diff --git a/triton-vm/benches/prove_fib_100.rs b/triton-vm/benches/prove_fib_100.rs index f868d1ece..a7ef0566c 100644 --- a/triton-vm/benches/prove_fib_100.rs +++ b/triton-vm/benches/prove_fib_100.rs @@ -14,7 +14,6 @@ use triton_profiler::triton_profiler::TritonProfiler; use triton_vm::proof::Claim; use triton_vm::shared_tests::FIBONACCI_SEQUENCE; use triton_vm::stark::Stark; -use triton_vm::table::master_table::MasterBaseTable; use triton_vm::vm::simulate; use triton_vm::StarkParameters; @@ -44,25 +43,22 @@ fn prove_fib_100(criterion: &mut Criterion) { } let parameters = StarkParameters::default(); - let padded_height = MasterBaseTable::padded_height(&aet, parameters.num_trace_randomizers); - let padded_height = BFieldElement::new(padded_height as u64); let claim = Claim { input: public_input, program_digest: Tip5::hash(&program), output, - padded_height, }; - let _proof = Stark::prove(¶meters, &claim, &aet, &mut maybe_profiler); + let proof = Stark::prove(¶meters, &claim, &aet, &mut maybe_profiler); - let max_degree = - Stark::derive_max_degree(claim.padded_height(), parameters.num_trace_randomizers); + let padded_height = proof.padded_height(¶meters); + let max_degree = Stark::derive_max_degree(padded_height, parameters.num_trace_randomizers); let fri = Stark::derive_fri(¶meters, max_degree); if let Some(profiler) = maybe_profiler.as_mut() { profiler.finish(); report = profiler.report( Some(aet.processor_trace.nrows()), - Some(claim.padded_height()), + Some(padded_height), Some(fri.domain.length), ); } diff --git a/triton-vm/benches/prove_halt.rs b/triton-vm/benches/prove_halt.rs index 413295b82..f7f88262c 100644 --- a/triton-vm/benches/prove_halt.rs +++ b/triton-vm/benches/prove_halt.rs @@ -1,11 +1,10 @@ use criterion::criterion_group; use criterion::criterion_main; use criterion::Criterion; -use triton_opcodes::program::Program; -use twenty_first::shared_math::b_field_element::BFieldElement; use twenty_first::shared_math::tip5::Tip5; use twenty_first::util_types::algebraic_hasher::AlgebraicHasher; +use triton_opcodes::program::Program; use triton_profiler::prof_start; use triton_profiler::prof_stop; use triton_profiler::triton_profiler::Report; @@ -14,7 +13,6 @@ use triton_vm::proof::Claim; use triton_vm::shared_tests::save_proof; use triton_vm::stark::Stark; use triton_vm::stark::StarkParameters; -use triton_vm::table::master_table::MasterBaseTable; use triton_vm::vm::simulate; /// cargo criterion --bench prove_halt @@ -40,25 +38,22 @@ fn prove_halt(_criterion: &mut Criterion) { let cycle_count = aet.processor_trace.nrows(); let parameters = StarkParameters::default(); - let num_trace_randomizers = parameters.num_trace_randomizers; - let padded_height = MasterBaseTable::padded_height(&aet, num_trace_randomizers); - let padded_height = BFieldElement::new(padded_height as u64); let claim = Claim { input: vec![], program_digest: Tip5::hash(&program), output, - padded_height, }; let proof = Stark::prove(¶meters, &claim, &aet, &mut maybe_profiler); - let max_degree = Stark::derive_max_degree(claim.padded_height(), num_trace_randomizers); + let padded_height = proof.padded_height(¶meters); + let max_degree = Stark::derive_max_degree(padded_height, parameters.num_trace_randomizers); let fri = Stark::derive_fri(¶meters, max_degree); if let Some(profiler) = &mut maybe_profiler { profiler.finish(); report = profiler.report( Some(cycle_count), - Some(claim.padded_height()), + Some(padded_height), Some(fri.domain.length), ); }; diff --git a/triton-vm/benches/verify_halt.rs b/triton-vm/benches/verify_halt.rs index 2c5435f11..ce116965b 100644 --- a/triton-vm/benches/verify_halt.rs +++ b/triton-vm/benches/verify_halt.rs @@ -26,7 +26,6 @@ fn verify_halt(criterion: &mut Criterion) { input: