Skip to content

Commit 327dbcb

Browse files
olesHolemolesHolem
committed
added docs for computing security bits and using worst case senarion in all circuits
1 parent 200cb0a commit 327dbcb

File tree

58 files changed

+482
-460
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

58 files changed

+482
-460
lines changed

circuit_defs/bigint_with_control/verifier/src/concrete/size_constants.rs

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -28,17 +28,7 @@ pub const SECURITY_BITS: usize = verifier_common::SECURITY_BITS;
2828
pub const POW_BITS: usize = verifier_common::POW_BITS;
2929
pub const CHALLENGE_FIELD_SIZE_LOG2: usize = verifier_common::MERSENNE31QUARTIC_SIZE_LOG2;
3030
pub const POW_CONFIG: verifier_common::SizedProofPowConfig<NUM_FRI_STEPS> =
31-
verifier_common::SizedProofPowConfig::from_parameters(
32-
SECURITY_BITS,
33-
TRACE_LEN_LOG2,
34-
TRACE_LEN_LOG2 + FRI_FACTOR_LOG2,
35-
CHALLENGE_FIELD_SIZE_LOG2,
36-
NUM_QUOTIENT_TERMS,
37-
NUM_OPENINGS_AT_Z + NUM_OPENINGS_AT_Z_OMEGA,
38-
FRI_FOLDING_SCHEDULE,
39-
NUM_QUERIES,
40-
FRI_FACTOR_LOG2,
41-
);
31+
verifier_common::worst_sized_pow_config::<NUM_FRI_STEPS>(SECURITY_BITS);
4232
pub const TOTAL_TREE_CAP_SIZE: usize = 1 << FOLDING_PROPERTIES.total_caps_size_log2;
4333
pub const TREE_CAP_SIZE: usize = TOTAL_TREE_CAP_SIZE / NUM_COSETS;
4434
pub const TREE_CAP_SIZE_LOG2: usize = TREE_CAP_SIZE.trailing_zeros() as usize;

circuit_defs/bigint_with_control/verifier/src/lib.rs

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -115,20 +115,20 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
115115
skeleton.transcript_elements_before_stage2(),
116116
);
117117

118-
if POW_CONFIG.stage_2_pow_bits > 0 {
118+
if POW_CONFIG.lookup_pow_bits > 0 {
119119
Blake2sTranscript::verify_pow_using_hasher(
120120
&mut transcript_hasher,
121121
&mut seed,
122-
skeleton.pow_challenges.stage_2_pow_challenge,
123-
POW_CONFIG.stage_2_pow_bits as u32,
122+
skeleton.pow_challenges.lookup_pow_challenge,
123+
POW_CONFIG.lookup_pow_bits as u32,
124124
);
125125
}
126126

127127
// draw local lookup argument challenges
128128
let mut transcript_challenges = MaybeUninit::<
129129
[u32; transcript_challenge_array_size(
130130
NUM_STAGE_2_CHALLENGES * 4,
131-
POW_CONFIG.stage_2_pow_bits as usize,
131+
POW_CONFIG.lookup_pow_bits as usize,
132132
)],
133133
>::uninit()
134134
.assume_init();
@@ -138,7 +138,7 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
138138
&mut transcript_challenges,
139139
);
140140

141-
let mut it = if POW_CONFIG.stage_2_pow_bits > 0 {
141+
let mut it = if POW_CONFIG.lookup_pow_bits > 0 {
142142
// skip 1 word used for PoW
143143
transcript_challenges[1..].as_chunks::<4>().0.iter()
144144
} else {
@@ -196,18 +196,18 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
196196
skeleton.transcript_elements_stage2_to_stage3(),
197197
);
198198

199-
if POW_CONFIG.stage_3_pow_bits > 0 {
199+
if POW_CONFIG.quotient_alpha_pow_bits > 0 {
200200
Blake2sTranscript::verify_pow_using_hasher(
201201
&mut transcript_hasher,
202202
&mut seed,
203-
skeleton.pow_challenges.stage_3_pow_challenge,
204-
POW_CONFIG.stage_3_pow_bits as u32,
203+
skeleton.pow_challenges.quotient_alpha_pow_challenge,
204+
POW_CONFIG.quotient_alpha_pow_bits as u32,
205205
);
206206
}
207207

208208
// draw quotient linearization challenges
209209
let mut transcript_challenges = MaybeUninit::<
210-
[u32; transcript_challenge_array_size(2usize * 4, POW_CONFIG.stage_3_pow_bits as usize)],
210+
[u32; transcript_challenge_array_size(2usize * 4, POW_CONFIG.quotient_alpha_pow_bits as usize)],
211211
>::uninit()
212212
.assume_init();
213213
Transcript::draw_randomness_using_hasher(
@@ -216,7 +216,7 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
216216
&mut transcript_challenges,
217217
);
218218

