From 1051de7c42eb46f1e54c633d7a8505c49b00ec45 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Tue, 16 Jan 2024 14:50:05 +0000 Subject: [PATCH 01/28] Introduce the pickles diagram by squashing feature/volhovm/vinegar-poc --- book/src/pickles/.gitignore | 2 + book/src/pickles/pickles_structure.drawio | 4053 +++++++++++++++++++++ 2 files changed, 4055 insertions(+) create mode 100644 book/src/pickles/.gitignore create mode 100644 book/src/pickles/pickles_structure.drawio diff --git a/book/src/pickles/.gitignore b/book/src/pickles/.gitignore new file mode 100644 index 0000000000..fd2f78e90c --- /dev/null +++ b/book/src/pickles/.gitignore @@ -0,0 +1,2 @@ +.*.bkp +.*.dtmp diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio new file mode 100644 index 0000000000..ffaffe607d --- /dev/null +++ b/book/src/pickles/pickles_structure.drawio @@ -0,0 +1,4053 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From f1cb9c1e76708e2da7ac30b1a48ae11c52d180c7 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Tue, 16 Jan 2024 17:10:27 +0000 Subject: [PATCH 02/28] Pass on the high-level diagram --- book/src/pickles/pickles_structure.drawio | 285 +++++----------------- 1 file changed, 62 insertions(+), 223 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index ffaffe607d..5f317f7a90 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -14,9 +14,6 @@ - - - @@ -26,22 +23,24 @@ - - + + - + - + + + - - + + @@ -49,22 +48,22 @@ - - + + - - + + - + - - + + @@ -72,245 +71,85 @@ - - - - - - - - - - - - - - + + - + - + - + - + - + - - - - - - - - - - - - - - - - - - - - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + - - + + - - + + - + - - + - - - - - - - + + - + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - - + + - - - - - - - - + - + - - - - - - - - - - + + - - - - - - - - + + - + - - - - - - - - - - + + @@ -2101,12 +1940,6 @@ - - - - - - @@ -2448,12 +2281,6 @@ - - - - - - @@ -4047,6 +3874,18 @@ + + + + + + + + + + + + From 319cbefee987d5dc78f471a9e167cfc3bd38bd9e Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Tue, 16 Jan 2024 17:17:11 +0000 Subject: [PATCH 03/28] Another pass on general pickles diagram --- book/src/pickles/pickles_structure.drawio | 83 ++++++++++++++++------- 1 file changed, 60 insertions(+), 23 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index 5f317f7a90..1d46b97c1a 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -23,15 +23,16 @@ - - + + - + - + + @@ -39,8 +40,8 @@ - - + + @@ -57,9 +58,9 @@ - + - + @@ -74,8 +75,8 @@ - - + + @@ -85,15 +86,16 @@ - + - + - + + - + @@ -104,7 +106,7 @@ - + @@ -129,8 +131,8 @@ - - + + @@ -143,13 +145,21 @@ - + + + + + + + + + - + @@ -3878,13 +3888,40 @@ - + - + + + + + + + + + + + + + + + + + + + + + + + + + + + + From dd9152be7a7e9af5fa43234a6479ada9d99a737f Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Tue, 16 Jan 2024 17:43:19 +0000 Subject: [PATCH 04/28] Remove unused/reduntant pickles/overview.md --- book/src/pickles/overview.md | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100644 book/src/pickles/overview.md diff --git a/book/src/pickles/overview.md b/book/src/pickles/overview.md deleted file mode 100644 index f69a423807..0000000000 --- a/book/src/pickles/overview.md +++ /dev/null @@ -1,14 +0,0 @@ -# Overview - -0. Run PlonK verifiers on proofs $\pi_1, \ldots, \pi_n$ outputs polynomial relations. -1. Checking $\relation_{\mathsf{Acc}, \vec{G}}$ and polynomial relations to $\relation_{PCS,d}$: - 1. Sample $\zeta \sample \mathcal{C}$ using the Poseidon sponge. - 2. Compute $C \in \GG$ from $U^{(1)}, \ldots, U^{(n)}$ from -2. Checking $\relation_{\mathsf{IPA}, \ell} \to \relation_{\mathsf{IPA},1}$ -3. Checking - - - `RecursionChallenge.comm` $\in \GG$ fields from each "input proof" - - The polynomial commitments in the - - $u \in [0, 2^{128})$ challenge (provided in GLV form). -3. Compute $y$ from: - - `RecursionChallenge.prev_challenges` $\in \FF^\ell$ fields from each "input proof" From 73c9ba1a79a8d3f7dc332d9f647ad43e7436e6c1 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Tue, 16 Jan 2024 18:11:46 +0000 Subject: [PATCH 05/28] Add a general summary on pickles + diagram --- book/src/SUMMARY.md | 3 ++- book/src/pickles/overview.md | 18 ++++++++++++++++++ book/src/pickles/pickles_structure.drawio | 10 ++-------- .../src/pickles/pickles_structure_overview.svg | 4 ++++ .../{fundamentals => pickles}/zkbook_ips.md | 0 5 files changed, 26 insertions(+), 9 deletions(-) create mode 100644 book/src/pickles/overview.md create mode 100644 book/src/pickles/pickles_structure_overview.svg rename book/src/{fundamentals => pickles}/zkbook_ips.md (100%) diff --git a/book/src/SUMMARY.md b/book/src/SUMMARY.md index 60dc11d661..fabc4fb22d 100644 --- a/book/src/SUMMARY.md +++ b/book/src/SUMMARY.md @@ -62,7 +62,8 @@ # Pickles & Inductive Proof Systems -- [Overview](./fundamentals/zkbook_ips.md) +- [Overview](./pickles/overview.md) +- [Inductive Proof Systems](./pickles/zkbook_ips.md) - [Accumulation](./pickles/accumulation.md) - [Deferred Computation](./pickles/deferred.md) diff --git a/book/src/pickles/overview.md b/book/src/pickles/overview.md new file mode 100644 index 0000000000..3bb094bac0 --- /dev/null +++ b/book/src/pickles/overview.md @@ -0,0 +1,18 @@ +# Overview of Pickles + +Pickles is a recursion layer built on top of Kimchi. The complexity of pickles as a protocol lies in specifying how to verify previous kimchi inside of the current ones. And it gets quite complicated with many concrete details. Working over two curves requires us to have different circuits and a "mirrored" structure, some computations are deferred for efficiency, and one needs to carefully keep track of the accumulators. In this section we provide a general overview of pickles, while next sections in the same chapter dive into the actual implementation details. + +Pickles works over Pasta, a cycle of curves consisting of Pallas and Vesta, and thus it defines two generic circuits, one for each curve. Each can be thought of as a parallel instantiation of a kimchi proof systems. These circuits are not symmetric and have somewhat different function: +- **Step circuit**: this is the main circuit that contains application logic. Each step circuit verifies a statement and potentially several (at most 2) other wrap proofs. +- **Wrap circuit**: this circuit merely verifies the step circuit, and does not have its own application logic. The intuition is that every time an application statement is proven it's done in Step, and then the resulting proof is immediately wrapped using Wrap. + +Both Step and Wrap circuits additionally do a lot of recursive verification of the previous steps. Without getting too technical, Step (without lost of generality) does the following: +1. Verify the application logic statement +2. Verify that the previous Wrap proof is valid (but perform only main checks that are efficient) +3. Verify that the previous Step proof is valid (perform the secondary checks that were inefficient to perform when the previous Step was Wrapped) +4. Verify that the previous Step correctly aggregated the previous accumulator, that is $\mathsf{acc}_1 = \mathsf{Aggregate}(\mathsf{acc}_0, \pi_{\mathsf{step},1})$. + - *@volhovm: this is probably simplistic if not incorrect. Improve.* + +The diagram roughly illustrates the interplay of the two kimchi instances. + +![Overview](./pickles_structure_overview.svg) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index 1d46b97c1a..d293cbbbd1 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -108,12 +108,6 @@ - - - - - - diff --git a/book/src/pickles/pickles_structure_overview.svg b/book/src/pickles/pickles_structure_overview.svg new file mode 100644 index 0000000000..3c69920f32 --- /dev/null +++ b/book/src/pickles/pickles_structure_overview.svg @@ -0,0 +1,4 @@ + + + +
Step 1:
1.
2. Wrap 0 main checks
3. Step 0 deferred checks
4. acc-1' was aggregated properly
(2-4 may be repeated when step consumes several wrap proofs)
Step 1:...
Step 2:
1.
2. Wrap 1 main checks
3. Step 1 deferred checks
4. acc0' was aggregated properly
(2-4 may be repeated when step consumes several wrap proofs)
Step 2:...
Wrap 1:
1. Step 1 main checks
2. Wrap 0 deferred checks
3. acc0 was aggregated properly
Wrap 1:...
Wrap 2:
1. Step 2 main checks
2. Wrap 1 deferred checks
3. acc1 was aggregated properly
Wrap 2:...
acc1
acc1
acc2
acc2
acc0
acc0
acc1'
acc1'
acc2'
acc2'
acc0'
acc0'
application statement
application statement...
application statement
application statement...
`\ldot...
`\ld...
`\ld...
`\ld...
`\ld...
