generators() From d0b8fd0ddf6540cc0fc31deb27d86fc780d96f31 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Fri, 14 Nov 2025 11:34:13 +0000 Subject: [PATCH 07/15] chore: update to latest gnark-crypto and generate --- go.mod | 2 +- go.sum | 4 ++-- internal/smallfields/tinyfield/element.go | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 15d4769be..bf3a2a2fa 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/blang/semver/v4 v4.0.0 github.com/consensys/bavard v0.2.1 github.com/consensys/compress v0.2.5 - github.com/consensys/gnark-crypto v0.19.1-0.20250910093443-1260d09a6a7d + github.com/consensys/gnark-crypto v0.19.3-0.20251114101102-c7c3213680f8 github.com/fxamacker/cbor/v2 v2.9.0 github.com/google/go-cmp v0.7.0 github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 diff --git a/go.sum b/go.sum index cb9caf82c..f5fdc8c69 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/consensys/bavard v0.2.1 h1:i2/ZeLXpp7eblPWzUIWf+dtfBocKQIxuiqy9XZlNSf github.com/consensys/bavard v0.2.1/go.mod h1:k/zVjHHC4B+PQy1Pg7fgvG3ALicQw540Crag8qx+dZs= github.com/consensys/compress v0.2.5 h1:gJr1hKzbOD36JFsF1AN8lfXz1yevnJi1YolffY19Ntk= github.com/consensys/compress v0.2.5/go.mod h1:pyM+ZXiNUh7/0+AUjUf9RKUM6vSH7T/fsn5LLS0j1Tk= -github.com/consensys/gnark-crypto v0.19.1-0.20250910093443-1260d09a6a7d h1:RgalXrEtn4LcHOx2+NYGS4RN6ju5RMP3VOjQue/QtMk= -github.com/consensys/gnark-crypto v0.19.1-0.20250910093443-1260d09a6a7d/go.mod h1:OgCH7cSoJ46c+nOzvQuwOrIE9fawpXMYOQFzj22Vy3E= +github.com/consensys/gnark-crypto v0.19.3-0.20251114101102-c7c3213680f8 h1:47ph0eGnz4NgmCdROVZvR4tMwwAanu0dsdMdA8DXmuk= +github.com/consensys/gnark-crypto v0.19.3-0.20251114101102-c7c3213680f8/go.mod h1:OgCH7cSoJ46c+nOzvQuwOrIE9fawpXMYOQFzj22Vy3E= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= diff --git a/internal/smallfields/tinyfield/element.go b/internal/smallfields/tinyfield/element.go index 5668136a1..87fc61520 100644 --- a/internal/smallfields/tinyfield/element.go +++ b/internal/smallfields/tinyfield/element.go @@ -855,6 +855,7 @@ var ( func init() { _bLegendreExponentElement, _ = new(big.Int).SetString("17", 16) const sqrtExponentElement = "c" + const sqrtExponent2Element = "b" _bSqrtExponentElement, _ = new(big.Int).SetString(sqrtExponentElement, 16) } From 4de3fa797080a6fbf75102ed99ec6d573250f13c Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Fri, 14 Nov 2025 11:43:02 +0000 Subject: [PATCH 08/15] chore: add nolint directive to BitReverse --- backend/plonk/bls12-377/prove.go | 4 ++-- backend/plonk/bls12-381/prove.go | 4 ++-- backend/plonk/bls24-315/prove.go | 4 ++-- backend/plonk/bls24-317/prove.go | 4 ++-- backend/plonk/bn254/prove.go | 4 ++-- backend/plonk/bw6-633/prove.go | 4 ++-- backend/plonk/bw6-761/prove.go | 4 ++-- .../backend/template/gkr/gate_testing.go.tmpl | 2 +- .../template/zkpschemes/plonk/plonk.prove.go.tmpl | 4 ++-- internal/gkr/bls12-377/gate_testing.go | 2 +- internal/gkr/bls12-381/gate_testing.go | 2 +- internal/gkr/bls24-315/gate_testing.go | 2 +- internal/gkr/bls24-317/gate_testing.go | 2 +- internal/gkr/bn254/gate_testing.go | 2 +- internal/gkr/bw6-633/gate_testing.go | 2 +- internal/gkr/bw6-761/gate_testing.go | 2 +- test/unsafekzg/kzgsrs.go | 14 +++++++------- 17 files changed, 31 insertions(+), 31 deletions(-) diff --git a/backend/plonk/bls12-377/prove.go b/backend/plonk/bls12-377/prove.go index 94dddc9c8..e29c36690 100644 --- a/backend/plonk/bls12-377/prove.go +++ b/backend/plonk/bls12-377/prove.go @@ -907,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bls12-381/prove.go b/backend/plonk/bls12-381/prove.go index 7792f9dd6..3a76d66a9 100644 --- a/backend/plonk/bls12-381/prove.go +++ b/backend/plonk/bls12-381/prove.go @@ -907,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bls24-315/prove.go b/backend/plonk/bls24-315/prove.go index 5b1653c4c..9f2869287 100644 --- a/backend/plonk/bls24-315/prove.go +++ b/backend/plonk/bls24-315/prove.go @@ -907,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bls24-317/prove.go b/backend/plonk/bls24-317/prove.go index 8d81908be..e201981d3 100644 --- a/backend/plonk/bls24-317/prove.go +++ b/backend/plonk/bls24-317/prove.go @@ -907,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bn254/prove.go b/backend/plonk/bn254/prove.go index 9b52a4c71..6c7862a61 100644 --- a/backend/plonk/bn254/prove.go +++ b/backend/plonk/bn254/prove.go @@ -907,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bw6-633/prove.go b/backend/plonk/bw6-633/prove.go index e3079d805..414c88067 100644 --- a/backend/plonk/bw6-633/prove.go +++ b/backend/plonk/bw6-633/prove.go @@ -907,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible } // we do **a lot** of FFT here, but on the small domain. diff --git a/backend/plonk/bw6-761/prove.go b/backend/plonk/bw6-761/prove.go index cc44cac2a..ea2aeeba6 100644 --- a/backend/plonk/bw6-761/prove.go +++ b/backend/plonk/bw6-761/prove.go @@ -907,7 +907,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible // pre-computed to compute the bit reverse index // of the result polynomial @@ -948,7 +948,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible } // we do **a lot** of FFT here, but on the small domain. diff --git a/internal/generator/backend/template/gkr/gate_testing.go.tmpl b/internal/generator/backend/template/gkr/gate_testing.go.tmpl index 8c78af347..53b6cea3b 100644 --- a/internal/generator/backend/template/gkr/gate_testing.go.tmpl +++ b/internal/generator/backend/template/gkr/gate_testing.go.tmpl @@ -89,7 +89,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + fft.BitReverse(p) //nolint:staticcheck // method is backwards compatible {{- else }} x := make({{.FieldPackageName}}.Vector, degreeBound) x.MustSetRandom() diff --git a/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl b/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl index f3cf53a4f..7eedb21b6 100644 --- a/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl +++ b/internal/generator/backend/template/zkpschemes/plonk/plonk.prove.go.tmpl @@ -895,7 +895,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { scalingVector := cosetTable scalingVectorRev := make([]fr.Element, len(cosetTable)) copy(scalingVectorRev, cosetTable) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible // pre-computed to compute the bit reverse index // of the result polynomial @@ -936,7 +936,7 @@ func (s *instance) computeNumerator() (*iop.Polynomial, error) { // reuse memory copy(scalingVectorRev, scalingVector) - fft.BitReverse(scalingVectorRev) + fft.BitReverse(scalingVectorRev) //nolint:staticcheck // method is backwards compatible } // we do **a lot** of FFT here, but on the small domain. diff --git a/internal/gkr/bls12-377/gate_testing.go b/internal/gkr/bls12-377/gate_testing.go index 415a5ff5b..33bb277a4 100644 --- a/internal/gkr/bls12-377/gate_testing.go +++ b/internal/gkr/bls12-377/gate_testing.go @@ -94,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + fft.BitReverse(p) //nolint:staticcheck // method is backwards compatible // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bls12-381/gate_testing.go b/internal/gkr/bls12-381/gate_testing.go index ef7694dc1..0ba46e4c9 100644 --- a/internal/gkr/bls12-381/gate_testing.go +++ b/internal/gkr/bls12-381/gate_testing.go @@ -94,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + fft.BitReverse(p) //nolint:staticcheck // method is backwards compatible // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bls24-315/gate_testing.go b/internal/gkr/bls24-315/gate_testing.go index 1682d2477..bb8800daa 100644 --- a/internal/gkr/bls24-315/gate_testing.go +++ b/internal/gkr/bls24-315/gate_testing.go @@ -94,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + fft.BitReverse(p) //nolint:staticcheck // method is backwards compatible // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bls24-317/gate_testing.go b/internal/gkr/bls24-317/gate_testing.go index 1bffab29e..554beff96 100644 --- a/internal/gkr/bls24-317/gate_testing.go +++ b/internal/gkr/bls24-317/gate_testing.go @@ -94,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + fft.BitReverse(p) //nolint:staticcheck // method is backwards compatible // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bn254/gate_testing.go b/internal/gkr/bn254/gate_testing.go index 716ba3891..053b09e83 100644 --- a/internal/gkr/bn254/gate_testing.go +++ b/internal/gkr/bn254/gate_testing.go @@ -94,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + fft.BitReverse(p) //nolint:staticcheck // method is backwards compatible // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bw6-633/gate_testing.go b/internal/gkr/bw6-633/gate_testing.go index 0fafa45a0..2ba22eccd 100644 --- a/internal/gkr/bw6-633/gate_testing.go +++ b/internal/gkr/bw6-633/gate_testing.go @@ -94,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + fft.BitReverse(p) //nolint:staticcheck // method is backwards compatible // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/internal/gkr/bw6-761/gate_testing.go b/internal/gkr/bw6-761/gate_testing.go index 6eda2ebe7..56ffa56fb 100644 --- a/internal/gkr/bw6-761/gate_testing.go +++ b/internal/gkr/bw6-761/gate_testing.go @@ -94,7 +94,7 @@ func (f gateFunctionFr) fitPoly(nbIn int, degreeBound uint64) polynomial.Polynom // obtain p's coefficients domain.FFTInverse(p, fft.DIF) - fft.BitReverse(p) + fft.BitReverse(p) //nolint:staticcheck // method is backwards compatible // check if p is equal to f. This not being the case means that f is of a degree higher than degreeBound fIn[0].MustSetRandom() diff --git a/test/unsafekzg/kzgsrs.go b/test/unsafekzg/kzgsrs.go index 5378e971a..b3018500b 100644 --- a/test/unsafekzg/kzgsrs.go +++ b/test/unsafekzg/kzgsrs.go @@ -209,7 +209,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bn254.NewDomain(size) d.FFTInverse(pAlpha, fft_bn254.DIF) - fft_bn254.BitReverse(pAlpha) + fft_bn254.BitReverse(pAlpha) //nolint:staticcheck // method is backwards compatible // bath scalar mul _, _, g1gen, _ := bn254.Generators() @@ -231,7 +231,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls12381.NewDomain(size) d.FFTInverse(pAlpha, fft_bls12381.DIF) - fft_bls12381.BitReverse(pAlpha) + fft_bls12381.BitReverse(pAlpha) //nolint:staticcheck // method is backwards compatible // bath scalar mul _, _, g1gen, _ := bls12381.Generators() @@ -253,7 +253,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls12377.NewDomain(size) d.FFTInverse(pAlpha, fft_bls12377.DIF) - fft_bls12377.BitReverse(pAlpha) + fft_bls12377.BitReverse(pAlpha) //nolint:staticcheck // method is backwards compatible // bath scalar mul _, _, g1gen, _ := bls12377.Generators() @@ -276,7 +276,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bw6761.NewDomain(size) d.FFTInverse(pAlpha, fft_bw6761.DIF) - fft_bw6761.BitReverse(pAlpha) + fft_bw6761.BitReverse(pAlpha) //nolint:staticcheck // method is backwards compatible // bath scalar mul _, _, g1gen, _ := bw6761.Generators() @@ -299,7 +299,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls24317.NewDomain(size) d.FFTInverse(pAlpha, fft_bls24317.DIF) - fft_bls24317.BitReverse(pAlpha) + fft_bls24317.BitReverse(pAlpha) //nolint:staticcheck // method is backwards compatible // bath scalar mul _, _, g1gen, _ := bls24317.Generators() @@ -322,7 +322,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bls24315.NewDomain(size) d.FFTInverse(pAlpha, fft_bls24315.DIF) - fft_bls24315.BitReverse(pAlpha) + fft_bls24315.BitReverse(pAlpha) //nolint:staticcheck // method is backwards compatible // bath scalar mul _, _, g1gen, _ := bls24315.Generators() @@ -345,7 +345,7 @@ func toLagrange(canonicalSRS kzg.SRS, tau *big.Int) kzg.SRS { // do a fft on this. d := fft_bw6633.NewDomain(size) d.FFTInverse(pAlpha, fft_bw6633.DIF) - fft_bw6633.BitReverse(pAlpha) + fft_bw6633.BitReverse(pAlpha) //nolint:staticcheck // method is backwards compatible // bath scalar mul _, _, g1gen, _ := bw6633.Generators() From 05c5d00739a108ca90d37fb37f815c636c5c73ac Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 10 Sep 2025 12:16:20 +0000 Subject: [PATCH 09/15] test: handle gnark-crypto returning non-malleable signatures --- go.mod | 2 +- go.sum | 4 ++-- std/evmprecompiles/01-ecrecover_test.go | 18 ++++++++++++------ 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index bf3a2a2fa..f732df9da 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/blang/semver/v4 v4.0.0 github.com/consensys/bavard v0.2.1 github.com/consensys/compress v0.2.5 - github.com/consensys/gnark-crypto v0.19.3-0.20251114101102-c7c3213680f8 + github.com/consensys/gnark-crypto v0.19.3-0.20251114114652-a5d1e2d67d6e github.com/fxamacker/cbor/v2 v2.9.0 github.com/google/go-cmp v0.7.0 github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 diff --git a/go.sum b/go.sum index f5fdc8c69..36cc5d29a 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/consensys/bavard v0.2.1 h1:i2/ZeLXpp7eblPWzUIWf+dtfBocKQIxuiqy9XZlNSf github.com/consensys/bavard v0.2.1/go.mod h1:k/zVjHHC4B+PQy1Pg7fgvG3ALicQw540Crag8qx+dZs= github.com/consensys/compress v0.2.5 h1:gJr1hKzbOD36JFsF1AN8lfXz1yevnJi1YolffY19Ntk= github.com/consensys/compress v0.2.5/go.mod h1:pyM+ZXiNUh7/0+AUjUf9RKUM6vSH7T/fsn5LLS0j1Tk= -github.com/consensys/gnark-crypto v0.19.3-0.20251114101102-c7c3213680f8 h1:47ph0eGnz4NgmCdROVZvR4tMwwAanu0dsdMdA8DXmuk= -github.com/consensys/gnark-crypto v0.19.3-0.20251114101102-c7c3213680f8/go.mod h1:OgCH7cSoJ46c+nOzvQuwOrIE9fawpXMYOQFzj22Vy3E= +github.com/consensys/gnark-crypto v0.19.3-0.20251114114652-a5d1e2d67d6e h1:+irrCTA6bOfWf3z2+cQCVr3aKdLaPErPpS01ANFWV1k= +github.com/consensys/gnark-crypto v0.19.3-0.20251114114652-a5d1e2d67d6e/go.mod h1:OgCH7cSoJ46c+nOzvQuwOrIE9fawpXMYOQFzj22Vy3E= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= diff --git a/std/evmprecompiles/01-ecrecover_test.go