219-
let mut it = if POW_CONFIG.stage_3_pow_bits > 0 {
219+
let mut it = if POW_CONFIG.quotient_alpha_pow_bits > 0 {
220220
// skip 1 word used for PoW
221221
transcript_challenges[1..].as_chunks::<4>().0.iter()
222222
} else {

circuit_defs/blake2_with_compression/verifier/src/concrete/size_constants.rs

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -28,17 +28,7 @@ pub const SECURITY_BITS: usize = verifier_common::SECURITY_BITS;
2828
pub const POW_BITS: usize = verifier_common::POW_BITS;
2929
pub const CHALLENGE_FIELD_SIZE_LOG2: usize = verifier_common::MERSENNE31QUARTIC_SIZE_LOG2;
3030
pub const POW_CONFIG: verifier_common::SizedProofPowConfig<NUM_FRI_STEPS> =
31-
verifier_common::SizedProofPowConfig::from_parameters(
32-
SECURITY_BITS,
33-
TRACE_LEN_LOG2,
34-
TRACE_LEN_LOG2 + FRI_FACTOR_LOG2,
35-
CHALLENGE_FIELD_SIZE_LOG2,
36-
NUM_QUOTIENT_TERMS,
37-
NUM_OPENINGS_AT_Z + NUM_OPENINGS_AT_Z_OMEGA,
38-
FRI_FOLDING_SCHEDULE,
39-
NUM_QUERIES,
40-
FRI_FACTOR_LOG2,
41-
);
31+
verifier_common::worst_sized_pow_config::<NUM_FRI_STEPS>(SECURITY_BITS);
4232
pub const TOTAL_TREE_CAP_SIZE: usize = 1 << FOLDING_PROPERTIES.total_caps_size_log2;
4333
pub const TREE_CAP_SIZE: usize = TOTAL_TREE_CAP_SIZE / NUM_COSETS;
4434
pub const TREE_CAP_SIZE_LOG2: usize = TREE_CAP_SIZE.trailing_zeros() as usize;

circuit_defs/blake2_with_compression/verifier/src/lib.rs

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -115,20 +115,20 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
115115
skeleton.transcript_elements_before_stage2(),
116116
);
117117

118-
if POW_CONFIG.stage_2_pow_bits > 0 {
118+
if POW_CONFIG.lookup_pow_bits > 0 {
119119
Blake2sTranscript::verify_pow_using_hasher(
120120
&mut transcript_hasher,
121121
&mut seed,
122-
skeleton.pow_challenges.stage_2_pow_challenge,
123-
POW_CONFIG.stage_2_pow_bits as u32,
122+
skeleton.pow_challenges.lookup_pow_challenge,
123+
POW_CONFIG.lookup_pow_bits as u32,
124124
);
125125
}
126126

127127
// draw local lookup argument challenges
128128
let mut transcript_challenges = MaybeUninit::<
129129
[u32; transcript_challenge_array_size(
130130
NUM_STAGE_2_CHALLENGES * 4,
131-
POW_CONFIG.stage_2_pow_bits as usize,
131+
POW_CONFIG.lookup_pow_bits as usize,
132132
)],
133133
>::uninit()
134134
.assume_init();
@@ -138,7 +138,7 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
138138
&mut transcript_challenges,
139139
);
140140

141-
let mut it = if POW_CONFIG.stage_2_pow_bits > 0 {
141+
let mut it = if POW_CONFIG.lookup_pow_bits > 0 {
142142
// skip 1 word used for PoW
143143
transcript_challenges[1..].as_chunks::<4>().0.iter()
144144
} else {
@@ -196,18 +196,18 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
196196
skeleton.transcript_elements_stage2_to_stage3(),
197197
);
198198

199-
if POW_CONFIG.stage_3_pow_bits > 0 {
199+
if POW_CONFIG.quotient_alpha_pow_bits > 0 {
200200
Blake2sTranscript::verify_pow_using_hasher(
201201
&mut transcript_hasher,
202202
&mut seed,
203-
skeleton.pow_challenges.stage_3_pow_challenge,
204-
POW_CONFIG.stage_3_pow_bits as u32,
203+
skeleton.pow_challenges.quotient_alpha_pow_challenge,
204+
POW_CONFIG.quotient_alpha_pow_bits as u32,
205205
);
206206
}
207207

