Merge branch 'main' into sai/add_batch_circuits

Author: sai-deng

circuit-prover/examples/mmcs_verify.rs

@@ -38,41 +38,45 @@ fn main() -> Result<(), ProverError> {
     let compress = config::baby_bear_compression();
     let mmcs_config = MmcsVerifyConfig::babybear_quartic_extension_default();
 
-    let mut builder = CircuitBuilder::new();
+    let mut builder = CircuitBuilder::<F>::new();
     builder.enable_mmcs(&mmcs_config);
 
     // Public inputs: leaf hash and expected root hash
-    let leaf_hash = (0..mmcs_config.ext_field_digest_elems)
-        .map(|_| builder.alloc_public_input("leaf_hash"))
-        .collect::<Vec<ExprId>>();
-    let index = builder.alloc_public_input("index");
+    // The leaves will contain `mmcs_config.ext_field_digest_elems` wires,
+    // when the leaf index is odd, and an empty vector otherwise. This means
+    // we're proving the opening of an Mmcs to matrices of height 2^depth, 2^(depth -1), ...
+    let leaves: Vec<Vec<ExprId>> = (0..depth)
+        .map(|i| {
+            (0..if i % 2 == 0 && i != depth - 1 {
+                mmcs_config.ext_field_digest_elems
+            } else {
+                0
+            })
+                .map(|_| builder.alloc_public_input("leaf_hash"))
+                .collect::<Vec<ExprId>>()
+        })
+        .collect();
+    let directions: Vec<ExprId> = (0..depth)
+        .map(|_| builder.alloc_public_input("directions"))
+        .collect();
     let expected_root = (0..mmcs_config.ext_field_digest_elems)
         .map(|_| builder.alloc_public_input("expected_root"))
         .collect::<Vec<ExprId>>();
     // Add a Mmcs verification operation
     // This declares that leaf_hash and expected_root are connected to witness bus
     // The AIR constraints will verify the Mmcs path is valid
-    let mmcs_op_id = builder.add_mmcs_verify(&leaf_hash, &index, &expected_root)?;
+    let mmcs_op_id = builder.add_mmcs_verify(&leaves, &directions, &expected_root)?;
 
     builder.dump_allocation_log();
 
     let circuit = builder.build()?;
     let mut runner = circuit.runner();
 
     // Set public inputs
-    let leaf_value = [
-        F::ZERO,
-        F::ZERO,
-        F::ZERO,
-        F::ZERO,
-        F::ZERO,
-        F::ZERO,
-        F::ZERO,
-        F::from_u64(42),
-    ]; // Our leaf value
-    let siblings: Vec<(Vec<F>, Option<Vec<F>>)> = (0..depth)
+    //
+    let leaves_value: Vec<Vec<F>> = (0..depth)
         .map(|i| {
-            (
+            if i % 2 == 0 && i != depth - 1 {
                 vec![
                     F::ZERO,
                     F::ZERO,
@@ -81,47 +85,50 @@ fn main() -> Result<(), ProverError> {
                     F::ZERO,
                     F::ZERO,
                     F::ZERO,
-                    F::from_u64((i + 1) * 10),
-                ],
-                // Extra siblings on odd levels, but never on the last level
-                if i % 2 == 0 || i == depth - 1 {
-                    None
-                } else {
-                    Some(vec![
-                        F::ZERO,
-                        F::ZERO,
-                        F::ZERO,
-                        F::ZERO,
-                        F::ZERO,
-                        F::ZERO,
-                        F::ZERO,
-                        F::from_u64(i + 1),
-                    ])
-                },
-            )
+                    F::from_u64(42),
+                ]
+            } else {
+                vec![]
+            }
         })
-        .collect(); // The siblings, containing extra siblings every other level (except the last)
-    let directions: Vec<bool> = (0..depth).map(|i| i % 2 == 0).collect();
+        .collect(); // Our leaf value
+    let siblings: Vec<Vec<F>> = (0..depth)
+        .map(|i| {
+            vec![
+                F::ZERO,
+                F::ZERO,
+                F::ZERO,
+                F::ZERO,
+                F::ZERO,
+                F::ZERO,
+                F::ZERO,
+                F::from_u64((i + 1) * 10),
+            ]
+        })
+        .collect();
+
     // the index is 0b1010...
-    let index_value = F::from_u64(
-        (0..32)
-            .zip(directions.iter())
-            .filter(|(_, dir)| **dir)
-            .map(|(i, _)| 1 << i)
-            .sum(),
-    );
+    let directions: Vec<bool> = (0..depth).map(|i| i % 2 == 0).collect();
+
     let MmcsPrivateData {
         path_states: intermediate_states,
         ..
-    } = MmcsPrivateData::new(&compress, &mmcs_config, &leaf_value, &siblings, &directions)?;
+    } = MmcsPrivateData::new(
+        &compress,
+        &mmcs_config,
+        &leaves_value,
+        &siblings,
+        &directions,
+    )?;
     let expected_root_value = intermediate_states
         .last()
         .expect("There is always at least the leaf hash")
+        .0
         .clone();
 