b/std/evmprecompiles/01-ecrecover_test.go index 6a4bf3085..defe6e694 100644 --- a/std/evmprecompiles/01-ecrecover_test.go +++ b/std/evmprecompiles/01-ecrecover_test.go @@ -60,7 +60,7 @@ func (c *ecrecoverCircuit) Define(api frontend.API) error { return nil } -func testRoutineECRecover(t *testing.T, wantStrict bool) (circ, wit *ecrecoverCircuit, largeS bool) { +func testRoutineECRecover(t *testing.T, wantStrict bool, forceLargeS bool) (circ, wit *ecrecoverCircuit, largeS bool) { halfFr := new(big.Int).Sub(fr.Modulus(), big.NewInt(1)) halfFr.Div(halfFr, big.NewInt(2)) @@ -77,6 +77,12 @@ func testRoutineECRecover(t *testing.T, wantStrict bool) (circ, wit *ecrecoverCi if err != nil { t.Fatal("sign", err) } + // SignForRecover always returns s < r_mod/2. But in the tests we want + // to check that the circuit fails when s > r_mod/2 in strict mode. + if forceLargeS && s.Cmp(halfFr) <= 0 { + s.Sub(fr.Modulus(), s) + } + if !wantStrict || halfFr.Cmp(s) > 0 { break } @@ -103,14 +109,14 @@ func testRoutineECRecover(t *testing.T, wantStrict bool) (circ, wit *ecrecoverCi func TestECRecoverCircuitShortStrict(t *testing.T) { assert := test.NewAssert(t) - circuit, witness, _ := testRoutineECRecover(t, true) + circuit, witness, _ := testRoutineECRecover(t, true, false) err := test.IsSolved(circuit, witness, ecc.BN254.ScalarField()) assert.NoError(err) } func TestECRecoverCircuitShortLax(t *testing.T) { assert := test.NewAssert(t) - circuit, witness, _ := testRoutineECRecover(t, false) + circuit, witness, _ := testRoutineECRecover(t, false, false) err := test.IsSolved(circuit, witness, ecc.BN254.ScalarField()) assert.NoError(err) } @@ -122,7 +128,7 @@ func TestECRecoverCircuitShortMismatch(t *testing.T) { var circuit, witness *ecrecoverCircuit var largeS bool for { - circuit, witness, largeS = testRoutineECRecover(t, false) + circuit, witness, largeS = testRoutineECRecover(t, false, true) if largeS { witness.Strict = 1 break @@ -134,7 +140,7 @@ func TestECRecoverCircuitShortMismatch(t *testing.T) { func TestECRecoverCircuitFull(t *testing.T) { assert := test.NewAssert(t) - circuit, witness, _ := testRoutineECRecover(t, false) + circuit, witness, _ := testRoutineECRecover(t, false, false) assert.CheckCircuit( circuit, @@ -256,7 +262,7 @@ func TestECRecoverInfinityWoFailure(t *testing.T) { func TestInvalidFailureTag(t *testing.T) { assert := test.NewAssert(t) - circuit, witness, _ := testRoutineECRecover(t, false) + circuit, witness, _ := testRoutineECRecover(t, false, false) witness.IsFailure = 1 err := test.IsSolved(circuit, witness, ecc.BN254.ScalarField()) assert.Error(err) From f7ad990b72d02fccb0e5fc616dcf7ef6568f0d77 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 10 Sep 2025 12:16:34 +0000 Subject: [PATCH 10/15] chore: remove unused benchmark --- std/signature/ecdsa/ecdsa_secpr_test.go | 27 ------------------------- 1 file changed, 27 deletions(-) diff --git a/std/signature/ecdsa/ecdsa_secpr_test.go b/std/signature/ecdsa/ecdsa_secpr_test.go index 55233bc11..139865e48 100644 --- a/std/signature/ecdsa/ecdsa_secpr_test.go +++ b/std/signature/ecdsa/ecdsa_secpr_test.go @@ -10,10 +10,6 @@ import ( "testing" "github.com/consensys/gnark-crypto/ecc" - "github.com/consensys/gnark/constraint" - "github.com/consensys/gnark/frontend" - "github.com/consensys/gnark/frontend/cs/r1cs" - "github.com/consensys/gnark/frontend/cs/scs" "github.com/consensys/gnark/std/math/emulated" "github.com/consensys/gnark/test" "golang.org/x/crypto/cryptobyte" @@ -113,26 +109,3 @@ func TestEcdsaP384PreHashed(t *testing.T) { assert.NoError(err) } - -var ccsBench constraint.ConstraintSystem - -func BenchmarkCompile(b *testing.B) { - // create an empty cs - var circuit EcdsaCircuit[emulated.P384Fp, emulated.P384Fr] - - var ccs constraint.ConstraintSystem - b.ResetTimer() - for i := 0; i < b.N; i++ { - ccs, _ = frontend.Compile(ecc.BN254.ScalarField(), scs.NewBuilder, &circuit) - } - b.Log("scs constraints", ccs.GetNbConstraints()) - - b.Run("groth16", func(b *testing.B) { - for i := 0; i < b.N; i++ { - ccsBench, _ = frontend.Compile(ecc.BW6_633.ScalarField(), r1cs.NewBuilder, &circuit) - } - - }) - b.Log("r1cs constraints", ccsBench.GetNbConstraints()) - -} From 10d28de7164714d931c5f692d3306cd548b75acc Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 10 Sep 2025 12:19:23 +0000 Subject: [PATCH 11/15] chore: don't need loop anymore --- std/evmprecompiles/01-ecrecover_test.go | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/std/evmprecompiles/01-ecrecover_test.go b/std/evmprecompiles/01-ecrecover_test.go index defe6e694..3f9489f9a 100644 --- a/std/evmprecompiles/01-ecrecover_test.go +++ b/std/evmprecompiles/01-ecrecover_test.go @@ -127,12 +127,11 @@ func TestECRecoverCircuitShortMismatch(t *testing.T) { halfFr.Div(halfFr, big.NewInt(2)) var circuit, witness *ecrecoverCircuit var largeS bool - for { - circuit, witness, largeS = testRoutineECRecover(t, false, true) - if largeS { - witness.Strict = 1 - break - } + circuit, witness, largeS = testRoutineECRecover(t, false, true) + if largeS { + witness.Strict = 1 + } else { + assert.Fail("test setup failed to produce large S") } err := test.IsSolved(circuit, witness, ecc.BN254.ScalarField()) assert.Error(err) From 3896f57ef72458fa8f31dd1b2c904ab7fe3d5da1 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 10 Sep 2025 12:59:29 +0000 Subject: [PATCH 12/15] fix: also sign in v --- std/evmprecompiles/01-ecrecover_test.go | 53 +++++++++++-------------- 1 file changed, 23 insertions(+), 30 deletions(-) diff --git a/std/evmprecompiles/01-ecrecover_test.go b/std/evmprecompiles/01-ecrecover_test.go index 3f9489f9a..294150914 100644 --- a/std/evmprecompiles/01-ecrecover_test.go +++ b/std/evmprecompiles/01-ecrecover_test.go @@ -60,7 +60,7 @@ func (c *ecrecoverCircuit) Define(api frontend.API) error { return nil } -func testRoutineECRecover(t *testing.T, wantStrict bool, forceLargeS bool) (circ, wit *ecrecoverCircuit, largeS bool) { +func testRoutineECRecover(t *testing.T, forceLargeS bool) (circ, wit *ecrecoverCircuit) { halfFr := new(big.Int).Sub(fr.Modulus(), big.NewInt(1)) halfFr.Div(halfFr, big.NewInt(2)) @@ -72,24 +72,22 @@ func testRoutineECRecover(t *testing.T, wantStrict bool, forceLargeS bool) (circ msg := []byte("test") var r, s *big.Int var v uint - for { - v, r, s, err = sk.SignForRecover(msg, nil) - if err != nil { - t.Fatal("sign", err) - } - // SignForRecover always returns s < r_mod/2. But in the tests we want - // to check that the circuit fails when s > r_mod/2 in strict mode. - if forceLargeS && s.Cmp(halfFr) <= 0 { - s.Sub(fr.Modulus(), s) - } - - if !wantStrict || halfFr.Cmp(s) > 0 { - break - } + v, r, s, err = sk.SignForRecover(msg, nil) + if err != nil { + t.Fatal("sign", err) } - strict := 0 - if wantStrict { - strict = 1 + // SignForRecover always returns s < r_mod/2. But in the tests we want + // to check that the circuit fails when