208208
// draw quotient linearization challenges
209209
let mut transcript_challenges = MaybeUninit::<
210-
[u32; transcript_challenge_array_size(2usize * 4, POW_CONFIG.stage_3_pow_bits as usize)],
210+
[u32; transcript_challenge_array_size(2usize * 4, POW_CONFIG.quotient_alpha_pow_bits as usize)],
211211
>::uninit()
212212
.assume_init();
213213
Transcript::draw_randomness_using_hasher(
@@ -216,7 +216,7 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
216216
&mut transcript_challenges,
217217
);
218218

219-
let mut it = if POW_CONFIG.stage_3_pow_bits > 0 {
219+
let mut it = if POW_CONFIG.quotient_alpha_pow_bits > 0 {
220220
// skip 1 word used for PoW
221221
transcript_challenges[1..].as_chunks::<4>().0.iter()
222222
} else {

circuit_defs/final_reduced_risc_v_machine/verifier/src/concrete/size_constants.rs

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -28,17 +28,7 @@ pub const SECURITY_BITS: usize = verifier_common::SECURITY_BITS;
2828
pub const POW_BITS: usize = verifier_common::POW_BITS;
2929
pub const CHALLENGE_FIELD_SIZE_LOG2: usize = verifier_common::MERSENNE31QUARTIC_SIZE_LOG2;
3030
pub const POW_CONFIG: verifier_common::SizedProofPowConfig<NUM_FRI_STEPS> =
31-
verifier_common::SizedProofPowConfig::from_parameters(
32-
SECURITY_BITS,
33-
TRACE_LEN_LOG2,
34-
TRACE_LEN_LOG2 + FRI_FACTOR_LOG2,
35-
CHALLENGE_FIELD_SIZE_LOG2,
36-
NUM_QUOTIENT_TERMS,
37-
NUM_OPENINGS_AT_Z + NUM_OPENINGS_AT_Z_OMEGA,
38-
FRI_FOLDING_SCHEDULE,
39-
NUM_QUERIES,
40-
FRI_FACTOR_LOG2,
41-
);
31+
verifier_common::worst_sized_pow_config::<NUM_FRI_STEPS>(SECURITY_BITS);
4232
pub const TOTAL_TREE_CAP_SIZE: usize = 1 << FOLDING_PROPERTIES.total_caps_size_log2;
4333
pub const TREE_CAP_SIZE: usize = TOTAL_TREE_CAP_SIZE / NUM_COSETS;
4434
pub const TREE_CAP_SIZE_LOG2: usize = TREE_CAP_SIZE.trailing_zeros() as usize;

circuit_defs/final_reduced_risc_v_machine/verifier/src/lib.rs

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -115,20 +115,20 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
115115
skeleton.transcript_elements_before_stage2(),
116116
);
117117

118-
if POW_CONFIG.stage_2_pow_bits > 0 {
118+
if POW_CONFIG.lookup_pow_bits > 0 {
119119
Blake2sTranscript::verify_pow_using_hasher(
120120
&mut transcript_hasher,
121121
&mut seed,
122-
skeleton.pow_challenges.stage_2_pow_challenge,
123-
POW_CONFIG.stage_2_pow_bits as u32,
122+
skeleton.pow_challenges.lookup_pow_challenge,
123+
POW_CONFIG.lookup_pow_bits as u32,
124124
);
125125
}
126126

127127
// draw local lookup argument challenges
128128
let mut transcript_challenges = MaybeUninit::<
129129
[u32; transcript_challenge_array_size(
130130
NUM_STAGE_2_CHALLENGES * 4,
131-
POW_CONFIG.stage_2_pow_bits as usize,
131+
POW_CONFIG.lookup_pow_bits as usize,
132132
)],
133133
>::uninit()
134134
.assume_init();
@@ -138,7 +138,7 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
138138
&mut transcript_challenges,
139139
);
140140

141-
let mut it = if POW_CONFIG.stage_2_pow_bits > 0 {
141+
let mut it = if POW_CONFIG.lookup_pow_bits > 0 {
142142
// skip 1 word used for PoW
143143
transcript_challenges[1..].as_chunks::<4>().0.iter()
144144
} else {
@@ -196,18 +196,18 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
196196
skeleton.transcript_elements_stage2_to_stage3(),
197197
);
198198

199-
if POW_CONFIG.stage_3_pow_bits > 0 {
199+
if POW_CONFIG.quotient_alpha_pow_bits > 0 {
200200
Blake2sTranscript::verify_pow_using_hasher(
201201
&mut transcript_hasher,
202202
&mut seed,
203-
skeleton.pow_challenges.stage_3_pow_challenge,
204-
POW_CONFIG.stage_3_pow_bits as u32,
203+
skeleton.pow_challenges.quotient_alpha_pow_challenge,
204+
POW_CONFIG.quotient_alpha_pow_bits as u32,
205205
);
206206
}
207207

