diff --git a/Cargo.toml b/Cargo.toml index af75c453..50c83244 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -135,4 +135,5 @@ ark-serialize = "0.5" ark-std = { version = "0.5", features = ["std"] } spongefish = { git = "https://github.com/arkworks-rs/spongefish", features = ["arkworks-algebra"] } spongefish-pow = { git = "https://github.com/arkworks-rs/spongefish" } -whir = { git = "https://github.com/WizardOfMenlo/whir/", features = ["tracing"], rev = "0077be285ec3ae29de71bf605866a6b3a30f726a" } +whir = { git = "https://github.com/WizardOfMenlo/whir/", features = ["tracing"], rev = "2b5be1606e261bf00be9d5bf91c8546fb933f3be" } + diff --git a/provekit/common/src/utils/zk_utils.rs b/provekit/common/src/utils/zk_utils.rs index 66b1b8a1..2847e3c1 100644 --- a/provekit/common/src/utils/zk_utils.rs +++ b/provekit/common/src/utils/zk_utils.rs @@ -1,16 +1,16 @@ use { crate::FieldElement, ark_ff::UniformRand, rayon::prelude::*, - whir::poly_utils::evals::EvaluationsList, + whir::poly_utils::coeffs::CoefficientList, }; pub fn create_masked_polynomial( - original: &EvaluationsList, + original: &[FieldElement], mask: &[FieldElement], -) -> EvaluationsList { - let mut combined = Vec::with_capacity(original.num_evals() * 2); - combined.extend_from_slice(original.evals()); +) -> CoefficientList { + let mut combined = Vec::with_capacity(original.len() * 2); + combined.extend_from_slice(original); combined.extend_from_slice(mask); - EvaluationsList::new(combined) + CoefficientList::new(combined) } pub fn generate_random_multilinear_polynomial(num_vars: usize) -> Vec { diff --git a/provekit/prover/src/whir_r1cs.rs b/provekit/prover/src/whir_r1cs.rs index cfe4febb..efe5ba22 100644 --- a/provekit/prover/src/whir_r1cs.rs +++ b/provekit/prover/src/whir_r1cs.rs @@ -1,7 +1,7 @@ use { anyhow::{ensure, Result}, ark_ff::UniformRand, - ark_std::{One, Zero}, + ark_std::{log2, One, Zero}, provekit_common::{ skyscraper::{SkyscraperMerkleConfig, SkyscraperSponge}, utils::{ @@ -22,10 +22,11 @@ use { }, tracing::{info, instrument, warn}, whir::{ - poly_utils::{evals::EvaluationsList, multilinear::MultilinearPoint}, + poly_utils::{ + coeffs::CoefficientList, evals::EvaluationsList, multilinear::MultilinearPoint, + }, whir::{ committer::{CommitmentWriter, Witness}, - domainsep::WhirDomainSeparator, prover::Prover, statement::{Statement, Weights}, utils::HintSerialize, @@ -57,26 +58,23 @@ impl WhirR1CSProver for WhirR1CSScheme { let io: IOPattern = self.create_io_pattern(); let mut merlin = io.to_prover_state(); - let z = pad_to_power_of_two(witness.clone()); - let witness_polynomial_evals = EvaluationsList::new(z.clone()); + let z = pad_to_power_of_two(witness); let (commitment_to_witness, masked_polynomial, random_polynomial) = - batch_commit_to_polynomial( - self.m, - &self.whir_witness, - &witness_polynomial_evals, - &mut merlin, - ); + batch_commit_to_polynomial(self.m, &self.whir_witness, &z, &mut merlin); // First round of sumcheck to reduce R1CS to a batch weighted evaluation of the // witness + let witness_slice = &z[..r1cs.num_witnesses()]; let (mut merlin, alpha) = run_zk_sumcheck_prover( r1cs, - &witness, + witness_slice, merlin, self.m_0, &self.whir_for_hiding_spartan, ); + drop(z); + // Compute weights from R1CS instance let alphas = calculate_external_row_of_r1cs_matrices(&alpha, r1cs); let (statement, f_sums, g_sums) = create_combined_statement_over_two_polynomials::<3>( @@ -182,30 +180,29 @@ pub fn sum_over_hypercube(g_univariates: &[[FieldElement; 4]]) -> FieldElement { pub fn batch_commit_to_polynomial( m: usize, whir_config: &WhirConfig, - witness: &EvaluationsList, + witness: &[FieldElement], merlin: &mut ProverState, ) -> ( Witness, EvaluationsList, EvaluationsList, ) { - let