vec![], program_digest: Tip5::hash(&program), output: vec![], - padded_height: 256_u64.into(), // domain-specific knowledge }; let filename = "halt.tsp"; @@ -57,12 +56,12 @@ fn verify_halt(criterion: &mut Criterion) { let mut profiler = profiler.unwrap(); profiler.finish(); - let max_degree = - Stark::derive_max_degree(claim.padded_height(), parameters.num_trace_randomizers); + let padded_height = proof.padded_height(¶meters); + let max_degree = Stark::derive_max_degree(padded_height, parameters.num_trace_randomizers); let fri = Stark::derive_fri(¶meters, max_degree); let report = profiler.report( maybe_cycle_count, - Some(claim.padded_height()), + Some(padded_height), Some(fri.domain.length), ); diff --git a/triton-vm/src/lib.rs b/triton-vm/src/lib.rs index 1afc3f11f..e0a13e801 100644 --- a/triton-vm/src/lib.rs +++ b/triton-vm/src/lib.rs @@ -2,17 +2,17 @@ //! of programs written in Triton assembly. The proof system is a zk-STARK, which is a //! state-of-the-art ZKPS. -use triton_opcodes::program::Program; pub use twenty_first::shared_math::b_field_element::BFieldElement; pub use twenty_first::shared_math::tip5::Digest; use twenty_first::shared_math::tip5::Tip5; use twenty_first::util_types::algebraic_hasher::AlgebraicHasher; +use triton_opcodes::program::Program; + pub use crate::proof::Claim; -use crate::proof::Proof; +pub use crate::proof::Proof; use crate::stark::Stark; pub use crate::stark::StarkParameters; -use crate::table::master_table::MasterBaseTable; pub mod arithmetic_domain; pub mod error; @@ -91,18 +91,12 @@ pub fn prove( // The default parameters give a (conjectured) security level of 160 bits. let parameters = StarkParameters::default(); - // Compute the padded height of the AET. The padded height is the smallest power of two - // that is larger than or equal to the height of the largest table in the AET. - let padded_height = MasterBaseTable::padded_height(&aet, parameters.num_trace_randomizers); - let padded_height = BFieldElement::new(padded_height as u64); - // Set up the claim that is to be proven. The claim contains all public information. The // proof is zero-knowledge with respect to everything else. let claim = Claim { - input: public_input, program_digest, + input: public_input, output: public_output, - padded_height, }; // Generate the proof. diff --git a/triton-vm/src/proof.rs b/triton-vm/src/proof.rs index ac6435913..a43893278 100644 --- a/triton-vm/src/proof.rs +++ b/triton-vm/src/proof.rs @@ -146,8 +146,11 @@ impl Proof { } } -/// Contains all the public information of a verifiably correct computation. +/// Contains the public information of a verifiably correct computation. /// A corresponding [`Proof`] is needed to verify the computation. +/// One additional piece of public information not explicitly listed in the [`Claim`] is the +/// `padded_height`, an upper bound on the length of the computation. +/// It is derivable from a [`Proof`] by calling [`Proof::padded_height()`]. #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, GetSize, BFieldCodec)] pub struct Claim { /// The hash digest of the program that was executed. The hash function in use is Tip5. @@ -158,9 +161,6 @@ pub struct Claim { /// The public output of the computation. pub output: Vec, - - /// An upper bound on the length of the computation. - pub padded_height: BFieldElement, } impl Claim { @@ -175,12 +175,6 @@ impl Claim { pub fn public_output(&self) -> Vec { self.output.iter().map(|x| x.value()).collect() } - - /// The padded height as `u64`. - /// If a `BFieldElement` is needed, use field `padded_height`. - pub fn padded_height(&self) -> usize { - self.padded_height.value() as usize - } } #[cfg(test)] @@ -191,7 +185,6 @@ pub mod test_claim_proof { use twenty_first::shared_math::b_field_element::BFieldElement; use