diff --git a/hydra/garaga/precompiled_circuits/compilable_circuits/ultra_honk.py b/hydra/garaga/precompiled_circuits/compilable_circuits/ultra_honk.py index 2cf7add1..48398a05 100644 --- a/hydra/garaga/precompiled_circuits/compilable_circuits/ultra_honk.py +++ b/hydra/garaga/precompiled_circuits/compilable_circuits/ultra_honk.py @@ -267,7 +267,7 @@ def input_map(self) -> dict: imap = {} imap["p_sumcheck_evaluations"] = (structs.u256Span, hk.NUMBER_OF_ENTITIES) - imap["p_gemini_a_evaluations"] = (structs.u256Span, hk.CONST_PROOF_SIZE_LOG_N) + imap["p_gemini_a_evaluations"] = (structs.u256Span, self.vk.log_circuit_size) imap["tp_gemini_r"] = structs.u384 imap["tp_rho"] = structs.u384 imap["tp_shplonk_z"] = structs.u384 diff --git a/hydra/garaga/precompiled_circuits/honk.py b/hydra/garaga/precompiled_circuits/honk.py index 0931d34a..33faa893 100644 --- a/hydra/garaga/precompiled_circuits/honk.py +++ b/hydra/garaga/precompiled_circuits/honk.py @@ -1,4 +1,5 @@ import copy +import math from dataclasses import dataclass, fields from enum import Enum, auto @@ -58,6 +59,10 @@ class HonkProof: shplonk_q: G1Point kzg_quotient: G1Point + @property + def log_circuit_size(self) -> int: + return int(math.log2(self.circuit_size)) + def __post_init__(self): assert len(self.sumcheck_univariates) == CONST_PROOF_SIZE_LOG_N assert all( @@ -244,11 +249,11 @@ def format_array(elements: list, span: bool = False) -> str: code += f"lookup_inverses: {g1_to_g1point256(self.lookup_inverses)},\n" # Flatten sumcheck_univariates array - code += f"sumcheck_univariates: {format_array(io.flatten(self.sumcheck_univariates), span=True)},\n" + code += f"sumcheck_univariates: {format_array(io.flatten(self.sumcheck_univariates)[:self.log_circuit_size * BATCHED_RELATION_PARTIAL_LENGTH], span=True)},\n" code += f"sumcheck_evaluations: {format_array(self.sumcheck_evaluations, span=True)},\n" - code += f"gemini_fold_comms: array![{', '.join(g1_to_g1point256(comm) for comm in self.gemini_fold_comms)}].span(),\n" - code += f"gemini_a_evaluations: {format_array(self.gemini_a_evaluations, span=True)},\n" + code += f"gemini_fold_comms: array![{', '.join(g1_to_g1point256(comm) for comm in self.gemini_fold_comms[:self.log_circuit_size - 1])}].span(),\n" + code += f"gemini_a_evaluations: {format_array(self.gemini_a_evaluations[:self.log_circuit_size], span=True)},\n" code += f"shplonk_q: {g1_to_g1point256(self.shplonk_q)},\n" code += f"kzg_quotient: {g1_to_g1point256(self.kzg_quotient)},\n" code += "};" @@ -279,7 +284,9 @@ def serialize_G1Point256(g1_point: G1Point) -> list[int]: cd.extend(serialize_G1Point256(self.lookup_inverses)) cd.extend( io.bigint_split_array( - x=io.flatten(self.sumcheck_univariates), + x=io.flatten(self.sumcheck_univariates)[ + : BATCHED_RELATION_PARTIAL_LENGTH * self.log_circuit_size + ], # The rest is 0. n_limbs=2, base=2**128, prepend_length=True, @@ -292,13 +299,18 @@ def serialize_G1Point256(g1_point: G1Point) -> list[int]: ) ) - cd.append(len(self.gemini_fold_comms)) - for pt in self.gemini_fold_comms: + cd.append(self.log_circuit_size - 1) + for pt in self.gemini_fold_comms[ + : self.log_circuit_size - 1 + ]: # The rest is G(1, 2) cd.extend(serialize_G1Point256(pt)) cd.extend( io.bigint_split_array( - x=self.gemini_a_evaluations, n_limbs=2, base=2**128, prepend_length=True + x=self.gemini_a_evaluations[: self.log_circuit_size], + n_limbs=2, + base=2**128, + prepend_length=True, ) ) cd.extend(serialize_G1Point256(self.shplonk_q)) @@ -1680,16 +1692,16 @@ def compute_shplemini_msm_scalars( batching_challenge, inverse_vanishing_evals[i + 2] ) scalars[NUMBER_OF_ENTITIES + i + 1] = self.neg(scaling_factor) + constant_term_accumulator = self.add( + constant_term_accumulator, + self.mul(scaling_factor, p_gemini_a_evaluations[i + 1]), + ) else: # print( # f"dummy round {i}, index {NUMBER_OF_ENTITIES + i + 1} is set to 0" # ) pass - constant_term_accumulator = self.add( - constant_term_accumulator, - self.mul(scaling_factor, p_gemini_a_evaluations[i + 1]), - ) # skip last round: if i < self.log_n - 2: batching_challenge = self.mul(batching_challenge, tp_shplonk_nu) diff --git a/hydra/garaga/starknet/honk_contract_generator/generator_honk.py