Memory optimisations

Cargo.toml

@@ -135,4 +135,5 @@ ark-serialize = "0.5"
 ark-std = { version = "0.5", features = ["std"] }
 spongefish = { git = "https://github.com/arkworks-rs/spongefish", features = ["arkworks-algebra"] }
 spongefish-pow = { git = "https://github.com/arkworks-rs/spongefish" }
-whir = { git = "https://github.com/WizardOfMenlo/whir/", features = ["tracing"], rev = "0077be285ec3ae29de71bf605866a6b3a30f726a" }
+whir = { git = "https://github.com/WizardOfMenlo/whir/", features = ["tracing"], rev = "2b5be1606e261bf00be9d5bf91c8546fb933f3be" }
+

provekit/common/src/utils/zk_utils.rs

@@ -1,16 +1,16 @@
 use {
     crate::FieldElement, ark_ff::UniformRand, rayon::prelude::*,
-    whir::poly_utils::evals::EvaluationsList,
+    whir::poly_utils::coeffs::CoefficientList,
 };
 
 pub fn create_masked_polynomial(
-    original: &EvaluationsList<FieldElement>,
+    original: &[FieldElement],
     mask: &[FieldElement],
-) -> EvaluationsList<FieldElement> {
-    let mut combined = Vec::with_capacity(original.num_evals() * 2);
-    combined.extend_from_slice(original.evals());
+) -> CoefficientList<FieldElement> {
+    let mut combined = Vec::with_capacity(original.len() * 2);
+    combined.extend_from_slice(original);
     combined.extend_from_slice(mask);
-    EvaluationsList::new(combined)
+    CoefficientList::new(combined)
 }
 
 pub fn generate_random_multilinear_polynomial(num_vars: usize) -> Vec<FieldElement> {

provekit/prover/src/whir_r1cs.rs

@@ -1,7 +1,7 @@
 use {
     anyhow::{ensure, Result},
     ark_ff::UniformRand,
-    ark_std::{One, Zero},
+    ark_std::{log2, One, Zero},
     provekit_common::{
         skyscraper::{SkyscraperMerkleConfig, SkyscraperSponge},
         utils::{
@@ -22,10 +22,11 @@ use {
     },
     tracing::{info, instrument, warn},
     whir::{
-        poly_utils::{evals::EvaluationsList, multilinear::MultilinearPoint},
+        poly_utils::{
+            coeffs::CoefficientList, evals::EvaluationsList, multilinear::MultilinearPoint,
+        },
         whir::{
             committer::{CommitmentWriter, Witness},
-            domainsep::WhirDomainSeparator,
             prover::Prover,
             statement::{Statement, Weights},
             utils::HintSerialize,
@@ -57,26 +58,23 @@ impl WhirR1CSProver for WhirR1CSScheme {
         let io: IOPattern = self.create_io_pattern();
 
         let mut merlin = io.to_prover_state();
-        let z = pad_to_power_of_two(witness.clone());
-        let witness_polynomial_evals = EvaluationsList::new(z.clone());
+        let z = pad_to_power_of_two(witness);
 
         let (commitment_to_witness, masked_polynomial, random_polynomial) =
-            batch_commit_to_polynomial(
-                self.m,
-                &self.whir_witness,
-                &witness_polynomial_evals,
-                &mut merlin,
-            );
+            batch_commit_to_polynomial(self.m, &self.whir_witness, &z, &mut merlin);
 
         // First round of sumcheck to reduce R1CS to a batch weighted evaluation of the
         // witness
+        let witness_slice = &z[..r1cs.num_witnesses()];
         let (mut merlin, alpha) = run_zk_sumcheck_prover(
             r1cs,
-            &witness,
+            witness_slice,
             merlin,
             self.m_0,
             &self.whir_for_hiding_spartan,
         );
+        drop(z);
+
         // Compute weights from R1CS instance
         let alphas = calculate_external_row_of_r1cs_matrices(&alpha, r1cs);
         let (statement, f_sums, g_sums) = create_combined_statement_over_two_polynomials::<3>(
@@ -182,30 +180,29 @@ pub fn sum_over_hypercube(g_univariates: &[[FieldElement; 4]]) -> FieldElement {
 pub fn batch_commit_to_polynomial(
     m: usize,
     whir_config: &WhirConfig,
-    witness: &EvaluationsList<FieldElement>,
+    witness: &[FieldElement],
     merlin: &mut ProverState<SkyscraperSponge, FieldElement>,
 ) -> (
     Witness<FieldElement, SkyscraperMerkleConfig>,
     EvaluationsList<FieldElement>,
     EvaluationsList<FieldElement>,
 ) {
-    let mask = generate_random_multilinear_polynomial(witness.num_variables());
+    let num_vars = log2(witness.len()) as usize;
+    let mask = generate_random_multilinear_polynomial(num_vars);
     let masked_polynomial = create_masked_polynomial(witness, &mask);
-
-    let masked_polynomial_coeff = masked_polynomial.to_coeffs();
-
-    let random_polynomial_eval = EvaluationsList::new(generate_random_multilinear_polynomial(m));
-    let random_polynomial_coeff = random_polynomial_eval.to_coeffs();
+    drop(mask);
+    let random_polynomial_coeff = CoefficientList::new(generate_random_multilinear_polynomial(m));
 