     let mut public_inputs = vec![];
-    public_inputs.extend(leaf_value);
-    public_inputs.push(index_value);
+    public_inputs.extend(leaves_value.iter().flatten());
+    public_inputs.extend(directions.iter().map(|dir| F::from_bool(*dir)));
     public_inputs.extend(&expected_root_value);
 
     runner.set_public_inputs(&public_inputs)?;
@@ -131,12 +138,11 @@ fn main() -> Result<(), ProverError> {
         NonPrimitiveOpPrivateData::MmcsVerify(MmcsPrivateData::new(
             &compress,
             &mmcs_config,
-            &leaf_value,
+            &leaves_value,
             &siblings,
             &directions,
         )?),
     )?;
-
     let traces = runner.run()?;
     let multi_prover = MultiTableProver::new(config).with_mmcs_table(mmcs_config.into());
     let proof = multi_prover.prove_all_tables(&traces)?;

circuit/src/alloc_entry.rs

@@ -34,7 +34,7 @@ pub struct AllocationEntry {
     /// User-provided label (if any)
     pub label: &'static str,
     /// Dependencies for this entry, i.e. the expressions that this entry depends on.
-    pub dependencies: Vec<ExprId>,
+    pub dependencies: Vec<Vec<ExprId>>,
     /// Scope/sub-circuit this allocation belongs to (if any)
     pub scope: Option<&'static str>,
 }
@@ -149,8 +149,8 @@ fn dump_internal_log(allocation_log: &[AllocationEntry]) {
                 tracing::debug!(
                     "  expr_{} = expr_{} + expr_{}{}",
                     entry.expr_id.0,
-                    entry.dependencies[0].0,
-                    entry.dependencies[1].0,
+                    entry.dependencies[0][0].0,
+                    entry.dependencies[1][0].0,
                     display_label(entry.label)
                 );
             } else {
@@ -171,8 +171,8 @@ fn dump_internal_log(allocation_log: &[AllocationEntry]) {
                 tracing::debug!(
                     "  expr_{} = expr_{} - expr_{}{}",
                     entry.expr_id.0,
-                    entry.dependencies[0].0,
-                    entry.dependencies[1].0,
+                    entry.dependencies[0][0].0,
+                    entry.dependencies[1][0].0,
                     display_label(entry.label)
                 );
             } else {
@@ -193,8 +193,8 @@ fn dump_internal_log(allocation_log: &[AllocationEntry]) {
                 tracing::debug!(
                     "  expr_{} = expr_{} * expr_{}{}",
                     entry.expr_id.0,
-                    entry.dependencies[0].0,
-                    entry.dependencies[1].0,
+                    entry.dependencies[0][0].0,
+                    entry.dependencies[1][0].0,
                     display_label(entry.label)
                 );
             } else {
@@ -215,8 +215,8 @@ fn dump_internal_log(allocation_log: &[AllocationEntry]) {
                 tracing::debug!(
                     "  expr_{} = expr_{} / expr_{}{}",
                     entry.expr_id.0,
-                    entry.dependencies[0].0,
-                    entry.dependencies[1].0,
+                    entry.dependencies[0][0].0,
+                    entry.dependencies[1][0].0,
                     display_label(entry.label)
                 );
             } else {
@@ -244,6 +244,7 @@ fn dump_internal_log(allocation_log: &[AllocationEntry]) {
                 let deps: Vec<_> = entry
                     .dependencies
                     .iter()
+                    .flatten()
                     .map(|e| format!("expr_{}", e.0).to_string())
                     .collect();
                 tracing::debug!(

circuit/src/builder/circuit_builder.rs

@@ -24,12 +24,15 @@ pub struct CircuitBuilder<F> {
     witness_alloc: WitnessAllocator,
 
     /// Non-primitive operations (complex constraints that don't produce `ExprId`s)
-    non_primitive_ops: Vec<(NonPrimitiveOpId, NonPrimitiveOpType, Vec<ExprId>)>,
+    non_primitive_ops: Vec<NonPrimitiveOperationData>,
 
     /// Builder configuration
     config: BuilderConfig,
 }
 
+/// The non-primitive operation id, type, and the vectors of the expressions representing its inputs
+pub type NonPrimitiveOperationData = (NonPrimitiveOpId, NonPrimitiveOpType, Vec<Vec<ExprId>>);
+
 impl<F> Default for CircuitBuilder<F>
 where
     F: Clone + PrimeCharacteristicRing + Eq + core::hash::Hash,
@@ -251,7 +254,7 @@ where
     pub(crate) fn push_non_primitive_op(
         &mut self,
         op_type: NonPrimitiveOpType,
-        witness_exprs: Vec<ExprId>,
+        witness_exprs: Vec<Vec<ExprId>>,
         label: &'static str,
     ) -> NonPrimitiveOpId {
         let op_id = NonPrimitiveOpId(self.non_primitive_ops.len() as u32);