feat: complete verification of first layer

zksecurity · Sep 9, 2024 · 3788f92 · 3788f92
1 parent 6ca3330
commit 3788f92
Show file tree

Hide file tree

Showing 4 changed files with 78 additions and 26 deletions.
diff --git a/fri/src/details.rs b/fri/src/details.rs
@@ -4,6 +4,7 @@ use ark_ff::{FftField, PrimeField};
 use ark_poly::EvaluationDomain;
 use channel::FSChannel;
 use commitment_scheme::table_utils::RowCol;
+use felt::felt_252_to_hex;
 use sha3::Digest;
 
 use crate::stone_domain::get_field_element_at_index;
@@ -26,13 +27,21 @@ pub fn second_layer_queries_to_first_layer_queries(
     first_layer_queries
 }
 
-pub fn apply_fri_layers<F: FftField, E: EvaluationDomain<F>>(
+pub fn apply_fri_layers<F: FftField + PrimeField, E: EvaluationDomain<F>>(
     elements: &[F],
     eval_point: Option<F>,
     params: &FriParameters<F, E>,
     layer_num: usize,
     mut first_element_index: usize,
 ) -> F {
+    // prints elements by looping over them
+    for (i, element) in elements.iter().enumerate() {
+        println!("elements[{i}]: {:?}", felt_252_to_hex(element));
+    }
+
+    // prints eval_point
+    println!("eval_point: {:?}", eval_point.map(|e| felt_252_to_hex(&e)));
+
     let mut curr_eval_point = eval_point;
     let mut cumulative_fri_step = 0;
     for i in 0..layer_num {
@@ -56,14 +65,13 @@ pub fn apply_fri_layers<F: FftField, E: EvaluationDomain<F>>(
 
         let mut next_layer = Vec::with_capacity(cur_layer.len() / 2);
         for j in (0..cur_layer.len()).step_by(2) {
-            next_layer.push(
-                MultiplicativeFriFolder::next_layer_element_from_two_previous_layer_elements(
-                    &cur_layer[j],
-                    &cur_layer[j + 1],
-                    &curr_eval_point.unwrap(),
-                    &get_field_element_at_index(&fft_domain, first_element_index + j),
-                ),
+            let res = MultiplicativeFriFolder::next_layer_element_from_two_previous_layer_elements(
+                &cur_layer[j],
+                &cur_layer[j + 1],
+                &curr_eval_point.unwrap(),
+                &get_field_element_at_index(&fft_domain, first_element_index + j),
             );
+            next_layer.push(res);
         }
 
         cur_layer = next_layer;

diff --git a/fri/src/folder.rs b/fri/src/folder.rs
@@ -1,20 +1,21 @@
-use ark_ff::FftField;
+use ark_ff::{FftField, PrimeField};
 use std::sync::Arc;
 
 pub struct MultiplicativeFriFolder;
 
 #[allow(dead_code)]
 impl MultiplicativeFriFolder {
-    pub fn next_layer_element_from_two_previous_layer_elements<F: FftField>(
+    pub fn next_layer_element_from_two_previous_layer_elements<F: FftField + PrimeField>(
         f_x: &F,
         f_minus_x: &F,
         eval_point: &F,
-        x_inv: &F,
+        x: &F,
     ) -> F {
-        Self::fold(f_x, f_minus_x, eval_point, x_inv)
+        let x_inv = x.inverse().unwrap();
+        Self::fold(f_x, f_minus_x, eval_point, &x_inv)
     }
 
-    fn fold<F: FftField>(f_x: &F, f_minus_x: &F, eval_point: &F, x_inv: &F) -> F {
+    fn fold<F: FftField + PrimeField>(f_x: &F, f_minus_x: &F, eval_point: &F, x_inv: &F) -> F {
         *f_x + *f_minus_x + *eval_point * (*f_x - *f_minus_x) * *x_inv
     }
 }

diff --git a/fri/src/stone_domain.rs b/fri/src/stone_domain.rs
@@ -21,9 +21,10 @@ pub fn get_field_element_at_index<F: FftField, E: EvaluationDomain<F>>(
 
 // change order of elements in domain
 pub fn change_order_of_elements_in_domain<F: FftField>(elements: &[F]) -> Vec<F> {
-    assert!(elements.len().is_power_of_two());
-    let mut new_elements = vec![F::zero(); elements.len()];
-    let log_len = elements.len().trailing_zeros();
+    // get smallest power of two that is greater than elements.len()
+    let size = elements.len().next_power_of_two();
+    let mut new_elements = vec![F::zero(); size];
+    let log_len = size.trailing_zeros();
     let mapping_vec = (0..log_len)
         .map(|i| (1 << (log_len - 1 - i)))
         .collect::<Vec<usize>>();

diff --git a/fri/src/verifier.rs b/fri/src/verifier.rs
@@ -2,6 +2,7 @@ use std::error::Error;
 
 use ark_ff::{FftField, PrimeField};
 use ark_poly::{domain::EvaluationDomain, Radix2EvaluationDomain};
+use felt::felt_252_to_hex;
 use randomness::Prng;
 use sha3::Digest;
 