b/hydra/garaga/starknet/honk_contract_generator/generator_honk.py index 09e75ceb..b888ba6c 100644 --- a/hydra/garaga/starknet/honk_contract_generator/generator_honk.py +++ b/hydra/garaga/starknet/honk_contract_generator/generator_honk.py @@ -269,9 +269,8 @@ def gen_honk_verifier( full_proof.proof.z_perm.into(), ]; - let n_gem_comms = vk.log_circuit_size-1; - for i in 0_u32..n_gem_comms {{ - _points.append((*full_proof.proof.gemini_fold_comms.at(i)).into()); + for gem_comm in full_proof.proof.gemini_fold_comms {{ + _points.append((*gem_comm).into()); }}; _points.append(BN254_G1_GENERATOR); _points.append(full_proof.proof.kzg_quotient.into()); diff --git a/src/contracts/noir_ultra_keccak_honk_example/src/honk_verifier.cairo b/src/contracts/noir_ultra_keccak_honk_example/src/honk_verifier.cairo index a6e4f474..7faeab52 100644 --- a/src/contracts/noir_ultra_keccak_honk_example/src/honk_verifier.cairo +++ b/src/contracts/noir_ultra_keccak_honk_example/src/honk_verifier.cairo @@ -183,9 +183,8 @@ mod UltraKeccakHonkVerifier { full_proof.proof.z_perm.into(), ]; - let n_gem_comms = vk.log_circuit_size - 1; - for i in 0_u32..n_gem_comms { - _points.append((*full_proof.proof.gemini_fold_comms.at(i)).into()); + for gem_comm in full_proof.proof.gemini_fold_comms { + _points.append((*gem_comm).into()); }; _points.append(BN254_G1_GENERATOR); _points.append(full_proof.proof.kzg_quotient.into()); diff --git a/src/contracts/noir_ultra_keccak_honk_example/src/honk_verifier_circuits.cairo b/src/contracts/noir_ultra_keccak_honk_example/src/honk_verifier_circuits.cairo index a6c11db8..8bb3c37d 100644 --- a/src/contracts/noir_ultra_keccak_honk_example/src/honk_verifier_circuits.cairo +++ b/src/contracts/noir_ultra_keccak_honk_example/src/honk_verifier_circuits.cairo @@ -1076,386 +1076,333 @@ pub fn run_GRUMPKIN_HONK_PREP_MSM_SCALARS_SIZE_5_circuit( let (in50, in51, in52) = (CE::> {}, CE::> {}, CE::> {}); let (in53, in54, in55) = (CE::> {}, CE::> {}, CE::> {}); let (in56, in57, in58) = (CE::> {}, CE::> {}, CE::> {}); - let (in59, in60, in61) = (CE::> {}, CE::> {}, CE::> {}); - let (in62, in63, in64) = (CE::> {}, CE::> {}, CE::> {}); - let (in65, in66, in67) = (CE::> {}, CE::> {}, CE::> {}); - let (in68, in69, in70) = (CE::> {}, CE::> {}, CE::> {}); - let (in71, in72, in73) = (CE::> {}, CE::> {}, CE::> {}); - let (in74, in75, in76) = (CE::> {}, CE::> {}, CE::> {}); - let (in77, in78, in79) = (CE::> {}, CE::> {}, CE::> {}); - let (in80, in81, in82) = (CE::> {}, CE::> {}, CE::> {}); - let t0 = circuit_mul(in74, in74); + let in59 = CE::> {}; + let t0 = circuit_mul(in51, in51); let t1 = circuit_mul(t0, t0); let t2 = circuit_mul(t1, t1); let t3 = circuit_mul(t2, t2); - let t4 = circuit_sub(in76, in74); + let t4 = circuit_sub(in53, in51); let t5 = circuit_inverse(t4); - let t6 = circuit_add(in76, in74); + let t6 = circuit_add(in53, in51); let t7 = circuit_inverse(t6); - let t8 = circuit_add(in76, t0); + let t8 = circuit_add(in53, t0); let t9 = circuit_inverse(t8); - let t10 = circuit_add(in76, t1); + let t10 = circuit_add(in53, t1); let t11 = circuit_inverse(t10); - let t12 = circuit_add(in76, t2); + let t12 = circuit_add(in53, t2); let t13 = circuit_inverse(t12); - let t14 = circuit_add(in76, t3); + let t14 = circuit_add(in53, t3); let t15 = circuit_inverse(t14); - let t16 = circuit_mul(in77, t7); + let t16 = circuit_mul(in54, t7); let t17 = circuit_add(t5, t16); let t18 = circuit_sub(in0, t17); - let t19 = circuit_inverse(in74); - let t20 = circuit_mul(in77, t7); + let t19 = circuit_inverse(in51); + let t20 = circuit_mul(in54, t7); let t21 = circuit_sub(t5, t20); let t22 = circuit_mul(t19, t21); let t23 = circuit_sub(in0, t22); let t24 = circuit_mul(t18, in1); let t25 = circuit_mul(in2, in1); let t26 = circuit_add(in0, t25); - let t27 = circuit_mul(in1, in75); + let t27 = circuit_mul(in1, in52); let t28 = circuit_mul(t18, t27); let t29 = circuit_mul(in3, t27); let t30 = circuit_add(t26, t29); - let t31 = circuit_mul(t27, in75); + let t31 = circuit_mul(t27, in52); let t32 = circuit_mul(t18, t31); let t33 = circuit_mul(in4, t31); let t34 = circuit_add(t30, t33); - let t35 = circuit_mul(t31, in75); + let t35 = circuit_mul(t31, in52); let