diff --git a/run.sh b/run.sh index 8beaea595..181e757da 100755 --- a/run.sh +++ b/run.sh @@ -1,3 +1,4 @@ #!/usr/bin/env bash +scarb build && \ cargo run --release -- ./target/dev/cairo_verifier.sierra.json < ./resources/in.txt diff --git a/src/air.cairo b/src/air.cairo index 275d373f9..ba4692015 100644 --- a/src/air.cairo +++ b/src/air.cairo @@ -1,10 +1,10 @@ +mod autogenerated; mod composition; -mod global_values; mod constants; -mod public_input; -mod public_memory; mod diluted; +mod global_values; mod pedersen; -mod autogenerated; -mod traces; +mod public_input; +mod public_memory; mod traces_config; +mod traces; diff --git a/src/air/autogenerated.cairo b/src/air/autogenerated.cairo index 089bee2b5..f64043162 100644 --- a/src/air/autogenerated.cairo +++ b/src/air/autogenerated.cairo @@ -5,8 +5,8 @@ use cairo_verifier::air::constants::{ }; fn eval_composition_polynomial_inner( - mask_values: Array, - constraint_coefficients: Array, + mask_values: Span, + constraint_coefficients: Span, point: felt252, trace_generator: felt252, global_values: GlobalValues diff --git a/src/air/composition.cairo b/src/air/composition.cairo index 2ce2fc37f..16a3badff 100644 --- a/src/air/composition.cairo +++ b/src/air/composition.cairo @@ -17,9 +17,9 @@ const SHIFT_POINT_Y: felt252 = 0x3ca0cfe4b3bc6ddf346d49d06ea0ed34e621062c0e056c1 fn eval_composition_polynomial( interaction_elements: InteractionElements, - public_input: PublicInput, - mask_values: Array, - constraint_coefficients: Array, + public_input: @PublicInput, + mask_values: Span, + constraint_coefficients: Span, point: felt252, trace_domain_size: felt252, trace_generator: felt252 @@ -41,7 +41,7 @@ fn eval_composition_polynomial( ); // Periodic columns - let n_steps = pow(2, public_input.log_n_steps); + let n_steps = pow(2, *public_input.log_n_steps); let n_pedersen_hash_copies = n_steps / (PEDERSEN_BUILTIN_RATIO * PEDERSEN_BUILTIN_REPETITIONS); assert_range_u128(n_pedersen_hash_copies); let pedersen_point = pow(point, n_pedersen_hash_copies); @@ -57,8 +57,8 @@ fn eval_composition_polynomial( initial_pedersen_addr: *public_input.segments.at(segments::PEDERSEN).begin_addr, initial_rc_addr: *public_input.segments.at(segments::RANGE_CHECK).begin_addr, initial_bitwise_addr: *public_input.segments.at(segments::BITWISE).begin_addr, - rc_min: public_input.rc_min, - rc_max: public_input.rc_max, + rc_min: *public_input.rc_min, + rc_max: *public_input.rc_max, offset_size: 0x10000, // 2**16 half_offset_size: 0x8000, pedersen_shift_point: EcPoint { x: SHIFT_POINT_X, y: SHIFT_POINT_Y }, diff --git a/src/air/constants.cairo b/src/air/constants.cairo index 5d9851d2a..c59b88035 100644 --- a/src/air/constants.cairo +++ b/src/air/constants.cairo @@ -1,43 +1,43 @@ // Recursive layout -const N_DYNAMIC_PARAMS: felt252 = 0; -const N_CONSTRAINTS: felt252 = 93; -const MASK_SIZE: felt252 = 133; -const PUBLIC_MEMORY_STEP: felt252 = 16; -const HAS_DILUTED_POOL: felt252 = 1; -const DILUTED_SPACING: felt252 = 4; -const DILUTED_N_BITS: felt252 = 16; -const PEDERSEN_BUILTIN_RATIO: felt252 = 128; -const PEDERSEN_BUILTIN_REPETITIONS: felt252 = 1; -const RC_BUILTIN_RATIO: felt252 = 8; -const RC_N_PARTS: felt252 = 8; const BITWISE_RATIO: felt252 = 8; const BITWISE_TOTAL_N_BITS: felt252 = 251; -const HAS_OUTPUT_BUILTIN: felt252 = 1; -const HAS_PEDERSEN_BUILTIN: felt252 = 1; -const HAS_RANGE_CHECK_BUILTIN: