From 4933c02348f98d900a71261670e880ab118e5e3b Mon Sep 17 00:00:00 2001 From: David Wong Date: Thu, 21 Oct 2021 17:02:58 -0700 Subject: [PATCH] [kimchi] fix test after witness change --- .../src/nolookup/constraints.rs | 13 +- .../plonk-15-wires/src/polynomials/chacha.rs | 277 ++++++++++-------- dlog/plonk-15-wires/src/prover.rs | 5 +- dlog/plonk-15-wires/tests/ec.rs | 28 +- dlog/plonk-15-wires/tests/generic.rs | 6 +- dlog/tests/chacha_test.rs | 14 +- dlog/tests/poseidon_vesta_15_wires.rs | 12 +- dlog/tests/varbasemul.rs | 15 +- 8 files changed, 201 insertions(+), 169 deletions(-) diff --git a/circuits/plonk-15-wires/src/nolookup/constraints.rs b/circuits/plonk-15-wires/src/nolookup/constraints.rs index 076b8346f1..7dd778411f 100644 --- a/circuits/plonk-15-wires/src/nolookup/constraints.rs +++ b/circuits/plonk-15-wires/src/nolookup/constraints.rs @@ -520,8 +520,16 @@ impl ConstraintSystem { pub fn verify(&self, witness: &[Vec; COLUMNS]) -> Result<(), GateError> { let left_wire = vec![F::one(), F::zero(), F::zero(), F::zero(), F::zero()]; + // pad the witness + let pad = vec![F::zero(); self.domain.d1.size as usize - witness[0].len()]; + let witness: [Vec; COLUMNS] = array_init(|i| { + let mut w = witness[i].to_vec(); + w.extend_from_slice(&pad); + w + }); + + // check each rows' wiring for (row, gate) in self.gates.iter().enumerate() { - // check if wires are connected for col in 0..COLUMNS { let wire = gate.wires[col]; if witness[col][row] != witness[wire.col][wire.row] { @@ -542,7 +550,8 @@ impl ConstraintSystem { } } - gate.verify(witness, &self) + // check the gate's satisfiability + gate.verify(&witness, &self) .map_err(|err| GateError::Custom { row, err })?; } diff --git a/circuits/plonk-15-wires/src/polynomials/chacha.rs b/circuits/plonk-15-wires/src/polynomials/chacha.rs index 77c88132de..5a161a4f20 100644 --- a/circuits/plonk-15-wires/src/polynomials/chacha.rs +++ b/circuits/plonk-15-wires/src/polynomials/chacha.rs @@ -19,12 +19,12 @@ c'' = c' + d''; b'' = (c'' ^ b') <<< 7; We lay each line as two rows. -Each line has the form +Each line has the form x += z; y ^= x; y <<<= k or without mutation, - + x' = x + z; y' = (y ^ x') <<< k which we abbreviate as @@ -126,12 +126,10 @@ And we'll check that y' is the sum of the shifted nybbles. *****************************************************************************************************************/ -use ark_ff::{Field, FftField, Zero}; +use crate::expr::{Column, ConstantExpr as C, E}; +use crate::gate::{CurrOrNext, GateType}; +use ark_ff::{FftField, Field, Zero}; use CurrOrNext::*; -use crate::{ - gate::{GateType, CurrOrNext}, -}; -use crate::expr::{E, ConstantExpr as C, Column}; // The lookup table for 4-bit xor. // Note that it is constructed so that (0, 0, 0) is the last position in the table. @@ -139,10 +137,10 @@ use crate::expr::{E, ConstantExpr as C, Column}; // This is because tables are extended to the full size of a column (essentially) // by padding them with their final value. And, having the value (0, 0, 0) here means // that when we commit to this table and use the dummy value in the `lookup_sorted` -// columns, those entries that have the dummy value of +// columns, those entries that have