t36 = circuit_mul(t18, t35); let t37 = circuit_mul(in5, t35); let t38 = circuit_add(t34, t37); - let t39 = circuit_mul(t35, in75); + let t39 = circuit_mul(t35, in52); let t40 = circuit_mul(t18, t39); let t41 = circuit_mul(in6, t39); let t42 = circuit_add(t38, t41); - let t43 = circuit_mul(t39, in75); + let t43 = circuit_mul(t39, in52); let t44 = circuit_mul(t18, t43); let t45 = circuit_mul(in7, t43); let t46 = circuit_add(t42, t45); - let t47 = circuit_mul(t43, in75); + let t47 = circuit_mul(t43, in52); let t48 = circuit_mul(t18, t47); let t49 = circuit_mul(in8, t47); let t50 = circuit_add(t46, t49); - let t51 = circuit_mul(t47, in75); + let t51 = circuit_mul(t47, in52); let t52 = circuit_mul(t18, t51); let t53 = circuit_mul(in9, t51); let t54 = circuit_add(t50, t53); - let t55 = circuit_mul(t51, in75); + let t55 = circuit_mul(t51, in52); let t56 = circuit_mul(t18, t55); let t57 = circuit_mul(in10, t55); let t58 = circuit_add(t54, t57); - let t59 = circuit_mul(t55, in75); + let t59 = circuit_mul(t55, in52); let t60 = circuit_mul(t18, t59); let t61 = circuit_mul(in11, t59); let t62 = circuit_add(t58, t61); - let t63 = circuit_mul(t59, in75); + let t63 = circuit_mul(t59, in52); let t64 = circuit_mul(t18, t63); let t65 = circuit_mul(in12, t63); let t66 = circuit_add(t62, t65); - let t67 = circuit_mul(t63, in75); + let t67 = circuit_mul(t63, in52); let t68 = circuit_mul(t18, t67); let t69 = circuit_mul(in13, t67); let t70 = circuit_add(t66, t69); - let t71 = circuit_mul(t67, in75); + let t71 = circuit_mul(t67, in52); let t72 = circuit_mul(t18, t71); let t73 = circuit_mul(in14, t71); let t74 = circuit_add(t70, t73); - let t75 = circuit_mul(t71, in75); + let t75 = circuit_mul(t71, in52); let t76 = circuit_mul(t18, t75); let t77 = circuit_mul(in15, t75); let t78 = circuit_add(t74, t77); - let t79 = circuit_mul(t75, in75); + let t79 = circuit_mul(t75, in52); let t80 = circuit_mul(t18, t79); let t81 = circuit_mul(in16, t79); let t82 = circuit_add(t78, t81); - let t83 = circuit_mul(t79, in75); + let t83 = circuit_mul(t79, in52); let t84 = circuit_mul(t18, t83); let t85 = circuit_mul(in17, t83); let t86 = circuit_add(t82, t85); - let t87 = circuit_mul(t83, in75); + let t87 = circuit_mul(t83, in52); let t88 = circuit_mul(t18, t87); let t89 = circuit_mul(in18, t87); let t90 = circuit_add(t86, t89); - let t91 = circuit_mul(t87, in75); + let t91 = circuit_mul(t87, in52); let t92 = circuit_mul(t18, t91); let t93 = circuit_mul(in19, t91); let t94 = circuit_add(t90, t93); - let t95 = circuit_mul(t91, in75); + let t95 = circuit_mul(t91, in52); let t96 = circuit_mul(t18, t95); let t97 = circuit_mul(in20, t95); let t98 = circuit_add(t94, t97); - let t99 = circuit_mul(t95, in75); + let t99 = circuit_mul(t95, in52); let t100 = circuit_mul(t18, t99); let t101 = circuit_mul(in21, t99); let t102 = circuit_add(t98, t101); - let t103 = circuit_mul(t99, in75); + let t103 = circuit_mul(t99, in52); let t104 = circuit_mul(t18, t103); let t105 = circuit_mul(in22, t103); let t106 = circuit_add(t102, t105); - let t107 = circuit_mul(t103, in75); + let t107 = circuit_mul(t103, in52); let t108 = circuit_mul(t18, t107); let t109 = circuit_mul(in23, t107); let t110 = circuit_add(t106, t109); - let t111 = circuit_mul(t107, in75); + let t111 = circuit_mul(t107, in52); let t112 = circuit_mul(t18, t111); let t113 = circuit_mul(in24, t111); let t114 = circuit_add(t110, t113); - let t115 = circuit_mul(t111, in75); + let t115 = circuit_mul(t111, in52); let t116 = circuit_mul(t18, t115); let t117 = circuit_mul(in25, t115); let t118 = circuit_add(t114, t117); - let t119 = circuit_mul(t115, in75); + let t119 = circuit_mul(t115, in52); let t120 = circuit_mul(t18, t119); let t121 = circuit_mul(in26, t119); let t122 = circuit_add(t118, t121); - let t123 = circuit_mul(t119, in75); + let t123 = circuit_mul(t119, in52); let t124 = circuit_mul(t18, t123); let t125 = circuit_mul(in27, t123); let t126 = circuit_add(t122, t125); - let t127 = circuit_mul(t123, in75); + let t127 = circuit_mul(t123, in52); let t128 = circuit_mul(t18, t127); let t129 = circuit_mul(in28, t127); let t130 = circuit_add(t126, t129); - let t131 = circuit_mul(t127, in75); + let