mask = generate_random_multilinear_polynomial(witness.num_variables()); + let num_vars = log2(witness.len()) as usize; + let mask = generate_random_multilinear_polynomial(num_vars); let masked_polynomial = create_masked_polynomial(witness, &mask); - - let masked_polynomial_coeff = masked_polynomial.to_coeffs(); - - let random_polynomial_eval = EvaluationsList::new(generate_random_multilinear_polynomial(m)); - let random_polynomial_coeff = random_polynomial_eval.to_coeffs(); + drop(mask); + let random_polynomial_coeff = CoefficientList::new(generate_random_multilinear_polynomial(m)); let committer = CommitmentWriter::new(whir_config.clone()); let witness_new = committer - .commit_batch(merlin, &[ - masked_polynomial_coeff.clone(), - random_polynomial_coeff.clone(), - ]) + .commit_batch(merlin, &[&masked_polynomial, &random_polynomial_coeff]) .expect("WHIR prover failed to commit"); - (witness_new, masked_polynomial, random_polynomial_eval) + ( + witness_new, + masked_polynomial.into(), + random_polynomial_coeff.into(), + ) } fn generate_blinding_spartan_univariate_polys(m_0: usize) -> Vec<[FieldElement; 4]> { @@ -259,7 +256,7 @@ pub fn run_zk_sumcheck_prover( batch_commit_to_polynomial( blinding_polynomial_variables + 1, whir_for_blinding_of_spartan_config, - &blinding_polynomial_for_commiting, + &blinding_polynomial_for_commiting.evals(), &mut merlin, ); @@ -428,7 +425,7 @@ pub fn run_zk_whir_pcs_prover( warn!("More PoW bits required than specified."); } - let prover = Prover(params.clone()); + let prover = Prover::new(params.clone()); let (randomness, deferred) = prover .prove(&mut merlin, statement, witness) .expect("WHIR prover failed to generate a proof"); diff --git a/provekit/r1cs-compiler/src/whir_r1cs.rs b/provekit/r1cs-compiler/src/whir_r1cs.rs index 50003670..5197482f 100644 --- a/provekit/r1cs-compiler/src/whir_r1cs.rs +++ b/provekit/r1cs-compiler/src/whir_r1cs.rs @@ -1,7 +1,8 @@ use { provekit_common::{utils::next_power_of_two, WhirConfig, WhirR1CSScheme, R1CS}, whir::parameters::{ - default_max_pow, FoldingFactor, MultivariateParameters, ProtocolParameters, SoundnessType, + default_max_pow, DeduplicationStrategy, FoldingFactor, MerkleProofStrategy, + MultivariateParameters, ProtocolParameters, SoundnessType, }, }; @@ -48,6 +49,8 @@ impl WhirR1CSSchemeBuilder for WhirR1CSScheme { _pow_parameters: Default::default(), starting_log_inv_rate: 1, batch_size, + deduplication_strategy: DeduplicationStrategy::Enabled, + merkle_proof_strategy: MerkleProofStrategy::Compressed, }; WhirConfig::new(mv_params, whir_params) } diff --git a/provekit/verifier/src/whir_r1cs.rs b/provekit/verifier/src/whir_r1cs.rs index e56bbb6b..d97f912f 100644 --- a/provekit/verifier/src/whir_r1cs.rs +++ b/provekit/verifier/src/whir_r1cs.rs @@ -34,22 +34,17 @@ pub trait WhirR1CSVerifier { impl WhirR1CSVerifier for WhirR1CSScheme { #[instrument(skip_all)] - #[allow(unused)] // TODO: Fix implementation + #[allow(unused)] fn verify(&self, proof: &WhirR1CSProof) -> Result<()> { - // Set up transcript let io = self.create_io_pattern(); let mut arthur = io.to_verifier_state(&proof.transcript); let commitment_reader = CommitmentReader::new(&self.whir_witness); let parsed_commitment = commitment_reader.parse_commitment(&mut arthur).unwrap(); - let data_from_sumcheck_verifier = run_sumcheck_verifier( - &mut arthur, - self.m_0, - &self.whir_for_hiding_spartan, - // proof.whir_spartan_blinding_values, - ) - .context("while verifying sumcheck")?; + let data_from_sumcheck_verifier = + run_sumcheck_verifier(&mut arthur, self.m_0, &self.whir_for_hiding_spartan) + .context("while verifying sumcheck")?; let whir_query_answer_sum_vectors: (Vec, Vec) = arthur.hint().unwrap();