the dummy value of // // 0 = 0 + joint_combiner * 0 + joint_combiner^2 * 0 -// +// // will translate into a scalar multiplication by 0, which is free. pub fn xor_table() -> Vec> { let mut res = vec![vec![]; 3]; @@ -182,23 +180,22 @@ pub fn chacha20_gates() -> Vec { } const CHACHA20_ROTATIONS: [u32; 4] = [16, 12, 8, 7]; -const CHACHA20_QRS : [[usize; 4]; 8] = - [ - [0, 4, 8, 12], - [1, 5, 9, 13], - [2, 6, 10, 14], - [3, 7, 11, 15], - [0, 5, 10, 15], - [1, 6, 11, 12], - [2, 7, 8, 13], - [3, 4, 9, 14], - ]; +const CHACHA20_QRS: [[usize; 4]; 8] = [ + [0, 4, 8, 12], + [1, 5, 9, 13], + [2, 6, 10, 14], + [3, 7, 11, 15], + [0, 5, 10, 15], + [1, 6, 11, 12], + [2, 7, 8, 13], + [3, 4, 9, 14], +]; pub fn chacha20_rows(s0: Vec) -> Vec> { let mut rows = vec![]; let mut s = s0; - let mut line = |x:usize, y:usize, z:usize, k:u32| { + let mut line = |x: usize, y: usize, z: usize, k: u32| { let f = |t: u32| F::from(t); let nyb = |t: u32, i: usize| f((t >> (4 * i)) & 0b1111); @@ -214,16 +211,38 @@ pub fn chacha20_rows(s0: Vec) -> Vec> { if k == 7 { y_xor_xprime.rotate_left(16) } else { yprime }; rows.push(vec![ - f(s[x]), f(s[y]), f(s[z]), - nyb(y_xor_xprime, 0), nyb(y_xor_xprime, 1), nyb(y_xor_xprime, 2), nyb(y_xor_xprime, 3), - nyb(xprime, 0), nyb(xprime, 1), nyb(xprime, 2), nyb(xprime, 3), - nyb(s[y], 0), nyb(s[y], 1), nyb(s[y], 2), nyb(s[y], 3), + f(s[x]), + f(s[y]), + f(s[z]), + nyb(y_xor_xprime, 0), + nyb(y_xor_xprime, 1), + nyb(y_xor_xprime, 2), + nyb(y_xor_xprime, 3), + nyb(xprime, 0), + nyb(xprime, 1), + nyb(xprime, 2), + nyb(xprime, 3), + nyb(s[y], 0), + nyb(s[y], 1), + nyb(s[y], 2), + nyb(s[y], 3), ]); rows.push(vec![ - f(xprime), f(yprime_in_row), f(top_bit), - nyb(y_xor_xprime, 4), nyb(y_xor_xprime, 5), nyb(y_xor_xprime, 6), nyb(y_xor_xprime, 7), - nyb(xprime, 4), nyb(xprime, 5), nyb(xprime, 6), nyb(xprime, 7), - nyb(s[y], 4), nyb(s[y], 5), nyb(s[y], 6), nyb(s[y], 7), + f(xprime), + f(yprime_in_row), + f(top_bit), + nyb(y_xor_xprime, 4), + nyb(y_xor_xprime, 5), + nyb(y_xor_xprime, 6), + nyb(y_xor_xprime, 7), + nyb(xprime, 4), + nyb(xprime, 5), + nyb(xprime, 6), + nyb(xprime, 7), + nyb(s[y], 4), + nyb(s[y], 5), + nyb(s[y], 6), + nyb(s[y], 7), ]); s[x] = xprime; @@ -233,15 +252,37 @@ pub fn chacha20_rows(s0: Vec) -> Vec> { let lo = |t: u32, i: usize| f((t >> (4 * i)) & 1); rows.push(vec![ f(yprime), - nyb(y_xor_xprime, 0), nyb(y_xor_xprime, 1), nyb(y_xor_xprime, 2), nyb(y_xor_xprime, 3), - lo(y_xor_xprime, 0), lo(y_xor_xprime, 1), lo(y_xor_xprime, 2), lo(y_xor_xprime, 3), - F::zero(), F::zero(), F::zero(), F::zero(), F::zero(), F::zero(), + nyb(y_xor_xprime, 0), + nyb(y_xor_xprime, 1), + nyb(y_xor_xprime, 2), + nyb(y_xor_xprime, 3), + lo(y_xor_xprime, 0), + lo(y_xor_xprime, 1), + lo(y_xor_xprime, 2), + lo(y_xor_xprime, 3), + F::zero(), + F::zero(), + F::zero(), + F::zero(), + F::zero(), + F::zero(), ]); rows.push(vec![ F::zero(), - nyb(y_xor_xprime, 4), nyb(y_xor_xprime, 5), nyb(y_xor_xprime, 6), nyb(y_xor_xprime, 7), - lo(y_xor_xprime, 4), lo(y_xor_xprime, 5), lo(y_xor_xprime, 6), lo(y_xor_xprime, 7), - F::zero(), F::zero(), F::zero(), F::zero(), F::zero(), F::zero(), + nyb(y_xor_xprime, 4), + nyb(y_xor_xprime, 5), + nyb(y_xor_xprime, 6), + nyb(y_xor_xprime, 