diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index d0f4bd33..484a7820 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -198,9 +198,10 @@ jobs: - name: Cargo run examples run: | # M31 basic tests - RUST_LOG=info FRI_QUERIES=1 cargo run --release --example test_riscv -- --field m31 - RUST_LOG=info FRI_QUERIES=1 cargo run --release --example test_riscv -- --elf precompile --field m31 - RUST_LOG=info FRI_QUERIES=1 cargo run --release --example test_riscv -- --elf poseidon2 --field m31 --n 2118082624 + # TODO: restart these tests once the m31 prover is actually fixed + # RUST_LOG=info FRI_QUERIES=1 cargo run --release --example test_riscv -- --field m31 + # RUST_LOG=info FRI_QUERIES=1 cargo run --release --example test_riscv -- --elf precompile --field m31 + # RUST_LOG=info FRI_QUERIES=1 cargo run --release --example test_riscv -- --elf poseidon2 --field m31 --n 2118082624 riscof: if: true diff --git a/Cargo.lock b/Cargo.lock index 22814fb8..56dead7c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2781,7 +2781,7 @@ dependencies = [ [[package]] name = "p3-air" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-field 0.1.0", "p3-matrix 0.1.0", @@ -2790,7 +2790,7 @@ dependencies = [ [[package]] name = "p3-baby-bear" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-field 0.1.0", "p3-mds 0.1.0", @@ -2820,7 +2820,7 @@ dependencies = [ [[package]] name = "p3-blake3" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "blake3", "p3-symmetric 0.1.0", @@ -2830,7 +2830,7 @@ dependencies = [ [[package]] name = "p3-bn254-fr" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "ff 0.13.1", "halo2curves", @@ -2845,7 +2845,7 @@ dependencies = [ [[package]] name = "p3-challenger" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-field 0.1.0", "p3-maybe-rayon 0.1.0", @@ -2857,7 +2857,7 @@ dependencies = [ [[package]] name = "p3-circle" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-challenger", @@ -2875,7 +2875,7 @@ dependencies = [ [[package]] name = "p3-commit" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-challenger", @@ -2889,7 +2889,7 @@ dependencies = [ [[package]] name = "p3-dft" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-field 0.1.0", @@ -2916,7 +2916,7 @@ dependencies = [ [[package]] name = "p3-field" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "num-bigint 0.4.6", @@ -2949,7 +2949,7 @@ dependencies = [ [[package]] name = "p3-fri" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-challenger", @@ -2968,7 +2968,7 @@ dependencies = [ [[package]] name = "p3-goldilocks" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "num-bigint 0.4.6", "p3-dft 0.1.0", @@ -2984,7 +2984,7 @@ dependencies = [ [[package]] name = "p3-interpolation" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-field 0.1.0", "p3-matrix 0.1.0", @@ -2995,7 +2995,7 @@ dependencies = [ [[package]] name = "p3-keccak" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-field 0.1.0", @@ -3007,7 +3007,7 @@ dependencies = [ [[package]] name = "p3-keccak-air" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-air", "p3-field 0.1.0", @@ -3020,7 +3020,7 @@ dependencies = [ [[package]] name = "p3-koala-bear" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-field 0.1.0", "p3-mds 0.1.0", @@ -3034,7 +3034,7 @@ dependencies = [ [[package]] name = "p3-matrix" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-field 0.1.0", @@ -3065,7 +3065,7 @@ dependencies = [ [[package]] name = "p3-maybe-rayon" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "rayon", ] @@ -3079,7 +3079,7 @@ checksum = "3925562a4c03183eafc92fd07b19f65ac6cb4b48d68c3920ce58d9bee6efe362" [[package]] name = "p3-mds" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-dft 0.1.0", @@ -3108,7 +3108,7 @@ dependencies = [ [[package]] name = "p3-merkle-tree" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-commit", @@ -3125,7 +3125,7 @@ dependencies = [ [[package]] name = "p3-mersenne-31" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "num-bigint 0.4.6", @@ -3144,7 +3144,7 @@ dependencies = [ [[package]] name = "p3-monty-31" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "num-bigint 0.4.6", @@ -3180,7 +3180,7 @@ dependencies = [ [[package]] name = "p3-poseidon2" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "gcd", "p3-field 0.1.0", @@ -3205,7 +3205,7 @@ dependencies = [ [[package]] name = "p3-symmetric" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-field 0.1.0", @@ -3226,7 +3226,7 @@ dependencies = [ [[package]] name = "p3-uni-stark" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-air", @@ -3244,7 +3244,7 @@ dependencies = [ [[package]] name = "p3-util" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "serde", ] diff --git a/Cargo.toml b/Cargo.toml index 5313c43a..5e7deb57 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -38,33 +38,33 @@ pico-perf = { path = "perf" } # p3 # NOTE: Pin to known a "good" commit without recent API changes -p3-air = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-field = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-commit = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-matrix = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } +p3-air = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-field = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-commit = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-matrix = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } p3-baby-bear = { git = "https://github.com/brevis-network/Plonky3.git", features = [ "nightly-features", -], rev = "a4d376b" } +], rev = "411a80d" } p3-koala-bear = { git = "https://github.com/brevis-network/Plonky3.git", features = [ "nightly-features", -], rev = "a4d376b" } -p3-util = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-challenger = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-dft = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-fri = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-goldilocks = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-keccak = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-keccak-air = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-blake3 = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-mds = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-merkle-tree = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-poseidon2 = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-symmetric = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-uni-stark = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-maybe-rayon = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-bn254-fr = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-mersenne-31 = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } -p3-circle = { git = "https://github.com/brevis-network/Plonky3.git", rev = "a4d376b" } +], rev = "411a80d" } +p3-util = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-challenger = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-dft = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-fri = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-goldilocks = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-keccak = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-keccak-air = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-blake3 = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-mds = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-merkle-tree = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-poseidon2 = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-symmetric = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-uni-stark = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-maybe-rayon = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-bn254-fr = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-mersenne-31 = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } +p3-circle = { git = "https://github.com/brevis-network/Plonky3.git", rev = "411a80d" } # For local debugging # p3-air = { path = "../p3/air" } diff --git a/README.md b/README.md index 49ae4805..acc1de55 100644 --- a/README.md +++ b/README.md @@ -58,3 +58,6 @@ Pico draws inspiration from the following projects, each representing cutting-ed - [Valida](https://github.com/valida-xyz/valida): Pico's implementation of cross-table lookups is inspired by Valida's pioneering work in this area. - [RISC0](https://github.com/risc0/risc0): Pico's Rust toolchain is based on the one originally developed by RISC0. +## Audit + +This branch is for auditing. diff --git a/gnark/go.mod b/gnark/go.mod index b2f153ec..b31df5b8 100644 --- a/gnark/go.mod +++ b/gnark/go.mod @@ -1,45 +1,40 @@ module github.com/brevis-network/pico/gnark -go 1.22.10 +go 1.24.0 + +toolchain go1.24.7 require ( github.com/celer-network/goutils v0.2.0 - github.com/consensys/gnark v0.10.0 - github.com/consensys/gnark-crypto v0.12.2-0.20240215234832-d72fcb379d3e + github.com/consensys/gnark v0.14.0 + github.com/consensys/gnark-crypto v0.19.0 + github.com/ethereum/go-ethereum v1.11.5 github.com/labstack/echo v3.3.10+incompatible github.com/labstack/gommon v0.4.2 - github.com/rs/zerolog v1.30.0 - golang.org/x/crypto v0.26.0 + github.com/rs/zerolog v1.34.0 + golang.org/x/crypto v0.41.0 ) require ( - github.com/bits-and-blooms/bitset v1.10.0 // indirect + github.com/bits-and-blooms/bitset v1.24.0 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/consensys/bavard v0.1.13 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/fxamacker/cbor/v2 v2.5.0 // indirect - github.com/google/go-cmp v0.6.0 // indirect - github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b // indirect - github.com/ingonyama-zk/icicle/v2 v2.0.3 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect + github.com/fxamacker/cbor/v2 v2.9.0 // indirect + github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 // indirect + github.com/ingonyama-zk/icicle-gnark/v3 v3.2.2 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mmcloughlin/addchain v0.4.0 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/stretchr/testify v1.9.0 // indirect + github.com/ronanh/intcomp v1.1.1 // indirect + github.com/stretchr/testify v1.10.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/valyala/fasttemplate v1.2.2 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/net v0.24.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.23.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/net v0.42.0 // indirect + golang.org/x/sync v0.16.0 // indirect + golang.org/x/sys v0.35.0 // indirect + golang.org/x/text v0.28.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - rsc.io/tmplfunc v0.0.3 // indirect ) -replace ( - github.com/OpenAssetStandards/poseidon-goldilocks-go => github.com/brevis-network/poseidon-goldilocks-go v0.0.0-20240826082508-8017eb90f413 - github.com/consensys/gnark => github.com/celer-network/gnark v0.1.0 - github.com/succinctlabs/gnark-plonky2-verifier => github.com/brevis-network/gnark-plonky2-verifier v0.0.0-20241008110619-a4af874609bc - -) +replace github.com/OpenAssetStandards/poseidon-goldilocks-go => github.com/brevis-network/poseidon-goldilocks-go v0.0.0-20240826082508-8017eb90f413 diff --git a/gnark/go.sum b/gnark/go.sum index a7c129da..9cacbe2e 100644 --- a/gnark/go.sum +++ b/gnark/go.sum @@ -1,28 +1,27 @@ -github.com/bits-and-blooms/bitset v1.10.0 h1:ePXTeiPEazB5+opbv5fr8umg2R/1NlzgDsyepwsSr88= -github.com/bits-and-blooms/bitset v1.10.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8= +github.com/bits-and-blooms/bitset v1.24.0 h1:H4x4TuulnokZKvHLfzVRTHJfFfnHEeSYJizujEZvmAM= +github.com/bits-and-blooms/bitset v1.24.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/celer-network/gnark v0.1.0 h1:717CxKghLj02v2tAdE6hCuKUouGgzDfZv/W1D4e/sFA= -github.com/celer-network/gnark v0.1.0/go.mod h1:2pxSqtFhSLeN7OdA9nQXPj4Gp4Tovzk+r/7eiIA/Qeg= github.com/celer-network/goutils v0.2.0 h1:FIt4XLuHaHRviqycmJFywdbBCvTHJO6Yd/GGFXps/TY= github.com/celer-network/goutils v0.2.0/go.mod h1:1cyIPHvkF//E0Ok6H3roaJkZuy56sPyRycq7MPTkS6U= -github.com/consensys/bavard v0.1.13 h1:oLhMLOFGTLdlda/kma4VOJazblc7IM5y5QPd2A/YjhQ= -github.com/consensys/bavard v0.1.13/go.mod h1:9ItSMtA/dXMAiL7BG6bqW2m3NdSEObYWoH223nGHukI= -github.com/consensys/gnark-crypto v0.12.2-0.20240215234832-d72fcb379d3e h1:MKdOuCiy2DAX1tMp2YsmtNDaqdigpY6B5cZQDJ9BvEo= -github.com/consensys/gnark-crypto v0.12.2-0.20240215234832-d72fcb379d3e/go.mod h1:wKqwsieaKPThcFkHe0d0zMsbHEUWFmZcG7KBCse210o= +github.com/consensys/gnark v0.14.0 h1:RG+8WxRanFSFBSlmCDRJnYMYYKpH3Ncs5SMzg24B5HQ= +github.com/consensys/gnark v0.14.0/go.mod h1:1IBpDPB/Rdyh55bQRR4b0z1WvfHQN1e0020jCvKP2Gk= +github.com/consensys/gnark-crypto v0.19.0 h1:zXCqeY2txSaMl6G5wFpZzMWJU9HPNh8qxPnYJ1BL9vA= +github.com/consensys/gnark-crypto v0.19.0/go.mod h1:rT23F0XSZqE0mUA0+pRtnL56IbPxs6gp4CeRsBk4XS0= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/fxamacker/cbor/v2 v2.5.0 h1:oHsG0V/Q6E/wqTS2O1Cozzsy69nqCiguo5Q1a1ADivE= -github.com/fxamacker/cbor/v2 v2.5.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= +github.com/ethereum/go-ethereum v1.11.5 h1:3M1uan+LAUvdn+7wCEFrcMM4LJTeuxDrPTg/f31a5QQ= +github.com/ethereum/go-ethereum v1.11.5/go.mod h1:it7x0DWnTDMfVFdXcU6Ti4KEFQynLHVRarcSlPr0HBo= +github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM= +github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b h1:h9U78+dx9a4BKdQkBBos92HalKpaGKHrp+3Uo6yTodo= -github.com/google/pprof v0.0.0-20230817174616-7a8ec2ada47b/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= -github.com/google/subcommands v1.2.0/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= -github.com/ingonyama-zk/icicle/v2 v2.0.3 h1:qNFXWQqUuOdJXh+25lIdCRJLqLrUwPkAfcK4wJXBap0= -github.com/ingonyama-zk/icicle/v2 v2.0.3/go.mod h1:rr3B+xKQKW1U40A+vEzA4hI2ilTrPSJBtxedfnaUYHw= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY= +github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/ingonyama-zk/icicle-gnark/v3 v3.2.2 h1:B+aWVgAx+GlFLhtYjIaF0uGjU3rzpl99Wf9wZWt+Mq8= +github.com/ingonyama-zk/icicle-gnark/v3 v3.2.2/go.mod h1:CH/cwcr21pPWH+9GtK/PFaa4OGTv4CtfkCKro6GpbRE= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -31,48 +30,48 @@ github.com/labstack/echo v3.3.10+incompatible h1:pGRcYk231ExFAyoAjAfD85kQzRJCRI8 github.com/labstack/echo v3.3.10+incompatible/go.mod h1:0INS7j/VjnFxD4E2wkz67b8cVwCLbBmJyDaka6Cmk1s= github.com/labstack/gommon v0.4.2 h1:F8qTUNXgG1+6WQmqoUWnz8WiEU60mXVVw0P4ht1WRA0= github.com/labstack/gommon v0.4.2/go.mod h1:QlUFxVM+SNXhDL/Z7YhocGIBYOiwB0mXm1+1bAPHPyU= -github.com/leanovate/gopter v0.2.9 h1:fQjYxZaynp97ozCzfOyOuAGOU4aU/z37zf/tOujFk7c= -github.com/leanovate/gopter v0.2.9/go.mod h1:U2L/78B+KVFIx2VmW6onHJQzXtFb+p5y3y2Sh+Jxxv8= -github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/leanovate/gopter v0.2.11 h1:vRjThO1EKPb/1NsDXuDrzldR28RLkBflWYcU9CvzWu4= +github.com/leanovate/gopter v0.2.11/go.mod h1:aK3tzZP/C+p1m3SPRE4SYZFGP7jjkuSI4f7Xvpt0S9c= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mmcloughlin/addchain v0.4.0 h1:SobOdjm2xLj1KkXN5/n0xTIWyZA2+s99UCY1iPfkHRY= -github.com/mmcloughlin/addchain v0.4.0/go.mod h1:A86O+tHqZLMNO4w6ZZ4FlVQEadcoqkyU72HC5wJ4RlU= -github.com/mmcloughlin/profile v0.1.1/go.mod h1:IhHD7q1ooxgwTgjxQYkACGA77oFTDdFVejUS1/tS/qU= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= -github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= -github.com/rs/zerolog v1.30.0 h1:SymVODrcRsaRaSInD9yQtKbtWqwsfoPcRff/oRXLj4c= -github.com/rs/zerolog v1.30.0/go.mod h1:/tk+P47gFdPXq4QYjvCmT5/Gsug2nagsFWBWhAiSi1w= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/ronanh/intcomp v1.1.1 h1:+1bGV/wEBiHI0FvzS7RHgzqOpfbBJzLIxkqMJ9e6yxY= +github.com/ronanh/intcomp v1.1.1/go.mod h1:7FOLy3P3Zj3er/kVrU/pl+Ql7JFZj7bwliMGketo0IU= +github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= +github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY= +github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo= github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= +golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11UATqWDmWuS99x26cD0= +golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4= +golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs= +golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= +golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= +golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= +golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= +golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -80,5 +79,3 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -rsc.io/tmplfunc v0.0.3 h1:53XFQh69AfOa8Tw0Jm7t+GV7KZhOi6jzsCzTtKbMvzU= -rsc.io/tmplfunc v0.0.3/go.mod h1:AG3sTPzElb1Io3Yg4voV9AGZJuleGAwaVRxL9M49PhA= diff --git a/gnark/koalabear/koalabear.go b/gnark/koalabear/koalabear.go index 83368a1c..17be6299 100644 --- a/gnark/koalabear/koalabear.go +++ b/gnark/koalabear/koalabear.go @@ -374,8 +374,8 @@ func (p *Chip) reduceWithMaxBits(x frontend.Variable, maxNbBits uint64) frontend p.api.ToBinary(quotient, int(maxNbBits-30)) } - // Check that the remainder has size less than the KoalaBear modulus, by decomposing it into a 27 - // bit limb and a 4 bit limb. + // Check that the remainder has size less than the KoalaBear modulus, by decomposing it into a 24 + // bit limb and a 7 bit limb. new_result, new_err := p.api.Compiler().NewHint(SplitLimbsHint, 2, remainder) if new_err != nil { panic(new_err) @@ -387,17 +387,17 @@ func (p *Chip) reduceWithMaxBits(x frontend.Variable, maxNbBits uint64) frontend // Check that the hint is correct. p.api.AssertIsEqual( p.api.Add( - p.api.Mul(highLimb, frontend.Variable(uint64(math.Pow(2, 27)))), + p.api.Mul(highLimb, frontend.Variable(uint64(math.Pow(2, 24)))), lowLimb, ), remainder, ) if os.Getenv("GROTH16") != "1" { - p.RangeChecker.Check(highLimb, 4) - p.RangeChecker.Check(lowLimb, 27) + p.RangeChecker.Check(highLimb, 7) + p.RangeChecker.Check(lowLimb, 24) } else { - p.api.ToBinary(highLimb, 4) - p.api.ToBinary(lowLimb, 27) + p.api.ToBinary(highLimb, 7) + p.api.ToBinary(lowLimb, 24) } //fmt.Printf("reminder: %x \n", remainder) @@ -406,15 +406,15 @@ func (p *Chip) reduceWithMaxBits(x frontend.Variable, maxNbBits uint64) frontend // If the most significant bits are all 1, then we need to check that the least significant bits // are all zero in order for element to be less than the KoalaBear modulus. Otherwise, we don't // need to do any checks, since we already know that the element is less than the KoalaBear modulus. - /*shouldCheck := p.api.IsZero(p.api.Sub(highLimb, uint64(math.Pow(2, 4))-1)) - fmt.Printf("reduceWithMaxBits shouldCheck: %d\n", shouldCheck) + shouldCheck := p.api.IsZero(p.api.Sub(highLimb, uint64(math.Pow(2, 7))-1)) + // fmt.Printf("reduceWithMaxBits shouldCheck: %d\n", shouldCheck) p.api.AssertIsEqual( p.api.Mul( shouldCheck, lowLimb, ), frontend.Variable(0), - )*/ + ) p.api.AssertIsEqual(x, p.api.Add(p.api.Mul(quotient, modulus), remainder)) @@ -448,8 +448,8 @@ func InvFHint(_ *big.Int, inputs []*big.Int, results []*big.Int) error { return nil } -// The hint used to split a KoalaBear Variable into a 4 bit limb (the most significant bits) and a -// 27 bit limb. +// The hint used to split a KoalaBear Variable into a 7 bit limb (the most significant bits) and a +// 24 bit limb. func SplitLimbsHint(_ *big.Int, inputs []*big.Int, results []*big.Int) error { if len(inputs) != 1 { panic("SplitLimbsHint expects 1 input operand") @@ -462,12 +462,12 @@ func SplitLimbsHint(_ *big.Int, inputs []*big.Int, results []*big.Int) error { return fmt.Errorf("input is not in the field") } - two_27 := big.NewInt(int64(math.Pow(2, 27))) + two_24 := big.NewInt(int64(math.Pow(2, 24))) // The least significant bits - results[0] = new(big.Int).Rem(input, two_27) + results[0] = new(big.Int).Rem(input, two_24) // The most significant bits - results[1] = new(big.Int).Quo(input, two_27) + results[1] = new(big.Int).Quo(input, two_24) return nil } diff --git a/gnark/koalabear_verifier/verifier_test.go b/gnark/koalabear_verifier/verifier_test.go index 36b6e4fb..f882e049 100644 --- a/gnark/koalabear_verifier/verifier_test.go +++ b/gnark/koalabear_verifier/verifier_test.go @@ -5,12 +5,15 @@ import ( "fmt" "github.com/brevis-network/pico/gnark/utils" "github.com/consensys/gnark-crypto/ecc" + bn254_fr "github.com/consensys/gnark-crypto/ecc/bn254/fr" "github.com/consensys/gnark/backend" "github.com/consensys/gnark/backend/groth16" + groth16_bn254 "github.com/consensys/gnark/backend/groth16/bn254" "github.com/consensys/gnark/frontend" "github.com/consensys/gnark/frontend/cs/r1cs" "github.com/consensys/gnark/logger" "github.com/consensys/gnark/test" + "github.com/ethereum/go-ethereum/common" "github.com/rs/zerolog" "golang.org/x/crypto/sha3" "log" @@ -88,4 +91,42 @@ func doSetUp(assert *test.Assert, circuit *Circuit, assigment *Circuit) { err = utils.WriteVerifyingKey("vm_vk", vk) assert.NoError(err) + + err = utils.WriteCcs("vm_ccs", ccs) + assert.NoError(err) + + f, err := os.Create("Groth16Verifier.sol") + defer f.Close() + assert.NoError(err) + + err = vk.ExportSolidity(f) + assert.NoError(err) +} + +func TestVerifyProof(t *testing.T) { + logger.Set(zerolog.New(zerolog.ConsoleWriter{Out: os.Stdout, TimeFormat: "15:04:05"}).With().Timestamp().Logger()) + assert := test.NewAssert(t) + + var bn254Vk groth16_bn254.VerifyingKey + err := utils.ReadVerifyingKey("vm_vk", &bn254Vk) + assert.NoError(err) + + var bn254Proof groth16_bn254.Proof + var pubWitness bn254_fr.Vector + var pub1, pub2 bn254_fr.Element + + bn254Proof.Ar.X.SetBytes(common.HexToHash("0x13d502e6bb33187b8251eff8f388a2ebb7edab3c428fdfe22ca135b8cad3292d").Bytes()) + bn254Proof.Ar.Y.SetBytes(common.HexToHash("0x2181025631aef5ee919f15c71cf54c3de6ee92b9fec721234a75d8d442680439").Bytes()) + bn254Proof.Bs.X.A1.SetBytes(common.HexToHash("0x139a44d54695192467e225331ff838c2a132f0684af3fd1f2cc711cf98a9c1dd").Bytes()) + bn254Proof.Bs.X.A0.SetBytes(common.HexToHash("0x1090f329df3a95a3e20076589e395267808e1bd5a676c8fc3e0ca724588482d3").Bytes()) + bn254Proof.Bs.Y.A1.SetBytes(common.HexToHash("0x1ad808833daa58bfaecc57fbc9c0a26e473abad3843f6b8a11c82d43fb6b7046").Bytes()) + bn254Proof.Bs.Y.A0.SetBytes(common.HexToHash("0x1aeb2fa095ca05d471367670792004d755af298da88a874ec2e8293739ad5d01").Bytes()) + bn254Proof.Krs.X.SetBytes(common.HexToHash("0x2d4b8f5e2ed555ea2e81d3cf8c196108b4f017cf0e2e891dbcaef4696546f63a").Bytes()) + bn254Proof.Krs.Y.SetBytes(common.HexToHash("0x2268cde4f532bb060ed569ff9db9543e30120239796f10a2bd678f7007ea1d94").Bytes()) + pub1.SetBytes(common.HexToHash("0x0026bc8aa9c7eb428f1d55142dfebd9e63d7de7922da83f36bbc205e50814af2").Bytes()) + pub2.SetBytes(common.HexToHash("0x03b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855").Bytes()) + pubWitness = append(pubWitness, pub1, pub2) + + err = groth16_bn254.Verify(&bn254Proof, &bn254Vk, pubWitness) + assert.NoError(err) } diff --git a/gnark/sdk/koalabear_cmd.go b/gnark/sdk/koalabear_cmd.go index 97243240..36191837 100644 --- a/gnark/sdk/koalabear_cmd.go +++ b/gnark/sdk/koalabear_cmd.go @@ -138,7 +138,6 @@ func KoalaBearSetup() error { return fmt.Errorf("fail to write vk: %v", err) } return nil - return nil } func KoalaBearProve() error { diff --git a/perf/bench_apps/Cargo.lock b/perf/bench_apps/Cargo.lock index d8f77ac2..bdb04e4f 100644 --- a/perf/bench_apps/Cargo.lock +++ b/perf/bench_apps/Cargo.lock @@ -2947,7 +2947,7 @@ dependencies = [ [[package]] name = "p3-air" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-field", "p3-matrix", @@ -2956,7 +2956,7 @@ dependencies = [ [[package]] name = "p3-baby-bear" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-field", "p3-mds", @@ -2970,7 +2970,7 @@ dependencies = [ [[package]] name = "p3-blake3" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "blake3", "p3-symmetric", @@ -2980,7 +2980,7 @@ dependencies = [ [[package]] name = "p3-bn254-fr" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "ff 0.13.1", "halo2curves", @@ -2995,7 +2995,7 @@ dependencies = [ [[package]] name = "p3-challenger" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-field", "p3-maybe-rayon", @@ -3007,7 +3007,7 @@ dependencies = [ [[package]] name = "p3-circle" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-challenger", @@ -3025,7 +3025,7 @@ dependencies = [ [[package]] name = "p3-commit" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-challenger", @@ -3039,7 +3039,7 @@ dependencies = [ [[package]] name = "p3-dft" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-field", @@ -3052,7 +3052,7 @@ dependencies = [ [[package]] name = "p3-field" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "num-bigint 0.4.6", @@ -3069,7 +3069,7 @@ dependencies = [ [[package]] name = "p3-fri" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-challenger", @@ -3088,7 +3088,7 @@ dependencies = [ [[package]] name = "p3-goldilocks" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "num-bigint 0.4.6", "p3-dft", @@ -3104,7 +3104,7 @@ dependencies = [ [[package]] name = "p3-interpolation" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-field", "p3-matrix", @@ -3115,7 +3115,7 @@ dependencies = [ [[package]] name = "p3-keccak" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-field", @@ -3127,7 +3127,7 @@ dependencies = [ [[package]] name = "p3-keccak-air" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-air", "p3-field", @@ -3140,7 +3140,7 @@ dependencies = [ [[package]] name = "p3-koala-bear" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "p3-field", "p3-mds", @@ -3154,7 +3154,7 @@ dependencies = [ [[package]] name = "p3-matrix" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-field", @@ -3169,7 +3169,7 @@ dependencies = [ [[package]] name = "p3-maybe-rayon" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "rayon", ] @@ -3177,7 +3177,7 @@ dependencies = [ [[package]] name = "p3-mds" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-dft", @@ -3191,7 +3191,7 @@ dependencies = [ [[package]] name = "p3-merkle-tree" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-commit", @@ -3208,7 +3208,7 @@ dependencies = [ [[package]] name = "p3-mersenne-31" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "num-bigint 0.4.6", @@ -3227,7 +3227,7 @@ dependencies = [ [[package]] name = "p3-monty-31" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "num-bigint 0.4.6", @@ -3248,7 +3248,7 @@ dependencies = [ [[package]] name = "p3-poseidon2" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "gcd", "p3-field", @@ -3260,7 +3260,7 @@ dependencies = [ [[package]] name = "p3-symmetric" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-field", @@ -3270,7 +3270,7 @@ dependencies = [ [[package]] name = "p3-uni-stark" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "itertools 0.13.0", "p3-air", @@ -3288,7 +3288,7 @@ dependencies = [ [[package]] name = "p3-util" version = "0.1.0" -source = "git+https://github.com/brevis-network/Plonky3.git?rev=a4d376b#a4d376babf5d09497f1fab1df7f1ffce01260973" +source = "git+https://github.com/brevis-network/Plonky3.git?rev=411a80d#411a80deafb89335b5571f9925d584d7f51317e9" dependencies = [ "serde", ] diff --git a/perf/src/common/gnark_utils.rs b/perf/src/common/gnark_utils.rs index 65c1ffed..66c5cb7d 100644 --- a/perf/src/common/gnark_utils.rs +++ b/perf/src/common/gnark_utils.rs @@ -52,7 +52,7 @@ pub fn create_gnark_prover(field: BenchField, download_path: &str) -> Result<(), let abs_download_path = current_dir.join(download_path).canonicalize()?; let docker_cmd = format!( - "docker run -d -v {}:/data -p 9099:9099 --name pico_bench brevishub/pico_gnark_server:1.1 -field {}", + "docker run -d -v {}:/data -p 9099:9099 --name pico_bench brevishub/pico_gnark_server:1.2 -field {}", abs_download_path.display(), field.to_str(), ); @@ -170,20 +170,26 @@ pub fn gnark_prover_running() -> bool { } pub fn download_files(field: BenchField) -> Result<(), Error> { - let url_path = field.url_path(); let download_dir = get_download_path(field); run_shell_command(&format!("mkdir -p {}", download_dir))?; + let base_url = match field { + BenchField::KoalaBear => { + "https://pico-proofs.s3.us-west-2.amazonaws.com/vk-true-gnarkfiles-kb" + } + BenchField::BabyBear => { + "https://pico-proofs.s3.us-west-2.amazonaws.com/vk-true-gnarkfiles-bb" + } + }; + for file in &["vm_pk", "vm_vk", "vm_ccs"] { let output = format!("{}/{}", download_dir, file); if Path::new(&output).exists() { println!("File {} already exists. Skipping download.", output); continue; } - let url = format!( - "https://picobench.s3.us-west-2.amazonaws.com/{}/gpu/{}", - url_path, file - ); + + let url = format!("{}/{}", base_url, file); let cmd = format!("curl -o {} {}", output, url); run_shell_command(&cmd)?; } diff --git a/sdk/sdk/src/client.rs b/sdk/sdk/src/client.rs index 2bfb87c7..4d9229a5 100644 --- a/sdk/sdk/src/client.rs +++ b/sdk/sdk/src/client.rs @@ -275,13 +275,13 @@ macro_rules! create_sdk_prove_client { if need_setup { let mut setup_cmd = Command::new("sh"); setup_cmd.arg("-c") - .arg(format!("docker run --rm -v {}:/data brevishub/pico_gnark_cli:1.1 /pico_gnark_cli -field {} -cmd setup -sol ./data/Groth16Verifier.sol", output.display(), field_name)); + .arg(format!("docker run --rm -v {}:/data brevishub/pico_gnark_cli:1.2 /pico_gnark_cli -field {} -cmd setup -sol ./data/Groth16Verifier.sol", output.display(), field_name)); execute_command(setup_cmd); } let mut prove_cmd = Command::new("sh"); prove_cmd.arg("-c") - .arg(format!("docker run --rm -v {}:/data brevishub/pico_gnark_cli:1.1 /pico_gnark_cli -field {} -cmd prove -sol ./data/Groth16Verifier.sol", output.display(), field_name)); + .arg(format!("docker run --rm -v {}:/data brevishub/pico_gnark_cli:1.2 /pico_gnark_cli -field {} -cmd prove -sol ./data/Groth16Verifier.sol", output.display(), field_name)); execute_command(prove_cmd); generate_contract_inputs::<$fc>(output.clone())?; diff --git a/vm/src/chips/chips/alu/divrem/constraints.rs b/vm/src/chips/chips/alu/divrem/constraints.rs index 02aa12c1..4c883458 100644 --- a/vm/src/chips/chips/alu/divrem/constraints.rs +++ b/vm/src/chips/chips/alu/divrem/constraints.rs @@ -321,7 +321,6 @@ where for i in 0..WORD_SIZE { builder .when(local_is_c_0.result) - .when(local_is_divu + local_is_div) .assert_eq(local_quotient[i], CB::F::from_canonical_u8(u8::MAX)); } } diff --git a/vm/src/chips/chips/riscv_cpu/constraints.rs b/vm/src/chips/chips/riscv_cpu/constraints.rs index d418a7aa..4f24b9ea 100644 --- a/vm/src/chips/chips/riscv_cpu/constraints.rs +++ b/vm/src/chips/chips/riscv_cpu/constraints.rs @@ -54,13 +54,26 @@ where self.eval_registers::(builder, local, is_branch_instruction.clone()); // Memory instructions. - builder.looking_instruction( - local.instruction.opcode, - local.op_a_val(), - local.op_b_val(), - local.op_c_val(), + let values = once(local.instruction.opcode) + .chain(local.op_a_val()) + .chain(local.op_b_val()) + .chain(local.op_c_val()) + .chain(once(local.instruction.op_a_0)) + .chain(once(local.opcode_selector.is_lb)) + .chain(once(local.opcode_selector.is_lbu)) + .chain(once(local.opcode_selector.is_lh)) + .chain(once(local.opcode_selector.is_lhu)) + .chain(once(local.opcode_selector.is_lw)) + .chain(once(local.opcode_selector.is_sb)) + .chain(once(local.opcode_selector.is_sh)) + .chain(once(local.opcode_selector.is_sw)) + .map(Into::into); + builder.looking(SymbolicLookup::new( + values.collect(), is_memory_instruction, - ); + LookupType::Memory, + LookupScope::Regional, + )); // ALU instructions. builder.looking_alu( diff --git a/vm/src/chips/chips/riscv_memory/read_write/constraints.rs b/vm/src/chips/chips/riscv_memory/read_write/constraints.rs index a6941136..8a6751f1 100644 --- a/vm/src/chips/chips/riscv_memory/read_write/constraints.rs +++ b/vm/src/chips/chips/riscv_memory/read_write/constraints.rs @@ -9,8 +9,11 @@ use crate::{ gadgets::field_range_check::word_range::FieldWordRangeChecker, }, compiler::{riscv::opcode::Opcode, word::Word}, - machine::builder::{ - ChipBuilder, ChipLookupBuilder, ChipRangeBuilder, ChipWordBuilder, RiscVMemoryBuilder, + machine::{ + builder::{ + ChipBuilder, ChipLookupBuilder, ChipRangeBuilder, ChipWordBuilder, RiscVMemoryBuilder, + }, + lookup::{LookupScope, LookupType, SymbolicLookup}, }, }; use core::borrow::Borrow; @@ -38,13 +41,29 @@ where let is_memory_instruction: CB::Expr = self.is_memory_instruction::(&local_memory_chip_value_cols.instruction); - builder.looked_instruction( - local_memory_chip_value_cols.instruction.opcode, - local_memory_chip_value_cols.op_a_val(), - local_memory_chip_value_cols.op_b_val(), - local_memory_chip_value_cols.op_c_val(), + // build a custom memory lookup to fully constrain the used columns + use core::iter::once; + let values = once(local_memory_chip_value_cols.instruction.opcode) // opcode + .chain(local_memory_chip_value_cols.instruction.op_a_val()) // instr.op_a + .chain(local_memory_chip_value_cols.instruction.op_b_val()) // instr.op_b + .chain(local_memory_chip_value_cols.instruction.op_c_val()) // instr.op_c + .chain(once(local_memory_chip_value_cols.instruction.op_a_0)) // instr.op_a_0 + .chain(once(local_memory_chip_value_cols.instruction.is_lb)) // selectors.is_lb + .chain(once(local_memory_chip_value_cols.instruction.is_lbu)) // selectors.is_lbu + .chain(once(local_memory_chip_value_cols.instruction.is_lh)) // selectors.is_lh + .chain(once(local_memory_chip_value_cols.instruction.is_lhu)) // selectors.is_lhu + .chain(once(local_memory_chip_value_cols.instruction.is_lw)) // selectors.is_lw + .chain(once(local_memory_chip_value_cols.instruction.is_sb)) // selectors.is_sb + .chain(once(local_memory_chip_value_cols.instruction.is_sh)) // selectors.is_sh + .chain(once(local_memory_chip_value_cols.instruction.is_sw)) // selectors.is_sw + .map(Into::into); + + builder.looked(SymbolicLookup::new( + values.collect(), is_memory_instruction.clone(), - ); + LookupType::Memory, + LookupScope::Regional, + )); self.eval_memory_address_and_access::( builder, @@ -190,6 +209,9 @@ impl MemoryReadWriteChip { // of the most significant byte to get it's sign. self.eval_most_sig_byte_bit_decomp(builder, local, &local.unsigned_mem_val); + // sanity check op_a_0 + builder.assert_bool(local.instruction.op_a_0); + // Assert that correct value of `mem_value_is_neg_not_x0`. builder.assert_eq( local.mem_value_is_neg_not_x0, diff --git a/vm/src/chips/chips/syscall/constraints.rs b/vm/src/chips/chips/syscall/constraints.rs index 316073ab..d2f67508 100644 --- a/vm/src/chips/chips/syscall/constraints.rs +++ b/vm/src/chips/chips/syscall/constraints.rs @@ -21,6 +21,9 @@ where let local = main.row_slice(0); let local: &SyscallCols = (*local).borrow(); + // ensure is_real is boolean + builder.assert_bool(local.is_real); + // dummy constraints to normalize degree builder.assert_eq( local.is_real * local.is_real * local.is_real, diff --git a/vm/src/chips/gadgets/curves/edwards/ed25519.rs b/vm/src/chips/gadgets/curves/edwards/ed25519.rs index 037226ab..9475f407 100644 --- a/vm/src/chips/gadgets/curves/edwards/ed25519.rs +++ b/vm/src/chips/gadgets/curves/edwards/ed25519.rs @@ -2,7 +2,7 @@ use std::str::FromStr; use curve25519_dalek::edwards::CompressedEdwardsY; use hybrid_array::Array; -use num::{BigUint, Num, One}; +use num::{BigUint, Num, One, Zero}; use serde::{Deserialize, Serialize}; use typenum::{U32, U62}; @@ -138,13 +138,19 @@ pub fn decompress(compressed_point: &CompressedEdwardsY) -> Option AffinePoint { pub fn scalar_mul(&self, scalar: &BigUint) -> Self { - let power_two_modulus = BigUint::one() << E::nb_scalar_bits(); - let scalar = scalar % &power_two_modulus; + // TODO: this reduction should be performed with the EC group size, not + // modulo the scalar width. since there is no method to get the scalar + // width, we can just sacrifice some efficiency and iterate over all the + // bits. + // let power_two_modulus = BigUint::one() << E::nb_scalar_bits(); + // let scalar = scalar % &power_two_modulus; let mut result = E::ec_neutral(); let mut temp = self.clone(); - let bits = biguint_to_bits_le(&scalar, E::nb_scalar_bits()); - for bit in bits { - if bit { + for bit in 0..scalar.bits() { + if scalar.bit(bit) { result = result.map_or_else(|| Some(temp.clone()), |r| Some(&r + &temp)); } temp = &temp + &temp; diff --git a/vm/src/chips/gadgets/field_range_check/word_range.rs b/vm/src/chips/gadgets/field_range_check/word_range.rs index 03d02752..5bdfcc2b 100644 --- a/vm/src/chips/gadgets/field_range_check/word_range.rs +++ b/vm/src/chips/gadgets/field_range_check/word_range.rs @@ -133,7 +133,11 @@ impl FieldWordRangeChecker { // Therefore, we use the IsZeroGadget to guarantee that sum(bytes) != 127 + 255 * 3. let mut byte_sum = value[0] + value[1] + value[2] + value[3]; byte_sum -= AB::F::from_canonical_u32(127u32 + 255 * 3).into(); - // IsZeroGadget::::eval(builder, byte_sum, cols.upper_all_one, is_real.clone()); + // TODO: uncommenting the below line causes all sorts of failures with the m31 prover + // however, the m31 prover is already experiencing lookup and constraint evaluation issues + // so I am leaving this uncommented because commenting it introduces an underconstrained variable + // cols.upper_all_one. + IsZeroGadget::::eval(builder, byte_sum, cols.upper_all_one, is_real.clone()); builder.when(is_real).assert_zero(cols.upper_all_one.result) } _ => { diff --git a/vm/src/chips/precompiles/edwards/ed_decompress.rs b/vm/src/chips/precompiles/edwards/ed_decompress.rs index 658d7525..85198dfe 100644 --- a/vm/src/chips/precompiles/edwards/ed_decompress.rs +++ b/vm/src/chips/precompiles/edwards/ed_decompress.rs @@ -14,6 +14,7 @@ use crate::{ field_op::{FieldOpCols, FieldOperation}, field_sqrt::FieldSqrtCols, }, + is_zero::IsZeroGadget, utils::{ field_params::{limbs_from_slice, FieldParameters}, limbs::Limbs, @@ -77,6 +78,8 @@ pub struct EdDecompressCols { pub(crate) u_div_v: FieldOpCols, pub(crate) x: FieldSqrtCols, pub(crate) neg_x: FieldOpCols, + /// Gadget to check if x is zero. This is used to ensure that when x is zero, sign must be 0. + pub(crate) x_is_zero: IsZeroGadget, } impl EdDecompressCols { @@ -124,6 +127,18 @@ impl EdDecompressCols { }); self.neg_x .populate(blu_events, &BigUint::zero(), &x, FieldOperation::Sub); + + // Check if x is zero by checking if all limbs sum to zero. + // Since all limbs are non-negative (range checked), if their sum is zero, all limbs are zero. + // self.x.multiplication.result already contains the sqrt as field elements after populate. + let x_limbs_sum = self + .x + .multiplication + .result + .0 + .iter() + .fold(F::ZERO, |acc, limb| acc + *limb); + self.x_is_zero.populate_from_field_element(x_limbs_sum); } } @@ -212,6 +227,22 @@ impl EdDecompressCols { .when_not(self.sign) .assert_all_eq(self.x.multiplication.result, x_limbs); + // Constraint: if x is zero, then sign must be 0. + // This prevents the case where x = 0 and sign = 1, which would result in x = mod - 0 = mod. + // This is equivalent to: if sign = 1, then x != 0. + let x_sum: CB::Expr = self + .x + .multiplication + .result + .0 + .iter() + .fold(CB::Expr::ZERO, |acc, limb| acc + (*limb).into()); + IsZeroGadget::::eval(builder, x_sum, self.x_is_zero, self.is_real.into()); + // If sign = 1, then x_is_zero.result must be 0 (i.e., x != 0) + builder + .when(self.x_is_zero.result) // x == 0 + .assert_zero(self.sign); // sign must be 0 + builder.looked_syscall( self.clk, CB::F::from_canonical_u32(SyscallCode::ED_DECOMPRESS.syscall_id()), diff --git a/vm/src/compiler/recursion/circuit/fri.rs b/vm/src/compiler/recursion/circuit/fri.rs index ad3a7af4..3c73e4e1 100644 --- a/vm/src/compiler/recursion/circuit/fri.rs +++ b/vm/src/compiler/recursion/circuit/fri.rs @@ -81,6 +81,21 @@ pub fn verify_two_adic_pcs, SC: FieldFriConfigVar ) where CC::F: TwoAdicField, { + // observe polynomial evals to avoid a security loophole + // see: https://github.com/succinctlabs/sp1/security/advisories/GHSA-c873-wfhp-wx5m + for round in &rounds { + for mat in &round.domains_points_and_opens { + for point in &mat.values { + for coord in point { + let point_felts = CC::ext2felt(builder, *coord); + point_felts.iter().for_each(|felt| { + challenger.observe(builder, *felt); + }); + } + } + } + } + let alpha = challenger.sample_ext(builder); let fri_challenges = @@ -226,6 +241,7 @@ pub fn verify_two_adic_pcs, SC: FieldFriConfigVar } } } + builder.assert_ext_eq(ro[config.log_blowup], SymbolicExt::ZERO); ro }) .collect::>(); @@ -252,7 +268,7 @@ pub fn verify_challenges, SC: FieldFriConfigVaria for ((index_bits, query_proof), ro) in challenges .query_indices .iter() - .zip(proof.query_proofs) + .zip_eq(proof.query_proofs) .zip(reduced_openings) { let folded_eval = verify_query::( diff --git a/vm/src/compiler/recursion/circuit/merkle_tree.rs b/vm/src/compiler/recursion/circuit/merkle_tree.rs index ad39e552..30c61e6b 100644 --- a/vm/src/compiler/recursion/circuit/merkle_tree.rs +++ b/vm/src/compiler/recursion/circuit/merkle_tree.rs @@ -7,6 +7,8 @@ use crate::{ compiler::recursion::ir::Builder, iter::{IndexedPicoIterator, PicoIterator, PicoSlice}, }; +#[cfg(feature = "rayon")] +use itertools::Itertools; use p3_field::Field; use