twenty_first::shared_math::bfield_codec::BFieldCodec; use twenty_first::shared_math::other::random_elements; - use twenty_first::shared_math::tip5::Digest; use crate::stark::Stark; @@ -210,16 +203,10 @@ pub mod test_claim_proof { #[test] fn test_decode_claim() { - let program_digest: Digest = random(); - let input: Vec = random_elements(346); - let output: Vec = random_elements(125); - let padded_height = 11_u64.into(); - let claim = Claim { - program_digest, - input, - output, - padded_height, + program_digest: random(), + input: random_elements(346), + output: random_elements(125), }; let encoded = claim.encode(); @@ -228,7 +215,6 @@ pub mod test_claim_proof { assert_eq!(claim.program_digest, decoded.program_digest); assert_eq!(claim.input, decoded.input); assert_eq!(claim.output, decoded.output); - // padded height is ignored } #[test] diff --git a/triton-vm/src/proof_stream.rs b/triton-vm/src/proof_stream.rs index c50691a37..0406cbd37 100644 --- a/triton-vm/src/proof_stream.rs +++ b/triton-vm/src/proof_stream.rs @@ -289,12 +289,10 @@ mod proof_stream_typed_tests { let program_digest = random_elements(rng.next_u64(), 1)[0]; let input = random_elements(rng.next_u64(), 5); let output = random_elements(rng.next_u64(), 5); - let padded_height = random_elements(rng.next_u64(), 1)[0]; let claim = Claim { program_digest, input, output, - padded_height, }; let mut sponge_states = VecDeque::new(); diff --git a/triton-vm/src/shared_tests.rs b/triton-vm/src/shared_tests.rs index 24e1551a8..6f9e9c774 100644 --- a/triton-vm/src/shared_tests.rs +++ b/triton-vm/src/shared_tests.rs @@ -19,7 +19,6 @@ use crate::proof::Claim; use crate::proof::Proof; use crate::stark::Stark; use crate::stark::StarkParameters; -use crate::table::master_table::MasterBaseTable; use crate::vm::simulate; use crate::vm::AlgebraicExecutionTrace; @@ -55,13 +54,10 @@ pub fn parse_simulate_prove( let security_level = 32; let parameters = StarkParameters::new(security_level, log_expansion_factor); - let padded_height = MasterBaseTable::padded_height(&aet, parameters.num_trace_randomizers); - let padded_height = BFieldElement::new(padded_height as u64); let claim = Claim { input: public_input, program_digest: Tip5::hash(&aet.program), output: public_output, - padded_height, }; prof_start!(maybe_profiler, "prove"); diff --git a/triton-vm/src/stark.rs b/triton-vm/src/stark.rs index 71f314a6f..a29953afe 100644 --- a/triton-vm/src/stark.rs +++ b/triton-vm/src/stark.rs @@ -131,19 +131,14 @@ impl Stark { aet: &AlgebraicExecutionTrace, maybe_profiler: &mut Option, ) -> Proof { - assert_eq!( - claim.padded_height(), - MasterBaseTable::padded_height(aet, parameters.num_trace_randomizers), - "The claimed padded height must match the actual padded height of the trace." - ); prof_start!(maybe_profiler, "Fiat-Shamir: claim", "hash"); let mut proof_stream = StarkProofStream::new(); proof_stream.enqueue(&ProofItem::Claim(claim.clone())); prof_stop!(maybe_profiler, "Fiat-Shamir: claim"); prof_start!(maybe_profiler, "derive additional parameters"); - let max_degree = - Self::derive_max_degree(claim.padded_height(), parameters.num_trace_randomizers); + let padded_height = MasterBaseTable::padded_height(aet, parameters.num_trace_randomizers); + let max_degree = Self::derive_max_degree(padded_height, parameters.num_trace_randomizers); let fri = Self::derive_fri(parameters, max_degree); prof_stop!(maybe_profiler, "derive additional parameters"); @@ -290,7 +285,7 @@ impl Stark { debug_assert_eq!(fri.domain.length, quot_merkle_tree.get_leaf_count()); prof_start!