s > r_mod/2 in strict mode. + if forceLargeS { + // first we make s large + s.Sub(fr.Modulus(), s) + // but we also have to swap the sign of the recovered public key + v ^= 1 + } + + strict := 1 + if forceLargeS { + strict = 0 } circuit := ecrecoverCircuit{} witness := ecrecoverCircuit{ @@ -104,19 +102,19 @@ func testRoutineECRecover(t *testing.T, wantStrict bool, forceLargeS bool) (circ Y: emulated.ValueOf[emulated.Secp256k1Fp](pk.A.Y), }, } - return &circuit, &witness, halfFr.Cmp(s) <= 0 + return &circuit, &witness } func TestECRecoverCircuitShortStrict(t *testing.T) { assert := test.NewAssert(t) - circuit, witness, _ := testRoutineECRecover(t, true, false) + circuit, witness := testRoutineECRecover(t, false) err := test.IsSolved(circuit, witness, ecc.BN254.ScalarField()) assert.NoError(err) } func TestECRecoverCircuitShortLax(t *testing.T) { assert := test.NewAssert(t) - circuit, witness, _ := testRoutineECRecover(t, false, false) + circuit, witness := testRoutineECRecover(t, true) err := test.IsSolved(circuit, witness, ecc.BN254.ScalarField()) assert.NoError(err) } @@ -126,20 +124,15 @@ func TestECRecoverCircuitShortMismatch(t *testing.T) { halfFr := new(big.Int).Sub(fr.Modulus(), big.NewInt(1)) halfFr.Div(halfFr, big.NewInt(2)) var circuit, witness *ecrecoverCircuit - var largeS bool - circuit, witness, largeS = testRoutineECRecover(t, false, true) - if largeS { - witness.Strict = 1 - } else { - assert.Fail("test setup failed to produce large S") - } + circuit, witness = testRoutineECRecover(t, true) + witness.Strict = 1 err := test.IsSolved(circuit, witness, ecc.BN254.ScalarField()) assert.Error(err) } func TestECRecoverCircuitFull(t *testing.T) { assert := test.NewAssert(t) - circuit, witness, _ := testRoutineECRecover(t, false, false) + circuit, witness := testRoutineECRecover(t, false) assert.CheckCircuit( circuit, @@ -261,7 +254,7 @@ func TestECRecoverInfinityWoFailure(t *testing.T) { func TestInvalidFailureTag(t *testing.T) { assert := test.NewAssert(t) - circuit, witness, _ := testRoutineECRecover(t, false, false) + circuit, witness := testRoutineECRecover(t, false) witness.IsFailure = 1 err := test.IsSolved(circuit, witness, ecc.BN254.ScalarField()) assert.Error(err) From caf2e18a3a92d6d7e4986a2e475fb3c49c1f52d4 Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Wed, 10 Sep 2025 13:07:24 +0000 Subject: [PATCH 13/15] test: ensure full coverage with small and large s --- std/evmprecompiles/01-ecrecover_test.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/std/evmprecompiles/01-ecrecover_test.go b/std/evmprecompiles/01-ecrecover_test.go index 294150914..268ba8149 100644 --- a/std/evmprecompiles/01-ecrecover_test.go +++ b/std/evmprecompiles/01-ecrecover_test.go @@ -133,10 +133,12 @@ func TestECRecoverCircuitShortMismatch(t *testing.T) { func TestECRecoverCircuitFull(t *testing.T) { assert := test.NewAssert(t) circuit, witness := testRoutineECRecover(t, false) + _, witness2 := testRoutineECRecover(t, true) assert.CheckCircuit( circuit, test.WithValidAssignment(witness), + test.WithValidAssignment(witness2), test.WithCurves(ecc.BN254, ecc.BLS12_377), test.NoProverChecks(), ) @@ -258,6 +260,10 @@ func TestInvalidFailureTag(t *testing.T) { witness.IsFailure = 1 err := test.IsSolved(circuit, witness, ecc.BN254.ScalarField()) assert.Error(err) + _, witness2 := testRoutineECRecover(t, true) + witness2.IsFailure = 1 + err = test.IsSolved(circuit, witness2, ecc.BN254.ScalarField()) + assert.Error(err) } func