7), + lo(y_xor_xprime, 4), + lo(y_xor_xprime, 5), + lo(y_xor_xprime, 6), + lo(y_xor_xprime, 7), + F::zero(), + F::zero(), + F::zero(), + F::zero(), + F::zero(), + F::zero(), ]); } }; @@ -265,7 +306,7 @@ pub fn chacha20(mut s: Vec) -> Vec { let mut line = |x, y, z, k| { s[x] = u32::wrapping_add(s[x], s[z]); s[y] ^= s[x]; - let yy : u32 = s[y]; + let yy: u32 = s[y]; s[y] = yy.rotate_left(k); }; let mut qr = |a, b, c, d| { @@ -289,19 +330,22 @@ pub fn constraint(alpha0: usize) -> E { // 8-nybble sequences that are laid out as 4 nybbles per row over the two row, // like y^x' or x+z let chunks_over_2_rows = |col_offset: usize| -> Vec<_> { - (0..8).map(|i| { - let r = if i < 4 { Curr } else { Next }; - w(col_offset + (i % 4), r) - }).collect() + (0..8) + .map(|i| { + let r = if i < 4 { Curr } else { Next }; + w(col_offset + (i % 4), r) + }) + .collect() }; - let boolean = |b : &E| b.clone() * b.clone() - b.clone(); + let boolean = |b: &E| b.clone() * b.clone() - b.clone(); let combine_nybbles = |ns: Vec>| -> E { - ns.into_iter().enumerate().fold(E::zero(), - |acc: E, (i, t)| { + ns.into_iter() + .enumerate() + .fold(E::zero(), |acc: E, (i, t)| { acc + E::from(1 << (4 * i)) * t - }) + }) }; // Constraints for the line L(x, x', y, y', z, k), where k = 4 * nybble_rotation @@ -336,7 +380,8 @@ pub fn constraint(alpha0: usize) -> E { combine_nybbles(y_nybbles) - y, // y' = (y ^ x') <<< 4 * nybble_rotation combine_nybbles(y_xor_xprime_rotated) - yprime, - ]) + ], + ) }; let chacha_final = { @@ -348,21 +393,19 @@ pub fn constraint(alpha0: usize) -> E { // (y xor xprime) <<< 7 // per the comment at the top of the file - let y_xor_xprime_rotated : Vec<_> = - [7, 0, 1, 2, 3, 4, 5, 6].iter() + let y_xor_xprime_rotated: Vec<_> = [7, 0, 1, 2, 3, 4, 5, 6] + .iter() .zip([6, 7, 0, 1, 2, 3, 4, 5].iter()) .map(|(&i, &j)| -> E { - E::from(8) * low_bits[i].clone() + E::Constant(C::Literal(one_half)) * ( - y_xor_xprime_nybbles[j].clone() - low_bits[j].clone()) - }).collect(); - - let mut constraints: Vec> = - low_bits.iter().map(boolean).collect(); - constraints.push( - combine_nybbles(y_xor_xprime_rotated) - yprime); - E::combine_constraints( - alpha0, - constraints) + E::from(8) * low_bits[i].clone() + + E::Constant(C::Literal(one_half)) + * (y_xor_xprime_nybbles[j].clone() - low_bits[j].clone()) + }) + .collect(); + + let mut constraints: Vec> = low_bits.iter().map(boolean).collect(); + constraints.push(combine_nybbles(y_xor_xprime_rotated) - yprime); + E::combine_constraints(alpha0, constraints) }; let index = |g: GateType| E::cell(Column::Index(g), Curr); @@ -382,28 +425,27 @@ pub fn constraint(alpha0: usize) -> E { // all the relevant values, and the xors, and then do // the shifting using a ChaChaFinal gate. index(ChaChaFinal) * chacha_final, - ].into_iter().fold(0.into(), |acc, x| acc + x) + ] + .into_iter() + .fold(0.into(), |acc, x| acc + x) } #[cfg(test)] mod tests { use super::*; - use ark_ff::UniformRand; - use ark_poly::{univariate::DensePolynomial, Radix2EvaluationDomain as D, EvaluationDomain}; + use crate::polynomials::chacha::constraint; use crate::{ - polynomials::{chacha, lookup}, - gate::{LookupInfo, LookupsUsed}, - expr::{PolishToken, Constants, Expr, Column, Linearization}, - gates::poseidon::ROUNDS_PER_ROW, - nolookup::constraints::{zk_w3, ConstraintSystem}, - nolookup::scalars::{ProofEvaluations, LookupEvaluations}, + expr::{Column, Constants, PolishToken}, + gate::LookupInfo, + nolookup::scalars::{LookupEvaluations, ProofEvaluations}, wires::*, }; - use mina_curves::pasta::fp::{Fp as F}; - use crate::polynomials::chacha::constraint; - use rand::{rngs::StdRng, SeedableRng}; + use ark_ff::UniformRand; + use ark_poly::{EvaluationDomain, Radix2EvaluationDomain as D}; use array_init::array_init; - use std::fmt::{Formatter, Display}; + use mina_curves::pasta::fp::Fp as F; + use rand::{rngs::StdRng, SeedableRng}; + use std::fmt::{Display, Formatter}; struct Polish(Vec>); impl Display for Polish { @@ -415,7 +457,7 @@ mod tests { PolishToken::Add => write!(f, "+, ")?, PolishToken::Mul => write!(f, "*, ")?, PolishToken::Sub => write!(f, "-, ")?, - x => write!(f, "{:?}, ", x)? + x => write!(f, "{:?}, ", x)?, } } write!(f, "]")?; @@ -446,65 +488,68 @@ mod tests { let expr = constraint::(10); let linearized = expr.linearize(evaluated_cols).unwrap(); - let expr_polish = expr.to_polish(); + let _expr_polish = expr.to_polish(); let linearized_polish = linearized.map(|e| e.to_polish()); - let mut rng = &mut StdRng::from_seed([0u8; 32]); + let rng = &mut StdRng::from_seed([0u8; 32]); let d = D::new(1024).unwrap(); let pt = F::rand(rng); - let mut eval = || { - ProofEvaluations { - w: array_init(|_| F::rand(rng)), - z: F::rand(rng), - s: array_init(|_| F::rand(rng)), - generic_selector: F::zero(), - poseidon_selector: F::zero(), - lookup: - Some( - LookupEvaluations { - sorted: - (0..(lookup_info.max_per_row + 1)).map(|_| F::rand(rng)).collect(), - aggreg: F::rand(rng), - table: F::rand(rng) - }) - } + let mut eval = || ProofEvaluations { + w: array_init(|_| F::rand(rng)), + z: F::rand(rng), + s: array_init(|_| F::rand(rng)), + generic_selector: F::zero(), + poseidon_selector: F::zero(), + lookup: Some(LookupEvaluations { + sorted: (0..(lookup_info.max_per_row + 1)) + .map(|_| F::rand(rng)) + .collect(), + aggreg: F::rand(rng), + table: F::rand(rng), + }), }; let evals = vec![eval(), eval()]; - let constants = - Constants { - alpha: F::rand(rng), - beta: F::rand(rng), - gamma: F::rand(rng), - joint_combiner: F::rand(rng), - }; + let constants = Constants { + alpha: F::rand(rng), + beta: F::rand(rng), + gamma: F::rand(rng), + joint_combiner: F::rand(rng), + }; assert_eq!( - linearized.constant_term.evaluate_(d, pt, &evals, &constants).unwrap(), - PolishToken::evaluate( - &linearized_polish.constant_term, - d, pt, &evals, &constants).unwrap()); - - linearized.index_terms.iter().zip(linearized_polish.index_terms.iter()).for_each(|((c1, e1), (c2, e2))| { - assert_eq!(c1, c2); - println!("{:?} ?", c1); - let x1 = e1.evaluate_(d, pt, &evals, &constants).unwrap(); - let x2 = PolishToken::evaluate(&e2, d, pt, &evals, &constants).unwrap(); - if x1 != x2 { - println!("e1: {}", e1); - println!("e2: {}", Polish(e2.clone())); - println!("Polish evaluation differed for {:?}: {} != {}", c1, x1, x2); - } else { - println!("{:?