`\ldot...Text is not SVG - cannot display \ No newline at end of file diff --git a/book/src/fundamentals/zkbook_ips.md b/book/src/pickles/zkbook_ips.md similarity index 100% rename from book/src/fundamentals/zkbook_ips.md rename to book/src/pickles/zkbook_ips.md From 3589bee6698d840aa42e6284a74d6ed9f05a9751 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Tue, 16 Jan 2024 18:27:40 +0000 Subject: [PATCH 06/28] Comment on 'b' in pickles docs --- book/src/pickles/accumulation.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/book/src/pickles/accumulation.md b/book/src/pickles/accumulation.md index 15127f7e68..eb60d13b2d 100644 --- a/book/src/pickles/accumulation.md +++ b/book/src/pickles/accumulation.md @@ -751,7 +751,9 @@ Let $\mathcal{C} \subseteq \FF$ be the challenge space (128-bit GLV decomposed c 1. Checking $\relation_{\mathsf{IPA},1} \to \relation_{\mathsf{Acc}, \vec{G}}$ 1. Receive $c$ form the prover. 1. Define $\hpoly$ from $\vec{\chalfold}$ (folding challenges, computed above). - 1. Compute $\openy' \gets c \cdot (\hpoly(\chaleval) + \chalv \cdot \hpoly(\chaleval \omega))$, this works since: + 1. Compute a combined evaluation of the IPA challenge polynomial on two points: $b = \hpoly(\chaleval) + \chalv \cdot \hpoly(\chaleval \omega)$ + - Computationally, $b$ is obtained inside bulletproof folding procedure, by folding the vector $b_{\mathsf{init}}$ such that $b_{\mathsf{init},j} = \zeta^j + v \cdot \zeta^j w^j$ using the same standard bulletproof challenges that constitute $h(X)$. This $b_{\mathsf{init}}$ is a $v$-recombined evaluation point. The equality is by linearity of IPA recombination. + 1. Compute $\openy' \gets c \cdot b = c \cdot (\hpoly(\chaleval) + \chalv \cdot \hpoly(\chaleval \omega))$, this works since: $$ \openx^{(\rounds)} = \openx^{(\rounds)}_{\chaleval} + \chalv \cdot \openx^{(\rounds)}_{\chaleval\omega} From 2660b717d04b7bbd33398179b78cf373a32a27b8 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Tue, 16 Jan 2024 20:49:58 +0000 Subject: [PATCH 07/28] Clarify diagram a bit --- book/src/pickles/pickles_structure.drawio | 740 +++++++++++----------- 1 file changed, 370 insertions(+), 370 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index d293cbbbd1..a3b44d5d65 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,10 +1,10 @@ - + - + - + @@ -29,7 +29,7 @@ - + @@ -58,7 +58,7 @@ - + @@ -80,7 +80,7 @@ - + @@ -88,7 +88,7 @@ - + @@ -108,12 +108,12 @@ - + - + @@ -130,7 +130,7 @@ - + @@ -149,7 +149,7 @@ - + @@ -609,7 +609,7 @@ - + @@ -623,7 +623,7 @@ - + @@ -861,7 +861,7 @@ - + @@ -871,7 +871,7 @@ - + @@ -890,7 +890,7 @@ - + @@ -906,10 +906,10 @@ - + - + @@ -1048,13 +1048,13 @@ - + - - + + @@ -1064,108 +1064,108 @@ - - + + - + - - + + - + - - + + - + - - + + - + - + - - + + - + - - + + - + - - + + - - + + - + - + - - - - + + + + - - + + @@ -1177,84 +1177,84 @@ - - - - + + + + - + - - + + - + - - + + - + - - + + - - + + - - - + + + - - + + - + - - - - + + + + - + @@ -1265,37 +1265,29 @@ - + - - - - - - - - - - + + - - + + - + - + @@ -1316,54 +1308,54 @@ - + - + - - + + - - + + - - + + - + - - + + - + - - + + @@ -1373,60 +1365,30 @@ - + - + - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + - + - + - + @@ -1435,37 +1397,37 @@ - + - - + + - + - - + + - - + + - + @@ -1473,127 +1435,127 @@ - - - - + + + + - + - - - - + + + + - - - - + + + + - + - + - - + + - + - + - + - + - + - - + + - + - - + + - + - + - - + + - + - + - + - + - + - + - + - + - + @@ -1605,7 +1567,7 @@ - + @@ -1614,16 +1576,54 @@ - + - - + + - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -2441,7 +2441,7 @@ - + @@ -2465,7 +2465,7 @@ - + @@ -2867,10 +2867,10 @@ - + - + @@ -3085,7 +3085,7 @@ - + @@ -3097,7 +3097,7 @@ - + @@ -3113,61 +3113,61 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -3175,15 +3175,15 @@ - + - + - + @@ -3192,49 +3192,49 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -3242,7 +3242,7 @@ - + @@ -3250,7 +3250,7 @@ - + @@ -3259,7 +3259,7 @@ - + @@ -3267,7 +3267,7 @@ - + @@ -3275,7 +3275,7 @@ - + @@ -3283,35 +3283,35 @@ - + - + - + - + - + - + - + - + - + @@ -3319,7 +3319,7 @@ - + @@ -3329,7 +3329,7 @@ - + @@ -3337,7 +3337,7 @@ - + @@ -3345,7 +3345,7 @@ - + @@ -3353,15 +3353,15 @@ - + - + - + @@ -3369,7 +3369,7 @@ - + @@ -3377,10 +3377,10 @@ - + - + @@ -3390,7 +3390,7 @@ - + @@ -3398,22 +3398,22 @@ - + - + - + - + - + - + @@ -3427,7 +3427,7 @@ - + @@ -3435,12 +3435,12 @@ - + - + @@ -3448,13 +3448,13 @@ - + - + - + @@ -3462,19 +3462,19 @@ - + - + - + - + - + @@ -3482,7 +3482,7 @@ - + @@ -3490,10 +3490,10 @@ - + - + @@ -3501,10 +3501,10 @@ - + - + @@ -3512,7 +3512,7 @@ - + @@ -3520,10 +3520,10 @@ - + - + @@ -3531,10 +3531,10 @@ - + - + @@ -3542,7 +3542,7 @@ - + @@ -3552,10 +3552,10 @@ - + - + @@ -3563,10 +3563,10 @@ - + - + @@ -3574,7 +3574,7 @@ - + @@ -3584,18 +3584,18 @@ - + - + - + - + @@ -3603,10 +3603,10 @@ - + - + @@ -3614,10 +3614,10 @@ - + - + @@ -3626,12 +3626,12 @@ - + - + @@ -3639,7 +3639,7 @@ - + @@ -3647,39 +3647,39 @@ - + - + - + - + - + - + - + - + - + - + - + @@ -3687,34 +3687,34 @@ - + - + - + - + - + - + - + - + - + - + @@ -3723,10 +3723,10 @@ - + - + @@ -3734,25 +3734,25 @@ - + - + - + - + - + - + - + @@ -3765,7 +3765,7 @@ - + @@ -3773,40 +3773,40 @@ - + - + - + - + - + - + - + - + - + - + - + - + @@ -3859,7 +3859,7 @@ - + @@ -3867,7 +3867,7 @@ - + @@ -3875,46 +3875,46 @@ - + - + - + - + - + - + - + - + - + - + - + - + - + - + From a92bf86d0ba24afe388e5810b55805419609e2e2 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Wed, 17 Jan 2024 11:12:20 +0000 Subject: [PATCH 08/28] Clarify incrementally_verify_proof --- book/src/pickles/pickles_structure.drawio | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index a3b44d5d65..abe8dfb8ca 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -2605,8 +2605,8 @@ - - + + @@ -2638,8 +2638,8 @@ - - + + @@ -2701,7 +2701,7 @@ - + From 101e60cf8091ea672425b99370326dd14b7f6acc Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Wed, 17 Jan 2024 14:38:00 +0000 Subject: [PATCH 09/28] Minor diagram changes --- book/src/pickles/pickles_structure.drawio | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index abe8dfb8ca..98561b395f 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -2638,7 +2638,7 @@ - + From 6bed9690c9d626fbc67e6322cef6e11198045e84 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Wed, 17 Jan 2024 15:58:05 +0000 Subject: [PATCH 10/28] Update the diagram --- book/src/pickles/pickles_structure.drawio | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index 98561b395f..b598dd8e89 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -2397,8 +2397,8 @@ - - + + @@ -2415,13 +2415,13 @@ - + - + @@ -2720,7 +2720,7 @@ - + @@ -2738,7 +2738,7 @@ - + From 41fdb63170967823d94d187d16c761a7fb5df530 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Wed, 17 Jan 2024 16:45:24 +0000 Subject: [PATCH 11/28] Adjust an arrow --- book/src/pickles/pickles_structure.drawio | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index b598dd8e89..ebc9849a0e 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -408,8 +408,8 @@ - - + + From 6abd1e02a0b91f2a6848151b55b7de8ea5326c2d Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Thu, 18 Jan 2024 11:25:07 +0000 Subject: [PATCH 12/28] Diagram: Explain how ProverProof#prev_challenges are created --- book/src/pickles/pickles_structure.drawio | 234 +++++++++++++--------- 1 file changed, 137 insertions(+), 97 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index ebc9849a0e..a2f20d07b9 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -291,9 +291,7 @@ - - - + @@ -378,38 +376,52 @@ - + - + + + - + - + + + + + - - - - + - + - + + + + + + + + + + + + - + @@ -620,6 +632,14 @@ + + + + + + + + @@ -694,7 +714,7 @@ - + @@ -758,26 +778,34 @@ - + - - - - + - + + + + + + - + + + + + + + - - + + @@ -793,7 +821,7 @@ - + @@ -2404,18 +2432,18 @@ - + - - + + - - + + @@ -2425,18 +2453,18 @@ - + - - + + - + @@ -2449,19 +2477,19 @@ - - + + - + - - + + @@ -2473,29 +2501,29 @@ - - + + - + - + - - + + - + - - + + @@ -2507,28 +2535,28 @@ - - + + - + - - - + + + - + - + @@ -2566,19 +2594,19 @@ - - + + - + - - + + @@ -2588,7 +2616,7 @@ - + @@ -2603,10 +2631,10 @@ - + - + @@ -2648,15 +2676,15 @@ - + - - - - + + + + @@ -2664,30 +2692,30 @@ - + - - + + - - - - + + + + - - + + - + @@ -2702,7 +2730,7 @@ - + @@ -2738,7 +2766,7 @@ - + @@ -2751,7 +2779,7 @@ - + @@ -2760,16 +2788,16 @@ - - + + - - + + @@ -2792,16 +2820,16 @@ - - + + - - + + @@ -2809,7 +2837,7 @@ - + @@ -2893,16 +2921,16 @@ - - + + - + - + @@ -3592,6 +3620,9 @@ + + + @@ -3917,6 +3948,15 @@ + + + + + + + + + From cbdc72bfce4ef75e3a4e2963898946b2cf9bd1a1 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Thu, 18 Jan 2024 11:55:29 +0000 Subject: [PATCH 13/28] Thinking about proof.prev_challenges --- book/src/pickles/pickles_structure.drawio | 47 ++++++++++++++++++----- 1 file changed, 37 insertions(+), 10 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index a2f20d07b9..1b54c14d90 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -260,6 +260,9 @@ + + + @@ -269,6 +272,9 @@ + + + @@ -2291,11 +2297,12 @@ - + - + + @@ -2376,15 +2383,21 @@ - - + + + + + + + - + - + + @@ -2801,10 +2814,10 @@ - + - + @@ -3866,6 +3879,9 @@ + + + @@ -3875,6 +3891,14 @@ + + + + + + + + @@ -3957,6 +3981,9 @@ + + + From 3a28ab7c29cbd65d9a85c45718cb5396ce78a161 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Thu, 18 Jan 2024 12:41:39 +0000 Subject: [PATCH 14/28] Diagram: Clarify proof.prev_challenges --- book/src/pickles/pickles_structure.drawio | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index 1b54c14d90..581fa7068b 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -260,8 +260,10 @@ - - + + + + @@ -272,8 +274,8 @@ - - + + @@ -3891,13 +3893,8 @@ - - - - - - - + + From f3f7f77791b4b2db8c5815d4debe44f2eff6aa4b Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Thu, 18 Jan 2024 13:09:04 +0000 Subject: [PATCH 15/28] Clarify evaluations in step proof --- book/src/pickles/pickles_structure.drawio | 91 +++++++++++++++-------- 1 file changed, 59 insertions(+), 32 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index 581fa7068b..53cff034b5 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -726,7 +726,7 @@ - + @@ -741,7 +741,7 @@ - + @@ -794,7 +794,7 @@ - + @@ -825,26 +825,16 @@ - + - + + + - - - - - - - - - - - - @@ -886,7 +876,7 @@ - + @@ -919,7 +909,7 @@ - + @@ -1022,17 +1012,21 @@ - + + + + + - + - + @@ -1983,8 +1977,8 @@ - - + + @@ -1993,11 +1987,11 @@ - + - + @@ -2006,11 +2000,11 @@ - + - + @@ -2385,7 +2379,7 @@ - + @@ -3978,9 +3972,42 @@ - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From ddf8d04d4afa8a9bb49a4e29446cf90068f94e8d Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Thu, 18 Jan 2024 13:48:34 +0000 Subject: [PATCH 16/28] Diagram: minor editorial --- book/src/pickles/pickles_structure.drawio | 53 +++++++++++++---------- 1 file changed, 29 insertions(+), 24 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index 53cff034b5..6a077ce7ae 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,4 +1,4 @@ - + @@ -371,16 +371,16 @@ - - + + - - + + @@ -428,28 +428,28 @@ - + - - - - + - + + + + - + @@ -459,7 +459,7 @@ - + @@ -510,8 +510,8 @@ - - + + @@ -521,11 +521,16 @@ - + + + + + + - + @@ -565,8 +570,8 @@ - - + + @@ -581,8 +586,8 @@ - - + + @@ -624,8 +629,8 @@ - - + + @@ -3965,7 +3970,7 @@ - + From 17c1edbe26ec274fa84bea11eedb4815620345f5 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Fri, 19 Jan 2024 15:48:13 +0000 Subject: [PATCH 17/28] Diagram: introduce colour coded lifespans --- book/src/pickles/pickles_structure.drawio | 258 ++++++++++++---------- 1 file changed, 146 insertions(+), 112 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index 6a077ce7ae..d40fc5bf4f 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -174,7 +174,7 @@ - + @@ -186,7 +186,7 @@ - + @@ -195,19 +195,19 @@ - + - + - + - + - + @@ -219,7 +219,7 @@ - + @@ -228,7 +228,7 @@ - + @@ -242,22 +242,22 @@ - + - + - + - + - + - + @@ -265,16 +265,16 @@ - + - + - + - + @@ -330,31 +330,31 @@ - + - + - + - + - + - + - + - + @@ -371,12 +371,14 @@ - + + + - + @@ -419,11 +421,11 @@ - + - - + + @@ -439,17 +441,17 @@ - + - + - - + + @@ -458,8 +460,8 @@ - - + + @@ -507,7 +509,7 @@ - + @@ -520,7 +522,7 @@ - + @@ -577,7 +579,7 @@ - + @@ -659,13 +661,13 @@ - - + + - + @@ -694,22 +696,22 @@ - + - + - + - + - + - + @@ -778,7 +780,7 @@ - + @@ -787,7 +789,7 @@ - + @@ -807,11 +809,11 @@ - + - - + + @@ -849,7 +851,7 @@ - + @@ -878,7 +880,7 @@ - + @@ -889,7 +891,7 @@ - + @@ -907,7 +909,7 @@ - + @@ -918,8 +920,8 @@ - - + + @@ -931,14 +933,14 @@ - + - + - - + + @@ -952,7 +954,7 @@ - + @@ -981,13 +983,13 @@ - + - - + + @@ -1007,7 +1009,7 @@ - + @@ -1017,7 +1019,7 @@ - + @@ -1026,7 +1028,7 @@ - + @@ -1044,7 +1046,7 @@ - + @@ -1613,7 +1615,7 @@ - + @@ -1622,7 +1624,7 @@ - + @@ -1634,16 +1636,16 @@ - + - + - + @@ -2496,8 +2498,8 @@ - - + + @@ -2520,7 +2522,7 @@ - + @@ -2683,7 +2685,7 @@ - + @@ -2752,8 +2754,8 @@ - - + + @@ -2762,7 +2764,7 @@ - + @@ -3469,7 +3471,7 @@ - + @@ -3574,7 +3576,7 @@ - + @@ -3606,7 +3608,7 @@ - + @@ -3846,7 +3848,7 @@ - + @@ -3862,38 +3864,40 @@ - + - + - + - + - + - + - - + + + + - + - + - + - - + + @@ -3907,22 +3911,22 @@ - - + + - - + + - - + + @@ -3989,10 +3993,10 @@ - + - + @@ -4013,6 +4017,36 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 87f2b711907fbb7b89b37c890b3643d749e54c3c Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Fri, 19 Jan 2024 17:25:40 +0000 Subject: [PATCH 18/28] Diagram: timeline fix most main diagram items --- book/src/pickles/pickles_structure.drawio | 244 +++++++++++----------- 1 file changed, 121 insertions(+), 123 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index d40fc5bf4f..cd6c653916 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -180,10 +180,10 @@ - + - + @@ -210,7 +210,7 @@ - + @@ -219,7 +219,7 @@ - + @@ -309,10 +309,10 @@ - + - + @@ -324,7 +324,7 @@ - + @@ -340,7 +340,7 @@ - + @@ -413,7 +413,7 @@ - + @@ -438,7 +438,7 @@ - + @@ -557,10 +557,10 @@ - + - + @@ -582,7 +582,7 @@ - + @@ -593,7 +593,7 @@ - + @@ -605,27 +605,26 @@ - + - - + - + - + - + - + @@ -675,12 +674,9 @@ - + - - - @@ -690,9 +686,6 @@ - - - @@ -705,9 +698,6 @@ - - - @@ -717,10 +707,10 @@ - + - + @@ -739,10 +729,10 @@ - + - + @@ -756,22 +746,22 @@ - + - + - + - + - + - + @@ -795,7 +785,7 @@ - + @@ -920,7 +910,7 @@ - + @@ -957,8 +947,7 @@ - - + @@ -1040,10 +1029,10 @@ - + - + @@ -1084,7 +1073,7 @@ - + @@ -1140,7 +1129,7 @@ - + @@ -1151,7 +1140,7 @@ - + @@ -1162,7 +1151,7 @@ - + @@ -1181,7 +1170,7 @@ - + @@ -1221,7 +1210,7 @@ - + @@ -1232,7 +1221,7 @@ - + @@ -1277,7 +1266,7 @@ - + @@ -1290,7 +1279,7 @@ - + @@ -1301,7 +1290,7 @@ - + @@ -1320,34 +1309,16 @@ - + - - - - + - - - - - - - - - - - - - - - - + - + @@ -1374,7 +1345,7 @@ - + @@ -1385,7 +1356,7 @@ - + @@ -1401,24 +1372,19 @@ - + - - - - - - + - + @@ -1433,7 +1399,7 @@ - + @@ -1444,7 +1410,7 @@ - + @@ -1463,7 +1429,7 @@ - + @@ -1479,7 +1445,7 @@ - + @@ -1502,7 +1468,7 @@ - + @@ -1552,7 +1518,7 @@ - + @@ -1591,7 +1557,7 @@ - + @@ -1615,44 +1581,44 @@ - + - + - + - + - + - + - + - + - + - + - + - - + + @@ -1662,6 +1628,29 @@ + + + + + + + + + + + + + + + + + + + + + + + @@ -2498,7 +2487,7 @@ - + @@ -2556,7 +2545,7 @@ - + @@ -2568,7 +2557,7 @@ - + @@ -2685,7 +2674,7 @@ - + @@ -2739,10 +2728,10 @@ - + - + @@ -3902,15 +3891,24 @@ - + - + - + + + + + + + + + + @@ -4008,13 +4006,13 @@ - + - + - + From 75451b16938de69abe03e5497f26e22a204b6a77 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Fri, 19 Jan 2024 18:54:41 +0000 Subject: [PATCH 19/28] Timeline-colour everything, clarifying 4-degree values --- book/src/pickles/pickles_structure.drawio | 357 +++++++++++++--------- 1 file changed, 221 insertions(+), 136 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index cd6c653916..cfc5b9b547 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,9 +1,19 @@ - + - + + + + + + + + + + + @@ -183,7 +193,7 @@ - + @@ -325,7 +335,7 @@ - + @@ -381,8 +391,8 @@ - - + + @@ -436,16 +446,16 @@ - + - + - + - + @@ -549,8 +559,8 @@ - - + + @@ -616,22 +626,22 @@ - + - + - + - + - - + + @@ -660,13 +670,13 @@ - + - + @@ -1012,7 +1022,7 @@ - + @@ -1021,7 +1031,7 @@ - + @@ -1671,7 +1681,7 @@ - + @@ -2393,33 +2403,23 @@ - + - - - + + + - - - - - - - - - - - - + + @@ -2430,8 +2430,8 @@ - - + + @@ -2448,7 +2448,7 @@ - + @@ -2487,7 +2487,7 @@ - + @@ -2511,7 +2511,7 @@ - + @@ -2572,25 +2572,25 @@ - + - + - + - + - + - + - + @@ -2623,10 +2623,10 @@ - + - + @@ -2641,13 +2641,13 @@ - + - + - + @@ -2656,28 +2656,28 @@ - + - + - + - + - + - + - + - + @@ -2719,6 +2719,11 @@ + + + + + @@ -2728,55 +2733,70 @@ - + - + - + - + - + - + - + - + - - + + - - + + - - + + - - + + - - + + + + + + + + + + + + + + + + + - + - + - + @@ -2858,13 +2878,13 @@ - + - + - + @@ -2879,16 +2899,16 @@ - + - + - - + + - + @@ -2900,8 +2920,23 @@ - - + + + + + + + + + + + + + + + + + @@ -2914,10 +2949,10 @@ - + - + @@ -2970,7 +3005,7 @@ - + @@ -3001,22 +3036,22 @@ - + - + - + - + - + - + @@ -3030,25 +3065,25 @@ - + - + - + - + - + - + @@ -3121,7 +3156,7 @@ - + @@ -3155,49 +3190,49 @@ - + - + - + - + - + - + - + - + - + - + - + - + @@ -3332,7 +3367,7 @@ - + @@ -3341,7 +3376,7 @@ - + @@ -3438,7 +3473,7 @@ - + @@ -3487,6 +3522,12 @@ + + + + + + @@ -3723,7 +3764,7 @@ - + @@ -3741,7 +3782,7 @@ - + @@ -3783,7 +3824,7 @@ - + @@ -3837,7 +3878,7 @@ - + @@ -3846,7 +3887,7 @@ - + @@ -3889,21 +3930,21 @@ - + - + - + - + - + @@ -4045,6 +4086,50 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 87144b5a631a54aa1ee2c5b9cc5afa95a3164e9c Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Mon, 22 Jan 2024 12:01:16 +0000 Subject: [PATCH 20/28] Clarify timelines and types --- book/src/pickles/pickles_structure.drawio | 237 ++++++++++++---------- 1 file changed, 133 insertions(+), 104 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index cfc5b9b547..de2c2bd7ca 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,9 +1,22 @@ - + - + + + + + + + + + + + + + + @@ -185,10 +198,10 @@ - + - + @@ -197,49 +210,49 @@ - + - - + + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -300,7 +313,7 @@ - + @@ -371,7 +384,7 @@ - + @@ -479,13 +492,13 @@ - + - + - - + + @@ -522,8 +535,8 @@ - - + + @@ -532,11 +545,12 @@ - + + - - + + @@ -548,7 +562,7 @@ - + @@ -577,12 +591,19 @@ - + + + + + + + + - + - + @@ -632,15 +653,15 @@ - + - + - + - + @@ -726,7 +747,7 @@ - + @@ -734,10 +755,10 @@ - + - + @@ -746,51 +767,51 @@ - + - + - + - + - + - + - + - - - - + - + + + + - + - + - + - + - + @@ -878,7 +899,12 @@ - + + + + + + @@ -886,8 +912,8 @@ - - + + @@ -954,43 +980,44 @@ - + - - + + + - - + + - + - - + + - + - + - - + + @@ -1000,7 +1027,11 @@ - + + + + + @@ -1008,7 +1039,7 @@ - + @@ -1037,7 +1068,7 @@ - + @@ -1045,20 +1076,23 @@ - + - - + + + + + - + - - + + @@ -1180,8 +1214,8 @@ - - + + @@ -1271,8 +1305,8 @@ - - + + @@ -1597,7 +1631,7 @@ - + @@ -2403,17 +2437,6 @@ - - - - - - - - - - - @@ -2680,6 +2703,9 @@ + + + @@ -2887,7 +2913,7 @@ - + @@ -3536,7 +3562,7 @@ - + @@ -3845,8 +3871,8 @@ - - + + @@ -3877,7 +3903,7 @@ - + @@ -4130,6 +4156,9 @@ + + + From 4884708f581b2c89f68e5a351ae1f4145a96732e Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Mon, 22 Jan 2024 13:21:45 +0000 Subject: [PATCH 21/28] Clarifying field structure --- book/src/pickles/pickles_structure.drawio | 114 ++++++++++------------ 1 file changed, 54 insertions(+), 60 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index de2c2bd7ca..08ee0de9a3 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -265,7 +265,7 @@ - + @@ -313,7 +313,7 @@ - + @@ -374,10 +374,10 @@ - + - + @@ -542,7 +542,7 @@ - + @@ -1214,8 +1214,8 @@ - - + + @@ -1353,9 +1353,6 @@ - - - @@ -1401,7 +1398,7 @@ - + @@ -1423,13 +1420,13 @@ - + - + @@ -1444,7 +1441,7 @@ - + @@ -1539,9 +1536,6 @@ - - - @@ -1626,12 +1620,12 @@ - + - + @@ -1647,7 +1641,7 @@ - + @@ -1695,6 +1689,12 @@ + + + + + + @@ -2477,11 +2477,11 @@ - + - + @@ -2492,7 +2492,7 @@ - + @@ -2505,13 +2505,13 @@ - - + + - + @@ -2529,13 +2529,13 @@ - - + + - - + + @@ -2661,8 +2661,8 @@ - - + + @@ -2694,18 +2694,15 @@ - - + + - - + + - - - @@ -2765,7 +2762,7 @@ - + @@ -2887,8 +2884,8 @@ - - + + @@ -2901,7 +2898,7 @@ - + @@ -2922,7 +2919,7 @@ - + @@ -2998,20 +2995,20 @@ - + - - + + - - + + @@ -3542,15 +3539,12 @@ - + - - - @@ -3689,8 +3683,8 @@ - - + + @@ -3920,7 +3914,7 @@ - + @@ -4156,8 +4150,8 @@ - - + + From a51cb28e9ab3635cfa47d834bd2efbbd77e8e914 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Mon, 22 Jan 2024 14:44:24 +0000 Subject: [PATCH 22/28] Small diagram change --- book/src/pickles/pickles_structure.drawio | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index 08ee0de9a3..fd6bec3359 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -3545,9 +3545,6 @@ - - - From e9be4222595fe831c5b0b2824b5c4a3b657b07de Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Mon, 22 Jan 2024 18:32:22 +0000 Subject: [PATCH 23/28] Book: Improve pickles overview --- book/src/pickles/overview.md | 24 +++-- book/src/pickles/pickles_structure.drawio | 101 +++++++++--------- .../pickles/pickles_structure_overview.svg | 2 +- 3 files changed, 67 insertions(+), 60 deletions(-) diff --git a/book/src/pickles/overview.md b/book/src/pickles/overview.md index 3bb094bac0..c1e22fe159 100644 --- a/book/src/pickles/overview.md +++ b/book/src/pickles/overview.md @@ -2,17 +2,29 @@ Pickles is a recursion layer built on top of Kimchi. The complexity of pickles as a protocol lies in specifying how to verify previous kimchi inside of the current ones. And it gets quite complicated with many concrete details. Working over two curves requires us to have different circuits and a "mirrored" structure, some computations are deferred for efficiency, and one needs to carefully keep track of the accumulators. In this section we provide a general overview of pickles, while next sections in the same chapter dive into the actual implementation details. -Pickles works over Pasta, a cycle of curves consisting of Pallas and Vesta, and thus it defines two generic circuits, one for each curve. Each can be thought of as a parallel instantiation of a kimchi proof systems. These circuits are not symmetric and have somewhat different function: +Pickles works over [Pasta](/specs/pasta.md), a cycle of curves consisting of Pallas and Vesta, and thus it defines two generic circuits, one for each curve. Each can be thought of as a parallel instantiation of a kimchi proof systems. These circuits are not symmetric and have somewhat different function: - **Step circuit**: this is the main circuit that contains application logic. Each step circuit verifies a statement and potentially several (at most 2) other wrap proofs. - **Wrap circuit**: this circuit merely verifies the step circuit, and does not have its own application logic. The intuition is that every time an application statement is proven it's done in Step, and then the resulting proof is immediately wrapped using Wrap. + +#### General Circuit Structure + Both Step and Wrap circuits additionally do a lot of recursive verification of the previous steps. Without getting too technical, Step (without lost of generality) does the following: -1. Verify the application logic statement -2. Verify that the previous Wrap proof is valid (but perform only main checks that are efficient) -3. Verify that the previous Step proof is valid (perform the secondary checks that were inefficient to perform when the previous Step was Wrapped) -4. Verify that the previous Step correctly aggregated the previous accumulator, that is $\mathsf{acc}_1 = \mathsf{Aggregate}(\mathsf{acc}_0, \pi_{\mathsf{step},1})$. - - *@volhovm: this is probably simplistic if not incorrect. Improve.* +1. Verify the application logic statement (e.g. the mina transaction is valid) +2. Verify that the previous Wrap proof is (first-)half-valid (perform only main checks that are efficient for the curve) +3. Verify that the previous Step proof is (second-)half-valid (perform the secondary checks that were inefficient to perform when the previous Step was Wrapped) +4. Verify that the previous Step correctly aggregated the previous accumulator, e.g. $\mathsf{acc}_2 = \mathsf{Aggregate}(\mathsf{acc}_1, \pi_{\mathsf{step},2})$. The diagram roughly illustrates the interplay of the two kimchi instances. ![Overview](./pickles_structure_overview.svg) + + +The small remark that Step circuit may repeat items 2-3 has to do with the following. In the case where Step 2 consumes several Wrap 1.X (e.g. Wrap 1.1, Wrap 1.2, etc), it must perform all these main Wrap 1.X checks, but also all the deferred Step 1.X checks where Wrap 1.X wraps exactly Step 1.X. + + +#### On Accumulators + +The accumulator is an abstraction introduced for the purpose of this diagram. In practice, each kimchi proof consists of (1) commitments to polynomials, (2) evaluations of them, (3) and the opening proof. What we refer to as accumulator here is actually the commitment inside the opening proof. It is called `sg` in the implementation and is semantically a polynomial commitment to `h(X)` --- the poly-sized polynomial that is built from IPA challenges. It's a very important polynomial -- it can be evaluated in log time, but the commitment verification takes poly time, so the fact that `sg` is a commitment to `h(X)` is never proven inside the circuit. For more details, see [Proof-Carrying Data from Accumulation Schemes](https://eprint.iacr.org/2020/499.pdf), Appendix A.2, where `sg` is called `U`. + +In pickles, what we do is that we "absorb" this commitment `sg` from the previous step while creating a new proof. That is, for example, Step 1 will produce this commitment that is denoted as `acc1` on the diagram, as part of its opening proof, and Step 2 will absorb this commitment. And this "absorbtion" is what Wrap 2 will prove (and, partially, Step 3 will also refer to the challenges used to build `acc1`, but this detail is completely avoided in this overview). In the end, `acc2` will be the result of Step 2, so in a way `acc2` "aggregates" `acc1` which somewhat justifies the language used. diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index fd6bec3359..26779a8f3d 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -40,54 +40,48 @@ - + - - + + - + - + - + - - + + - + - - - - - - - - + + - + - - + + @@ -98,77 +92,78 @@ - - + + - + - + - + - + - - + + - + - + - + - + - - + + + - - + + - + - + - + - - + + @@ -176,7 +171,7 @@ - + @@ -1614,7 +1609,7 @@ - + @@ -3993,40 +3988,40 @@ - + - + - + - + - + - + - + - + diff --git a/book/src/pickles/pickles_structure_overview.svg b/book/src/pickles/pickles_structure_overview.svg index 3c69920f32..ac0192c085 100644 --- a/book/src/pickles/pickles_structure_overview.svg +++ b/book/src/pickles/pickles_structure_overview.svg @@ -1,4 +1,4 @@ -
Step 1:
1.
2. Wrap 0 main checks
3. Step 0 deferred checks
4. acc-1' was aggregated properly
(2-4 may be repeated when step consumes several wrap proofs)
Step 1:...
Step 2:
1.
2. Wrap 1 main checks
3. Step 1 deferred checks
4. acc0' was aggregated properly
(2-4 may be repeated when step consumes several wrap proofs)
Step 2:...
Wrap 1:
1. Step 1 main checks
2. Wrap 0 deferred checks
3. acc0 was aggregated properly
Wrap 1:...
Wrap 2:
1. Step 2 main checks
2. Wrap 1 deferred checks
3. acc1 was aggregated properly
Wrap 2:...
acc1
acc1
acc2
acc2
acc0
acc0
acc1'
acc1'
acc2'
acc2'
acc0'
acc0'
application statement
application statement...
application statement
application statement...
`\ldot...
`\ld...
`\ld...
`\ld...
`\ld...
`\ldot...Text is not SVG - cannot display \ No newline at end of file +
Step 1:
1.
2. Wrap 0 main checks
    2.1. acc-1' was
           aggregated properly
3. Step 0 deferred checks