208208
// draw quotient linearization challenges
209209
let mut transcript_challenges = MaybeUninit::<
210-
[u32; transcript_challenge_array_size(2usize * 4, POW_CONFIG.stage_3_pow_bits as usize)],
210+
[u32; transcript_challenge_array_size(2usize * 4, POW_CONFIG.quotient_alpha_pow_bits as usize)],
211211
>::uninit()
212212
.assume_init();
213213
Transcript::draw_randomness_using_hasher(
@@ -216,7 +216,7 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
216216
&mut transcript_challenges,
217217
);
218218

219-
let mut it = if POW_CONFIG.stage_3_pow_bits > 0 {
219+
let mut it = if POW_CONFIG.quotient_alpha_pow_bits > 0 {
220220
// skip 1 word used for PoW
221221
transcript_challenges[1..].as_chunks::<4>().0.iter()
222222
} else {

circuit_defs/keccak_special5/verifier/src/concrete/size_constants.rs

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -28,17 +28,7 @@ pub const SECURITY_BITS: usize = verifier_common::SECURITY_BITS;
2828
pub const POW_BITS: usize = verifier_common::POW_BITS;
2929
pub const CHALLENGE_FIELD_SIZE_LOG2: usize = verifier_common::MERSENNE31QUARTIC_SIZE_LOG2;
3030
pub const POW_CONFIG: verifier_common::SizedProofPowConfig<NUM_FRI_STEPS> =
31-
verifier_common::SizedProofPowConfig::from_parameters(
32-
SECURITY_BITS,
33-
TRACE_LEN_LOG2,
34-
TRACE_LEN_LOG2 + FRI_FACTOR_LOG2,
35-
CHALLENGE_FIELD_SIZE_LOG2,
36-
NUM_QUOTIENT_TERMS,
37-
NUM_OPENINGS_AT_Z + NUM_OPENINGS_AT_Z_OMEGA,
38-
FRI_FOLDING_SCHEDULE,
39-
NUM_QUERIES,
40-
FRI_FACTOR_LOG2,
41-
);
31+
verifier_common::worst_sized_pow_config::<NUM_FRI_STEPS>(SECURITY_BITS);
4232
pub const TOTAL_TREE_CAP_SIZE: usize = 1 << FOLDING_PROPERTIES.total_caps_size_log2;
4333
pub const TREE_CAP_SIZE: usize = TOTAL_TREE_CAP_SIZE / NUM_COSETS;
4434
pub const TREE_CAP_SIZE_LOG2: usize = TREE_CAP_SIZE.trailing_zeros() as usize;

circuit_defs/keccak_special5/verifier/src/lib.rs

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -115,20 +115,20 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
115115
skeleton.transcript_elements_before_stage2(),
116116
);
117117

118-
if POW_CONFIG.stage_2_pow_bits > 0 {
118+
if POW_CONFIG.lookup_pow_bits > 0 {
119119
Blake2sTranscript::verify_pow_using_hasher(
120120
&mut transcript_hasher,
121121
&mut seed,
122-
skeleton.pow_challenges.stage_2_pow_challenge,
123-
POW_CONFIG.stage_2_pow_bits as u32,
122+
skeleton.pow_challenges.lookup_pow_challenge,
123+
POW_CONFIG.lookup_pow_bits as u32,
124124
);
125125
}
126126

127127
// draw local lookup argument challenges
128128
let mut transcript_challenges = MaybeUninit::<
129129
[u32; transcript_challenge_array_size(
130130
NUM_STAGE_2_CHALLENGES * 4,
131-
POW_CONFIG.stage_2_pow_bits as usize,
131+
POW_CONFIG.lookup_pow_bits as usize,
132132
)],
133133
>::uninit()
134134
.assume_init();
@@ -138,7 +138,7 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
138138
&mut transcript_challenges,
139139
);
140140

141-
let mut it = if POW_CONFIG.stage_2_pow_bits > 0 {
141+
let mut it = if POW_CONFIG.lookup_pow_bits > 0 {
142142
// skip 1 word used for PoW
143143
transcript_challenges[1..].as_chunks::<4>().0.iter()
144144
} else {
@@ -196,18 +196,18 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
196196
skeleton.transcript_elements_stage2_to_stage3(),
197197
);
198198