t131 = circuit_mul(t127, in52); let t132 = circuit_mul(t18, t131); let t133 = circuit_mul(in29, t131); let t134 = circuit_add(t130, t133); - let t135 = circuit_mul(t131, in75); + let t135 = circuit_mul(t131, in52); let t136 = circuit_mul(t18, t135); let t137 = circuit_mul(in30, t135); let t138 = circuit_add(t134, t137); - let t139 = circuit_mul(t135, in75); + let t139 = circuit_mul(t135, in52); let t140 = circuit_mul(t18, t139); let t141 = circuit_mul(in31, t139); let t142 = circuit_add(t138, t141); - let t143 = circuit_mul(t139, in75); + let t143 = circuit_mul(t139, in52); let t144 = circuit_mul(t18, t143); let t145 = circuit_mul(in32, t143); let t146 = circuit_add(t142, t145); - let t147 = circuit_mul(t143, in75); + let t147 = circuit_mul(t143, in52); let t148 = circuit_mul(t18, t147); let t149 = circuit_mul(in33, t147); let t150 = circuit_add(t146, t149); - let t151 = circuit_mul(t147, in75); + let t151 = circuit_mul(t147, in52); let t152 = circuit_mul(t18, t151); let t153 = circuit_mul(in34, t151); let t154 = circuit_add(t150, t153); - let t155 = circuit_mul(t151, in75); + let t155 = circuit_mul(t151, in52); let t156 = circuit_mul(t18, t155); let t157 = circuit_mul(in35, t155); let t158 = circuit_add(t154, t157); - let t159 = circuit_mul(t155, in75); + let t159 = circuit_mul(t155, in52); let t160 = circuit_mul(t18, t159); let t161 = circuit_mul(in36, t159); let t162 = circuit_add(t158, t161); - let t163 = circuit_mul(t159, in75); + let t163 = circuit_mul(t159, in52); let t164 = circuit_mul(t23, t163); let t165 = circuit_mul(in37, t163); let t166 = circuit_add(t162, t165); - let t167 = circuit_mul(t163, in75); + let t167 = circuit_mul(t163, in52); let t168 = circuit_mul(t23, t167); let t169 = circuit_mul(in38, t167); let t170 = circuit_add(t166, t169); - let t171 = circuit_mul(t167, in75); + let t171 = circuit_mul(t167, in52); let t172 = circuit_mul(t23, t171); let t173 = circuit_mul(in39, t171); let t174 = circuit_add(t170, t173); - let t175 = circuit_mul(t171, in75); + let t175 = circuit_mul(t171, in52); let t176 = circuit_mul(t23, t175); let t177 = circuit_mul(in40, t175); let t178 = circuit_add(t174, t177); - let t179 = circuit_mul(t175, in75); + let t179 = circuit_mul(t175, in52); let t180 = circuit_mul(t23, t179); let t181 = circuit_mul(in41, t179); let t182 = circuit_add(t178, t181); - let t183 = circuit_mul(t179, in75); + let t183 = circuit_mul(t179, in52); let t184 = circuit_mul(t23, t183); let t185 = circuit_mul(in42, t183); let t186 = circuit_add(t182, t185); - let t187 = circuit_mul(t183, in75); + let t187 = circuit_mul(t183, in52); let t188 = circuit_mul(t23, t187); let t189 = circuit_mul(in43, t187); let t190 = circuit_add(t186, t189); - let t191 = circuit_mul(t187, in75); + let t191 = circuit_mul(t187, in52); let t192 = circuit_mul(t23, t191); let t193 = circuit_mul(in44, t191); let t194 = circuit_add(t190, t193); - let t195 = circuit_mul(t191, in75); + let t195 = circuit_mul(t191, in52); let t196 = circuit_mul(t23, t195); let t197 = circuit_mul(in45, t195); let t198 = circuit_add(t194, t197); - let t199 = circuit_mul(in77, in77); + let t199 = circuit_mul(in54, in54); let t200 = circuit_mul(t199, t9); let t201 = circuit_sub(in0, t200); let t202 = circuit_mul(t200, in47); let t203 = circuit_add(in0, t202); - let t204 = circuit_mul(t199, in77); + let t204 = circuit_mul(t199, in54); let t205 = circuit_mul(t204, t11); let t206 = circuit_sub(in0, t205); let t207 = circuit_mul(t205, in48); let t208 = circuit_add(t203, t207); - let t209 = circuit_mul(t204, in77); + let t209 = circuit_mul(t204, in54); let t210 = circuit_mul(t209, t13); let t211 = circuit_sub(in0, t210); let t212 = circuit_mul(t210, in49); let t213 = circuit_add(t208, t212); - let t214 = circuit_mul(t209, in77); + let t214 = circuit_mul(t209, in54); let t215 = circuit_mul(t214, t15); let t216 = circuit_sub(in0, t215); let t217 = circuit_mul(t215, in50); let t218 = circuit_add(t213, t217); - let t219 = circuit_mul(in0, in51); - let t220 = circuit_add(t218, t219); - let t221 = circuit_mul(in0, in52); - let t222 = circuit_add(t220, t221); - let t223 = circuit_mul(in0, in53); - let t224 = circuit_add(t222, t223); - let t225 = circuit_mul(in0, in54); - let t226 = circuit_add(t224, t225); - let t227 = circuit_mul(in0, in55); - let t228 = circuit_add(t226, t227); - let t229 = circuit_mul(in0, in56); - let t230 = circuit_add(t228, t229); - let t231 = circuit_mul(in0, in57); - let t232 = circuit_add(t230, t231); - let t233 = circuit_mul(in0, in58); - let t234 = circuit_add(t232, t233); - let t235 = circuit_mul(in0, in59); - let t236 = circuit_add(t234, t235); - let t237 = circuit_mul(in0, in60); - let t238 = circuit_add(t236, t237); - let t239 = circuit_mul(in0, in61); - let t240 = circuit_add(t238, t239); - let t241 = circuit_mul(in0, in62); - let t242 = circuit_add(t240, t241); - let t243 = circuit_mul(in0, in63); - let t244 = circuit_add(t242, t243); - let t245 = circuit_mul(in0, in64); - let t246 = circuit_add(t244, t245); - let t247 = circuit_mul(in0, in65); - let t248 = circuit_add(t246, t247); - let t249 = circuit_mul(in0, in66); - let t250 = circuit_add(t248, t249); - let t251 = circuit_mul(in0, in67); - let t252 = circuit_add(t250, t251); - let t253 = circuit_mul(in0, in68); - let t254 = circuit_add(t252, t253); - let t255 = circuit_mul(in0, in69); - let t256 = circuit_add(t254, t255); - let t257 = circuit_mul(in0, in70); - let t258 = circuit_add(t256, t257); - let t259 = circuit_mul(in0, in71); - let t260 = circuit_add(t258, t259); - let t261 = circuit_mul(in0, in72); - let t262 = circuit_add(t260, t261); - let t263 = circuit_mul(in0, in73); - let t264 = circuit_add(t262, t263); - let t265 = circuit_sub(in1, in82); - let t266 = circuit_mul(t3, t265); - let t267 = circuit_mul(t3, t198); - let t268 = circuit_add(t267, t267); - let t269 = circuit_sub(t266, in82); - let t270 = circuit_mul(in50, t269); - let t271 = circuit_sub(t268, t270); - let t272 = circuit_add(t266, in82); - let t273 = circuit_inverse(t272); - let t274 = circuit_mul(t271, t273); - let t275 = circuit_sub(in1, in81); - let t276 = circuit_mul(t2, t275); - let t277 = circuit_mul(t2, t274); - let t278 = circuit_add(t277, t277); - let t279 = circuit_sub(t276, in81); - let t280 = circuit_mul(in49, t279); - let t281 = circuit_sub(t278, t280); - let t282 = circuit_add(t276, in81); - let t283 = circuit_inverse(t282); - let t284 = circuit_mul(t281, t283); - let t285 = circuit_sub(in1, in80); - let t286 = circuit_mul(t1, t285); - let t287 = circuit_mul(t1, t284); - let t288 = circuit_add(t287, t287); - let t289 = circuit_sub(t286, in80); - let t290 = circuit_mul(in48, t289); - let t291 = circuit_sub(t288, t290); - let t292 = circuit_add(t286, in80); - let t293 = circuit_inverse(t292); - let t294 = circuit_mul(t291, t293); - let t295 = circuit_sub(in1, in79); - let t296 = circuit_mul(t0, t295); - let t297 = circuit_mul(t0, t294); - let t298 = circuit_add(t297, t297); - let t299 = circuit_sub(t296, in79); - let t300 = circuit_mul(in47, t299); - let t301 = circuit_sub(t298, t300); - let t302 = circuit_add(t296, in79); - let t303 = circuit_inverse(t302); - let t304 = circuit_mul(t301, t303); - let t305 = circuit_sub(in1, in78); - let t306 = circuit_mul(in74, t305); - let t307 = circuit_mul(in74, t304); - let t308 = circuit_add(t307, t307); - let t309 = circuit_sub(t306, in78); - let t310 = circuit_mul(in46, t309); - let t311 = circuit_sub(t308, t310); - let t312 = circuit_add(t306, in78); - let t313 = circuit_inverse(t312); - let t314 = circuit_mul(t311, t313); - let t315 = circuit_mul(t314, t5); - let t316 = circuit_add(t264, t315); - let t317 = circuit_mul(in46, in77); - let t318 = circuit_mul(t317, t7); - let t319 = circuit_add(t316, t318); - let t320 = circuit_add(t108, t164); - let t321 = circuit_add(t112, t168); - let t322 = circuit_add(t116, t172); - let t323 = circuit_add(t120, t176); - let t324 = circuit_add(t132, t180); - let t325 = circuit_add(t136, t184); - let t326 = circuit_add(t140, t188); - let t327 = circuit_add(t144, t192); - let t328 = circuit_add(t24, t28); - let t329 = circuit_add(t328, t32); - let t330 = circuit_add(t329, t36); - let t331 = circuit_add(t330, t40); - let t332 = circuit_add(t331, t44); - let t333 = circuit_add(t332, t48); - let t334 = circuit_add(t333, t52); - let t335 = circuit_add(t334, t56); - let t336 = circuit_add(t335, t60); - let