(2-3 may be repeated)
Step 1:...
Step 2:
1.
2. Wrap 1 main checks
   2.1. acc0' was
          aggregated properly
3. Step 1 deferred checks

(2-3 may be repeated)
Step 2:...
Wrap 1:
1. Step 1 main checks
    1.1. acc0 was
           aggregated properly
2. Wrap 0 deferred checks
Wrap 1:...
Wrap 2:
1. Step 2 main checks
    1.1. acc1 was
           aggregated properly
2. Wrap 1 deferred checks
Wrap 2:...
acc1
acc1
acc2
acc2
acc0
acc0
acc1'
acc1'
acc2'
acc2'
acc0'
acc0'
application statement
application statement...
application statement
application statement...
`\ldot...
`\ld...
`\ld...
`\ld...
`\ld...
`\ldot...Text is not SVG - cannot display \ No newline at end of file From d13088ee561cedc30c800c4c707c4426d2bfbec9 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Mon, 22 Jan 2024 19:02:45 +0000 Subject: [PATCH 24/28] Book: add the section with zoomable pickles diagrams --- book/src/SUMMARY.md | 1 + book/src/pickles/diagrams.md | 29 +++++++ book/src/pickles/pickles_structure.drawio | 75 ++++++++++++++----- .../pickles/pickles_structure_legend_1.svg | 4 + book/src/pickles/pickles_structure_step.svg | 4 + book/src/pickles/pickles_structure_wrap.svg | 4 + ...pickles_structure_wrap_deferred_values.svg | 4 + 7 files changed, 103 insertions(+), 18 deletions(-) create mode 100644 book/src/pickles/diagrams.md create mode 100644 book/src/pickles/pickles_structure_legend_1.svg create mode 100644 book/src/pickles/pickles_structure_step.svg create mode 100644 book/src/pickles/pickles_structure_wrap.svg create mode 100644 book/src/pickles/pickles_structure_wrap_deferred_values.svg diff --git a/book/src/SUMMARY.md b/book/src/SUMMARY.md index fabc4fb22d..be318bb0a6 100644 --- a/book/src/SUMMARY.md +++ b/book/src/SUMMARY.md @@ -66,6 +66,7 @@ - [Inductive Proof Systems](./pickles/zkbook_ips.md) - [Accumulation](./pickles/accumulation.md) - [Deferred Computation](./pickles/deferred.md) +- [Technical Diagrams](./pickles/diagrams.md) # Technical Specifications diff --git a/book/src/pickles/diagrams.md b/book/src/pickles/diagrams.md new file mode 100644 index 0000000000..5f6a4357bf --- /dev/null +++ b/book/src/pickles/diagrams.md @@ -0,0 +1,29 @@ +# Pickles Technical Diagrams + +This section contains a series of diagrams giving an overview of implementation of pickles, closely following the structures and abstractions in the code. However, they are very technical and are primarily intended for developer use. The primary source of all the images in this section is [`pickles_structure.drawio`](./pickles_structure.drawio) file, and if one edits it one must re-generate the `.svg` renders by doing "export -> selection". + +The legend of the diagrams is quite straightforward: +- The black boxes are data structures that have names and labels following the implementation. + - `MFNStep`/`MFNWrap` is an abbreviation from `MessagesForNextStep` and `MessagesForNextWrap` that is used for brewity. Most other datatypes are exactly the same as in the codebase. +- The blue boxes are computations. Sometimes, when the computation is trivial or only vaguely indicated, it is denoted as a text sign directly on an arrow. +- Arrows are blue by default and denote moving a piece of data from one place to another with no (or very little) change. Light blue arrows are denoting witness query that is implemented through the `handler` mechanism. The "chicken foot" connector means that this arrow accesses just one field in an array: such an arrow could connect e.g. a input field of type `old_a: A` in a structure `Vec<(A,B)>` to an output `new_a: A`, which just means that we are inside a `for` loop and this computation is done for all the elemnts in the vector/array. +- Colour of the field is sometimes introduced and denotes how many steps ago was this piece of data created. The absense of the colour means either that (1) the data structure contains different subfields of different origin, or that (2) it was not coloured but it could be. The colours are assigned according to the following convention: + +![](./pickles_structure_legend_1.svg) + + +### Wrap Computatiton and Deferred Values + +The following is the diagram that explains the Wrap computation. The left half of it corresponds to the `wrap.ml` file and the general logic of proof creation, while the right part of it is `wrap_main.ml`/`wrap_verifier.ml` and explains in-circuit computation. + +[ ![](pickles_structure_wrap.svg) ](./pickles_structure_wrap.svg) + +This diagram explains the `deferred_values` computation which is in the heart of `wrap.ml` represented as a blue box in the middle of the left pane of the main Wrap diagram. Deferred values for Wrap are computed as follows: + +[ ![](pickles_structure_wrap_deferred_values.svg) ](./pickles_structure_wrap_deferred_values.svg) + +### Step Computation + +The following is the diagram that explains the Step computation, similarly to Wrap. The left half of it corresponds to the general logic in `step.ml`, and the right part of it is `step_main.ml` and explains in-circuit computation. We provide no `deferred_values` computation diagram for Step, but it is very conceptually similar to the one already presented for Wrap. + +[ ![](pickles_structure_step.svg) ](./pickles_structure_step.svg) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index 26779a8f3d..db0f794a2c 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -4068,41 +4068,80 @@ + + + + + + + + + + - + + + + + + + - - + + - + - - + + + + + - + - - + + + + + + + + + + + - + - - + + + + + + + - + - + + + + - + + + + - + diff --git a/book/src/pickles/pickles_structure_legend_1.svg b/book/src/pickles/pickles_structure_legend_1.svg new file mode 100644 index 0000000000..04a08f2308 --- /dev/null +++ b/book/src/pickles/pickles_structure_legend_1.svg @@ -0,0 +1,4 @@ + + + +
Produced 3 iterations ago, in the Step before the last Step
Produced 3 iteration...
Last Step:
Produced 1 iteration ago, in the last Step
Last Step:...
Produced 2 iterations ago, in the previous Wrap
Produced 2 iteration...
This Wrap:
Produced in this iteration
This Wrap:...
Produced 2 iterations ago, in the previous Step
Produced 2 iteration...
This Step:
Produced in this iteration
This Step:...
Produced 3 iterations ago, in the Wrap before the last Wrap
Produced 3 iteration...
Last Wrap:
Produced 1 iteration ago, in the last Wrap
Last Wrap:...
When in Step:
When in Step:
When in Wrap:
When in Wrap:
Produced 4 iterations ago, in the prev-previous Wrap
Produced 4 iteration...
Produced 2 iterations ago, in the previous Step
Produced 2 iteration...Text is not SVG - cannot display \ No newline at end of file diff --git a/book/src/pickles/pickles_structure_step.svg b/book/src/pickles/pickles_structure_step.svg new file mode 100644 index 0000000000..f536444c68 --- /dev/null +++ b/book/src/pickles/pickles_structure_step.svg @@ -0,0 +1,4 @@ + + + +
prev_proofs: Vec<WrapProof>
prev_proofs: Vec<WrapProof>
WrapStatement
WrapStatement
MFNStep
MFNStep
challenge_poly_commitment
challenge_poly_commitment
dlog_plonk_index
dlog_plonk_index
app_state
app_state
WrapProofState
WrapProofState
WrapDeferredValues
WrapDeferredValues
xi
xi
plonk
plonk
combined_inner_product
combined_inner_product
bulletproof_challenges
bulletproof_challenges
branch_data
branch_data
MFNWrap
MFNWrap
challenge_poly_commitment
challenge_poly_commitment
old_bulletproof_challenges
old_bulletproof_challenges
next_statement: StepStatement
next_statement: StepStatement
Vec<MFNWrap>
Vec<MFNWrap>
challenge_poly_commitment
challenge_poly_commitment
old_bulletproof_challenges
old_bulletproof_challenges
StepProofState
StepProofState
unfinalized_proofs: Vec<PerProof>
unfinalized_proofs: Vec<PerProof>
StepDeferredValues
StepDeferredValues
xi
xi
plonk
plonk
combined_inner_product
combined_inner_product
b
b
bulletproof_challenges
bulletproof_challenges
should_finalize
should_finalize
sponge_digest_before_evaluations
sponge_digest_before_evaluations
MFNStep
MFNStep
challenge_poly_commitment
challenge_poly_commitment
app_state
app_state
dlog_plonk_index
dlog_plonk_index
old_bulletproof_challenges
old_bulletproof_challenges
StepProof
StepProof
prev_evals
prev_evals
index
index
statement
statement
proof: ProverProof
proof: ProverProof
prev_challenges
prev_challenges
...
...
Prove
Prove
x
x
w
w
rule.main
r...
branch_data
branch_data
index
index
proofs_verified
proofs_ver...
rule
rule
feature_flags
feature_fl...
requests
requests
main
main
lte
lte
domains
domains
challenge_polynomial_commitments = sgs
challenge_polynomial_commitments = sgs
unfinalized_proofs
unfinalized_proofs
map (\s -> s.proof_state.messages_for_next_wrap_proof), and pad with dummies
ma...
statement_with_hashes
statement_with_hashes
x_hats
x_hats
witnesses
witnesses
expand_proof
expand_proof
This function partially reruns the previous (wrap) proof and generates data that is necessary to create a step proof about it.
1. Unpacks some previous data, e.g. "plonk", "prev_challenges", and "prev_statement_with_hashes" (returned as statement_with_hashes).
2. Computes deferred values of these wrap proofs using Wrap_deferred_values.expand_deferred.
3. Creates an oracle O from (dlog_vk, mfns.challenge_polynomial_commitments, prev_challenges, public_input, proof)
4. Computes new_bulletproof_challenges and $b$ using O.opening_prechallenges, O.r, O.zeta, O.zetaw.
5. Sets challenge_polynomial_commitment to proof.openings.proof.challenge_polynomial_commitment
6. Creates witness: PerProofWitness (that is used inside the circuit)
7. Computes combined_inner_product
8. Builds unfinalized_proofs from computed components (plonk, combined_inner_product, xi, bulletproof_challenges, b)
This function partially reruns the previous (wrap) proof and generate...
dlog_vk
dlog_vk
app_state
app_state
prev_proof
prev_proof
proof_must_verify
proof_must_verify
app_state: either next_state OR/AND return_value
app_state: either next_st...
self_dlog_plonk_index
self_dlog_plonk_index
concat all together ?
c...
compute app_state
c...
public_input
public_input
prev_challenge_polynomial_commitments: Vec<_>
prev_challenge_polynomial_commitments: Vec<_>
challenge_poly_commitment
challenge_poly_commitment
old_bulletproof_challenges
old_bulletproof_challenges
main =* rule.main
m...
previous_proof_statements are accessed through handler
which is called in step_main (Compute_prev_proof_parts)
while unpacking rule.main
p...
step_main/incrementally_verify_proof     (over Fp)
step_main/incrementally_verify_proof     (over Fp)
sponge_digest_before_evaluations_actual
sponge_digest_before_evaluations_actual
bulletproof_challenges_actual
bulletproof_challenges_actual
bulletproof_success
bulletproof_success

