Merge pull request facebook#6 from novifinancial/public-coin

Public coin and prover channel
Jasleen1 · Sep 23, 2020 · 2372146 · 2372146
2 parents 13649ba + 21f9a34
commit 2372146
Show file tree

Hide file tree

Showing 23 changed files with 801 additions and 497 deletions.
diff --git a/common/src/stark/composition.rs b/common/src/stark/composition.rs
@@ -1,18 +1,3 @@
-use math::field;
-
-/// Uses the provided `seed` to draw a random element from the entire field, and also
-/// draws pseudo-random values which will be used as linear combination coefficients
-/// for polynomial composition.
-pub fn draw_z_and_coefficients(
-    seed: [u8; 32],
-    trace_width: usize,
-) -> (u128, CompositionCoefficients) {
-    let mut prng = field::prng_iter(seed);
-    let z = prng.next().unwrap();
-    let coefficients = CompositionCoefficients::new(&mut prng, trace_width);
-    (z, coefficients)
-}
-
 pub struct CompositionCoefficients {
     pub trace1: Vec<u128>,
     pub trace2: Vec<u128>,

diff --git a/common/src/stark/context.rs b/common/src/stark/context.rs
@@ -0,0 +1,120 @@
+use super::ProofOptions;
+use math::field;
+use std::cmp;
+
+// TYPES AND INTERFACES
+// ================================================================================================
+
+#[derive(Clone)]
+pub struct ProofContext {
+    options: ProofOptions,
+    trace_width: usize,
+    trace_length: usize,
+    max_constraint_degree: usize,
+    generators: Generators,
+}
+
+#[derive(Clone)]
+pub struct Generators {
+    pub trace_domain: u128,
+    pub ce_domain: u128,
+    pub lde_domain: u128,
+}
+
+// PROOF CONTEXT
+// ================================================================================================
+
+impl ProofContext {
+    // CONSTRUCTORS
+    // --------------------------------------------------------------------------------------------
+
+    pub fn new(
+        trace_width: usize,
+        trace_length: usize,
+        max_constraint_degree: usize,
+        options: ProofOptions,
+    ) -> Self {
+        // trace domain generator
+        let g_trace = field::get_root_of_unity(trace_length);
+
+        // constraint evaluation domain generator
+        let ce_domain_size = compute_ce_domain_size(trace_length, max_constraint_degree);
+        let g_ce = field::get_root_of_unity(ce_domain_size);
+
+        // low-degree extension domain generator
+        let lde_domain_size = compute_lde_domain_size(trace_length, options.blowup_factor());
+        let g_lde = field::get_root_of_unity(lde_domain_size);
+
+        ProofContext {
+            options,
+            trace_width,
+            trace_length,
+            max_constraint_degree,
+            generators: Generators {
+                trace_domain: g_trace,
+                ce_domain: g_ce,
+                lde_domain: g_lde,
+            },
+        }
+    }
+
+    // TRACE INFO
+    // --------------------------------------------------------------------------------------------
+
+    pub fn trace_width(&self) -> usize {
+        self.trace_width
+    }
+
+    pub fn trace_length(&self) -> usize {
+        self.trace_length
+    }
+
+    pub fn trace_poly_degree(&self) -> usize {
+        self.trace_length - 1
+    }
+
+    // CONSTRAINT INFO
+    // --------------------------------------------------------------------------------------------
+
+    pub fn lde_domain_size(&self) -> usize {
+        compute_lde_domain_size(self.trace_length, self.options.blowup_factor())
+    }
+
+    pub fn ce_domain_size(&self) -> usize {
+        compute_ce_domain_size(self.trace_length, self.max_constraint_degree)
+    }
+
+    pub fn composition_degree(&self) -> usize {
+        self.ce_domain_size() - self.trace_length
+    }
+
+    pub fn deep_composition_degree(&self) -> usize {
+        self.composition_degree() - 1
+    }
+
+    pub fn max_constraint_degree(&self) -> usize {
+        self.max_constraint_degree
+    }
+
+    // OTHER PROPERTIES
+    // --------------------------------------------------------------------------------------------
+
+    pub fn options(&self) -> &ProofOptions {
+        &self.options
+    }
+
+    pub fn generators(&self) -> &Generators {
+        &self.generators
+    }
+}
+
+// HELPER FUNCTIONS
+// ================================================================================================
+fn compute_lde_domain_size(trace_length: usize, lde_blowup_factor: usize) -> usize {
+    trace_length * lde_blowup_factor
+}
+
+fn compute_ce_domain_size(trace_length: usize, max_constraint_degree: usize) -> usize {
+    let blowup = cmp::max(max_constraint_degree, 2).next_power_of_two();
+    trace_length * blowup
+}
diff --git a/common/src/stark/evaluator/mod.rs b/common/src/stark/evaluator/mod.rs
@@ -1,4 +1,4 @@
-use super::TraceInfo;
+use super::{ProofContext, PublicCoin, TraceInfo};
 use math::field;
 
 mod transition;
@@ -22,26 +22,42 @@ pub struct ConstraintEvaluator<T: TransitionEvaluator, A: AssertionEvaluator> {
 }
 
 impl<T: TransitionEvaluator, A: AssertionEvaluator> ConstraintEvaluator<T, A> {
-    pub fn new(seed: [u8; 32], trace_info: &TraceInfo, assertions: Vec<Assertion>) -> Self {
+    pub fn new<C: PublicCoin>(
+        coin: &C,
+        context: &ProofContext,
+        assertions: Vec<Assertion>,
+    ) -> Self {
         assert!(
             !assertions.is_empty(),
             "at least one assertion must be provided"
         );
 
