-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Small refactoring of challenge-based protocols #1567
Changes from 2 commits
c322fc9
4c8f45b
614ec70
7e65f21
cc3e3fb
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -91,11 +91,16 @@ let next_ext: Fp2<expr> -> Fp2<expr> = |a| match a { | |
Fp2::Fp2(a0, a1) => Fp2::Fp2(a0', a1') | ||
}; | ||
|
||
/// Returns the two components of the extension field element | ||
/// Returns the two components of the extension field element as a tuple | ||
let<T> unpack_ext: Fp2<T> -> (T, T) = |a| match a { | ||
Fp2::Fp2(a0, a1) => (a0, a1) | ||
}; | ||
|
||
/// Returns the two components of the extension field element as an array | ||
let<T> unpack_ext_array: Fp2<T> -> T[] = |a| match a { | ||
Fp2::Fp2(a0, a1) => [a0, a1] | ||
}; | ||
|
||
/// Whether we need to operate on the F_{p^2} extension field (because the current field is too small). | ||
let needs_extension: -> bool = || match known_field() { | ||
Option::Some(KnownField::Goldilocks) => true, | ||
|
@@ -111,7 +116,16 @@ let is_extension = |arr| match len(arr) { | |
}; | ||
|
||
/// Constructs an extension field element `a0 + a1 * X` from either `[a0, a1]` or `[a0]` (setting `a1`to zero in that case) | ||
let fp2_from_array = |arr| if is_extension(arr) { Fp2::Fp2(arr[0], arr[1]) } else { from_base(arr[0]) }; | ||
let fp2_from_array = |arr| { | ||
let _ = if !is_extension(arr) { | ||
assert(!needs_extension(), || "The field is too small and needs to move to the extension field. Pass two elements instead!") | ||
} else { }; | ||
if is_extension(arr) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why not combine those? |
||
Fp2::Fp2(arr[0], arr[1]) | ||
} else { | ||
from_base(arr[0]) | ||
} | ||
}; | ||
|
||
mod test { | ||
use super::Fp2; | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,13 +8,12 @@ use std::math::fp2::add_ext; | |
use std::math::fp2::sub_ext; | ||
use std::math::fp2::mul_ext; | ||
use std::math::fp2::unpack_ext; | ||
use std::math::fp2::unpack_ext_array; | ||
use std::math::fp2::next_ext; | ||
use std::math::fp2::inv_ext; | ||
use std::math::fp2::eval_ext; | ||
use std::math::fp2::from_base; | ||
use std::math::fp2::is_extension; | ||
use std::math::fp2::fp2_from_array; | ||
use std::math::fp2::needs_extension; | ||
use std::math::fp2::constrain_eq_ext; | ||
use std::protocols::fingerprint::fingerprint; | ||
use std::utils::unwrap_or_else; | ||
|
@@ -49,9 +48,7 @@ let compute_next_z: Fp2<expr>, Fp2<expr>, Fp2<expr>, Constr, expr -> fe[] = quer | |
eval_ext(from_base(rhs_selector)) | ||
) | ||
)); | ||
match res { | ||
Fp2::Fp2(a0_fe, a1_fe) => [a0_fe, a1_fe] | ||
} | ||
unpack_ext_array(res) | ||
}; | ||
|
||
// Adds constraints that enforce that rhs is the lookup for lhs | ||
|
@@ -67,11 +64,6 @@ let lookup: expr, expr[], Fp2<expr>, Fp2<expr>, Constr, expr -> Constr[] = |is_f | |
|
||
let (lhs_selector, lhs, rhs_selector, rhs) = unpack_lookup_constraint(lookup_constraint); | ||
|
||
let _ = assert(len(lhs) == len(rhs), || "LHS and RHS should have equal length"); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is guaranteed by the type of There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. But you can work around that by just using the enum manually without the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The enum now stores an array of pairs so @georgwiese is right? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
let _ = if !is_extension(acc) { | ||
assert(!needs_extension(), || "The Goldilocks field is too small and needs to move to the extension field. Pass two accumulators instead!") | ||
} else { }; | ||
Comment on lines
-71
to
-73
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done inside |
||
|
||
// On the extension field, we'll need two field elements to represent the challenge. | ||
// If we don't need an extension field, we can simply set the second component to 0, | ||
// in which case the operations below effectively only operate on the first component. | ||
georgwiese marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
@@ -80,13 +72,7 @@ let lookup: expr, expr[], Fp2<expr>, Fp2<expr>, Constr, expr -> Constr[] = |is_f | |
let lhs_denom = sub_ext(beta, fingerprint(lhs, alpha)); | ||
let rhs_denom = sub_ext(beta, fingerprint(rhs, alpha)); | ||
let m_ext = from_base(multiplicities); | ||
|
||
let next_acc = if is_extension(acc) { | ||
next_ext(acc_ext) | ||
} else { | ||
// The second component is 0, but the next operator is not defined on it... | ||
from_base(acc[0]') | ||
}; | ||
Comment on lines
-84
to
-89
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Seems like this has been fixed in the meantime :) |
||
let next_acc = next_ext(acc_ext); | ||
|
||
// Update rule: | ||
// acc' * (beta - A) * (beta - B) + m * rhs_selector * (beta - A) = acc * (beta - A) * (beta - B) + lhs_selector * (beta - B) | ||
|
@@ -114,8 +100,9 @@ let lookup: expr, expr[], Fp2<expr>, Fp2<expr>, Constr, expr -> Constr[] = |is_f | |
let (acc_1, acc_2) = unpack_ext(acc_ext); | ||
|
||
[ | ||
// First and last acc needs to be 0 | ||
// (because of wrapping, the acc[0] and acc[N] are the same) | ||
is_first * acc_1 = 0, | ||
|
||
is_first * acc_2 = 0 | ||
] + constrain_eq_ext(update_expr, from_base(0)) | ||
}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you don't need
let _ =
any more here.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like we still do! I got
Expected constraint but got ()
. Maybeassert
should return[]
?