(maybe_profiler, "out-of-domain rows"); - let trace_domain_generator = derive_domain_generator(claim.padded_height() as u64); + let trace_domain_generator = derive_domain_generator(padded_height as u64); let out_of_domain_point_curr_row = proof_stream.sample_scalars(1)[0]; let out_of_domain_point_next_row = trace_domain_generator * out_of_domain_point_curr_row; @@ -591,9 +586,8 @@ impl Stark { prof_stop!(maybe_profiler, "Fiat-Shamir: Claim"); prof_start!(maybe_profiler, "derive additional parameters"); - assert_eq!(claim.padded_height(), proof.padded_height(parameters)); - let max_degree = - Self::derive_max_degree(claim.padded_height(), parameters.num_trace_randomizers); + let padded_height = proof.padded_height(parameters); + let max_degree = Self::derive_max_degree(padded_height, parameters.num_trace_randomizers); let fri = Self::derive_fri(parameters, max_degree); let merkle_tree_height = fri.domain.length.ilog2() as usize; prof_stop!(maybe_profiler, "derive additional parameters"); @@ -612,7 +606,7 @@ impl Stark { prof_stop!(maybe_profiler, "Fiat-Shamir 1"); prof_start!(maybe_profiler, "dequeue ood point and rows", "hash"); - let trace_domain_generator = derive_domain_generator(claim.padded_height() as u64); + let trace_domain_generator = derive_domain_generator(padded_height as u64); let out_of_domain_point_curr_row = proof_stream.sample_scalars(1)[0]; let out_of_domain_point_next_row = trace_domain_generator * out_of_domain_point_curr_row; @@ -632,8 +626,7 @@ impl Stark { let one = BFieldElement::one(); let initial_zerofier_inv = (out_of_domain_point_curr_row - one).inverse(); let consistency_zerofier_inv = - (out_of_domain_point_curr_row.mod_pow_u32(claim.padded_height() as u32) - one) - .inverse(); + (out_of_domain_point_curr_row.mod_pow_u32(padded_height as u32) - one).inverse(); let except_last_row = out_of_domain_point_curr_row - trace_domain_generator.inverse(); let transition_zerofier_inv = except_last_row * consistency_zerofier_inv; let terminal_zerofier_inv = except_last_row.inverse(); // i.e., only last row @@ -988,16 +981,13 @@ pub(crate) mod triton_stark_tests { let security_level = 32; let parameters = StarkParameters::new(security_level, log_expansion_factor); - let padded_height = MasterBaseTable::padded_height(&aet, parameters.num_trace_randomizers); - let padded_height = BFieldElement::new(padded_height as u64); let claim = Claim { input: stdin, program_digest: Tip5::hash(&aet.program), output: stdout, - padded_height, }; - let max_degree = - Stark::derive_max_degree(claim.padded_height(), parameters.num_trace_randomizers); + let padded_height = MasterBaseTable::padded_height(&aet, parameters.num_trace_randomizers); + let max_degree = Stark::derive_max_degree(padded_height, parameters.num_trace_randomizers); let fri = Stark::derive_fri(¶meters, max_degree); let mut master_base_table = @@ -1597,7 +1587,7 @@ pub(crate) mod triton_stark_tests { fn triton_prove_verify_halt_test() { let code_with_input = test_halt(); let mut profiler = Some(TritonProfiler::new("Prove Halt")); - let (parameters, claim, proof) = parse_simulate_prove( + let (parameters, _, proof) = parse_simulate_prove( &code_with_input.source_code, code_with_input.public_input(), code_with_input.secret_input(), @@ -1612,10 +1602,10 @@ pub(crate) mod triton_stark_tests { } assert!(result.unwrap()); - let max_degree = - Stark::derive_max_degree(claim.padded_height(), parameters.num_trace_randomizers); + let padded_height = proof.padded_height(¶meters); + let max_degree = Stark::derive_max_degree(padded_height, parameters.num_trace_randomizers); let fri = Stark::derive_fri(¶meters, max_degree); - let report = profiler.report(None, Some(claim.padded_height()), Some(fri.domain.length)); + let report = profiler.report(None, Some(padded_height), Some(fri.domain.length)); println!