} OK", c1); - } - }); + linearized + .constant_term + .evaluate_(d, pt, &evals, &constants) + .unwrap(), + PolishToken::evaluate(&linearized_polish.constant_term, d, pt, &evals, &constants) + .unwrap() + ); + + linearized + .index_terms + .iter() + .zip(linearized_polish.index_terms.iter()) + .for_each(|((c1, e1), (c2, e2))| { + assert_eq!(c1, c2); + println!("{:?} ?", c1); + let x1 = e1.evaluate_(d, pt, &evals, &constants).unwrap(); + let x2 = PolishToken::evaluate(&e2, d, pt, &evals, &constants).unwrap(); + if x1 != x2 { + println!("e1: {}", e1); + println!("e2: {}", Polish(e2.clone())); + println!("Polish evaluation differed for {:?}: {} != {}", c1, x1, x2); + } else { + println!("{:?} OK", c1); + } + }); /* assert_eq!( expr.evaluate_(d, pt, &evals, &constants).unwrap(), - PolishToken::evaluate(&expr_polish, d, pt, &evals, &constants).unwrap()); + PolishToken::evaluate(&_, d, pt, &evals, &constants).unwrap()); */ } } diff --git a/dlog/plonk-15-wires/src/prover.rs b/dlog/plonk-15-wires/src/prover.rs index 36d5fb7ae8..f707eb9644 100644 --- a/dlog/plonk-15-wires/src/prover.rs +++ b/dlog/plonk-15-wires/src/prover.rs @@ -118,10 +118,7 @@ where // double-check the witness if cfg!(test) { - index - .cs - .verify(witness) - .map_err(|_| ProofError::WitnessCsInconsistent)?; + index.cs.verify(witness).expect("incorrect witness"); } // pad and add zero-knowledge rows to the witness columns diff --git a/dlog/plonk-15-wires/tests/ec.rs b/dlog/plonk-15-wires/tests/ec.rs index 41c186ab5a..039fa2aeeb 100644 --- a/dlog/plonk-15-wires/tests/ec.rs +++ b/dlog/plonk-15-wires/tests/ec.rs @@ -1,34 +1,28 @@ use ark_ec::{AffineCurve, ProjectiveCurve}; -use ark_ff::{BigInteger, BitIteratorLE, Field, One, PrimeField, UniformRand, Zero}; -use ark_poly::{univariate::DensePolynomial, EvaluationDomain, Radix2EvaluationDomain as D}; +use ark_ff::{Field, One, PrimeField, UniformRand, Zero}; use array_init::array_init; use colored::Colorize; use commitment_dlog::{ - commitment::{b_poly_coefficients, ceil_log2, CommitmentCurve}, + commitment::CommitmentCurve, srs::{endos, SRS}, }; use groupmap::GroupMap; use mina_curves::pasta::{ fp::Fp as F, - pallas::{Affine as Other, Projective as OtherProjective}, + pallas::Affine as Other, vesta::{Affine, VestaParameters}, }; use oracle::{ - poseidon::{ArithmeticSponge, PlonkSpongeConstants15W, Sponge, SpongeConstants}, - sponge::{DefaultFqSponge, DefaultFrSponge, ScalarChallenge}, + poseidon::PlonkSpongeConstants15W, + sponge::{DefaultFqSponge, DefaultFrSponge}, }; use plonk_15_wires_circuits::{ - expr::{Column, Constants, Expr, Linearization, PolishToken}, - gate::{CircuitGate, GateType, LookupInfo, LookupsUsed}, - gates::poseidon::ROUNDS_PER_ROW, - nolookup::constraints::{zk_w3, ConstraintSystem}, - nolookup::scalars::{LookupEvaluations, ProofEvaluations}, - polynomials::endosclmul, + gate::{CircuitGate, GateType}, + nolookup::constraints::ConstraintSystem, wires::*, }; use plonk_15_wires_protocol_dlog::{index::Index, prover::ProverProof}; use rand::{rngs::StdRng, SeedableRng}; -use std::fmt::{Display, Formatter}; use std::{sync::Arc, time::Instant}; const PUBLIC: usize = 0; @@ -64,7 +58,7 @@ fn ec_test() { srs.add_lagrange_basis(cs.domain.d1); let fq_sponge_params = oracle::pasta::fq::params(); - let (endo_q, endo_r) = endos::(); + let (endo_q, _endo_r) = endos::(); let srs = Arc::new(srs); let index = Index::::create(cs, fq_sponge_params, endo_q, srs); @@ -77,7 +71,7 @@ fn ec_test() { let lgr_comms = vec![]; let rng = &mut StdRng::from_seed([0; 32]); - let start = Instant::now(); + // let start = Instant::now(); let mut g = Other::prime_subgroup_generator(); for row in 0..num_doubles { @@ -97,7 +91,7 @@ fn ec_test() { .into_affine(); let mut res = vec![]; let mut acc = p; - for i in 0..num_additions { + for _ in 0..num_additions { res.push(acc); acc = acc + p; } @@ -111,7 +105,7 @@ fn ec_test() { .into_affine(); let mut res = vec![]; let mut acc = q; - for i in 0..num_additions { + for _ in 0..num_additions { res.push(acc); acc = acc + q; } diff --git a/dlog/plonk-15-wires/tests/generic.rs b/dlog/plonk-15-wires/tests/generic.rs index e075a2a0a0..f5102c90cd 100644 --- a/dlog/plonk-15-wires/tests/generic.rs +++ b/dlog/plonk-15-wires/tests/generic.rs @@ -6,7 +6,6 @@ use array_init::array_init; use commitment_dlog::{ commitment::{b_poly_coefficients, ceil_log2, CommitmentCurve}, srs::{endos, SRS}, - PolyComm, }; use groupmap::GroupMap; use mina_curves::pasta::{ @@ -23,10 +22,7 @@ use plonk_15_wires_circuits::{ nolookup::constraints::ConstraintSystem, wires::{Wire, COLUMNS, GENERICS}, }; -use plonk_15_wires_protocol_dlog::{ - index::{Index, VerifierIndex}, - prover::ProverProof, -}; +use plonk_15_wires_protocol_dlog::{index::Index, prover::ProverProof}; use rand::{rngs::StdRng, SeedableRng}; // aliases diff --git a/dlog/tests/chacha_test.rs b/dlog/tests/chacha_test.rs index 4c3607abe2..4978c1eca0 100644 --- a/dlog/tests/chacha_test.rs +++ b/dlog/tests/chacha_test.rs @@ -1,9 +1,7 @@ -use ark_ff::{UniformRand, Zero}; -use ark_poly::{univariate::DensePolynomial, UVPolynomial}; use array_init::array_init; use colored::Colorize; use commitment_dlog::{ - commitment::{b_poly_coefficients, ceil_log2, CommitmentCurve}, + commitment::{ceil_log2, CommitmentCurve}, srs::{endos, SRS}, }; use groupmap::GroupMap; @@ -13,7 +11,7 @@ use mina_curves::pasta::{ vesta::{Affine, VestaParameters}, }; use oracle::{ - poseidon::{ArithmeticSponge, PlonkSpongeConstants15W, Sponge, SpongeConstants}, + poseidon::PlonkSpongeConstants15W, sponge::{DefaultFqSponge, DefaultFrSponge}, }; use plonk_15_wires_circuits::wires::{Wire, COLUMNS}; @@ -21,8 +19,6 @@ use plonk_15_wires_circuits::{ gate::CircuitGate, nolookup::constraints::ConstraintSystem, polynomials::chacha, }; use plonk_15_wires_protocol_dlog::{index::Index, prover::ProverProof}; -use rand::{rngs::StdRng, SeedableRng}; -use std::{io, io::Write}; use std::{sync::Arc, time::Instant}; // aliases @@ -86,10 +82,10 @@ fn chacha_prover() { for _ in 0..num_chachas { rows.extend(chacha::chacha20_rows::(s0.clone())) } - let mut witness: [Vec; COLUMNS] = array_init(|_| vec![Fp::zero(); max_size]); - for (i, r) in rows.into_iter().enumerate() { + let mut witness: [Vec; COLUMNS] = array_init(|_| vec![]); + for r in rows.into_iter() { for (col, c) in r.into_iter().enumerate() { - witness[col][i] = c; + witness[col].push(c); } } diff --git a/dlog/tests/poseidon_vesta_15_wires.rs b/dlog/tests/poseidon_vesta_15_wires.rs index d91eb581fa..87956796c1 100644 --- a/dlog/tests/poseidon_vesta_15_wires.rs +++ b/dlog/tests/poseidon_vesta_15_wires.rs @@ -121,7 +121,8 @@ fn positive(index: &Index) { let mut start = Instant::now(); for test in 0..1 { // witness for Poseidon permutation custom constraints - let mut witness: [Vec; COLUMNS] = array_init(|_| vec![Fp::zero(); max_size]); + let mut witness_cols: [Vec; COLUMNS] = + array_init(|_| vec![Fp::zero(); POS_ROWS_PER_HASH * NUM_POS + 1 /* last output row */]); // creates a random initial state let init = vec![Fp::rand(rng), Fp::rand(rng), Fp::rand(rng)]; @@ -129,11 +130,10 @@ fn positive(index: &Index) { // number of poseidon instances in the circuit for h in 0..NUM_POS { // index - // TODO: is the `+ 1` correct? let first_row = h * (POS_ROWS_PER_HASH + 1); // initialize the sponge in the circuit with our random state - let first_state_cols = &mut witness[round_to_cols(0)]; + let first_state_cols = &mut witness_cols[round_to_cols(0)]; for state_idx in 0..SPONGE_WIDTH { first_state_cols[state_idx][first_row] = init[state_idx]; } @@ -162,7 +162,7 @@ fn positive(index: &Index) { // apply the sponge and record the result in the witness let cols_to_update = round_to_cols((round + 1) % ROUNDS_PER_ROW); - witness[cols_to_update] + witness_cols[cols_to_update] .iter_mut() .zip(sponge.state.iter()) // update the state (last update is on the next row) @@ -172,7 +172,7 @@ fn positive(index: &Index) { } // verify the circuit satisfiability by the computed witness - index.cs.verify(&witness).unwrap(); + index.cs.verify(&witness_cols).unwrap(); // let prev = { @@ -194,7 +194,7 @@ fn positive(index: &Index) { batch.push( ProverProof::create::( &group_map, - &witness, + &witness_cols, &index, vec![prev], ) diff --git a/dlog/tests/varbasemul.rs b/dlog/tests/varbasemul.rs index d5264cee0e..80cc61a0f7 100644 --- a/dlog/tests/varbasemul.rs +++ b/dlog/tests/varbasemul.rs @@ -1,34 +1,29 @@ use ark_ec::{AffineCurve, ProjectiveCurve}; use ark_ff::{BigInteger, BitIteratorLE, Field, One, PrimeField, UniformRand, Zero}; -use ark_poly::{univariate::DensePolynomial, EvaluationDomain, Radix2EvaluationDomain as D}; use array_init::array_init; use colored::Colorize; use commitment_dlog::{ - commitment::{b_poly_coefficients, ceil_log2, CommitmentCurve}, + commitment::CommitmentCurve, srs::{endos, SRS}, }; use groupmap::GroupMap; use mina_curves::pasta::{ fp::Fp as F, - pallas::{Affine as Other, Projective as OtherProjective}, + pallas::Affine as Other, vesta::{Affine, VestaParameters}, }; use oracle::{ - poseidon::{ArithmeticSponge, PlonkSpongeConstants15W, Sponge, SpongeConstants}, + poseidon::PlonkSpongeConstants15W, sponge::{DefaultFqSponge, DefaultFrSponge}, }; use plonk_15_wires_circuits::{ - expr::{Column, Constants, Expr, Linearization, PolishToken}, - gate::{CircuitGate, GateType, LookupInfo, LookupsUsed}, - gates::poseidon::ROUNDS_PER_ROW, - nolookup::constraints::{zk_w3, ConstraintSystem}, - nolookup::scalars::{LookupEvaluations, ProofEvaluations}, + gate::{CircuitGate, GateType}, + nolookup::constraints::ConstraintSystem, polynomials::varbasemul, wires::*, }; use plonk_15_wires_protocol_dlog::{index::Index, prover::ProverProof}; use rand::{rngs::StdRng, SeedableRng}; -use std::fmt::{Display, Formatter}; use std::{sync::Arc, time::Instant}; const PUBLIC: usize = 0;