Refactor recursion quotient helpers (#160)

* refactor

* remove config

Author: sai-deng

circuit/src/tables/mmcs.rs

@@ -168,7 +168,7 @@ impl<F: Field + Clone + Default> MmcsPrivateData<F> {
             return Err(CircuitError::IncorrectNonPrimitiveOpPrivateData {
                 op: NonPrimitiveOpType::MmcsVerify,
                 expected: "[]".to_string(),
-                got: format!("{:?}", last),
+                got: format!("{last:?}"),
                 operation_index: NonPrimitiveOpId(0), //TODO: What's the index of this op?
             });
         }
@@ -616,8 +616,7 @@ mod tests {
         let result = run_test(&leaves_value, correct_root, &correct_private_data);
         assert!(
             result.is_ok(),
-            "Valid witness should be accepted but got {:?}",
-            result
+            "Valid witness should be accepted but got {result:?}"
         );
 
         // Test 2: Invalid witness (wrong root) should be rejected

recursion/src/pcs/fri/verifier.rs

@@ -538,8 +538,7 @@ where
     //  Check the final polynomial length.
     if actual_final_poly_len != expected_final_poly_len {
         return Err(VerificationError::InvalidProofShape(format!(
-            "Final polynomial length mismatch: expected 2^{} = {}, got {}",
-            log_final_poly_len, expected_final_poly_len, actual_final_poly_len
+            "Final polynomial length mismatch: expected 2^{log_final_poly_len} = {expected_final_poly_len}, got {actual_final_poly_len}"
         )));
     }
 

recursion/src/verifier/mod.rs

@@ -2,8 +2,10 @@
 
 mod errors;
 mod observable;
+mod quotient;
 mod stark;
 
 pub use errors::VerificationError;
 pub use observable::ObservableCommitment;
+pub use quotient::recompose_quotient_from_chunks_circuit;
 pub use stark::verify_circuit;