t337 = circuit_add(t336, t64); - let t338 = circuit_add(t337, t68); - let t339 = circuit_add(t338, t72); - let t340 = circuit_add(t339, t76); - let t341 = circuit_add(t340, t80); - let t342 = circuit_add(t341, t84); - let t343 = circuit_add(t342, t88); - let t344 = circuit_add(t343, t92); - let t345 = circuit_add(t344, t96); - let t346 = circuit_add(t345, t100); - let t347 = circuit_add(t346, t104); - let t348 = circuit_add(t347, t320); - let t349 = circuit_add(t348, t321); - let t350 = circuit_add(t349, t322); - let t351 = circuit_add(t350, t323); - let t352 = circuit_add(t351, t124); - let t353 = circuit_add(t352, t128); - let t354 = circuit_add(t353, t324); - let t355 = circuit_add(t354, t325); - let t356 = circuit_add(t355, t326); - let t357 = circuit_add(t356, t327); - let t358 = circuit_add(t357, t148); - let t359 = circuit_add(t358, t152); - let t360 = circuit_add(t359, t156); - let t361 = circuit_add(t360, t160); - let t362 = circuit_add(t361, t196); - let t363 = circuit_add(t362, t201); - let t364 = circuit_add(t363, t206); - let t365 = circuit_add(t364, t211); - let t366 = circuit_add(t365, t216); - let t367 = circuit_add(t366, t319); + let t219 = circuit_sub(in1, in59); + let t220 = circuit_mul(t3, t219); + let t221 = circuit_mul(t3, t198); + let t222 = circuit_add(t221, t221); + let t223 = circuit_sub(t220, in59); + let t224 = circuit_mul(in50, t223); + let t225 = circuit_sub(t222, t224); + let t226 = circuit_add(t220, in59); + let t227 = circuit_inverse(t226); + let t228 = circuit_mul(t225, t227); + let t229 = circuit_sub(in1, in58); + let t230 = circuit_mul(t2, t229); + let t231 = circuit_mul(t2, t228); + let t232 = circuit_add(t231, t231); + let t233 = circuit_sub(t230, in58); + let t234 = circuit_mul(in49, t233); + let t235 = circuit_sub(t232, t234); + let t236 = circuit_add(t230, in58); + let t237 = circuit_inverse(t236); + let t238 = circuit_mul(t235, t237); + let t239 = circuit_sub(in1, in57); + let t240 = circuit_mul(t1, t239); + let t241 = circuit_mul(t1, t238); + let t242 = circuit_add(t241, t241); + let t243 = circuit_sub(t240, in57); + let t244 = circuit_mul(in48, t243); + let t245 = circuit_sub(t242, t244); + let t246 = circuit_add(t240, in57); + let t247 = circuit_inverse(t246); + let t248 = circuit_mul(t245, t247); + let t249 = circuit_sub(in1, in56); + let t250 = circuit_mul(t0, t249); + let t251 = circuit_mul(t0, t248); + let t252 = circuit_add(t251, t251); + let t253 = circuit_sub(t250, in56); + let t254 = circuit_mul(in47, t253); + let t255 = circuit_sub(t252, t254); + let t256 = circuit_add(t250, in56); + let t257 = circuit_inverse(t256); + let t258 = circuit_mul(t255, t257); + let t259 = circuit_sub(in1, in55); + let t260 = circuit_mul(in51, t259); + let t261 = circuit_mul(in51, t258); + let t262 = circuit_add(t261, t261); + let t263 = circuit_sub(t260, in55); + let t264 = circuit_mul(in46, t263); + let t265 = circuit_sub(t262, t264); + let t266 = circuit_add(t260, in55); + let t267 = circuit_inverse(t266); + let t268 = circuit_mul(t265, t267); + let t269 = circuit_mul(t268, t5); + let t270 = circuit_add(t218, t269); + let t271 = circuit_mul(in46, in54); + let t272 = circuit_mul(t271, t7); + let t273 = circuit_add(t270, t272); + let t274 = circuit_add(t108, t164); + let t275 = circuit_add(t112, t168); + let t276 = circuit_add(t116, t172); + let t277 = circuit_add(t120, t176); + let t278 = circuit_add(t132, t180); + let t279 = circuit_add(t136, t184); + let t280 = circuit_add(t140, t188); + let t281 = circuit_add(t144, t192); + let t282 = circuit_add(t24, t28); + let t283 = circuit_add(t282, t32); + let t284 = circuit_add(t283, t36); + let t285 = circuit_add(t284, t40); + let t286 = circuit_add(t285, t44); + let t287 = circuit_add(t286, t48); + let t288 = circuit_add(t287, t52); + let t289 = circuit_add(t288, t56); + let t290 = circuit_add(t289, t60); + let t291 = circuit_add(t290, t64); + let t292 = circuit_add(t291, t68); + let t293 = circuit_add(t292, t72); + let t294 = circuit_add(t293, t76); + let t295 = circuit_add(t294, t80); + let t296 = circuit_add(t295, t84); + let t297 = circuit_add(t296, t88); + let t298 = circuit_add(t297, t92); + let t299 = circuit_add(t298, t96); + let t300 = circuit_add(t299, t100); + let t301 = circuit_add(t300, t104); + let t302 = circuit_add(t301, t274); + let t303 = circuit_add(t302, t275); + let t304 = circuit_add(t303, t276); + let t305 = circuit_add(t304, t277); + let t306 = circuit_add(t305, t124); + let t307 = circuit_add(t306, t128); + let t308 = circuit_add(t307, t278); + let t309 = circuit_add(t308, t279); + let t310 = circuit_add(t309, t280); + let t311 = circuit_add(t310, t281); + let t312 = circuit_add(t311, t148); + let t313 = circuit_add(t312, t152); + let t314 = circuit_add(t313, t156); + let t315 = circuit_add(t314, t160); + let t316 = circuit_add(t315, t196); + let t317 = circuit_add(t316, t201); + let t318 = circuit_add(t317, t206); + let t319 = circuit_add(t318, t211); + let t320 = circuit_add(t319, t216); + let t321 = circuit_add(t320, t273); let modulus = get_GRUMPKIN_modulus(); // GRUMPKIN prime field modulus - let mut circuit_inputs = (t367,).new_inputs(); + let mut circuit_inputs = (t321,).new_inputs(); // Prefill constants: circuit_inputs = circuit_inputs.next_2([0x0, 0x0, 0x0, 0x0]); // in0 circuit_inputs = circuit_inputs.next_2([0x1, 0x0, 0x0, 0x0]); // in1 @@ -1469,17 +1416,17 @@ pub fn run_GRUMPKIN_HONK_PREP_MSM_SCALARS_SIZE_5_circuit( let mut p_gemini_a_evaluations = p_gemini_a_evaluations; while let Option::Some(val) = p_gemini_a_evaluations.pop_front() { circuit_inputs = circuit_inputs.next_u256(*val); - }; // in46 - in73 + }; // in46 - in50 - circuit_inputs = circuit_inputs.next_2(tp_gemini_r); // in74 - circuit_inputs = circuit_inputs.next_2(tp_rho); // in75 - circuit_inputs = circuit_inputs.next_2(tp_shplonk_z); // in76 - circuit_inputs = circuit_inputs.next_2(tp_shplonk_nu); // in77 + circuit_inputs = circuit_inputs.next_2(tp_gemini_r); // in51 + circuit_inputs = circuit_inputs.next_2(tp_rho); // in52 + circuit_inputs = circuit_inputs.next_2(tp_shplonk_z); // in53 + circuit_inputs = circuit_inputs.next_2(tp_shplonk_nu); // in54 let mut tp_sum_check_u_challenges = tp_sum_check_u_challenges; while let Option::Some(val) = tp_sum_check_u_challenges.pop_front() { circuit_inputs = circuit_inputs.next_u128(*val); - }; // in78 - in82 + }; // in55 - in59 let outputs = circuit_inputs.done_2().eval(modulus).unwrap(); let scalar_1: u384 = outputs.get_output(t24); @@ -1503,16 +1450,16 @@ pub fn run_GRUMPKIN_HONK_PREP_MSM_SCALARS_SIZE_5_circuit( let scalar_19: u384 = outputs.get_output(t96); let scalar_20: u384 = outputs.get_output(t100); let scalar_21: u384 = outputs.get_output(t104); - let scalar_22: u384 = outputs.get_output(t320); - let scalar_23: u384 = outputs.get_output(t321); - let scalar_24: u384 = outputs.get_output(t322); - let scalar_25: u384 = outputs.get_output(t323); + let scalar_22: u384 = outputs.get_output(t274); + let scalar_23: u384 = outputs.get_output(t275); + let scalar_24: u384 = outputs.get_output(t276); + let scalar_25: u384 = outputs.get_output(t277); let scalar_26: u384 = outputs.get_output(t124); let scalar_27: u384 = outputs.get_output(t128); - let scalar_28: u384 = outputs.get_output(t324); - let scalar_29: u384 = outputs.get_output(t325); - let scalar_30: u384 = outputs.get_output(t326); - let scalar_31: u384 = outputs.get_output(t327); + let scalar_28: u384 = outputs.get_output(t278); + let scalar_29: u384 = outputs.get_output(t279); + let scalar_30: u384 = outputs.get_output(t280); + let scalar_31: u384 = outputs.get_output(t281); let scalar_32: u384 = outputs.get_output(t148); let scalar_33: u384 = outputs.get_output(t152); let scalar_34: u384 = outputs.get_output(t156); @@ -1522,8 +1469,8 @@ pub fn run_GRUMPKIN_HONK_PREP_MSM_SCALARS_SIZE_5_circuit( let scalar_46: u384 = outputs.get_output(t206); let scalar_47: u384 = outputs.get_output(t211); let scalar_48: u384 = outputs.get_output(t216); - let scalar_72: u384 = outputs.get_output(t319); - let sum_scalars: u384 = outputs.get_output(t367); + let scalar_72: u384 = outputs.get_output(t273); + let sum_scalars: u384 = outputs.get_output(t321); return ( scalar_1, scalar_2, diff --git a/src/src/utils/noir.cairo b/src/src/utils/noir.cairo index 36bebd2f..2d6755c9 100644 --- a/src/src/utils/noir.cairo +++ b/src/src/utils/noir.cairo @@ -212,190 +212,6 @@ pub fn get_proof() -> HonkProof { 0x263a15eb7a5d4da20cd74bda64acd6bfd515fd57e001f571ee7f25dbbc819935, 0x1a6da135c8b1c95f0ebac3186421c4bf62c71f27fe9b2e34279afe65270e21a0, 0x2d928d40bc62836da72eadced3c96f846cf0440b939d746db2a987e41f8b7356, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, ] .span(), sumcheck_evaluations: array![ @@ -462,29 +278,6 @@ pub fn get_proof() -> HonkProof { x: 0x3518fba7088a6f8103d8bc2f72a67a68cff759c9e8e70071a0c0d67a89bd684, y: 0x2796e48e3909df2b389f68123329adb1994e35d6faad76671de81ead27b3bef0, }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, - G1Point256 { x: 0x1, y: 0x2 }, ] .span(), gemini_a_evaluations: array![ @@ -493,29 +286,6 @@ pub fn get_proof() -> HonkProof { 0x27af7bd3cb339be63a51d2305fc2ddf2c887b0a59511ec160aacec44308c9ffd, 0x16368d4a8fc2dee62530847567ad8d75ecd96aaa541c487628f56c47c5bb1771, 0xe405cd6caac953006162d7c72468986e014792ee1e09e041c69bea39def7c6d, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, - 0x0, ] .span(), shplonk_q: G1Point256 { diff --git a/src/src/utils/noir/keccak_transcript.cairo b/src/src/utils/noir/keccak_transcript.cairo index 3e63083f..b15030e5 100644 --- a/src/src/utils/noir/keccak_transcript.cairo +++ b/src/src/utils/noir/keccak_transcript.cairo @@ -1,6 +1,7 @@ use core::keccak; use core::traits::Into; use core::poseidon::hades_permutation; +use core::array::array_slice; use garaga::definitions::G1Point; use garaga::utils::noir::{HonkProof, G1Point256, G1PointProof}; @@ -423,13 +424,27 @@ pub fn generate_sumcheck_u_challenges( for i in 0..CONST_PROOF_SIZE_LOG_N { let mut k_input: Array = array![]; keccak::keccak_add_u256_be(ref k_input, challenge); - let sumcheck_univariates_i = sumcheck_univariates - .slice(i * BATCHED_RELATION_PARTIAL_LENGTH, BATCHED_RELATION_PARTIAL_LENGTH); - for j in 0..BATCHED_RELATION_PARTIAL_LENGTH { - keccak::keccak_add_u256_be(ref k_input, *sumcheck_univariates_i.at(j)); + match array_slice( + sumcheck_univariates.snapshot, + i * BATCHED_RELATION_PARTIAL_LENGTH, + BATCHED_RELATION_PARTIAL_LENGTH, + ) { + Option::Some(slice) => { + let sumcheck_univariates_i = Span { snapshot: slice }; + for j in 0..BATCHED_RELATION_PARTIAL_LENGTH { + keccak::keccak_add_u256_be(ref k_input, *sumcheck_univariates_i.at(j)); + }; + }, + Option::None => { + for _ in 0..BATCHED_RELATION_PARTIAL_LENGTH { + k_input.append(0); + k_input.append(0); + k_input.append(0); + k_input.append(0); + }; + }, }; - challenge = ke_le_out_to_ch_be( keccak::cairo_keccak(ref k_input, last_input_word: 0, last_input_num_bytes: 0), @@ -460,10 +475,32 @@ pub fn generate_gemini_r_challenge( ) -> u256 { let mut k_input: Array = array![]; keccak::keccak_add_u256_be(ref k_input, prev_keccak_output); - for i in 0..CONST_PROOF_SIZE_LOG_N - 1 { - append_proof_point(ref k_input, (*gemini_fold_comms.at(i)).into()); + // Log_n - 1 points + for pt in gemini_fold_comms { + append_proof_point(ref k_input, (*pt).into()); + }; + for _ in 0..(CONST_PROOF_SIZE_LOG_N - gemini_fold_comms.len() - 1) { + // Constant Gen Point (1, 2) converted into G1PointProof and correctly reversed for keccak. + k_input.append(0); + k_input.append(0); + k_input.append(0); + k_input.append(72057594037927936); + + k_input.append(0); + k_input.append(0); + k_input.append(0); + k_input.append(0); + + k_input.append(0); + k_input.append(0); + k_input.append(0); + k_input.append(144115188075855872); + + k_input.append(0); + k_input.append(0); + k_input.append(0); + k_input.append(0); }; - ke_le_out_to_ch_be( keccak::cairo_keccak(ref k_input, last_input_word: 0, last_input_num_bytes: 0), ) @@ -475,8 +512,15 @@ pub fn generate_shplonk_nu_challenge( ) -> u256 { let mut k_input: Array = array![]; keccak::keccak_add_u256_be(ref k_input, prev_keccak_output); - for i in 0..CONST_PROOF_SIZE_LOG_N { - keccak::keccak_add_u256_be(ref k_input, *gemini_a_evaluations.at(i)); + for eval in gemini_a_evaluations { + keccak::keccak_add_u256_be(ref k_input, *eval); + }; + let implied_log_n = gemini_a_evaluations.len(); + for _ in 0..(CONST_PROOF_SIZE_LOG_N - implied_log_n) { + k_input.append(0); + k_input.append(0); + k_input.append(0); + k_input.append(0); }; ke_le_out_to_ch_be(