resolve conflicts

lambdaclass · Dec 20, 2024 · 90772ef · 90772ef
2 parents 456c4fa + 2ce8b2e
commit 90772ef
Show file tree

Hide file tree

Showing 24 changed files with 843 additions and 220 deletions.
diff --git a/crypto/src/hash/poseidon/mod.rs b/crypto/src/hash/poseidon/mod.rs
@@ -77,7 +77,7 @@ impl<P: PermutationParameters> Poseidon for P {
         // Pad input with 1 followed by 0's (if necessary).
         let mut values = inputs.to_owned();
         values.push(FE::from(1));
-        values.resize(((values.len() + r - 1) / r) * r, FE::zero());
+        values.resize(values.len().div_ceil(r) * r, FE::zero());
 
         assert!(values.len() % r == 0);
         let mut state: Vec<FE<Self::F>> = vec![FE::zero(); m];

diff --git a/crypto/src/hash/sha3/mod.rs b/crypto/src/hash/sha3/mod.rs
@@ -16,7 +16,7 @@ impl Sha3Hasher {
     pub fn expand_message(msg: &[u8], dst: &[u8], len_in_bytes: u64) -> Result<Vec<u8>, String> {
         let b_in_bytes = Sha3_256::output_size() as u64;
 
-        let ell = (len_in_bytes + b_in_bytes - 1) / b_in_bytes;
+        let ell = len_in_bytes.div_ceil(b_in_bytes);
         if ell > 255 {
             return Err("Abort".to_string());
         }

diff --git a/math/src/elliptic_curve/short_weierstrass/curves/bls12_377/pairing.rs b/math/src/elliptic_curve/short_weierstrass/curves/bls12_377/pairing.rs
@@ -232,13 +232,11 @@ fn frobenius_square(
 }
 
 ////////////////// CYCLOTOMIC SUBGROUP OPERATIONS //////////////////
-/// Since the result of the Easy Part of the Final Exponentiation belongs to the cyclotomic
-/// subgroup of Fp12, we can optimize the square and pow operations used in the Hard Part.
-
+// Since the result of the Easy Part of the Final Exponentiation belongs to the cyclotomic
+// subgroup of Fp12, we can optimize the square and pow operations used in the Hard Part.
 /// Computes the square of an element of a cyclotomic subgroup of Fp12.
 /// Algorithm from Constantine's cyclotomic_square_quad_over_cube
 /// https://github.com/mratsim/constantine/blob/master/constantine/math/pairings/cyclotomic_subgroups.nim#L354
-
 pub fn cyclotomic_square(a: &Fp12E) -> Fp12E {
     // a = g + h * w
     let [g, h] = a.value();

diff --git a/math/src/elliptic_curve/short_weierstrass/curves/bls12_381/pairing.rs b/math/src/elliptic_curve/short_weierstrass/curves/bls12_381/pairing.rs
@@ -40,8 +40,7 @@ pub const X_BINARY: &[bool] = &[
 ];
 
 // GAMMA constants used to compute the Frobenius morphisms
-/// We took these constants from https://github.com/hecmas/zkNotebook/blob/main/src/BLS12381/constants.ts
-
+// We took these constants from https://github.com/hecmas/zkNotebook/blob/main/src/BLS12381/constants.ts
 pub const GAMMA_11: Fp2E = Fp2E::const_from_raw([
     FpE::from_hex_unchecked("1904D3BF02BB0667C231BEB4202C0D1F0FD603FD3CBD5F4F7B2443D784BAB9C4F67EA53D63E7813D8D0775ED92235FB8"),
     FpE::from_hex_unchecked("FC3E2B36C4E03288E9E902231F9FB854A14787B6C7B36FEC0C8EC971F63C5F282D5AC14D6C7EC22CF78A126DDC4AF3"),
@@ -315,8 +314,8 @@ fn frobenius_square(
 }
 
 ////////////////// CYCLOTOMIC SUBGROUP OPERATIONS //////////////////
-/// Since the result of the Easy Part of the Final Exponentiation belongs to the cyclotomic
-/// subgroup of Fp12, we can optimize the square and pow operations used in the Hard Part.
+// Since the result of the Easy Part of the Final Exponentiation belongs to the cyclotomic
+// subgroup of Fp12, we can optimize the square and pow operations used in the Hard Part.
 