199-
if POW_CONFIG.stage_3_pow_bits > 0 {
199+
if POW_CONFIG.quotient_alpha_pow_bits > 0 {
200200
Blake2sTranscript::verify_pow_using_hasher(
201201
&mut transcript_hasher,
202202
&mut seed,
203-
skeleton.pow_challenges.stage_3_pow_challenge,
204-
POW_CONFIG.stage_3_pow_bits as u32,
203+
skeleton.pow_challenges.quotient_alpha_pow_challenge,
204+
POW_CONFIG.quotient_alpha_pow_bits as u32,
205205
);
206206
}
207207

208208
// draw quotient linearization challenges
209209
let mut transcript_challenges = MaybeUninit::<
210-
[u32; transcript_challenge_array_size(2usize * 4, POW_CONFIG.stage_3_pow_bits as usize)],
210+
[u32; transcript_challenge_array_size(2usize * 4, POW_CONFIG.quotient_alpha_pow_bits as usize)],
211211
>::uninit()
212212
.assume_init();
213213
Transcript::draw_randomness_using_hasher(
@@ -216,7 +216,7 @@ pub unsafe fn verify_with_configuration<I: NonDeterminismSource, V: LeafInclusio
216216
&mut transcript_challenges,
217217
);
218218

219-
let mut it = if POW_CONFIG.stage_3_pow_bits > 0 {
219+
let mut it = if POW_CONFIG.quotient_alpha_pow_bits > 0 {
220220
// skip 1 word used for PoW
221221
transcript_challenges[1..].as_chunks::<4>().0.iter()
222222
} else {

circuit_defs/machine_without_signed_mul_div/verifier/src/concrete/size_constants.rs

Lines changed: 19 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -27,22 +27,30 @@ pub const NUM_COSETS: usize = 1 << FRI_FACTOR_LOG2;
2727
pub const SECURITY_BITS: usize = verifier_common::SECURITY_BITS;
2828
pub const POW_BITS: usize = verifier_common::POW_BITS;
2929
pub const CHALLENGE_FIELD_SIZE_LOG2: usize = verifier_common::MERSENNE31QUARTIC_SIZE_LOG2;
30-
pub const POW_CONFIG: verifier_common::SizedProofPowConfig<NUM_FRI_STEPS> = verifier_common::SizedProofPowConfig::from_parameters(
31-
SECURITY_BITS,
32-
TRACE_LEN_LOG2,
33-
TRACE_LEN_LOG2 + FRI_FACTOR_LOG2,
34-
CHALLENGE_FIELD_SIZE_LOG2,
35-
NUM_QUOTIENT_TERMS,
36-
NUM_OPENINGS_AT_Z + NUM_OPENINGS_AT_Z_OMEGA,
37-
FRI_FOLDING_SCHEDULE,
38-
NUM_QUERIES,
39-
FRI_FACTOR_LOG2,
40-
);
30+
pub const POW_CONFIG: verifier_common::SizedProofPowConfig<NUM_FRI_STEPS> =
31+
verifier_common::worst_sized_pow_config::<NUM_FRI_STEPS>(SECURITY_BITS);
4132
pub const TOTAL_TREE_CAP_SIZE: usize = 1 << FOLDING_PROPERTIES.total_caps_size_log2;
4233
pub const TREE_CAP_SIZE: usize = TOTAL_TREE_CAP_SIZE / NUM_COSETS;
4334
pub const TREE_CAP_SIZE_LOG2: usize = TREE_CAP_SIZE.trailing_zeros() as usize;
4435
pub const DEFAULT_MERKLE_PATH_LENGTH: usize = TRACE_LEN_LOG2 - TREE_CAP_SIZE_LOG2;
4536

37+
#[test]
38+
fn pow_bits_for_100_security_bits() {
39+
dbg!(
40+
verifier_common::SizedProofPowConfig::<NUM_FRI_STEPS>::from_parameters(
41+
100,
42+
TRACE_LEN_LOG2,
43+
TRACE_LEN_LOG2 + FRI_FACTOR_LOG2,
44+
CHALLENGE_FIELD_SIZE_LOG2,
45+
NUM_QUOTIENT_TERMS,
46+
NUM_OPENINGS_AT_Z + NUM_OPENINGS_AT_Z_OMEGA,
47+
FRI_FOLDING_SCHEDULE,
48+
NUM_QUERIES + 20,
49+
FRI_FACTOR_LOG2,
50+
)
51+
);
52+
}
53+
4654
pub const NUM_QUERIES: usize =
4755
verifier_common::num_queries_for_security_params(SECURITY_BITS, POW_BITS, FRI_FACTOR_LOG2);
4856

0 commit comments

Comments
 (0)