Partially verifies the previous step proof, deferring some computations to the next iteration. This implicitly (partially?) verifies the correct accumulation.

Similar to wrap/incrementally_verify_proof

Partially verifies the previous step proof, deferr...
assert equal
assert equal
step_verifier/finalize_other_proof     (over Fp)
step_verifier/finalize_other_proof     (over Fp)
bulletproof_challenges
bulletproof_challenges
sponge
sponge
prev_challenges
prev_challenges
(ft_eval1, evals)
(ft_eval1, evals)

This finalizes the "deferred values" coming from a previous proof over the same field. 

Returns AND of the following 4 checks:

1. Checks that and where sampled correctly. I.e., by absorbing all the evaluation openings and then squeezing.
2. Checks that the "combined inner product" value used in the elliptic curve part of the opening proof was computed correctly, in terms of the evaluation openings and the evaluation points.
3. Check that the value was computed correctly (recombined using ).
4. Perform the arithmetic checks from marlin.

This finalizes the "deferred values" coming from...
bool_checks
bool_checks
deferred_values.bulletproof_challenges()
de...
deferred_values
deferred_values
unfinalized: PerProof
unfinalized: PerProof
sponge_digest_before_evaluations
sponge_digest_before_evaluations
deferred_values
deferred_values
should_finalize
should_finalize
step_main/verify    (over Fp)
step_main/verify    (over Fp)
create new as 
Poseidon over Fp
create new as...
pack_statement
pa...
statement
statement
sg_old
sg_old
proof 
proof 
sponge_after_index
sponge_after_index
public_input
public_input
sponge
sponge
sg_old
sg_old
proof (messages + openings)
proof (messages + openings)
plonk
plonk
xi
xi
advice.b
advice.b
advice.combined_inner_product
advice.combined_inner_product
sponge_after_index
sponge_after_index
unfinalized_proof: PerProof
unfinalized_proof: PerProof
StepDeferredValues
StepDeferredValues
xi
xi
plonk
plonk
combined_inner_product
combined_inner_product
b
b
bulletproof_challenges
bulletproof_challenges
should_finalize
should_finalize
sponge_digest_before_evaluations
sponge_digest_before_evaluations
map (assert equal)
map (assert equal)
finalized
finalized
chals
chals
verified & (finalized | !should_verify)
verified & (finalized | !should_verify)
verified
verified
PerProofWitness
PerProofWitness
app_state
app_state
wrap_proof
wrap_proof
prev_proof_evals
prev_proof_evals
prev_challenge_polynomial_commitments
prev_challenge_polynomial_commitments
prev_challenges
prev_challenges
proof_state: WrapProofState
proof_state: WrapProofState
sponge_digest_before_evaluations
sponge_digest_before_evaluations
WrapDeferredValues
WrapDeferredValues
xi
xi
plonk
plonk
combined_inner_product
combined_inner_product
b
b
bulletproof_challenges
bulletproof_challenges
branch_data
branch_data
MFNWrap
MFNWrap
challenge_poly_commitment
challenge_poly_commitment
old_bulletproof_challenges
old_bulletproof_challenges
override
ov...
MFNW (Digest)
MFNW (Digest)
should_verify
should_verify
d (datas): ForStep
d (datas): ForStep
branches
branches
num_chunks
num_chunks
feature_flags
feature_flags
step_domains
step_domains
wrap_domain
wrap_domain
public_input
public_input
proofs_verifieds
proofs_verifieds
zk_rows
zk_rows
wrap_key
wrap_key
max_proofs_verified
max_proofs_verified
Create new sponge
& absorb the input
Create new sponge...
statement: StepStatement
statement: StepStatement
proof_state
proof_state
MFNStep
MFNStep
challenge_poly_commitment
challenge_poly_commitment
app_state
app_state
dlog_plonk_index
dlog_plonk_index
old_bulletproof_challenges
old_bulletproof_challenges
Hash
Ha...
step_main/verify_one    (over Fp)
step_main/verify_one    (over Fp)
hash_messages_for_next_step_proof_opt
hash_messages_for_next_step_proof_opt
previous_proofs_statements: Vec<PreviousProofStatement>
previous_proofs_statements: Vec<Prev...
proof_must_verify
proof_must_verify
public_input
public_input
proof (unused)
proof (unused)
public_output (ret_var)
public_output (ret_var)
auxiliary_output (auxiliary_var)
auxiliary_output (auxiliary_...
app_state
app_state
next_state
next_state
dlog_plonk_index
dlog_plonk_index
self_dlog_plonk_index
self_dlog_plonk_index
map (\proof_witness -> proof_witness.wrap_proof.opening.challenge_polynomial_commitment)
ma...
prevs: Vec<PerProofWitness>
prevs: Vec<PerProofWitness>
message:
prev_challenges & prev_inputs
message:...
unfinalized_proofs_unextended
unfinalized_proofs_unextended
messages_for_next_wrap_proof
messages_for_next_wrap_proof
override app_state
in prevs
ov...
'd' contains all
7 fields of 'basic'
'd...
basic: Basic
basic: Basic
wrap_domains
wrap_domains
public_input
public_input
proofs_verifieds
proofs_verifieds
feature_flags
feature_flags
num_chunks
num_chunks
zk_rows
zk_rows
step_domains
step_domains
--- Direct Inputs to step_main: ---
--- Direct Inputs to step_main: ---
bulletproof_challenges
bulletproof_challenges
concat, assert all
concat, assert all
MFNStep
MFNStep
app_state
app_state
dlog_plonk_index
dlog_plonk_index
old_bulletproof_challenges
old_bulletproof_challenges
challenge_poly_commitment
challenge_poly_commitment
hash_messages_for_next_step_proof
hash_messages_for_next_step_proof
match public_input with:
1. app_state 
2. ret_var
3. (app_state,ret_var)
match public_input with...
public_input
public_input
actual_wrap_domains
actual_wrap_domains
send back to step.ml
send back to step.ml
send back to step.ml
send back to step.ml
run application logic of previous statements
run application logic of...
rule
rule
send back to step.ml 
triggering 
compute_prev_proof_parts
send back to step.ml...
previous_proofs_statements: Vec<PreviousProofStatement>
previous_proofs_statements: Vec<PreviousProofState...
proof_must_verify
proof_must_verify
public_input = app_state
public_input = app_state
ProverProof
ProverProof
OpeningProof
OpeningProof

sg = challenge_polynomial_commitment

sg = challenge_polynomial_commitment

lr

lr

z1

z1

z2

z2

delta

delta
commitments
commitments
prev_challenges
prev_challenges
ft_eval1
ft_eval1
evals
evals
unused, see 
plonk_dlog_proof.ml/of_backend
unused, see...
prev_evals: AllEvals
prev_evals: AllEvals
evals
evals
public_input
public_input
ft_eval1
ft_eval1
b
b
old_bulletproof_challenges
old_bulletproof_challenges
sponge_digest_before_evaluations
sponge_digest_before_evaluations
actual_wrap_domains
actual_wrap_domains
(Concatenated outputs of expand_proof):
(Concatenated outputs of...
prev_evals: Vec<_>
prev_evals: Vec<_>
evals
evals
ft_eval1
ft_eval1
AllEvals
AllEvals
public_input
public_input
evals
evals
ft_eval1
ft_eval1
Assert equal ?????
Assert equa...Text is not SVG - cannot display \ No newline at end of file diff --git a/book/src/pickles/pickles_structure_wrap.svg b/book/src/pickles/pickles_structure_wrap.svg new file mode 100644 index 0000000000..2dd34ffaf5 --- /dev/null +++ b/book/src/pickles/pickles_structure_wrap.svg @@ -0,0 +1,4 @@ + + + +
prev_statement: StepStatement
prev_statement: StepStatement
MFNWrap
MFNWrap
challenge_poly_commitment
challenge_poly_commitment
old_bulletproof_challenges
old_bulletproof_challenges
proof_state: StepProofState
proof_state: StepProofState
unfinalized_proofs: Vec<PerProof>
unfinalized_proofs: Vec<PerProof>
StepDeferredValues
StepDeferredValues
xi
xi
plonk
plonk
combined_inner_product
combined_inner_product
b
b
bulletproof_challenges
bulletproof_challenges
sponge_digest_before_evaluations
sponge_digest_before_evaluations
should_finalize
should_finalize
MFNStep
MFNStep
challenge_poly_commitment
challenge_poly_commitment
app_state
app_state
dlog_plonk_index
dlog_plonk_index
old_bulletproof_challenges
old_bulletproof_challenges
ProverProof
ProverProof
OpeningProof
OpeningProof