("{report}"); } @@ -1675,7 +1665,7 @@ pub(crate) mod triton_stark_tests { let secret_in = vec![]; let mut profiler = Some(TritonProfiler::new("Prove Fib 100")); - let (parameters, claim, proof) = + let (parameters, _, proof) = parse_simulate_prove(source_code, stdin, secret_in, &mut profiler); let mut profiler = profiler.unwrap(); profiler.finish(); @@ -1688,10 +1678,10 @@ pub(crate) mod triton_stark_tests { } assert!(result.unwrap()); - let max_degree = - Stark::derive_max_degree(claim.padded_height(), parameters.num_trace_randomizers); + let padded_height = proof.padded_height(¶meters); + let max_degree = Stark::derive_max_degree(padded_height, parameters.num_trace_randomizers); let fri = Stark::derive_fri(¶meters, max_degree); - let report = profiler.report(None, Some(claim.padded_height()), Some(fri.domain.length)); + let report = profiler.report(None, Some(padded_height), Some(fri.domain.length)); println!("{report}"); } @@ -1722,7 +1712,7 @@ pub(crate) mod triton_stark_tests { #[test] fn triton_prove_verify_many_u32_operations_test() { let mut profiler = Some(TritonProfiler::new("Prove Many U32 Ops")); - let (parameters, claim, proof) = + let (parameters, _, proof) = parse_simulate_prove(MANY_U32_INSTRUCTIONS, vec![], vec![], &mut profiler); let mut profiler = profiler.unwrap(); profiler.finish(); @@ -1733,10 +1723,10 @@ pub(crate) mod triton_stark_tests { } assert!(result.unwrap()); - let max_degree = - Stark::derive_max_degree(claim.padded_height(), parameters.num_trace_randomizers); + let padded_height = proof.padded_height(¶meters); + let max_degree = Stark::derive_max_degree(padded_height, parameters.num_trace_randomizers); let fri = Stark::derive_fri(¶meters, max_degree); - let report = profiler.report(None, Some(claim.padded_height()), Some(fri.domain.length)); + let report = profiler.report(None, Some(padded_height), Some(fri.domain.length)); println!("{report}"); } @@ -1749,16 +1739,16 @@ pub(crate) mod triton_stark_tests { let stdin = [fibonacci_number].map(BFieldElement::new).to_vec(); let fib_test_name = format!("element #{fibonacci_number:>4} from Fibonacci sequence"); let mut profiler = Some(TritonProfiler::new(&fib_test_name)); - let (parameters, claim, _) = + let (parameters, _, proof) = parse_simulate_prove(source_code, stdin, vec![], &mut profiler); let mut profiler = profiler.unwrap(); profiler.finish(); + let padded_height = proof.padded_height(¶meters); let max_degree = - Stark::derive_max_degree(claim.padded_height(), parameters.num_trace_randomizers); + Stark::derive_max_degree(padded_height, parameters.num_trace_randomizers); let fri = Stark::derive_fri(¶meters, max_degree); - let report = - profiler.report(None, Some(claim.padded_height()), Some(fri.domain.length)); + let report = profiler.report(None, Some(padded_height), Some(fri.domain.length)); println!("{report}"); } } diff --git a/triton-vm/src/table/master_table.rs b/triton-vm/src/table/master_table.rs index 840f10168..94f4d7d42 100644 --- a/triton-vm/src/table/master_table.rs +++ b/triton-vm/src/table/master_table.rs @@ -1035,6 +1035,7 @@ mod master_table_tests { use crate::table::table_column::U32BaseTableColumn; use crate::table::table_column::U32ExtTableColumn; use crate::table::u32_table; + use crate::StarkParameters; #[test] fn base_table_width_is_correct() { @@ -1407,8 +1408,8 @@ mod master_table_tests { #[test] fn smallest_possible_padded_height_is_correct_test() { let (_, proof) = crate::prove("halt", &[], &[]); - let claim = proof.claim(); - let smallest_padded_height_exp = claim.padded_height().ilog2(); + let parameters = StarkParameters::default(); + let smallest_padded_height_exp = proof.padded_height(¶meters).ilog2(); let smallest_padded_height_exp: usize = smallest_padded_height_exp.try_into().unwrap(); assert_eq!(smallest_padded_height_exp, LOG2_MIN_PADDED_HEIGHT); }