 /// Computes the square of an element of a cyclotomic subgroup of Fp12.
 /// Algorithm from Constantine's cyclotomic_square_quad_over_cube

diff --git a/math/src/elliptic_curve/short_weierstrass/curves/bn_254/compression.rs b/math/src/elliptic_curve/short_weierstrass/curves/bn_254/compression.rs
@@ -26,7 +26,6 @@ type BN254FieldElement = FieldElement<BN254PrimeField>;
 /// 01: compressed infinity point
 /// the "uncompressed infinity point" will just have 00 (uncompressed) followed by zeroes (infinity = 0,0 in affine coordinates).
 /// adapted from gnark https://github.com/consensys/gnark-crypto/blob/v0.13.0/ecc/bn254/marshal.go
-
 impl Compress for BN254Curve {
     type G1Point = G1Point;
 

diff --git a/math/src/elliptic_curve/short_weierstrass/curves/bn_254/pairing.rs b/math/src/elliptic_curve/short_weierstrass/curves/bn_254/pairing.rs
@@ -32,12 +32,12 @@ type Fp12E = FieldElement<Degree12ExtensionField>;
 type G1Point = ShortWeierstrassProjectivePoint<BN254Curve>;
 type G2Point = ShortWeierstrassProjectivePoint<BN254TwistCurve>;
 
-/// You can find an explanation of the next implemetation in our post
-/// https://blog.lambdaclass.com/how-we-implemented-the-bn254-ate-pairing-in-lambdaworks/
-/// There you'll come across a path to understand the naive implementation of the pairing
-/// using the functions miller_naive() and final_exponentiation_naive().
-/// We then optimized the pairing using the functions miller_optimized() and final_exponentiation_optimized().
-/// You'll find both the naive and optimized versions below.
+// You can find an explanation of the next implemetation in our post
+// https://blog.lambdaclass.com/how-we-implemented-the-bn254-ate-pairing-in-lambdaworks/
+// There you'll come across a path to understand the naive implementation of the pairing
+// using the functions miller_naive() and final_exponentiation_naive().
+// We then optimized the pairing using the functions miller_optimized() and final_exponentiation_optimized().
+// You'll find both the naive and optimized versions below.
 
 ////////////////// CONSTANTS //////////////////
 
@@ -492,12 +492,12 @@ pub fn frobenius_cube(
 
 ////////////////// CYCLOTOMIC SUBGROUP OPERATIONS //////////////////
 
-/// Since the result of the Easy Part of the Final Exponentiation belongs to the cyclotomic
-/// subgroup of Fp12, we can optimize the square and pow operations used in the Hard Part.
+// Since the result of the Easy Part of the Final Exponentiation belongs to the cyclotomic
+// subgroup of Fp12, we can optimize the square and pow operations used in the Hard Part.
 
-/// Computes the square of an element of a cyclotomic subgroup of Fp12.
-/// Algorithm from Constantine's cyclotomic_square_quad_over_cube
-/// https://github.com/mratsim/constantine/blob/master/constantine/math/pairings/cyclotomic_subgroups.nim#L354
+/// Compute the square of an element of a cyclotomic subgroup of Fp12.
+/// Algorithm from Constantine's cyclotomic_square_quad_over_cube:
+/// <https://github.com/mratsim/constantine/blob/master/constantine/math/pairings/cyclotomic_subgroups.nim#L354>
 pub fn cyclotomic_square(a: &Fp12E) -> Fp12E {
     // a = g + h * w
     let [g, h] = a.value();

diff --git a/math/src/field/fields/fft_friendly/quartic_babybear.rs b/math/src/field/fields/fft_friendly/quartic_babybear.rs
@@ -79,12 +79,7 @@ impl IsField for Degree4BabyBearExtensionField {
     }
 
     fn zero() -> Self::BaseType {
-        [
-            FieldElement::zero(),
-            FieldElement::zero(),
-            FieldElement::zero(),
-            FieldElement::zero(),
-        ]
+        Self::BaseType::default()
     }
 
     fn one() -> Self::BaseType {
@@ -125,34 +120,35 @@ impl IsField for Degree4BabyBearExtensionField {
         let one = T::from(1);
 
         if exponent == zero {
-            Self::one()
-        } else if exponent == one {
-            a.clone()
-        } else {
-            let mut result = a.clone();
-
-            while exponent & one == zero {
-                result = Self::square(&result);
-                exponent >>= 1;
-            }
+            return Self::one();
+        }
+        if exponent == one {
+            return a.clone();
+        }
+
+        let mut result = a.clone();
 