recursion/src/verifier/quotient.rs

@@ -0,0 +1,162 @@
+use alloc::vec::Vec;
+
+use itertools::Itertools;
+use p3_circuit::CircuitBuilder;
+use p3_field::{BasedVectorSpace, Field, PrimeCharacteristicRing};
+use p3_uni_stark::StarkGenericConfig;
+
+use crate::Target;
+use crate::traits::{Recursive, RecursivePcs};
+
+/// Circuit analogue of `recompose_quotient_from_chunks`, returning quotient(zeta).
+pub fn recompose_quotient_from_chunks_circuit<
+    SC: StarkGenericConfig,
+    InputProof: Recursive<SC::Challenge>,
+    OpeningProof: Recursive<SC::Challenge>,
+    Comm: Recursive<SC::Challenge>,
+    Domain: Copy,
+>(
+    circuit: &mut CircuitBuilder<SC::Challenge>,
+    quotient_chunks_domains: &[Domain],
+    quotient_chunks: &[Vec<Target>],
+    zeta: Target,
+    pcs: &SC::Pcs,
+) -> Target
+where
+    <SC as StarkGenericConfig>::Pcs: RecursivePcs<SC, InputProof, OpeningProof, Comm, Domain>,
+    SC::Challenge: PrimeCharacteristicRing,
+{
+    let zero = circuit.add_const(SC::Challenge::ZERO);
+    let one = circuit.add_const(SC::Challenge::ONE);
+
+    let zps = compute_quotient_chunk_products::<SC, InputProof, OpeningProof, Comm, Domain>(
+        circuit,
+        quotient_chunks_domains,
+        zeta,
+        one,
+        pcs,
+    );
+
+    compute_quotient_evaluation::<SC>(circuit, quotient_chunks, &zps, zero)
+}
+
+/// Compute the product terms for quotient chunk reconstruction.
+///
+/// For each chunk i, computes: ∏_{j≠i} (Z_{domain_j}(zeta) / Z_{domain_j}(first_point_i))
+fn compute_quotient_chunk_products<
+    SC: StarkGenericConfig,
+    InputProof: Recursive<SC::Challenge>,
+    OpeningProof: Recursive<SC::Challenge>,
+    Comm: Recursive<SC::Challenge>,
+    Domain: Copy,
+>(
+    circuit: &mut CircuitBuilder<SC::Challenge>,
+    quotient_chunks_domains: &[Domain],
+    zeta: Target,
+    one: Target,
+    pcs: &<SC as StarkGenericConfig>::Pcs,
+) -> Vec<Target>
+where
+    <SC as StarkGenericConfig>::Pcs: RecursivePcs<SC, InputProof, OpeningProof, Comm, Domain>,
+{
+    quotient_chunks_domains
+        .iter()
+        .enumerate()
+        .map(|(i, domain)| {
+            quotient_chunks_domains
+                .iter()
+                .enumerate()
+                .filter(|(j, _)| *j != i)
+                .fold(one, |total, (_, other_domain)| {
+                    let vp_zeta = vanishing_poly_at_point_circuit::<
+                        SC,
+                        InputProof,
+                        OpeningProof,
+                        Comm,
+                        Domain,
+                    >(pcs, *other_domain, zeta, circuit);
+
+                    let first_point = circuit.add_const(pcs.first_point(domain));
+                    let vp_first_point = vanishing_poly_at_point_circuit::<
+                        SC,
+                        InputProof,
+                        OpeningProof,
+                        Comm,
+                        Domain,
+                    >(
+                        pcs, *other_domain, first_point, circuit
+                    );
+                    let div = circuit.div(vp_zeta, vp_first_point);
+
+                    circuit.mul(total, div)
+                })
+        })
+        .collect_vec()
+}
+
+/// Compute the quotient polynomial evaluation from chunks.
+///
+/// quotient(zeta) = ∑_i (∑_j e_j · chunk_i[j]) · zps[i]
+fn compute_quotient_evaluation<SC: StarkGenericConfig>(
+    circuit: &mut CircuitBuilder<SC::Challenge>,
+    opened_quotient_chunks: &[Vec<Target>],
+    zps: &[Target],
+    zero: Target,
+) -> Target
+where
+    SC::Challenge: PrimeCharacteristicRing,
+{
+    opened_quotient_chunks
+        .iter()
+        .enumerate()
+        .fold(zero, |quotient, (i, chunk)| {
+            let zp = zps[i];
+
+            // Sum chunk elements weighted by basis elements: ∑_j e_j · chunk[j]
+            let inner_result = chunk.iter().enumerate().fold(zero, |cur_s, (e_i, c)| {
+                let e_i_target = circuit.add_const(SC::Challenge::ith_basis_element(e_i).unwrap());
+                let inner_mul = circuit.mul(e_i_target, *c);
+                circuit.add(cur_s, inner_mul)
+            });
+
+            let mul = circuit.mul(inner_result, zp);
+            circuit.add(quotient, mul)
+        })
+}
+
+/// Compute the vanishing polynomial Z_H(point) = point^n - 1 at a given point.
+///
+/// # Parameters
+/// - `pcs`: Polynomial commitment scheme for domain metadata
+/// - `domain`: The domain (defines n)
+/// - `point`: The evaluation point
+/// - `circuit`: Circuit builder
+///
+/// # Returns
+/// Target representing Z_H(point)
+fn vanishing_poly_at_point_circuit<
+    SC: StarkGenericConfig,
+    InputProof: Recursive<SC::Challenge>,
+    OpeningProof: Recursive<SC::Challenge>,
+    Comm: Recursive<SC::Challenge>,
+    Domain,
+>(
+    pcs: &<SC as StarkGenericConfig>::Pcs,
+    domain: Domain,
+    point: Target,
+    circuit: &mut CircuitBuilder<SC::Challenge>,
+) -> Target
+where
+    <SC as StarkGenericConfig>::Pcs: RecursivePcs<SC, InputProof, OpeningProof, Comm, Domain>,
+{
+    // Normalize point: point' = point / first_point
+    let inv = circuit.add_const(pcs.first_point(&domain).inverse());
+    let mul = circuit.mul(point, inv);
+
+    // Compute (point')^n
+    let exp = circuit.exp_power_of_2(mul, pcs.log_size(&domain));
+
+    // Return (point')^n - 1
+    let one = circuit.add_const(SC::Challenge::ONE);
+    circuit.sub(exp, one)
+}

recursion/src/verifier/stark.rs

@@ -8,11 +8,11 @@ use p3_circuit::CircuitBuilder;
 use p3_circuit::op::{NonPrimitiveOpConfig, NonPrimitiveOpType};
 use p3_circuit::utils::ColumnsTargets;
 use p3_commit::Pcs;
-use p3_field::{BasedVectorSpace, Field, PrimeCharacteristicRing};
+use p3_field::{BasedVectorSpace, PrimeCharacteristicRing};
 use p3_uni_stark::StarkGenericConfig;
 use p3_util::zip_eq::zip_eq;
 
-use super::{ObservableCommitment, VerificationError};
+use super::{ObservableCommitment, VerificationError, recompose_quotient_from_chunks_circuit};
 use crate::Target;
 use crate::challenger::CircuitChallenger;
 use crate::traits::{Recursive, RecursiveAir, RecursivePcs};
@@ -31,6 +31,11 @@ type PcsVerifierParams<SC, InputProof, OpeningProof, Comm> =
         >>::Domain,
     >>::VerifierParams;
 
+type PcsDomain<SC> = <<SC as StarkGenericConfig>::Pcs as Pcs<
+    <SC as StarkGenericConfig>::Challenge,
+    <SC as StarkGenericConfig>::Challenger,
+>>::Domain;
+
 /// Verifies a STARK proof within a circuit.
 ///
 /// This function adds constraints to the circuit builder that verify a STARK proof.
@@ -205,14 +210,19 @@ where
     )?;
 
