Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adding comments to clarify seal construction #316

Merged
merged 4 commits into from
Dec 31, 2022
Merged

adding comments to clarify seal construction #316

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
9357f9b
adding comments to clarify seal construction
pdg744 Dec 28, 2022
93e088e
cargo fmt
pdg744 Dec 29, 2022
826b5ed
clarifying accum
pdg744 Dec 31, 2022
03e3ae3
Merge branch 'main' into paulg/clarifying-seal-construction
pdg744 Dec 31, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
20 changes: 15 additions & 5 deletions risc0/zkp/src/prove/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,14 @@ where
C: CircuitDef<F>,
CS: CircuitStepHandler<F::Elem>,
{
// The taps are the entries of the trace used in evaluating the constraints.
let taps = circuit.get_taps();

// The number of columns used for encoding zkvm control instructions.
let code_size = taps.group_size(RegisterGroup::Code);
// The number of columns used for encoding the execution trace.
let data_size = taps.group_size(RegisterGroup::Data);
// The number of columns used for the PLOOKUP argument.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this for PLOOKUP? My understanding is this is for PLONK permutation arguments.

let accum_size = taps.group_size(RegisterGroup::Accum);
debug!(
"code: {code_size}/{}, data: {data_size}/{}, accum: {accum_size}/{}",
Expand All @@ -80,6 +84,7 @@ where

circuit.execute(&mut iop);

// The log of the number of steps in the execution trace.
let po2 = circuit.po2();
assert!(po2 as usize <= MAX_CYCLES_PO2);
let size = 1 << po2;
Expand All @@ -95,6 +100,7 @@ where
data_group.merkle.commit(&mut iop);
debug!("dataGroup: {}", data_group.merkle.root());

// Generates grand product accumulations for PLONK-style permutation arguments
circuit.accumulate(&mut iop);

// Make the accum group + commit
Expand All @@ -105,11 +111,15 @@ where
accum_group.merkle.commit(&mut iop);
debug!("accumGroup: {}", accum_group.merkle.root());

// Set the poly mix value
// Set the poly mix value, which is used for constraint compression in the
// DEEP-ALI protocol.
let poly_mix = H::ExtElem::random(&mut iop.rng);

// Now generate the check polynomial
let domain = size * INV_RATE;

// Now generate the check polynomial.
// The check polynomial is the core of the STARK: if the constraints are
// satisfied, the check polynomial will be a low-degree polynomial. See
// DEEP-ALI paper for details on the construction of the check_poly.
let check_poly = hal.alloc_elem("check_poly", H::ExtElem::EXT_SIZE * domain);
let mix = hal.copy_from_elem("mix", circuit.get_mix());
let out = hal.copy_from_elem("out", circuit.get_output());
Expand Down Expand Up @@ -157,7 +167,7 @@ where
check_group.merkle.commit(&mut iop);
debug!("checkGroup: {}", check_group.merkle.root());

// Now pick a value for Z
// Now pick a value for Z, which is used as the DEEP-ALI query point.
let z = H::ExtElem::random(&mut iop.rng);
// #ifdef CIRCUIT_DEBUG
// if (badZ != Fp4(0)) {
Expand Down Expand Up @@ -230,7 +240,7 @@ where
let hash_u = sha.hash_raw_pod_slice(coeff_u.as_slice());
iop.commit(&hash_u);

// Set the mix mix value
// Set the mix mix value, which is used for FRI batching.
let mix = H::ExtElem::random(&mut iop.rng);
debug!("Mix = {mix:?}");

Expand Down