@@ -31,7 +32,7 @@ pub struct FriVerifier<
     channel: FSVerifierChannel<F, P, W>,
     params: FriParameters<F, Radix2EvaluationDomain<F>>,
     commitment_hashes: CommitmentHashes,
-    first_layer_callback: FirstLayerQueriesCallback<F>,
+    first_layer_callback: Box<dyn Fn(&[u64]) -> Vec<F>>,
     n_layers: usize,
     first_eval_point: Option<F>,
     eval_points: Vec<F>,
@@ -45,19 +46,22 @@ pub struct FriVerifier<
 impl<F: FftField + PrimeField, P: Prng + Clone + 'static, W: Digest + Clone + 'static>
     FriVerifier<F, P, W>
 {
-    pub fn new(
+    pub fn new<C>(
         channel: FSVerifierChannel<F, P, W>,
         params: FriParameters<F, Radix2EvaluationDomain<F>>,
         commitment_hashes: CommitmentHashes,
-        first_layer_callback: FirstLayerQueriesCallback<F>,
-    ) -> Self {
+        first_layer_callback: C,
+    ) -> Self
+    where
+        C: Fn(&[u64]) -> Vec<F> + 'static,
+    {
         let n_queries = params.n_queries;
         let n_layers = params.fri_step_list.len();
         Self {
             channel,
             params,
             commitment_hashes,
-            first_layer_callback,
+            first_layer_callback: Box::new(first_layer_callback),
             n_layers,
             first_eval_point: None,
             eval_points: vec![F::zero(); n_layers - 1],
@@ -73,8 +77,7 @@ impl<F: FftField + PrimeField, P: Prng + Clone + 'static, W: Digest + Clone + 's
         self.commitment_phase()?;
 
         // query phase
-        self.query_indices = choose_query_indices(&self.params, &mut self.channel);
-        self.channel.states.begin_query_phase();
+        self.query_phase();
 
         // decommitment phase
         self.verify_first_layer();
@@ -83,11 +86,24 @@ impl<F: FftField + PrimeField, P: Prng + Clone + 'static, W: Digest + Clone + 's
         Ok(())
     }
 
+    pub fn query_phase(&mut self) {
+        self.query_indices = choose_query_indices(&self.params, &mut self.channel);
+        // WARNING : FOR TESTING PURPOSES
+        self.query_indices = vec![0, 6];
+        println!("query_indices: {:?}", self.query_indices);
+        self.channel.states.begin_query_phase();
+    }
+
     pub fn verify_first_layer(&mut self) {
         let first_fri_step = self.params.fri_step_list[0];
         let first_layer_queries =
             second_layer_queries_to_first_layer_queries(&self.query_indices, first_fri_step);
+        println!("first_layer_queries: {:?}", first_layer_queries);
         let first_layer_result = (self.first_layer_callback)(&first_layer_queries);
+        // print first_layer_result by looping over it
+        for (i, result) in first_layer_result.iter().enumerate() {
+            println!("first_layer_result[{i}]: {:?}", felt_252_to_hex(result));
+        }
 
         assert_eq!(
             first_layer_result.len(),
@@ -104,6 +120,12 @@ impl<F: FftField + PrimeField, P: Prng + Clone + 'static, W: Digest + Clone + 's
                 first_layer_queries[i] as usize,
             );
             self.query_results.push(result);
+
+            // print last query_results
+            println!(
+                "query_results[{i}]: {:?}",
+                felt_252_to_hex(self.query_results.last().unwrap())
+            );
         }
     }
 
@@ -260,7 +282,7 @@ mod fri_tests {
     use randomness::{keccak256::PrngKeccak256, Prng};
     use sha3::Sha3_256;
 
-    use crate::stone_domain::make_fft_domains;
+    use crate::stone_domain::{change_order_of_elements_in_domain, make_fft_domains};
 
     use super::*;
 
@@ -314,6 +336,8 @@ mod fri_tests {
             .map(|x| test_layer.evaluate(&x))
             .collect();
 
+        let reordered_witness = change_order_of_elements_in_domain(&_witness);
+
         let fourth_layer_evaluations = vec![
             hex("0x663aa85d164d449a2a7c04698fb3f24f1d049984c1539c7ac3b71839ce485fd"),
             hex("0x16eae1252002c24abc155c65f65cdc0df65ab85219324923be3773d1c8e99ae"),
@@ -354,8 +378,26 @@ mod fri_tests {
         let test_verifier_channel = generate_verifier_channel(&test_prover_channel);
         let commitment_hashes = CommitmentHashes::from_single_hash(SupportedHashes::Blake2s256);
 
-        let mut fri_verifier =
-            FriVerifier::new(test_verifier_channel, params, commitment_hashes, |_| vec![]);
+        let mut fri_verifier = FriVerifier::new(
+            test_verifier_channel,
+            params,
+            commitment_hashes,
+            move |_| {
+                vec![
+                    reordered_witness[0],
+                    reordered_witness[1],
+                    reordered_witness[2],
+                    reordered_witness[3],
+                    reordered_witness[24],
+                    reordered_witness[25],
+                    reordered_witness[26],
+                    reordered_witness[27],
+                ]
+            },
+        );
         fri_verifier.commitment_phase().unwrap();
+
+        fri_verifier.query_phase();
+        fri_verifier.verify_first_layer();
     }
 }