p3_util::{log2_strict_usize, reverse_bits_len, reverse_slice_index_bits}; use serde::{Deserialize, Serialize}; @@ -147,7 +149,7 @@ pub fn merkle_verify>( commitment: HV::DigestVariable, ) { let mut value = value; - for (sibling, bit) in proof.path.iter().zip(proof.index.iter().rev()) { + for (sibling, bit) in proof.path.iter().zip_eq(proof.index.iter().rev()) { let sibling = *sibling; // If the index is odd, swap the order of [value, sibling]. diff --git a/vm/src/compiler/recursion/circuit/stark.rs b/vm/src/compiler/recursion/circuit/stark.rs index 4382cd3f..e3dd7a02 100644 --- a/vm/src/compiler/recursion/circuit/stark.rs +++ b/vm/src/compiler/recursion/circuit/stark.rs @@ -21,7 +21,7 @@ use crate::{ }, machine::{ chip::ChipBehavior, - lookup::LookupScope, + lookup::{LookupScope, LookupType}, machine::BaseMachine, proof::{BaseCommitments, ChipOpenedValues}, utils::order_chips, @@ -31,10 +31,11 @@ use crate::{ use alloc::sync::Arc; use hashbrown::HashMap; use itertools::{izip, Itertools}; +use num::ToPrimitive; use p3_air::{Air, BaseAir}; use p3_baby_bear::BabyBear; use p3_commit::{Pcs, PolynomialSpace, TwoAdicMultiplicativeCoset}; -use p3_field::{FieldAlgebra, FieldExtensionAlgebra, TwoAdicField}; +use p3_field::{Field, FieldAlgebra, FieldExtensionAlgebra, TwoAdicField}; use p3_koala_bear::KoalaBear; type F = ::F; @@ -122,6 +123,25 @@ where .. } = proof; + // sanity check lookup multiplicites + for ty in LookupType::all_types() { + let mut max_mult = 0u64; + for (chip, val) in chips.iter().zip(opened_values.iter()) { + let count = chip + .looking + .iter() + .filter(|x| x.kind == ty) + .count() + .saturating_add(chip.looked.iter().filter(|x| x.kind == ty).count()); + max_mult = max_mult.saturating_add( + count.saturating_mul(2usize.saturating_pow(val.log_main_degree as u32)) as u64, + ); + } + + // if the order overflows, fail the check by default + assert!(max_mult < SC::Val::order().to_u64().unwrap_or_default()); + } + let log_degrees = opened_values .iter() .map(|val| val.log_main_degree) @@ -183,6 +203,7 @@ where .iter() .map(|(name, domain, _)| { let i = main_chip_ordering[name]; + assert_eq!(name, &chips[i].name()); if !chips[i].local_only() { TwoAdicPcsMatsVariable:: { domain: *domain, diff --git a/vm/src/compiler/recursion/ir/compiler.rs b/vm/src/compiler/recursion/ir/compiler.rs index 6a8794db..a2be2d0e 100644 --- a/vm/src/compiler/recursion/ir/compiler.rs +++ b/vm/src/compiler/recursion/ir/compiler.rs @@ -387,7 +387,7 @@ where /// /// Ensures that `addr` has already been assigned a `mult`. pub fn read_ghost_addr(&mut self, addr: Address) -> &mut FC::F { - self.read_addr_internal(addr, true) + self.read_addr_internal(addr, false) } fn read_addr_internal(&mut self, addr: Address, increment_mult: bool) -> &mut FC::F { diff --git a/vm/src/compiler/riscv/disassembler/elf.rs b/vm/src/compiler/riscv/disassembler/elf.rs index d91ef3ac..59967051 100644 --- a/vm/src/compiler/riscv/disassembler/elf.rs +++ b/vm/src/compiler/riscv/disassembler/elf.rs @@ -156,7 +156,13 @@ impl Elf { let mut word = 0; let len = min(file_size - i, WORD_SIZE as u32); for j in 0..len { - let offset = (offset + i + j) as usize; + let offset = offset + .checked_add(i) + .ok_or_else(|| eyre::eyre!("offset overflow"))?; + let offset = offset + .checked_add(j) + .ok_or_else(|| eyre::eyre!("offset overflow"))?; + let offset = offset as usize; let byte = source_code .get(offset) .ok_or_else(|| eyre::eyre!("failed to read segment offset"))?; diff --git a/vm/src/emulator/recursion/public_values.rs b/vm/src/emulator/recursion/public_values.rs index 9ae7bc3e..2134ad20 100644 --- a/vm/src/emulator/recursion/public_values.rs +++ b/vm/src/emulator/recursion/public_values.rs @@ -1,7 +1,7 @@ use crate::{ chips::utils::indices_arr, compiler::{ - recursion::{circuit, prelude::*}, + recursion::{circuit, circuit::CircuitBuilder, prelude::*}, word::Word, }, emulator::recursion::public_values::circuit::{ @@ -241,26 +241,67 @@ where H::poseidon2_hash(builder, &pv_slice[..NUM_PV_ELMS_TO_HASH]) } -pub(crate) fn assert_deferred_digest_complete( +pub(crate) fn assert_complete( builder: &mut Builder, public_values: &RecursionPublicValues>, flag_complete: Felt, ) where C: CircuitConfig, { - let zero: Felt<_> = builder.eval(C::F::ZERO); - - for start_digest in public_values.start_reconstruct_deferred_digest.into_iter() { - builder.assert_felt_eq(flag_complete * start_digest, zero); + let RecursionPublicValues { + deferred_proofs_digest, + next_pc, + start_chunk, + next_chunk, + start_execution_chunk, + start_reconstruct_deferred_digest, + end_reconstruct_deferred_digest, + global_cumulative_sum, + contains_execution_chunk, + .. + } = public_values; + + // Assert that the `flag_complete` flag is boolean. + builder.assert_felt_eq(flag_complete * (flag_complete - C::F::ONE), C::F::ZERO); + + // Assert that `next_pc` is equal to zero (so program execution has completed) + builder.assert_felt_eq(flag_complete * *next_pc, C::F::ZERO); + + // Assert that start chunk is equal to 1. + builder.assert_felt_eq(flag_complete * (*start_chunk - C::F::ONE), C::F::ZERO); + + // Assert that the next chunk is not equal to one. This guarantees that there is at least one + // chunk that contains CPU. + builder.assert_felt_ne(flag_complete * *next_chunk, C::F::ONE); + + // Assert that that an execution chunk is present. + builder.assert_felt_eq( + flag_complete * (*contains_execution_chunk - C::F::ONE), + C::F::ZERO, + ); + // Assert that the start execution chunk is equal to 1. + builder.assert_felt_eq( + flag_complete * (*start_execution_chunk - C::F::ONE), + C::F::ZERO, + ); + + // The start reconstruct deferred digest should be zero. + for start_digest_word in start_reconstruct_deferred_digest { + builder.assert_felt_eq(flag_complete * *start_digest_word, C::F::ZERO); } - - for (end_digest, expected_digest) in public_values - .end_reconstruct_deferred_digest - .into_iter() - .zip_eq(public_values.deferred_proofs_digest.into_iter()) + // The end reconstruct deferred digest should be equal to the deferred proofs digest. + for (end_digest_word, deferred_digest_word) in end_reconstruct_deferred_digest + .iter() + .zip_eq(deferred_proofs_digest.iter()) { - builder.assert_felt_eq(flag_complete * (end_digest - expected_digest), zero); + builder.assert_felt_eq( + flag_complete * (*end_digest_word - *deferred_digest_word), + C::F::ZERO, + ); } + + // The global cumulative sum should sum be equal to the zero digest. + builder.assert_digest_zero(flag_complete, *global_cumulative_sum); } /// Verifies the digest of a recursive public values struct. diff --git a/vm/src/instances/compiler/onchain_circuit/gnark/builder.rs b/vm/src/instances/compiler/onchain_circuit/gnark/builder.rs index c2d97a98..a5a12366 100644 --- a/vm/src/instances/compiler/onchain_circuit/gnark/builder.rs +++ b/vm/src/instances/compiler/onchain_circuit/gnark/builder.rs @@ -13,7 +13,9 @@ use crate::{ ir::{Builder, Ext, Felt, Var, Witness}, }, configs::config::{Com, FieldGenericConfig, PcsProof, PcsProverData, StarkGenericConfig, Val}, - emulator::recursion::public_values::{assert_embed_public_values_valid, RecursionPublicValues}, + emulator::recursion::public_values::{ + assert_complete, assert_embed_public_values_valid, RecursionPublicValues, + }, instances::{ chiptype::recursion_chiptype::RecursionChipType, compiler::onchain_circuit::stdin::{OnchainStdin, OnchainStdinVariable}, @@ -31,7 +33,7 @@ use p3_air::Air; use p3_bn254_fr::{Bn254Fr, Poseidon2Bn254}; use p3_challenger::MultiField32Challenger; use p3_commit::TwoAdicMultiplicativeCoset; -use p3_field::{extension::BinomiallyExtendable, PrimeField32, TwoAdicField}; +use p3_field::{extension::BinomiallyExtendable, FieldAlgebra, PrimeField32, TwoAdicField}; use std::{borrow::Borrow, fmt::Debug, marker::PhantomData}; #[derive(Debug, Clone, Copy)] @@ -63,6 +65,7 @@ where DigestVariable = [Var; MULTI_FIELD_CHALLENGER_DIGEST_SIZE], >, Com: Witnessable + Send + Sync, + Com: Into<[Bn254Fr; 1]>, PcsProof: Witnessable>, PcsProverData: Send + Sync, BaseProof: Witnessable>, @@ -79,10 +82,19 @@ where tracing::info!