sg = challenge_polynomial_commitment

sg = challenge_polynomial_commitment

lr

lr

z1

z1

z2

z2

delta

delta
commitments
commitments
prev_challenges
prev_challenges
ft_eval1
ft_eval1
evals
evals
unused, see 
plonk_dlog_proof.ml/of_backend
unused, see...
next_statement: WrapStatement
next_statement: WrapStatement
MFNStep
MFNStep
challenge_poly_commitment
challenge_poly_commitment
old_bulletproof_challenges
old_bulletproof_challenges
dlog_plonk_index
dlog_plonk_index
app_state
app_state
WrapProofState
WrapProofState
sponge_digest_before_evaluations
sponge_digest_before_evaluations
WrapDeferredValues
WrapDeferredValues
xi
xi
plonk
plonk
combined_inner_product
combined_inner_product
b
b
bulletproof_challenges
bulletproof_challenges
branch_data
branch_data
MFNWrap
MFNWrap
challenge_poly_commitment: E_Vesta = (Fq,Fq)
challenge_poly_commitment:...
old_bulletproof_challenges: Vec<Vec<Fq>>
old_bulletproof_challenges...
Prove
Prove
WrapProof
WrapProof
statement
statement
prev_evals
prev_evals
proof: ProverProof
proof: ProverProof
prev_challenges
prev_challenges
...
...
AllEvals
AllEvals
public_input
public_input
ft_eval1
ft_eval1
evals
evals
StepStatementWithHashes
StepStatementWithHashes
StepProofState
StepProofState
unfinalized_proofs: Vec<PerProof>
unfinalized_proofs: Vec<PerProof>
MFNStep_hashed
MFNStep_hashed
MFNWrap_hashed
MFNWrap_hashed
Hash
H...
Hash
H...
deferred_values: computing deferred values
deferred_values: com...
sgs
sgs
prev_chals
prev_chals
public_input
public_input
IPA.Step.compute_challenges
I...
proof, vk, feature_flags
proof, vk, feature_fl...
x_hat_evals
x_hat_evals
digest
digest
next_acc: Vec<next_acc_elem>
next_acc: Vec<next_acc_elem>
next_acc_elem
next_acc_elem
commitment
commitment
challenges
challenges
front append with dummies
if necessary
f...
x
x
message:
prev_challenges & prev_inputs
message:...
StepProofWPublicEvals
StepProofWPublicEvals
public_evals
public_evals
proof: StepProof
proof: StepProof
prev_statement
prev_statement
prev_evals
prev_evals
proof
proof
index
index
step_vk
step_vk
actual_feature_flags
actual_feature_flags
prev_proof_state.unfinalized_proofs
p...
prev_proof_state
prev_proof_state
step_plonk_index
step_plonk_index
hash
h...
prev_step_accs
prev_step_accs
hash
h...
old_bp_challenges: Vec<Vec<Fq>>
old_bp_challenges: Vec<Vec<Fq>>
openings_proof.challenge_polynomial_commitment
o...
openings_proof
openings_proof
messages
(ProverCommitments)
messages...
WrapStatement
WrapStatement
WrapProofState
WrapProofState
MFNW_digest
MFNW_digest
WrapDeferredValues
WrapDeferredValues
xi
xi
plonk
plonk
combined_inner_product
combined_inner_product
b
b
bulletproof_challenges
bulletproof_challenges
branch_data
branch_data
sponge_digest_before_evaluations
sponge_digest_before_evaluations
MFNS (digest?) -- ignored/bound by SE
MFNS (digest?) -- ignored/bo...
assert equal
assert equal
Hash
H...
MFNWrap
MFNWrap
challenge_poly_commitment
challenge_poly_commitment
old_bulletproof_challenges
old_bulletproof_challenges
assert
assert
wrap_verifier/incrementally_verify_proof    (over Fq)
wrap_verifier/incrementally_verify_proof    (over Fq)
sponge_digest_before_evaluations_actual
sponge_digest_before_evaluations_actual
bulletproof_challenges_actual
bulletproof_challenges_actual
bulletproof_success
bulletproof_success
public_input
public_input
sponge
sponge
messages (ProverCommitments)
messages (ProverCommi...
openings_proof
openings_proof
plonk
plonk
advice.b
advice.b
advice.combined_inner_product
advice.combined_inner_product

Partially verifies the previous step proof, deferring some computations to the next iteration. This implicitly (partially?) verifies the correct accumulation.

What it does:

- Absorbs verifier index, squeezes out index_digest, and absorbs it. Absorbs sg_old (it is a Vesta curve point, so a pair of elements from a Pallas scalar field; everything else absorbed here also absorbs Vesta points). Computes x_hat (public input polynomial evaluation) using public_input and absorbs it. Absorbs messages.w_comm. Absorbs runtime tables. 

- Computes joint_combiner: absorbs lookups, and then squeezes joint_combiner. Computes lookup_table_comm using joint_combiner and a particular type of accumulator. Computes lookup_sorted.

- Squeezes beta, gamma. Absorbs some lookup data. Aborbs messages.z_comm. Squeezes alpha. Absorbs messages.t_comm. Squeezes zeta. After no point there are no squeezes/absorbtions.

- Computes ft_comm

- Generates bulletproof_challenges

- Checks bulletproof validity on bulletproof_challenges (check_bulletproof) using xi, advice, openings_proof, and the polynomials computed in place 

- Asserts that the given plonk is equal to (alpha, beta, gamma, zeta, joint_combiner, feature_flags) that was computed internally.

Partially verifies the previous step proof, deferring some c...
sg_old: E_Vesta = (Fq,Fq)
sg_old: E_Vesta = (Fq,Fq)
xi
xi
map (assert equal)
map (assert equal)
assert equal
assert equal
pack_statement()
p...
prev_statement: StepStatement
prev_statement: StepStatement
proof_state
proof_state
MFNWrap
MFNWrap
challenge_poly_commitment
challenge_poly_commitment
old_bulletproof_challenges
old_bulletproof_challenges
wrap_verifier/finalize_other_proof    (over Fq)
wrap_verifier/finalize_other_proof    (over Fq)
new_bulletproof_challenges
new_bulletproof_challenges
sponge
sponge
old_bulletproof_challenges
old_bulletproof_challenges
evals
evals

This finalizes the "deferred values" coming from a previous proof over the same field. It
1. Checks that and where sampled correctly. I.e., by absorbing all the evaluation openings and then squeezing.
2. Checks that the "combined inner product" value used in the elliptic curve part of the opening proof was computed correctly, in terms of the evaluation openings and the evaluation points.
3. Check that the value was computed correctly.
4. Perform the arithmetic checks from marlin.

This finalizes the "deferred values" coming from...
StepDeferredValues
StepDeferredValues
xi
xi
plonk
plonk
combined_inner_product
combined_inner_product
b
b
bulletproof_challenges
bulletproof_challenges
unwrap properly
u...
unfinalized_proofs: [PerProof]
unfinalized_proofs: [PerProof]
sponge_digest_before_evaluations
sponge_digest_before_evaluations
deferred_values
deferred_values
should_finalize
should_finalize
create new as Poseeidon over Fq
create new as Poseei...
hardcoded through step_keys during compilation
hardcoded through ste...
verification_key
verification_key
w
w
Hash
H...
Hash
H...Text is not SVG - cannot display \ No newline at end of file diff --git a/book/src/pickles/pickles_structure_wrap_deferred_values.svg b/book/src/pickles/pickles_structure_wrap_deferred_values.svg new file mode 100644 index 0000000000..a9ba1bd241 --- /dev/null +++ b/book/src/pickles/pickles_structure_wrap_deferred_values.svg @@ -0,0 +1,4 @@ + + + +
if Some
i...
proof.with_public_evals
proof.with_public_evals
oracle
oracle
sgs
sgs
actual_feature_flags
actual_feature_flags
prev_challenges: Vec<Vec<Fp>>
prev_challenges: Vec<Vec<Fp>>
step_vk.domain.log_size_of_group
s...
step_vk
step_vk
public_input
public_input
proof
proof
actual_proof_verified
actual_proof_verified
fallback
f...
p_eval_1 & p_eval_2
p_eval_1 & p_eval_2
WrapDeferredValues
WrapDeferredValues
x_hat_evals
x_hat_evals
digest
digest
plonk0
plonk0
new_bulletproof_challenges
new_bulletproof_challenges
shift_value (?)
s...
b
b
proof.proof.openings.evals
proof.proof.openings.evals
proof.proof.openings.ft_eval1
proof.proof.openings.ft_eva...
b = challenge_poly zeta + (r * challenge_poly zetaw)
b = challenge_poly zeta...
o.opening_prechals
o.opening_prechals
r = o.u
r = o.u
xi = o.v
xi = o.v
zeta = o.zeta
zeta = o.zeta
zetaw = zeta * w
zetaw = zeta * w
proofs_verified
proofs_verified
domain_log2
domain_log2
O.create_with_public_evals
O.create_with_public_evals
Pow_2_roots_of_unity
Pow_2_roots_of_unity
domain
domain
scalars_env
scalars_env
endo
endo
mds
mds
zk_rows
zk_rows
field_of_hex
field_of_hex
tick_plonk_minimal
tick_plonk_minimal
tick_combined_evals
tick_combined_evals
domain
domain
proof.proof.opening.evals
proof.proof.opening.evals
static
static
wrap/deferred_values
wrap/deferred_values
x_hat
x_hat
combined_inner_product
combined_inner_product

It's a joint linearized evaluation of all our polynomials combined.

It's sponge hashed/absorbed before starting to produce first IPA prechallenges. Used in IPA in two places:
- In the prover computed and absorbed before the folding loop
- Passed to the verifier as a and then also absorbed before the loop.

Also used explicitly in pickles to compute deferred values.

In rust: 

Assuming that each polynomial in is represented by a matrix where the rows correspond to evaluation on points, and the columns represent potential segments (if a polynomial was split in several parts), it computes:

In practice, since we have two evaluation points, will be equal to 



In ocaml:

Compute ft_eval0 (by first computing for it, and using both previous proof evals and public input).

Compute (old) by recombining each set of challenges from (which is a vector of vectors).

Compute as a list of concatenated 
1) grand-old (one step behind) challenge polys evaluated on (each challenge poly is built from an element of old_bulletproof_challenges: Vec<Vec<Fp>>)
2) old (but maybe current, x_hat) public input evaluations (proof_w_public_evals.public_evals) on ,
3) old proof_w_public_evals.proof.openings.evaluations (corresponding to ProverProof.evals) on ,
4) single evaluation ft_eval0

Compute : recombine them all with

Compute and similarly but w.r.t. and ft_eval1.