felt252 = 1; -const HAS_ECDSA_BUILTIN: felt252 = 0; +const CONSTRAINT_DEGREE: u32 = 2; +const CPU_COMPONENT_HEIGHT: felt252 = 16; +const DILUTED_N_BITS: felt252 = 16; +const DILUTED_SPACING: felt252 = 4; const HAS_BITWISE_BUILTIN: felt252 = 1; +const HAS_DILUTED_POOL: felt252 = 1; const HAS_EC_OP_BUILTIN: felt252 = 0; +const HAS_ECDSA_BUILTIN: felt252 = 0; const HAS_KECCAK_BUILTIN: felt252 = 0; +const HAS_OUTPUT_BUILTIN: felt252 = 1; +const HAS_PEDERSEN_BUILTIN: felt252 = 1; const HAS_POSEIDON_BUILTIN: felt252 = 0; +const HAS_RANGE_CHECK_BUILTIN: felt252 = 1; +const IS_DYNAMIC_AIR: felt252 = 0; const LAYOUT_CODE: felt252 = 0x726563757273697665; -const CONSTRAINT_DEGREE: u32 = 2; -const CPU_COMPONENT_HEIGHT: felt252 = 16; const LOG_CPU_COMPONENT_HEIGHT: felt252 = 4; +const MASK_SIZE: u32 = 133; const MEMORY_STEP: felt252 = 2; +const N_CONSTRAINTS: u32 = 93; +const N_DYNAMIC_PARAMS: felt252 = 0; const NUM_COLUMNS_FIRST: u32 = 7; const NUM_COLUMNS_SECOND: u32 = 3; -const IS_DYNAMIC_AIR: felt252 = 0; +const PEDERSEN_BUILTIN_RATIO: felt252 = 128; +const PEDERSEN_BUILTIN_REPETITIONS: felt252 = 1; +const PUBLIC_MEMORY_STEP: felt252 = 16; +const RC_BUILTIN_RATIO: felt252 = 8; +const RC_N_PARTS: felt252 = 8; const MAX_LOG_N_STEPS: felt252 = 50; const MAX_RANGE_CHECK: felt252 = 0xffff; // 2 ** 16 - 1 mod segments { - const PROGRAM: usize = 0; + const BITWISE: usize = 5; const EXECUTION: usize = 1; + const N_SEGMENTS: usize = 6; const OUTPUT: usize = 2; const PEDERSEN: usize = 3; + const PROGRAM: usize = 0; const RANGE_CHECK: usize = 4; - const BITWISE: usize = 5; - const N_SEGMENTS: usize = 6; } diff --git a/src/air/global_values.cairo b/src/air/global_values.cairo index 5aa1abd1b..a69fb182e 100644 --- a/src/air/global_values.cairo +++ b/src/air/global_values.cairo @@ -1,11 +1,11 @@ -#[derive(Drop)] +#[derive(Drop, Copy)] struct EcPoint { x: felt252, y: felt252, } // Accumulation of member expressions for auto generated composition polynomial code. -#[derive(Drop)] +#[derive(Drop, Copy)] struct GlobalValues { // Public input. trace_length: felt252, @@ -42,6 +42,7 @@ struct GlobalValues { // Elements that are sent from the prover after the commitment on the original trace. // Used for components after the first interaction, e.g., memory and range check. +#[derive(Drop, Copy)] struct InteractionElements { memory_multi_column_perm_perm_interaction_elm: felt252, memory_multi_column_perm_hash_interaction_elm0: felt252, @@ -50,4 +51,3 @@ struct InteractionElements { diluted_check_interaction_z: felt252, diluted_check_interaction_alpha: felt252 } - diff --git a/src/air/traces.cairo b/src/air/traces.cairo index 313708043..4e26aea51 100644 --- a/src/air/traces.cairo +++ b/src/air/traces.cairo @@ -4,6 +4,7 @@ use cairo_verifier::table_commitment::table_commitment::{ }; use cairo_verifier::air::{public_input::PublicInput, traces_config::TracesConfig}; use cairo_verifier::channel::channel::Channel; +use cairo_verifier::air::global_values::InteractionElements; // A protocol component (see stark.cairo for details about protocol components) for the traces // of the CPU AIR. @@ -24,12 +25,12 @@ struct TracesUnsentCommitment { // Commitment for the Traces component. #[derive(Drop)] struct TracesCommitment { - public_input: PublicInput, + public_input: @PublicInput, // Commitment to the first trace. original: TableCommitment, // The interaction elements that were sent to the prover after the first trace commitment (e.g. // memory interaction). - interaction_elements: Array, + interaction_elements: InteractionElements, // Commitment to the second (interaction) trace. interaction: TableCommitment, } @@ -55,8 +56,7 @@ struct TracesWitness { // Returns the commitment, along with GlobalValue required to evaluate the constraint polynomial. fn traces_commit( ref channel: Channel, - n_interaction_elements: felt252, - public_input: PublicInput, + public_input: @PublicInput, unsent_commitment: TracesUnsentCommitment, config: TracesConfig ) -> TracesCommitment { @@ -65,7 +65,14 @@ fn traces_commit( ref channel, unsent_commitment.original, config.original ); // Generate interaction elements for the first interaction. - let interaction_elements = channel.random_felts_to_prover(n_interaction_elements); + let interaction_elements = InteractionElements { + memory_multi_column_perm_perm_interaction_elm: channel.random_felt_to_prover(), + memory_multi_column_perm_hash_interaction_elm0: channel.random_felt_to_prover(), + rc16_perm_interaction_elm: channel.random_felt_to_prover(), + diluted_check_permutation_interaction_elm: channel.random_felt_to_prover(), + diluted_check_interaction_z: channel.random_felt_to_prover(), + diluted_check_interaction_alpha: channel.random_felt_to_prover(), + }; // Read interaction commitment. let interaction_commitment = table_commit( ref channel, unsent_commitment.interaction, config.interaction diff --git a/src/oods.cairo b/src/oods.cairo index 257eb8354..3f30dc4c5 100644 --- a/src/oods.cairo +++ b/src/oods.cairo @@ -1,6 +1,5 @@ -use core::array::ArrayTrait; -use cairo_verifier::common::array_extend::ArrayExtendTrait; use core::array::SpanTrait; +use cairo_verifier::common::array_extend::ArrayExtendTrait; use cairo_verifier::air::composition::{eval_composition_polynomial, eval_oods_polynomial}; use cairo_verifier::air::global_values::InteractionElements; use cairo_verifier::air::public_input::PublicInput; @@ -8,12 +7,6 @@ use cairo_verifier::air::traces::TracesDecommitment; use cairo_verifier::table_commitment::table_commitment::TableDecommitment; use cairo_verifier::air::constants::CONSTRAINT_DEGREE; -#[derive(Drop)] -struct OodsValues { - mask_values: Array, - split_polynomials: Array -} - #[derive(Drop)] struct OodsEvaluationInfo { oods_values: Span, @@ -23,10 +16,10 @@ struct OodsEvaluationInfo { } fn verify_oods( - oods: OodsValues, + oods: Span, interaction_elements: InteractionElements, - public_input: PublicInput, - constraint_coefficients: Array, + public_input: @PublicInput, + constraint_coefficients: Span, oods_point: felt252, trace_domain_size: felt252, trace_generator: felt252 @@ -34,7 +27,7 @@ fn verify_oods( let composition_from_trace = eval_composition_polynomial( interaction_elements, public_input, - oods.mask_values, + oods.slice(0, oods.len() - 2), constraint_coefficients, oods_point, trace_domain_size, @@ -42,8 +35,7 @@ fn verify_oods( ); // TODO support degree > 2? - let claimed_composition = *oods.split_polynomials.at(0) - + *oods.split_polynomials.at(1) * oods_point; + let claimed_composition = *oods[oods.len() - 2] + *oods[oods.len() - 1] * oods_point; assert(composition_from_trace == claimed_composition, 'Invalid OODS'); } diff --git a/src/stark.cairo b/src/stark.cairo index