+        // Fast path for powers of 2
+        while exponent & one == zero {
+            result = Self::square(&result);
+            exponent >>= 1;
             if exponent == zero {
-                result
-            } else {
-                let mut base = result.clone();
-                exponent >>= 1;
-
-                while exponent != zero {
-                    base = Self::square(&base);
-                    if exponent & one == one {
-                        result = <Degree4BabyBearExtensionField as IsField>::mul(&result, &base);
-                    }
-                    exponent >>= 1;
-                }
-
-                result
+                return result;
             }
         }
+
+        let mut base = result.clone();
+        exponent >>= 1;
+
+        while exponent != zero {
+            base = Self::square(&base);
+            if exponent & one == one {
+                result = <Degree4BabyBearExtensionField as IsField>::mul(&result, &base);
+            }
+            exponent >>= 1;
+        }
+
+        result
     }
 }
 
@@ -221,26 +217,48 @@ impl IsSubFieldOf<Degree4BabyBearExtensionField> for Babybear31PrimeField {
 impl ByteConversion for [FieldElement<Babybear31PrimeField>; 4] {
     #[cfg(feature = "alloc")]
     fn to_bytes_be(&self) -> alloc::vec::Vec<u8> {
-        unimplemented!()
+        let mut byte_slice = ByteConversion::to_bytes_be(&self[0]);
+        byte_slice.extend(ByteConversion::to_bytes_be(&self[1]));
+        byte_slice.extend(ByteConversion::to_bytes_be(&self[2]));
+        byte_slice.extend(ByteConversion::to_bytes_be(&self[3]));
+        byte_slice
     }
 
     #[cfg(feature = "alloc")]
     fn to_bytes_le(&self) -> alloc::vec::Vec<u8> {
-        unimplemented!()
+        let mut byte_slice = ByteConversion::to_bytes_le(&self[0]);
+        byte_slice.extend(ByteConversion::to_bytes_le(&self[1]));
+        byte_slice.extend(ByteConversion::to_bytes_le(&self[2]));
+        byte_slice.extend(ByteConversion::to_bytes_le(&self[3]));
+        byte_slice
     }
 
-    fn from_bytes_be(_bytes: &[u8]) -> Result<Self, crate::errors::ByteConversionError>
+    fn from_bytes_be(bytes: &[u8]) -> Result<Self, crate::errors::ByteConversionError>
     where
         Self: Sized,
     {
-        unimplemented!()
+        const BYTES_PER_FIELD: usize = 64;
+
+        let x0 = FieldElement::from_bytes_be(&bytes[0..BYTES_PER_FIELD])?;
+        let x1 = FieldElement::from_bytes_be(&bytes[BYTES_PER_FIELD..BYTES_PER_FIELD * 2])?;
+        let x2 = FieldElement::from_bytes_be(&bytes[BYTES_PER_FIELD * 2..BYTES_PER_FIELD * 3])?;
+        let x3 = FieldElement::from_bytes_be(&bytes[BYTES_PER_FIELD * 3..BYTES_PER_FIELD * 4])?;
+
+        Ok([x0, x1, x2, x3])
     }
 
-    fn from_bytes_le(_bytes: &[u8]) -> Result<Self, crate::errors::ByteConversionError>
+    fn from_bytes_le(bytes: &[u8]) -> Result<Self, crate::errors::ByteConversionError>
     where
         Self: Sized,
     {
-        unimplemented!()
+        const BYTES_PER_FIELD: usize = 64;
+
+        let x0 = FieldElement::from_bytes_le(&bytes[0..BYTES_PER_FIELD])?;
+        let x1 = FieldElement::from_bytes_le(&bytes[BYTES_PER_FIELD..BYTES_PER_FIELD * 2])?;
+        let x2 = FieldElement::from_bytes_le(&bytes[BYTES_PER_FIELD * 2..BYTES_PER_FIELD * 3])?;
+        let x3 = FieldElement::from_bytes_le(&bytes[BYTES_PER_FIELD * 3..BYTES_PER_FIELD * 4])?;
+
+        Ok([x0, x1, x2, x3])
     }
 }
 
@@ -518,7 +536,6 @@ mod tests {
                 prop_assert_eq!(fft_eval, naive_eval);
             }
 
-            // #[cfg(not(any(feature = "metal"),not(feature = "cuda")))]
             // Property-based test that ensures FFT interpolation is the same as naive..
             #[test]
             #[cfg(not(any(feature = "metal",feature = "cuda")))]

diff --git a/math/src/unsigned_integer/element.rs b/math/src/unsigned_integer/element.rs
@@ -327,7 +327,6 @@ impl<const NUM_LIMBS: usize> ShrAssign<usize> for UnsignedInteger<NUM_LIMBS> {
 }
 