Return



It's a joint linearized evaluation of all our polynomials combined....
public_input
public_input
r
r
xi
xi
zeta, zetaw
zeta, zetaw
old_bulletproof_challenges
old_bulletproof_challenges
ft_eval1
ft_eval1
env
env
evals
evals
domain
domain
plonk
plonk
xi
xi
plonk
plonk
combined_inner_product
combined_inner_product
bulletproof_challenges
bulletproof_challenges
branch_data
branch_data
b
b
challenge_poly(prechals)
challenge_poly(prechals)
o.digest_before_evaluations
o.digest_before_evaluationsText is not SVG - cannot display \ No newline at end of file From cbd8b3bdd99400b11074e09d3e1be7062ccd675a Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Sat, 27 Jan 2024 10:58:26 +0000 Subject: [PATCH 25/28] Cosmetic update --- book/src/pickles/pickles_structure.drawio | 114 +++++++++++----------- 1 file changed, 57 insertions(+), 57 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index db0f794a2c..6e501a46a1 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -278,7 +278,7 @@ - + @@ -292,7 +292,7 @@ - + @@ -434,15 +434,15 @@ - + - + - + @@ -672,7 +672,7 @@ - + @@ -790,7 +790,7 @@ - + @@ -820,15 +820,15 @@ - + - + - + @@ -1411,13 +1411,13 @@ - + - + @@ -2737,7 +2737,7 @@ - + @@ -2793,7 +2793,7 @@ - + @@ -2803,7 +2803,7 @@ - + @@ -2938,7 +2938,7 @@ - + @@ -2948,7 +2948,7 @@ - + @@ -3678,7 +3678,7 @@ - + @@ -3924,7 +3924,7 @@ - + @@ -3938,7 +3938,7 @@ - + @@ -3956,7 +3956,7 @@ - + @@ -4023,7 +4023,7 @@ - + @@ -4032,16 +4032,16 @@ - + - + - + - + @@ -4050,25 +4050,25 @@ - + - + - + - + - + - + @@ -4078,34 +4078,34 @@ - + - + - + - + - + - + - + - + - + - + @@ -4114,36 +4114,36 @@ - + - + - + - + - + - + - + - + - + - + @@ -4156,7 +4156,7 @@ - + @@ -4168,7 +4168,7 @@ - + @@ -4181,7 +4181,7 @@ - + From 550fddb2f04779fc5ab3080ca6ca6fcf043bdfd4 Mon Sep 17 00:00:00 2001 From: Misha Volkhov Date: Tue, 20 Feb 2024 17:27:25 +0100 Subject: [PATCH 26/28] Apply suggestions from Matthew's review Co-authored-by: Matthew Ryan --- book/src/pickles/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/book/src/pickles/overview.md b/book/src/pickles/overview.md index c1e22fe159..edada4134f 100644 --- a/book/src/pickles/overview.md +++ b/book/src/pickles/overview.md @@ -20,7 +20,7 @@ The diagram roughly illustrates the interplay of the two kimchi instances. ![Overview](./pickles_structure_overview.svg) -The small remark that Step circuit may repeat items 2-3 has to do with the following. In the case where Step 2 consumes several Wrap 1.X (e.g. Wrap 1.1, Wrap 1.2, etc), it must perform all these main Wrap 1.X checks, but also all the deferred Step 1.X checks where Wrap 1.X wraps exactly Step 1.X. +We note that the Step circuit may repeat items 2-3 to handle the following case: when Step 2 consumes several Wrap 1.X (e.g. Wrap 1.1, Wrap 1.2, etc), it must perform all these main Wrap 1.X checks, but also all the deferred Step 1.X checks where Wrap 1.X wraps exactly Step 1.X. #### On Accumulators From 17269b2bad793fe19d56f72aba8d7f97242364ad Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Tue, 20 Feb 2024 17:33:43 +0100 Subject: [PATCH 27/28] Address Matthew's feedback --- book/src/pickles/diagrams.md | 2 +- book/src/pickles/overview.md | 6 +++--- book/src/pickles/pickles_structure.drawio | 16 +++++++++------- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/book/src/pickles/diagrams.md b/book/src/pickles/diagrams.md index 5f6a4357bf..63783603a6 100644 --- a/book/src/pickles/diagrams.md +++ b/book/src/pickles/diagrams.md @@ -4,7 +4,7 @@ This section contains a series of diagrams giving an overview of implementation The legend of the diagrams is quite straightforward: - The black boxes are data structures that have names and labels following the implementation. - - `MFNStep`/`MFNWrap` is an abbreviation from `MessagesForNextStep` and `MessagesForNextWrap` that is used for brewity. Most other datatypes are exactly the same as in the codebase. + - `MFNStep`/`MFNWrap` is an abbreviation from `MessagesForNextStep` and `MessagesForNextWrap` that is used for brevity. Most other datatypes are exactly the same as in the codebase. - The blue boxes are computations. Sometimes, when the computation is trivial or only vaguely indicated, it is denoted as a text sign directly on an arrow. - Arrows are blue by default and denote moving a piece of data from one place to another with no (or very little) change. Light blue arrows are denoting witness query that is implemented through the `handler` mechanism. The "chicken foot" connector means that this arrow accesses just one field in an array: such an arrow could connect e.g. a input field of type `old_a: A` in a structure `Vec<(A,B)>` to an output `new_a: A`, which just means that we are inside a `for` loop and this computation is done for all the elemnts in the vector/array. - Colour of the field is sometimes introduced and denotes how many steps ago was this piece of data created. The absense of the colour means either that (1) the data structure contains different subfields of different origin, or that (2) it was not coloured but it could be. The colours are assigned according to the following convention: diff --git a/book/src/pickles/overview.md b/book/src/pickles/overview.md index edada4134f..08f3b71401 100644 --- a/book/src/pickles/overview.md +++ b/book/src/pickles/overview.md @@ -1,6 +1,6 @@ # Overview of Pickles -Pickles is a recursion layer built on top of Kimchi. The complexity of pickles as a protocol lies in specifying how to verify previous kimchi inside of the current ones. And it gets quite complicated with many concrete details. Working over two curves requires us to have different circuits and a "mirrored" structure, some computations are deferred for efficiency, and one needs to carefully keep track of the accumulators. In this section we provide a general overview of pickles, while next sections in the same chapter dive into the actual implementation details. +Pickles is a recursion layer built on top of Kimchi. The complexity of pickles as a protocol lies in specifying how to verify previous kimchi inside of the current ones. Working over two curves requires us to have different circuits and a "mirrored" structure, some computations are deferred for efficiency, and one needs to carefully keep track of the accumulators. In this section we provide a general overview of pickles, while next sections in the same chapter dive into the actual implementation details. Pickles works over [Pasta](/specs/pasta.md), a cycle of curves consisting of Pallas and Vesta, and thus it defines two generic circuits, one for each curve. Each can be thought of as a parallel instantiation of a kimchi proof systems. These circuits are not symmetric and have somewhat different function: - **Step circuit**: this is the main circuit that contains application logic. Each step circuit verifies a statement and potentially several (at most 2) other wrap proofs. @@ -10,7 +10,7 @@ Pickles works over [Pasta](/specs/pasta.md), a cycle of curves consisting of Pal #### General Circuit Structure Both Step and Wrap circuits additionally do a lot of recursive verification of the previous steps. Without getting too technical, Step (without lost of generality) does the following: -1. Verify the application logic statement (e.g. the mina transaction is valid) +1. Execute the application logic statement (e.g. the mina transaction is valid) 2. Verify that the previous Wrap proof is (first-)half-valid (perform only main checks that are efficient for the curve) 3. Verify that the previous Step proof is (second-)half-valid (perform the secondary checks that were inefficient to perform when the previous Step was Wrapped) 4. Verify that the previous Step correctly aggregated the previous accumulator, e.g. $\mathsf{acc}_2 = \mathsf{Aggregate}(\mathsf{acc}_1, \pi_{\mathsf{step},2})$. @@ -25,6 +25,6 @@ We note that the Step circuit may repeat items 2-3 to handle the following case: #### On Accumulators -The accumulator is an abstraction introduced for the purpose of this diagram. In practice, each kimchi proof consists of (1) commitments to polynomials, (2) evaluations of them, (3) and the opening proof. What we refer to as accumulator here is actually the commitment inside the opening proof. It is called `sg` in the implementation and is semantically a polynomial commitment to `h(X)` --- the poly-sized polynomial that is built from IPA challenges. It's a very important polynomial -- it can be evaluated in log time, but the commitment verification takes poly time, so the fact that `sg` is a commitment to `h(X)` is never proven inside the circuit. For more details, see [Proof-Carrying Data from Accumulation Schemes](https://eprint.iacr.org/2020/499.pdf), Appendix A.2, where `sg` is called `U`. +The accumulator is an abstraction introduced for the purpose of this diagram. In practice, each kimchi proof consists of (1) commitments to polynomials, (2) evaluations of them, (3) and the opening proof. What we refer to as accumulator here is actually the commitment inside the opening proof. It is called `sg` in the implementation and is semantically a polynomial commitment to `h(X)` (`b_poly` in the code) --- the poly-sized polynomial that is built from IPA challenges. It's a very important polynomial -- it can be evaluated in log time, but the commitment verification takes poly time, so the fact that `sg` is a commitment to `h(X)` is never proven inside the circuit. For more details, see [Proof-Carrying Data from Accumulation Schemes](https://eprint.iacr.org/2020/499.pdf), Appendix A.2, where `sg` is called `U`. In pickles, what we do is that we "absorb" this commitment `sg` from the previous step while creating a new proof. That is, for example, Step 1 will produce this commitment that is denoted as `acc1` on the diagram, as part of its opening proof, and Step 2 will absorb this commitment. And this "absorbtion" is what Wrap 2 will prove (and, partially, Step 3 will also refer to the challenges used to build `acc1`, but this detail is completely avoided in this overview). In the end, `acc2` will be the result of Step 2, so in a way `acc2` "aggregates" `acc1` which somewhat justifies the language used. diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index 6e501a46a1..b132f01769 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -3806,8 +3806,7 @@ - - + @@ -3877,7 +3876,7 @@ - + @@ -4181,8 +4180,11 @@ - - + + + + + From 91e86b60cba2286232ba78dbe6d806840563cd95 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Tue, 20 Feb 2024 17:41:07 +0100 Subject: [PATCH 28/28] Remove dep diagram, expand MFN into MessagesForNext --- book/src/pickles/pickles_structure.drawio | 764 +--------------------- 1 file changed, 24 insertions(+), 740 deletions(-) diff --git a/book/src/pickles/pickles_structure.drawio b/book/src/pickles/pickles_structure.drawio index b132f01769..c6cb8d7f67 100644 --- a/book/src/pickles/pickles_structure.drawio +++ b/book/src/pickles/pickles_structure.drawio @@ -1,6 +1,6 @@ - + - + @@ -195,7 +195,7 @@ - + @@ -234,7 +234,7 @@ - + @@ -324,7 +324,7 @@ - + @@ -366,7 +366,7 @@ - + @@ -521,11 +521,11 @@ - - + + - - + + @@ -697,7 +697,7 @@ - + @@ -730,7 +730,7 @@ - + @@ -752,7 +752,7 @@ - + @@ -793,7 +793,7 @@ - + @@ -1725,713 +1725,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -2584,8 +1877,8 @@ - - + + @@ -2611,7 +1904,7 @@ - + @@ -2638,7 +1931,7 @@ - + @@ -2748,7 +2041,7 @@ - + @@ -3244,7 +2537,7 @@ - + @@ -3266,8 +2559,8 @@ - - + + @@ -3382,7 +2675,7 @@ - + @@ -3785,7 +3078,7 @@ - + @@ -4031,15 +3324,6 @@ - - - - - - - - -