     // Compute quotient polynomial evaluation from chunks
-    let zero = circuit.add_const(SC::Challenge::ZERO);
-    let one = circuit.add_const(SC::Challenge::ONE);
-
-    let zps =
-        compute_quotient_chunk_products(circuit, config, &quotient_chunks_domains, zeta, one, pcs);
-
-    let quotient =
-        compute_quotient_evaluation::<SC>(circuit, opened_quotient_chunks_targets, &zps, zero);
+    let quotient = recompose_quotient_from_chunks_circuit::<
+        SC,
+        InputProof,
+        OpeningProof,
+        Comm,
+        PcsDomain<SC>,
+    >(
+        circuit,
+        &quotient_chunks_domains,
+        opened_quotient_chunks_targets,
+        zeta,
+        pcs,
+    );
 
     // Evaluate AIR constraints at out-of-domain point
     let sels = pcs.selectors_at_point_circuit(circuit, &init_trace_domain, &zeta);
@@ -349,119 +359,3 @@ where
 
     Ok(())
 }
-
-/// Compute the product terms for quotient chunk reconstruction.
-///
-/// For each chunk i, computes: ∏_{j≠i} (Z_{domain_j}(zeta) / Z_{domain_j}(first_point_i))
-fn compute_quotient_chunk_products<
-    SC: StarkGenericConfig,
-    InputProof: Recursive<SC::Challenge>,
-    OpeningProof: Recursive<SC::Challenge>,
-    Comm: Recursive<SC::Challenge>,
-    Domain: Copy,
->(
-    circuit: &mut CircuitBuilder<SC::Challenge>,
-    config: &SC,
-    quotient_chunks_domains: &[Domain],
-    zeta: Target,
-    one: Target,
-    pcs: &<SC as StarkGenericConfig>::Pcs,
-) -> Vec<Target>
-where
-    <SC as StarkGenericConfig>::Pcs: RecursivePcs<SC, InputProof, OpeningProof, Comm, Domain>,
-{
-    quotient_chunks_domains
-        .iter()
-        .enumerate()
-        .map(|(i, domain)| {
-            quotient_chunks_domains
-                .iter()
-                .enumerate()
-                .filter(|(j, _)| *j != i)
-                .fold(one, |total, (_, other_domain)| {
-                    let vp_zeta =
-                        vanishing_poly_at_point_circuit(config, *other_domain, zeta, circuit);
-
-                    let first_point = circuit.add_const(pcs.first_point(domain));
-                    let vp_first_point = vanishing_poly_at_point_circuit(
-                        config,
-                        *other_domain,
-                        first_point,
-                        circuit,
-                    );
-                    let div = circuit.div(vp_zeta, vp_first_point);
-
-                    circuit.mul(total, div)
-                })
-        })
-        .collect_vec()
-}
-
-/// Compute the quotient polynomial evaluation from chunks.
-///
-/// quotient(zeta) = ∑_i (∑_j e_j · chunk_i[j]) · zps[i]
-fn compute_quotient_evaluation<SC: StarkGenericConfig>(
-    circuit: &mut CircuitBuilder<SC::Challenge>,
-    opened_quotient_chunks: &[Vec<Target>],
-    zps: &[Target],
-    zero: Target,
-) -> Target
-where
-    SC::Challenge: PrimeCharacteristicRing,
-{
-    opened_quotient_chunks
-        .iter()
-        .enumerate()
-        .fold(zero, |quotient, (i, chunk)| {
-            let zp = zps[i];
-
-            // Sum chunk elements weighted by basis elements: ∑_j e_j · chunk[j]
-            let inner_result = chunk.iter().enumerate().fold(zero, |cur_s, (e_i, c)| {
-                let e_i_target = circuit.add_const(SC::Challenge::ith_basis_element(e_i).unwrap());
-                let inner_mul = circuit.mul(e_i_target, *c);
-                circuit.add(cur_s, inner_mul)
-            });
-
-            let mul = circuit.mul(inner_result, zp);
-            circuit.add(quotient, mul)
-        })
-}
-
-/// Compute the vanishing polynomial Z_H(point) = point^n - 1 at a given point.
-///
-/// # Parameters
-/// - `config`: STARK configuration
-/// - `domain`: The domain (defines n)
-/// - `point`: The evaluation point
-/// - `circuit`: Circuit builder
-///
-/// # Returns
-/// Target representing Z_H(point)
-fn vanishing_poly_at_point_circuit<
-    SC: StarkGenericConfig,
-    InputProof: Recursive<SC::Challenge>,
-    OpeningProof: Recursive<SC::Challenge>,
-    Comm: Recursive<SC::Challenge>,
-    Domain,
->(
-    config: &SC,
-    domain: Domain,
-    point: Target,
-    circuit: &mut CircuitBuilder<SC::Challenge>,
-) -> Target
-where
-    <SC as StarkGenericConfig>::Pcs: RecursivePcs<SC, InputProof, OpeningProof, Comm, Domain>,
-{
-    let pcs = config.pcs();
-
-    // Normalize point: point' = point / first_point
-    let inv = circuit.add_const(pcs.first_point(&domain).inverse());
-    let mul = circuit.mul(point, inv);
-
-    // Compute (point')^n
-    let exp = circuit.exp_power_of_2(mul, pcs.log_size(&domain));
-
-    // Return (point')^n - 1
-    let one = circuit.add_const(SC::Challenge::ONE);
-    circuit.sub(exp, one)
-}