fc6175b7a..2592e8fba 100644 --- a/src/stark.cairo +++ b/src/stark.cairo @@ -1,8 +1,10 @@ +use cairo_verifier::air::public_input::PublicInputTrait; use cairo_verifier::{ air::{ traces_config::{TracesConfig, TracesConfigTrait}, public_input::PublicInput, traces::{TracesUnsentCommitment, TracesCommitment, TracesDecommitment, TracesWitness} }, + channel::channel::{Channel, ChannelImpl}, fri::{ fri_config::{FriConfig, FriConfigTrait}, fri::{FriUnsentCommitment, FriWitness, FriCommitment} @@ -40,6 +42,12 @@ impl StarkProofImpl of StarkProofTrait { fn verify(self: @StarkProof) { self.config.validate(SECURITY_BITS); let stark_domains = StarkDomainsImpl::new(self.config); + + let digest = self.public_input.get_public_input_hash(); + let mut channel = ChannelImpl::new(digest); + // stark_commit::stark_commit( + // ref channel, self.public_input, self.unsent_commitment, self.config, @stark_domains, + // ); } } diff --git a/src/stark/stark_commit.cairo b/src/stark/stark_commit.cairo index 8b1378917..db8526d2e 100644 --- a/src/stark/stark_commit.cairo +++ b/src/stark/stark_commit.cairo @@ -1 +1,67 @@ +use core::traits::TryInto; +use core::array::ArrayTrait; +use core::option::OptionTrait; +use core::traits::Into; +use cairo_verifier::channel::channel::ChannelTrait; +use cairo_verifier::{ + air::{ + constants::{CONSTRAINT_DEGREE, N_CONSTRAINTS, MASK_SIZE}, public_input::PublicInput, + traces::traces_commit, + }, + channel::channel::Channel, common::powers_array::powers_array, domains::StarkDomains, + fri::fri::fri_commit, stark::{StarkUnsentCommitment, StarkConfig, StarkCommitment}, + proof_of_work::proof_of_work::proof_of_work_commit, + table_commitment::table_commitment::table_commit, oods::verify_oods, +}; + +// STARK commitment phase. +fn stark_commit( + ref channel: Channel, + public_input: @PublicInput, + unsent_commitment: @StarkUnsentCommitment, + config: @StarkConfig, + stark_domains: @StarkDomains, +) -> StarkCommitment { + let traces_commitment = traces_commit( + ref channel, public_input, *unsent_commitment.traces, *config.traces, + ); + + let composition_alpha = channel.random_felt_to_prover(); + let traces_coefficients = powers_array(1, composition_alpha, N_CONSTRAINTS).span(); + + let composition_commitment = table_commit( + ref channel, *unsent_commitment.composition, *config.composition, + ); + + let interaction_after_composition = channel.random_felt_to_prover(); + + let n_oods_values = MASK_SIZE + CONSTRAINT_DEGREE; + channel.read_felts_from_prover(*unsent_commitment.oods_values); + + verify_oods( + *unsent_commitment.oods_values, + traces_commitment.interaction_elements, + public_input, + traces_coefficients, + interaction_after_composition, + *stark_domains.trace_generator, + *stark_domains.trace_domain_size + ); + + let oods_alpha = channel.random_felt_to_prover(); + let oods_coefficients = powers_array(1, oods_alpha, n_oods_values); + + let fri_commitment = fri_commit(ref channel, *unsent_commitment.fri, *config.fri); + + proof_of_work_commit(ref channel, *unsent_commitment.proof_of_work, *config.proof_of_work); + + StarkCommitment { + traces: traces_commitment, + composition: composition_commitment, + interaction_after_composition: interaction_after_composition, + oods_values: *unsent_commitment.oods_values, + interaction_after_oods: oods_coefficients.span(), + fri: fri_commitment, + } +}