     let committer = CommitmentWriter::new(whir_config.clone());
     let witness_new = committer
-        .commit_batch(merlin, &[
-            masked_polynomial_coeff.clone(),
-            random_polynomial_coeff.clone(),
-        ])
+        .commit_batch(merlin, &[&masked_polynomial, &random_polynomial_coeff])
         .expect("WHIR prover failed to commit");
 
-    (witness_new, masked_polynomial, random_polynomial_eval)
+    (
+        witness_new,
+        masked_polynomial.into(),
+        random_polynomial_coeff.into(),
+    )
 }
 
 fn generate_blinding_spartan_univariate_polys(m_0: usize) -> Vec<[FieldElement; 4]> {
@@ -259,7 +256,7 @@ pub fn run_zk_sumcheck_prover(
         batch_commit_to_polynomial(
             blinding_polynomial_variables + 1,
             whir_for_blinding_of_spartan_config,
-            &blinding_polynomial_for_commiting,
+            &blinding_polynomial_for_commiting.evals(),
             &mut merlin,
         );
 
@@ -428,7 +425,7 @@ pub fn run_zk_whir_pcs_prover(
         warn!("More PoW bits required than specified.");
     }
 
-    let prover = Prover(params.clone());
+    let prover = Prover::new(params.clone());
     let (randomness, deferred) = prover
         .prove(&mut merlin, statement, witness)
         .expect("WHIR prover failed to generate a proof");

provekit/r1cs-compiler/src/whir_r1cs.rs

@@ -1,7 +1,8 @@
 use {
     provekit_common::{utils::next_power_of_two, WhirConfig, WhirR1CSScheme, R1CS},
     whir::parameters::{
-        default_max_pow, FoldingFactor, MultivariateParameters, ProtocolParameters, SoundnessType,
+        default_max_pow, DeduplicationStrategy, FoldingFactor, MerkleProofStrategy,
+        MultivariateParameters, ProtocolParameters, SoundnessType,
     },
 };
 
@@ -48,6 +49,8 @@ impl WhirR1CSSchemeBuilder for WhirR1CSScheme {
             _pow_parameters: Default::default(),
             starting_log_inv_rate: 1,
             batch_size,
+            deduplication_strategy: DeduplicationStrategy::Enabled,
+            merkle_proof_strategy: MerkleProofStrategy::Compressed,
         };
         WhirConfig::new(mv_params, whir_params)
     }

provekit/verifier/src/whir_r1cs.rs

@@ -34,22 +34,17 @@ pub trait WhirR1CSVerifier {
 
 impl WhirR1CSVerifier for WhirR1CSScheme {
     #[instrument(skip_all)]
-    #[allow(unused)] // TODO: Fix implementation
+    #[allow(unused)]
     fn verify(&self, proof: &WhirR1CSProof) -> Result<()> {
-        // Set up transcript
         let io = self.create_io_pattern();
         let mut arthur = io.to_verifier_state(&proof.transcript);
 
         let commitment_reader = CommitmentReader::new(&self.whir_witness);
         let parsed_commitment = commitment_reader.parse_commitment(&mut arthur).unwrap();
 
-        let data_from_sumcheck_verifier = run_sumcheck_verifier(
-            &mut arthur,
-            self.m_0,
-            &self.whir_for_hiding_spartan,
-            // proof.whir_spartan_blinding_values,
-        )
-        .context("while verifying sumcheck")?;
+        let data_from_sumcheck_verifier =
+            run_sumcheck_verifier(&mut arthur, self.m_0, &self.whir_for_hiding_spartan)
+                .context("while verifying sumcheck")?;
 
         let whir_query_answer_sum_vectors: (Vec<FieldElement>, Vec<FieldElement>) =
             arthur.hint().unwrap();