+        // TODO: switch over to using proof context
+        let trace_info = TraceInfo::new(
+            context.trace_width(),
+            context.trace_length(),
+            context.options().blowup_factor(),
+        );
+
         // TODO: switch over to an iterator to generate coefficients
-        let (t_coefficients, a_coefficients) = Self::build_coefficients(seed);
-        let transition = T::new(trace_info, &t_coefficients);
+        let (t_coefficients, a_coefficients) = Self::build_coefficients(coin);
+        let transition = T::new(&trace_info, &t_coefficients);
         let max_constraint_degree = *transition.degrees().iter().max().unwrap();
         let transition_degree_map =
             group_transition_constraints(transition.degrees(), trace_info.length());
 
         let composition_degree = get_composition_degree(trace_info.length(), max_constraint_degree);
-        let assertions = A::new(&assertions, trace_info, composition_degree, &a_coefficients);
+        let assertions = A::new(
+            &assertions,
+            &trace_info,
+            composition_degree,
+            &a_coefficients,
+        );
 
         ConstraintEvaluator {
             transition,
             assertions,
-            trace_info: *trace_info,
+            trace_info,
             max_constraint_degree,
             transition_degree_map,
         }
@@ -77,7 +93,7 @@ impl<T: TransitionEvaluator, A: AssertionEvaluator> ConstraintEvaluator<T, A> {
 
     pub fn constraint_divisors(&self) -> Vec<ConstraintDivisor> {
         // TODO: build and save constraint divisors at construction time?
-        let x_at_last_step = self.get_x_at(self.trace_length() - 1);
+        let x_at_last_step = self.get_x_at_last_step();
         vec![
             ConstraintDivisor::from_transition(self.trace_length(), x_at_last_step),
             ConstraintDivisor::from_assertion(1),
@@ -103,10 +119,6 @@ impl<T: TransitionEvaluator, A: AssertionEvaluator> ConstraintEvaluator<T, A> {
         self.max_constraint_degree
     }
 
-    pub fn deep_composition_degree(&self) -> usize {
-        get_composition_degree(self.trace_length(), self.max_constraint_degree) - 1
-    }
-
     pub fn trace_length(&self) -> usize {
         self.trace_info.length()
     }
@@ -115,6 +127,10 @@ impl<T: TransitionEvaluator, A: AssertionEvaluator> ConstraintEvaluator<T, A> {
         self.trace_info.blowup()
     }
 
+    pub fn get_x_at_last_step(&self) -> u128 {
+        self.get_x_at(self.trace_length() - 1)
+    }
+
     // HELPER METHODS
     // --------------------------------------------------------------------------------------------
 
@@ -146,11 +162,12 @@ impl<T: TransitionEvaluator, A: AssertionEvaluator> ConstraintEvaluator<T, A> {
         result
     }
 
-    fn build_coefficients(seed: [u8; 32]) -> (Vec<u128>, Vec<u128>) {
+    fn build_coefficients<C: PublicCoin>(coin: &C) -> (Vec<u128>, Vec<u128>) {
         let num_t_coefficients = T::MAX_CONSTRAINTS * 2;
         let num_a_coefficients = A::MAX_CONSTRAINTS * 2;
 
-        let coefficients = field::prng_vector(seed, num_t_coefficients + num_a_coefficients);
+        let coefficients =
+            coin.draw_constraint_coefficients(num_t_coefficients + num_a_coefficients);
         (
             coefficients[..num_t_coefficients].to_vec(),
             coefficients[num_t_coefficients..].to_vec(),

diff --git a/common/src/stark/evaluator/transition/mod.rs b/common/src/stark/evaluator/transition/mod.rs
@@ -5,6 +5,7 @@ use super::{get_composition_degree, TraceInfo};
 
 pub trait TransitionEvaluator {
     const MAX_CONSTRAINTS: usize;
+    const MAX_CONSTRAINT_DEGREE: usize;
 
     fn new(trace: &TraceInfo, coefficients: &[u128]) -> Self;
 

diff --git a/common/src/stark/mod.rs b/common/src/stark/mod.rs
@@ -8,13 +8,16 @@ mod trace_info;
 pub use trace_info::TraceInfo;
 
 mod composition;
-pub use composition::{draw_z_and_coefficients, CompositionCoefficients};
+pub use composition::CompositionCoefficients;
 
 mod evaluator;
 pub use evaluator::{
     Assertion, AssertionEvaluator, ConstraintDivisor, ConstraintEvaluator, IoAssertionEvaluator,
     TransitionEvaluator,
 };
 
-mod queries;
-pub use queries::compute_trace_query_positions;
+mod context;
+pub use context::ProofContext;
+
+mod public_coin;
+pub use public_coin::PublicCoin;