Skip to content

Add merkle verify gate #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 34 commits into from
Oct 8, 2025
Merged

Add merkle verify gate #85

merged 34 commits into from
Oct 8, 2025

Conversation

@4l0n50
Copy link
Contributor

@4l0n50 4l0n50 commented Sep 19, 2025
edited
Loading

Closes #73.

@4l0n50 4l0n50 force-pushed the alonso/merkle_gate_signed branch from 91be193 to 39905dc Compare September 22, 2025 09:17
@4l0n50 4l0n50 marked this pull request as ready for review September 22, 2025 09:18
@Nashtare Nashtare added this to the Verifier primitives milestone Sep 22, 2025
LindaGuiga
LindaGuiga reviewed Sep 22, 2025
View reviewed changes
sai-deng
sai-deng reviewed Sep 22, 2025
View reviewed changes
@Nashtare Nashtare moved this from Todo to Ready for review in Plonky3 Recursion Sep 24, 2025
@sai-deng sai-deng mentioned this pull request Sep 24, 2025
Merged
Nashtare
Nashtare reviewed Sep 30, 2025
View reviewed changes
@sai-deng
Copy link
Contributor

sai-deng commented Oct 6, 2025

MerkleVerify be part of the default policy

I think we should keep default policy to disable ALL non-primitive operations.

@4l0n50
Copy link
Contributor Author

4l0n50 commented Oct 6, 2025

As discussed with @hratoanina and @LindaGuiga — we’re not supporting packing yet. So I added a, for now disabled, packing option to Merkle gates.

@sai-deng
Copy link
Contributor

sai-deng commented Oct 6, 2025

As discussed with @hratoanina and @LindaGuiga — we’re not supporting packing yet. So I added a, for now disabled, packing option to Merkle gates.

Could you please explain why packing is disabled for now?

sai-deng
sai-deng reviewed Oct 6, 2025
View reviewed changes
sai-deng
sai-deng reviewed Oct 6, 2025
View reviewed changes
@LindaGuiga
Copy link
Contributor

LindaGuiga commented Oct 7, 2025

As discussed with @hratoanina and @LindaGuiga — we’re not supporting packing yet. So I added a, for now disabled, packing option to Merkle gates.

Could you please explain why packing is disabled for now?

The problem with fully packing everything (so for example, when creating a proof structure), is that the challenger sometimes needs to observe both base field and extension field elements, without adding any padding in between. So for example, if you have to observe degree_bits (one base field element, and we do it at the start of the verifier) then elements that are packed, you might overflow the sponge rate (since, because of that first base field element, we would have something that is no longer a multiple of the rate). The correct behaviour then would be to fill the rate with base field elements (therefore breaking up packed elements), apply the permutation, and then add the rest of the base field elements. But for now, given the current Witness table, we don't have a way to select one base field element among the D in a packed extension field element. We can change the Witness table to support the selection of individual elements, though.

@sai-deng
Copy link
Contributor

sai-deng commented Oct 7, 2025

As discussed with @hratoanina and @LindaGuiga — we’re not supporting packing yet. So I added a, for now disabled, packing option to Merkle gates.

Could you please explain why packing is disabled for now?

The problem with fully packing everything (so for example, when creating a proof structure), is that the challenger sometimes needs to observe both base field and extension field elements, without adding any padding in between. So for example, if you have to observe degree_bits (one base field element, and we do it at the start of the verifier) then elements that are packed, you might overflow the sponge rate (since, because of that first base field element, we would have something that is no longer a multiple of the rate). The correct behaviour then would be to fill the rate with base field elements (therefore breaking up packed elements), apply the permutation, and then add the rest of the base field elements. But for now, given the current Witness table, we don't have a way to select one base field element among the D in a packed extension field element. We can change the Witness table to support the selection of individual elements, though.

I think the correct and most efficient way to solve it is to change Plonky3 prover to only observe extension field elements. We can add a TODO for now.

sai-deng
sai-deng reviewed Oct 7, 2025
View reviewed changes
sai-deng
sai-deng approved these changes Oct 8, 2025
View reviewed changes
Copy link
Contributor

@sai-deng sai-deng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@4l0n50 I pushed a rename commit and another commit with several fixes. Please review and merge the PR as soon as possible to unblock others.

My fixes include:
Adding root indices to the AIR tables.
Fixing missing or incorrect constraints in AIR tables.
Correcting the logic for hashing extra siblings.

@github-project-automation github-project-automation bot moved this from Ready for review to Ready to be merged in Plonky3 Recursion Oct 8, 2025
4l0n50
4l0n50 commented Oct 8, 2025
View reviewed changes
Copy link
Contributor Author

@4l0n50 4l0n50 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm ok with your changes. Thanks for you help!

@4l0n50 4l0n50 merged commit 011d3fc into main Oct 8, 2025
8 checks passed
@4l0n50 4l0n50 deleted the alonso/merkle_gate_signed branch October 8, 2025 08:59
@github-project-automation github-project-automation bot moved this from Ready to be merged to Done in Plonky3 Recursion Oct 8, 2025
@sai-deng sai-deng mentioned this pull request Oct 9, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Nashtare Nashtare Nashtare left review comments

@sai-deng sai-deng sai-deng approved these changes

@hratoanina hratoanina Awaiting requested review from hratoanina

@LindaGuiga LindaGuiga Awaiting requested review from LindaGuiga

Assignees

@4l0n50 4l0n50

Labels

None yet

Projects

Plonky3 Recursion
Status: Done

Milestone

Verifier primitives

Development

Successfully merging this pull request may close these issues.

Add a MerkleVerify gate

5 participants

@4l0n50 @Nashtare @sai-deng @LindaGuiga