("building gnark constraints"); let constraints = { let mut builder = Builder::::default(); - let input_var = input.read(&mut builder); - Self::build_verifier(&mut builder, &input.machine, &input_var); + let template_vk = input.vk.clone(); + let expected_commitment: [Bn254Fr; 1] = template_vk.commit.into(); + let expected_commitment = expected_commitment.map(|x| builder.eval(x)); + + Self::build_verifier( + &mut builder, + &input.machine, + &input_var, + expected_commitment, + template_vk.pc_start, + ); let mut backend = ConstraintCompiler::::default(); backend.emit(builder.into_operations()) @@ -115,8 +127,19 @@ where builder: &mut Builder, machine: &BaseMachine>>, input: &OnchainStdinVariable, + expected_commitment: [Var; 1], + expected_pc_start: SC::Val, ) { - let OnchainStdinVariable { vk, proof, .. } = input; + let OnchainStdinVariable { + vk, + proof, + flag_complete, + } = input; + + for (exp, act) in expected_commitment.iter().zip(vk.commit.iter()) { + builder.assert_var_eq(*act, *exp); + } + builder.assert_felt_eq(vk.pc_start, expected_pc_start); /* Verify chunk proof @@ -142,6 +165,8 @@ where let embed_public_values = proof.public_values.as_slice().borrow(); assert_embed_public_values_valid::(builder, embed_public_values); + assert_complete(builder, embed_public_values, *flag_complete); + builder.assert_felt_eq(*flag_complete, CC::F::ONE); // Reflect the public values to the next level. SC::commit_recursion_public_values(builder, *embed_public_values); diff --git a/vm/src/instances/compiler/onchain_circuit/utils.rs b/vm/src/instances/compiler/onchain_circuit/utils.rs index f95b3f08..3c450f37 100644 --- a/vm/src/instances/compiler/onchain_circuit/utils.rs +++ b/vm/src/instances/compiler/onchain_circuit/utils.rs @@ -93,8 +93,11 @@ pub fn build_gnark_config_with_str( // Write witness. let witness_path = build_dir.join(GROTH16_JSON_FILE); let gnark_witness = GnarkWitness::new(witness); - let mut file = File::create(witness_path).unwrap(); - serde_json::to_string(&gnark_witness).unwrap() + let mut witness_file = File::create(witness_path).unwrap(); + let witness_json = serde_json::to_string(&gnark_witness).unwrap(); + witness_file.write_all(witness_json.as_bytes()).unwrap(); + + witness_json } const DOCKER_ERROR_HINT: &str = diff --git a/vm/src/instances/compiler/recursion_circuit/combine/builder.rs b/vm/src/instances/compiler/recursion_circuit/combine/builder.rs index c026c41c..6c5ce38d 100644 --- a/vm/src/instances/compiler/recursion_circuit/combine/builder.rs +++ b/vm/src/instances/compiler/recursion_circuit/combine/builder.rs @@ -21,8 +21,8 @@ use crate::{ emulator::recursion::{ emulator::RecursionRecord, public_values::{ - assert_deferred_digest_complete, assert_recursion_public_values_valid, - recursion_public_values_digest, RecursionPublicValues, + assert_complete, assert_recursion_public_values_valid, recursion_public_values_digest, + RecursionPublicValues, }, }, machine::{chip::ChipBehavior, machine::BaseMachine}, @@ -436,29 +436,6 @@ where global_cumulative_sums.push(current_public_values.global_cumulative_sum); }); - /* - Completeness check - */ - // Flag is boolean. - builder.assert_felt_eq(flag_complete * (flag_complete - one), zero); - - // Assert that `next_pc` is equal to zero (so program execution has completed) - builder.assert_felt_eq(flag_complete * current_pc, zero); - - // Assert that start chunk is equal to 1. - builder.assert_felt_eq( - flag_complete * (compress_public_values.start_chunk - one), - zero, - ); - - // Should contain execution chunk - builder.assert_felt_eq(flag_complete * (contains_execution_chunk - one), zero); - // Start execution chunk is one - builder.assert_felt_eq( - flag_complete * (compress_public_values.start_execution_chunk - one), - zero, - ); - let global_cumulative_sum = builder.sum_digest(global_cumulative_sums); /* @@ -481,11 +458,11 @@ where compress_public_values.end_reconstruct_deferred_digest = reconstruct_deferred_digest; compress_public_values.riscv_vk_digest = riscv_vk_digest; - // Deferred Proof Digest Completeness Verification - assert_deferred_digest_complete(builder, compress_public_values, flag_complete); compress_public_values.digest = recursion_public_values_digest::(builder, compress_public_values); + // Completeness Verification + assert_complete(builder, compress_public_values, flag_complete); /* Commit public values */ diff --git a/vm/src/instances/compiler/recursion_circuit/compress/builder.rs b/vm/src/instances/compiler/recursion_circuit/compress/builder.rs index d317cf5f..61edd96a 100644 --- a/vm/src/instances/compiler/recursion_circuit/compress/builder.rs +++ b/vm/src/instances/compiler/recursion_circuit/compress/builder.rs @@ -15,7 +15,8 @@ use crate::{ }, configs::config::{Challenge, Com, FieldGenericConfig, PcsProof, StarkGenericConfig, Val}, emulator::recursion::public_values::{ - assert_recursion_public_values_valid, recursion_public_values_digest, RecursionPublicValues, + assert_complete, assert_recursion_public_values_valid, recursion_public_values_digest, + RecursionPublicValues, }, instances::chiptype::recursion_chiptype::RecursionChipType, machine::{chip::ChipBehavior, field::FieldSpecificPoseidon2Config, machine::BaseMachine}, @@ -138,6 +139,8 @@ where compress_public_values.digest = recursion_public_values_digest::(builder, compress_public_values); + // Completeness Verification + assert_complete(builder, compress_public_values, flag_complete); /* Commit public values */ diff --git a/vm/src/instances/compiler/recursion_circuit/embed/builder.rs b/vm/src/instances/compiler/recursion_circuit/embed/builder.rs index 8ac243ae..66f990e4 100644 --- a/vm/src/instances/compiler/recursion_circuit/embed/builder.rs +++ b/vm/src/instances/compiler/recursion_circuit/embed/builder.rs @@ -15,7 +15,8 @@ use crate::{ }, configs::config::{Challenge, Com, FieldGenericConfig, PcsProof, StarkGenericConfig, Val}, emulator::recursion::public_values::{ - assert_recursion_public_values_valid, embed_public_values_digest, RecursionPublicValues, + assert_complete, assert_recursion_public_values_valid, embed_public_values_digest, + RecursionPublicValues, }, instances::chiptype::recursion_chiptype::RecursionChipType, machine::{chip::ChipBehavior, field::FieldSpecificPoseidon2Config, machine::BaseMachine}, @@ -139,6 +140,8 @@ where compress_public_values.digest = embed_public_values_digest::(builder, compress_public_values); + // Completeness Verification + assert_complete(builder, compress_public_values, flag_complete); /* Commit public values */ diff --git a/vm/src/instances/compiler/riscv_circuit/convert/builder.rs b/vm/src/instances/compiler/riscv_circuit/convert/builder.rs index cf6104bd..e0ea7c19 100644 --- a/vm/src/instances/compiler/riscv_circuit/convert/builder.rs +++ b/vm/src/instances/compiler/riscv_circuit/convert/builder.rs @@ -31,6 +31,7 @@ use crate::{ ADDR_NUM_BITS, DIGEST_SIZE, MAX_LOG_CHUNK_SIZE, MAX_LOG_NUMBER_OF_CHUNKS, RECURSION_NUM_PVS, }, }; +use itertools::Itertools; use p3_air::Air; use p3_commit::TwoAdicMultiplicativeCoset; use p3_field::{FieldAlgebra, PrimeField32, TwoAdicField}; @@ -132,7 +133,8 @@ where Initializations */ // chunk numbers - let mut current_chunk = public_values.chunk; + let current_chunk = public_values.chunk; + let next_chunk; let mut current_execution_chunk = public_values.execution_chunk; // flags @@ -204,7 +206,7 @@ where CC::range_check_felt(builder, public_values.chunk, MAX_LOG_NUMBER_OF_CHUNKS); // current chunk is incremented by 1 - current_chunk = builder.eval(current_chunk + CC::F::ONE); + next_chunk = builder.eval(current_chunk + CC::F::ONE); // If the chunk has a "CPU" chip, then the execution chunk should be incremented by 1. if flag_cpu { @@ -270,7 +272,7 @@ where let chips = machine .chunk_ordered_chips(&proofs[0].main_chip_ordering) .collect::>(); - for (chip, values) in chips.iter().zip(proofs[0].opened_values.iter()) { + for (chip, values) in chips.iter().zip_eq(proofs[0].opened_values.iter()) { if chip.lookup_scope() == LookupScope::Global { global_cumulative_sums.push(values.global_cumulative_sum); } @@ -298,7 +300,7 @@ where recursion_public_values.start_pc = public_values.start_pc; recursion_public_values.next_pc = public_values.next_pc; recursion_public_values.start_chunk = public_values.chunk; - recursion_public_values.next_chunk = current_chunk; + recursion_public_values.next_chunk = next_chunk; recursion_public_values.start_execution_chunk = public_values.execution_chunk; recursion_public_values.next_execution_chunk = current_execution_chunk; recursion_public_values.contains_execution_chunk = diff --git a/vm/src/instances/compiler/riscv_circuit/deferred/builder.rs b/vm/src/instances/compiler/riscv_circuit/deferred/builder.rs index 39bca99e..7e258156 100644 --- a/vm/src/instances/compiler/riscv_circuit/deferred/builder.rs +++ b/vm/src/instances/compiler/riscv_circuit/deferred/builder.rs @@ -13,7 +13,8 @@ use crate::{ }, configs::config::Val, emulator::recursion::public_values::{ - assert_recursion_public_values_valid, recursion_public_values_digest, RecursionPublicValues, + assert_complete, assert_recursion_public_values_valid, recursion_public_values_digest, + RecursionPublicValues, }, instances::{ chiptype::recursion_chiptype::RecursionChipType, @@ -198,16 +199,12 @@ where // Flag must be complete. builder.assert_felt_eq(deferred_public_values.flag_complete, one); - // Assert that `next_pc` is equal to zero (so program execution has completed) - builder.assert_felt_eq(deferred_public_values.next_pc, zero); + assert_complete(builder, deferred_public_values, one); - // Assert that start chunk is equal to 1. - builder.assert_felt_eq(deferred_public_values.start_chunk, one); - - // Should contain execution chunk - builder.assert_felt_eq(deferred_public_values.contains_execution_chunk, one); - // Start execution chunk is one - builder.assert_felt_eq(deferred_public_values.start_execution_chunk, one); + // Nested deferred proofs are not allowed. + for deferred_digest_word in deferred_public_values.deferred_proofs_digest.iter() { + builder.assert_felt_eq(*deferred_digest_word, zero); + } } // Recursion_VK Merkle Verification diff --git a/vm/src/instances/compiler/shape_vk_bins/vk_map_bb.bin b/vm/src/instances/compiler/shape_vk_bins/vk_map_bb.bin index 91a81b39..532c3e3d 100644 Binary files a/vm/src/instances/compiler/shape_vk_bins/vk_map_bb.bin and b/vm/src/instances/compiler/shape_vk_bins/vk_map_bb.bin differ diff --git a/vm/src/instances/compiler/shape_vk_bins/vk_map_kb.bin b/vm/src/instances/compiler/shape_vk_bins/vk_map_kb.bin index f876ff63..9b08871c 100644 Binary files a/vm/src/instances/compiler/shape_vk_bins/vk_map_kb.bin and b/vm/src/instances/compiler/shape_vk_bins/vk_map_kb.bin differ diff --git a/vm/src/instances/compiler/shapes/riscv_shape.rs b/vm/src/instances/compiler/shapes/riscv_shape.rs index e830b12d..c60163f0 100644 --- a/vm/src/instances/compiler/shapes/riscv_shape.rs +++ b/vm/src/instances/compiler/shapes/riscv_shape.rs @@ -1067,7 +1067,6 @@ impl Default for RiscvShapeConfi impl RiscvShapeConfig { pub fn maximal_only() -> Self { // Preprocessed chip heights. - // let program_heights = vec![Some(19)]; let program_heights = vec![Some(22)]; let allowed_preprocessed_log_heights = HashMap::from([ @@ -1085,15 +1084,15 @@ impl RiscvShapeConfig { // maximal riscv shape (22 divide by DATAPAR) RiscvShapeSpec { cpu_height: vec![Some(22)], - add_sub_height: vec![Some(19)], - lt_height: vec![Some(21)], + add_sub_height: vec![Some(22)], + lt_height: vec![Some(22)], bitwise_height: vec![Some(22)], - shift_right_height: vec![Some(21)], - shift_left_height: vec![Some(20)], + shift_right_height: vec![Some(22)], + shift_left_height: vec![Some(22)], syscall_riscv_height: vec![Some(20)], memory_local_height: vec![Some(20)], - mul_height: vec![Some(21)], - divrem_height: vec![Some(21)], + mul_height: vec![Some(22)], + divrem_height: vec![Some(22)], memory_read_write_height: vec![Some(22)], global_height: vec![Some(23)], riscv_poseidon2_height: vec![Some(21)], @@ -1192,10 +1191,6 @@ impl RiscvShapeConfig { precompile_allowed_log_heights .insert(chip_name, (mem_events_per_row, precompile_heights.clone())); } - debug!( - "precompile_allowed_log_heights: {:?}", - precompile_allowed_log_heights - ); Self { included_shapes: vec![], diff --git a/vm/src/instances/machine/convert.rs b/vm/src/instances/machine/convert.rs index 4f738b87..146b52fb 100644 --- a/vm/src/instances/machine/convert.rs +++ b/vm/src/instances/machine/convert.rs @@ -23,6 +23,8 @@ use crate::{ }, }; use anyhow::Result; +#[cfg(not(feature = "rayon"))] +use itertools::Itertools; use p3_air::Air; use p3_maybe_rayon::prelude::{IndexedParallelIterator, IntoParallelRefIterator, ParallelIterator}; use std::{any::type_name, borrow::Borrow, time::Instant}; @@ -196,7 +198,7 @@ macro_rules! impl_convert_machine { proof .proofs() .par_iter() - .zip(proof.vks().par_iter()) + .zip_eq(proof.vks().par_iter()) .try_for_each(|(p, vk)| { let public_values: &RecursionPublicValues<_> = p.public_values.as_ref().borrow(); diff --git a/vm/src/machine/lookup.rs b/vm/src/machine/lookup.rs index 5a6c2348..9db51592 100644 --- a/vm/src/machine/lookup.rs +++ b/vm/src/machine/lookup.rs @@ -67,6 +67,24 @@ pub enum LookupType { Global = 10, } +impl LookupType { + pub fn all_types() -> impl Iterator { + [ + Self::Memory, + Self::Program, + Self::Instruction, + Self::Alu, + Self::Byte, + Self::Range, + Self::Field, + Self::Syscall, + Self::Poseidon2, + Self::Global, + ] + .into_iter() + } +} + #[derive( Debug, Clone, diff --git a/vm/src/machine/septic/extension.rs b/vm/src/machine/septic/extension.rs index 0545a0b2..92cca6bf 100644 --- a/vm/src/machine/septic/extension.rs +++ b/vm/src/machine/septic/extension.rs @@ -276,6 +276,12 @@ impl Sub for SepticExtension { impl SubAssign for SepticExtension { fn sub_assign(&mut self, rhs: Self) { self.0[0] -= rhs.0[0].clone(); + self.0[1] -= rhs.0[1].clone(); + self.0[2] -= rhs.0[2].clone(); + self.0[3] -= rhs.0[3].clone(); + self.0[4] -= rhs.0[4].clone(); + self.0[5] -= rhs.0[5].clone(); + self.0[6] -= rhs.0[6].clone(); } } diff --git a/vm/src/machine/verifier.rs b/vm/src/machine/verifier.rs index ab58bc7a..252a6f98 100644 --- a/vm/src/machine/verifier.rs +++ b/vm/src/machine/verifier.rs @@ -4,13 +4,14 @@ use crate::{ chip::{ChipBehavior, MetaChip}, folder::VerifierConstraintFolder, keys::BaseVerifyingKey, - lookup::LookupScope, + lookup::{LookupScope, LookupType}, proof::{BaseCommitments, BaseProof}, utils::order_chips, }, }; use anyhow::{anyhow, bail, Result}; use itertools::{izip, Itertools}; +use num::ToPrimitive; use p3_air::{Air, BaseAir}; use p3_challenger::{CanObserve, FieldChallenger}; use p3_commit::{Pcs, PolynomialSpace}; @@ -55,7 +56,7 @@ where pub fn verify( &self, config: &SC, - chips: &[MetaChip], + original_chips: &[MetaChip], vk: &BaseVerifyingKey, challenger: &mut SC::Challenger, proof: &BaseProof, @@ -69,12 +70,44 @@ where opened_values, opening_proof, log_main_degrees, - log_quotient_degrees, main_chip_ordering, public_values, + .. } = proof; - let chips = order_chips::(chips, main_chip_ordering).collect::>(); + // do some sanity checks + // disabling this check for now. the prover only provides opened values for active chips, while the verify + // function is called with all the available chips. + // assert!(original_chips.len() == opened_values.chips_opened_values.len()); + + let chips = order_chips::(original_chips, main_chip_ordering).collect::>(); + + let log_quotient_degrees = chips + .iter() + .map(|chip| chip.get_log_quotient_degree()) + .collect::>(); + + // sanity check the lookup multiplicities + for ty in LookupType::all_types() { + let mut max_mult = 0u64; + for (chip, val) in chips + .iter() + .zip_eq(opened_values.chips_opened_values.iter()) + { + let count = chip + .looking + .iter() + .filter(|x| x.kind == ty) + .count() + .saturating_add(chip.looked.iter().filter(|x| x.kind == ty).count()); + max_mult = max_mult.saturating_add( + count.saturating_mul(2usize.saturating_pow(val.log_main_degree as u32)) as u64, + ); + } + + // if the order overflows, fail the check by default + assert!(max_mult < SC::Val::order().to_u64().unwrap_or_default()); + } let pcs = config.pcs(); @@ -146,6 +179,11 @@ where .iter() .map(|(name, domain, _)| { let i = main_chip_ordering[name]; + + // check that the proof's chip ordering agrees with the vk ordering + assert!(i < chips.len()); + assert_eq!(name, &chips[i].name()); + let values = opened_values.chips_opened_values[i].clone(); if !chips[i].local_only() { (