TestLargeV(t *testing.T) { From 22617a0b123d2ea72454f9a8bfd8155467c930ec Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Fri, 14 Nov 2025 11:55:32 +0000 Subject: [PATCH 14/15] chore: gnark crypto update --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f732df9da..7d56cb1a5 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/blang/semver/v4 v4.0.0 github.com/consensys/bavard v0.2.1 github.com/consensys/compress v0.2.5 - github.com/consensys/gnark-crypto v0.19.3-0.20251114114652-a5d1e2d67d6e + github.com/consensys/gnark-crypto v0.19.3-0.20251114115201-b301c0c81f19 github.com/fxamacker/cbor/v2 v2.9.0 github.com/google/go-cmp v0.7.0 github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 diff --git a/go.sum b/go.sum index 36cc5d29a..28c91010e 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/consensys/bavard v0.2.1 h1:i2/ZeLXpp7eblPWzUIWf+dtfBocKQIxuiqy9XZlNSf github.com/consensys/bavard v0.2.1/go.mod h1:k/zVjHHC4B+PQy1Pg7fgvG3ALicQw540Crag8qx+dZs= github.com/consensys/compress v0.2.5 h1:gJr1hKzbOD36JFsF1AN8lfXz1yevnJi1YolffY19Ntk= github.com/consensys/compress v0.2.5/go.mod h1:pyM+ZXiNUh7/0+AUjUf9RKUM6vSH7T/fsn5LLS0j1Tk= -github.com/consensys/gnark-crypto v0.19.3-0.20251114114652-a5d1e2d67d6e h1:+irrCTA6bOfWf3z2+cQCVr3aKdLaPErPpS01ANFWV1k= -github.com/consensys/gnark-crypto v0.19.3-0.20251114114652-a5d1e2d67d6e/go.mod h1:OgCH7cSoJ46c+nOzvQuwOrIE9fawpXMYOQFzj22Vy3E= +github.com/consensys/gnark-crypto v0.19.3-0.20251114115201-b301c0c81f19 h1:Y0h5Sh+zKkCFuhxxoH5SpsQz/xmuOlXbtv8XAPqvz7Y= +github.com/consensys/gnark-crypto v0.19.3-0.20251114115201-b301c0c81f19/go.mod h1:OgCH7cSoJ46c+nOzvQuwOrIE9fawpXMYOQFzj22Vy3E= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= From bd6ded8ef1cd399a0c02ed766108540163f42b5b Mon Sep 17 00:00:00 2001 From: Ivo Kubjas Date: Sat, 15 Nov 2025 17:46:43 +0000 Subject: [PATCH 15/15] chore: gnark crypto update --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index bf3a2a2fa..3f21964db 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/blang/semver/v4 v4.0.0 github.com/consensys/bavard v0.2.1 github.com/consensys/compress v0.2.5 - github.com/consensys/gnark-crypto v0.19.3-0.20251114101102-c7c3213680f8 + github.com/consensys/gnark-crypto v0.19.3-0.20251115174214-022ec58e8c19 github.com/fxamacker/cbor/v2 v2.9.0 github.com/google/go-cmp v0.7.0 github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 diff --git a/go.sum b/go.sum index f5fdc8c69..94d8179ee 100644 --- a/go.sum +++ b/go.sum @@ -61,8 +61,8 @@ github.com/consensys/bavard v0.2.1 h1:i2/ZeLXpp7eblPWzUIWf+dtfBocKQIxuiqy9XZlNSf github.com/consensys/bavard v0.2.1/go.mod h1:k/zVjHHC4B+PQy1Pg7fgvG3ALicQw540Crag8qx+dZs= github.com/consensys/compress v0.2.5 h1:gJr1hKzbOD36JFsF1AN8lfXz1yevnJi1YolffY19Ntk= github.com/consensys/compress v0.2.5/go.mod h1:pyM+ZXiNUh7/0+AUjUf9RKUM6vSH7T/fsn5LLS0j1Tk= -github.com/consensys/gnark-crypto v0.19.3-0.20251114101102-c7c3213680f8 h1:47ph0eGnz4NgmCdROVZvR4tMwwAanu0dsdMdA8DXmuk= -github.com/consensys/gnark-crypto v0.19.3-0.20251114101102-c7c3213680f8/go.mod h1:OgCH7cSoJ46c+nOzvQuwOrIE9fawpXMYOQFzj22Vy3E= +github.com/consensys/gnark-crypto v0.19.3-0.20251115174214-022ec58e8c19 h1:uUbFaofcFwkv5T/zbR/Gyfm06v84Rua9a1xv9VZrPAA= +github.com/consensys/gnark-crypto v0.19.3-0.20251115174214-022ec58e8c19/go.mod h1:OgCH7cSoJ46c+nOzvQuwOrIE9fawpXMYOQFzj22Vy3E= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=