 /// Impl BitAnd
-
 impl<const NUM_LIMBS: usize> BitAnd for UnsignedInteger<NUM_LIMBS> {
     type Output = Self;
 
@@ -348,7 +347,6 @@ impl<const NUM_LIMBS: usize> BitAndAssign for UnsignedInteger<NUM_LIMBS> {
 }
 
 /// Impl BitOr
-
 impl<const NUM_LIMBS: usize> BitOr for UnsignedInteger<NUM_LIMBS> {
     type Output = Self;
 
@@ -370,7 +368,6 @@ impl<const NUM_LIMBS: usize> BitOrAssign for UnsignedInteger<NUM_LIMBS> {
 }
 
 /// Impl BitXor
-
 impl<const NUM_LIMBS: usize> BitXor for UnsignedInteger<NUM_LIMBS> {
     type Output = Self;
 

diff --git a/provers/stark/src/constraints/evaluator.rs b/provers/stark/src/constraints/evaluator.rs
@@ -3,7 +3,7 @@ use super::boundary::BoundaryConstraints;
 use crate::debug::check_boundary_polys_divisibility;
 use crate::domain::Domain;
 use crate::trace::LDETraceTable;
-use crate::traits::AIR;
+use crate::traits::{TransitionEvaluationContext, AIR};
 use crate::{frame::Frame, prover::evaluate_polynomial_on_lde_domain};
 use itertools::Itertools;
 #[cfg(not(feature = "parallel"))]
@@ -14,6 +14,7 @@ use rayon::{
     iter::IndexedParallelIterator,
     prelude::{IntoParallelIterator, ParallelIterator},
 };
+
 #[cfg(feature = "instruments")]
 use std::time::Instant;
 
@@ -183,8 +184,12 @@ impl<A: AIR> ConstraintEvaluator<A> {
                     .collect();
 
                 // Compute all the transition constraints at this point of the LDE domain.
-                let evaluations_transition =
-                    air.compute_transition_prover(&frame, &periodic_values, rap_challenges);
+                let transition_evaluation_context = TransitionEvaluationContext::new_prover(
+                    &frame,
+                    &periodic_values,
+                    rap_challenges,
+                );
+                let evaluations_transition = air.compute_transition(&transition_evaluation_context);
 
                 #[cfg(all(debug_assertions, not(feature = "parallel")))]
                 transition_evaluations.push(evaluations_transition.clone());

diff --git a/provers/stark/src/constraints/transition.rs b/provers/stark/src/constraints/transition.rs
@@ -1,8 +1,8 @@
 use std::ops::Div;
 
 use crate::domain::Domain;
-use crate::frame::Frame;
 use crate::prover::evaluate_polynomial_on_lde_domain;
+use crate::traits::TransitionEvaluationContext;
 use itertools::Itertools;
 use lambdaworks_math::field::element::FieldElement;
 use lambdaworks_math::field::traits::{IsFFTField, IsField, IsSubFieldOf};
@@ -33,10 +33,8 @@ where
     /// vector, in the index corresponding to the constraint as given by `constraint_idx()`.
     fn evaluate(
         &self,
-        frame: &Frame<F, E>,
+        evaluation_context: &TransitionEvaluationContext<F, E>,
         transition_evaluations: &mut [FieldElement<E>],
-        periodic_values: &[FieldElement<F>],
-        rap_challenges: &[FieldElement<E>],
     );
 
     /// The periodicity the constraint is applied over the trace.

diff --git a/provers/stark/src/debug.rs b/provers/stark/src/debug.rs
@@ -1,5 +1,5 @@
 use super::domain::Domain;
-use super::traits::AIR;
+use super::traits::{TransitionEvaluationContext, AIR};
 use crate::{frame::Frame, trace::LDETraceTable};
 use lambdaworks_math::{
     field::{
@@ -93,7 +93,9 @@ pub fn validate_trace<A: AIR>(
             .iter()
             .map(|col| col[step].clone())
             .collect();
-        let evaluations = air.compute_transition_prover(&frame, &periodic_values, rap_challenges);
+        let transition_evaluation_context =
+            TransitionEvaluationContext::new_prover(&frame, &periodic_values, rap_challenges);
+        let evaluations = air.compute_transition(&transition_evaluation_context);
 
         // Iterate over each transition evaluation. When the evaluated step is not from
         // the exemption steps corresponding to the transition, it should have zero as a