diff --git a/air/src/options.rs b/air/src/options.rs index 4466737fd..e0cd7062c 100644 --- a/air/src/options.rs +++ b/air/src/options.rs @@ -289,8 +289,9 @@ impl ProofOptions { } impl ToElements for ProofOptions { + /// Encodes these proof options into 3 field elements. fn to_elements(&self) -> Vec { - // encode field extension and FRI parameters into a single field element + // encode field extension, FRI parameters, and blowup factor into a single field element let mut buf = self.field_extension as u32; buf = (buf << 8) | self.fri_folding_factor as u32; buf = (buf << 8) | self.fri_remainder_max_degree as u32; @@ -592,7 +593,7 @@ mod tests { fri_folding_factor as usize, fri_remainder_max_degree as usize, BatchingMethod::Linear, - BatchingMethod::Linear, + BatchingMethod::Algebraic, ); let options_serialized = options.to_bytes(); diff --git a/air/src/proof/context.rs b/air/src/proof/context.rs index f9c55f2c5..0b8bc6de6 100644 --- a/air/src/proof/context.rs +++ b/air/src/proof/context.rs @@ -106,12 +106,16 @@ impl ToElements for Context { /// Converts this [Context] into a vector of field elements. /// /// The elements are laid out as follows: - /// - trace info [2 or more elements]. + /// - trace info: + /// - trace segment widths and the number of aux random values [1 element]. + /// - trace length [1 element]. + /// - trace metadata [0 or more elements]. /// - field modulus bytes [2 field elements]. - /// - field extension and FRI parameters [1 element]. - /// - grinding factor [1 element]. - /// - blowup factor [1 element]. - /// - number of queries [1 element]. + /// - number of constraints (1 element). + /// - proof options: + /// - field extension, FRI parameters, and grinding factor [1 element]. + /// - blowup factor [1 element]. + /// - number of queries [1 element]. fn to_elements(&self) -> Vec { // convert trace layout let mut result = self.trace_info.to_elements(); diff --git a/air/src/proof/mod.rs b/air/src/proof/mod.rs index 593c7e675..967fe4fde 100644 --- a/air/src/proof/mod.rs +++ b/air/src/proof/mod.rs @@ -115,14 +115,14 @@ impl Proof { // polynomials. let num_trace_polys = self.context.trace_info().width(); let num_constraint_composition_polys = self.options().blowup_factor(); - let num_polys = num_trace_polys + num_constraint_composition_polys; + let num_committed_polys = num_trace_polys + num_constraint_composition_polys; ProvenSecurity::compute( self.context.options(), self.context.num_modulus_bits(), self.trace_info().length(), H::COLLISION_RESISTANCE, num_constraints, - num_polys, + num_committed_polys, ) } diff --git a/air/src/proof/security.rs b/air/src/proof/security.rs index d280d88dc..c2c62176f 100644 --- a/air/src/proof/security.rs +++ b/air/src/proof/security.rs @@ -80,7 +80,7 @@ impl ProvenSecurity { trace_domain_size: usize, collision_resistance: u32, num_constraints: usize, - num_polys: usize, + num_committed_polys: usize, ) -> Self { let unique_decoding = cmp::min( proven_security_protocol_unique_decoding( @@ -88,7 +88,7 @@ impl ProvenSecurity { base_field_bits, trace_domain_size, num_constraints, - num_polys, + num_committed_polys, ), collision_resistance as u64, ) as u32; @@ -106,7 +106,7 @@ impl ProvenSecurity { trace_domain_size, a as usize, num_constraints, - num_polys, + num_committed_polys, ) }) .expect( @@ -120,7 +120,7 @@ impl ProvenSecurity { trace_domain_size, m_optimal as usize, num_constraints, - num_polys, + num_committed_polys, ), collision_resistance as u64, ) as u32; @@ -153,7 +153,7 @@ fn proven_security_protocol_for_given_proximity_parameter( trace_domain_size: usize, m: usize, num_constraints: usize, - num_polys: usize, + num_committed_polys: usize, ) -> u64 { let extension_field_bits = (base_field_bits * options.field_extension().degree()) as f64; let num_fri_queries = options.num_queries() as f64; @@ -199,7 +199,7 @@ fn proven_security_protocol_for_given_proximity_parameter( // comparison. N is the number of batched polynomials. let batching_factor = match options.deep_poly_batching_method() { BatchingMethod::Linear => 1.0, - BatchingMethod::Algebraic => num_polys as f64 - 1.0, + BatchingMethod::Algebraic => num_committed_polys as f64 - 1.0, }; let epsilon_3_bits_neg = extension_field_bits - log2( @@ -225,7 +225,7 @@ fn proven_security_protocol_unique_decoding( base_field_bits: u32, trace_domain_size: usize, num_constraints: usize, - num_polys: usize, + num_committed_polys: usize, ) -> u64 { let extension_field_bits = (base_field_bits * options.field_extension().degree()) as f64; let num_fri_queries = options.num_queries() as f64; @@ -263,7 +263,7 @@ fn proven_security_protocol_unique_decoding( // being batched. let batching_factor = match options.deep_poly_batching_method() { BatchingMethod::Linear => 1.0, - BatchingMethod::Algebraic => num_polys as f64 - 1.0, + BatchingMethod::Algebraic => num_committed_polys as f64 - 1.0, }; let epsilon_3_bits_neg = extension_field_bits - log2(lde_domain_size * batching_factor); epsilons_bits_neg.push(epsilon_3_bits_neg); @@ -366,7 +366,7 @@ mod tests { let num_queries = 119; let collision_resistance = 128; let trace_length = 2_usize.pow(20); - let num_polys = 2; + let num_committed_polys = 2; let num_constraints = 100; let mut options = ProofOptions::new( @@ -385,7 +385,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(unique_decoding, 100); @@ -410,7 +410,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(list_decoding, 69); @@ -436,7 +436,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(list_decoding, 100); @@ -453,7 +453,7 @@ mod tests { let num_queries = 123; let collision_resistance = 128; let trace_length = 2_usize.pow(8); - let num_polys = 2; + let num_committed_polys = 2; let num_constraints = 100; let mut options = ProofOptions::new( @@ -472,7 +472,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(unique_decoding, 116); @@ -494,7 +494,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(unique_decoding, 115); @@ -511,7 +511,7 @@ mod tests { let num_queries = 195; let collision_resistance = 128; let trace_length = 2_usize.pow(8); - let num_polys = 2; + let num_committed_polys = 2; let num_constraints = 100; let mut options = ProofOptions::new( @@ -530,7 +530,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(unique_decoding, 100); @@ -559,7 +559,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(list_decoding, 100); @@ -585,7 +585,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(unique_decoding, 100); @@ -610,7 +610,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(list_decoding, 100); @@ -627,7 +627,7 @@ mod tests { let num_queries = 80; let collision_resistance = 128; let trace_length = 2_usize.pow(18); - let num_polys = 2; + let num_committed_polys = 2; let num_constraints = 100; let mut options = ProofOptions::new( @@ -646,7 +646,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(list_decoding, 99); @@ -671,7 +671,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(list_decoding, 99); @@ -688,7 +688,7 @@ mod tests { let num_queries = 85; let collision_resistance = 128; let trace_length = 2_usize.pow(18); - let num_polys = 2; + let num_committed_polys = 2; let num_constraints = 100; let mut options = ProofOptions::new( @@ -707,7 +707,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(list_decoding, 128); @@ -732,7 +732,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(list_decoding, 128); @@ -749,7 +749,7 @@ mod tests { let num_queries = 85; let collision_resistance = 128; let trace_length = 2_usize.pow(18); - let num_polys = 2; + let num_committed_polys = 2; let num_constraints = 100; let mut options = ProofOptions::new( @@ -768,7 +768,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(list_decoding, 70); @@ -793,7 +793,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(list_decoding, 128); @@ -810,7 +810,7 @@ mod tests { let num_queries = 80; let collision_resistance = 128; let trace_length = 2_usize.pow(20); - let num_polys = 2; + let num_committed_polys = 2; let num_constraints = 100; let mut options = ProofOptions::new( @@ -832,7 +832,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); let trace_length = 2_usize.pow(16); @@ -856,7 +856,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert!(security_1 < security_2); @@ -873,7 +873,7 @@ mod tests { let num_queries = 60; let collision_resistance = 128; let trace_length = 2_usize.pow(20); - let num_polys = 2; + let num_committed_polys = 2; let num_constraints = 100; let mut options = ProofOptions::new( @@ -895,7 +895,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); let num_queries = 80; @@ -919,7 +919,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert!(security_1 < security_2); @@ -936,7 +936,7 @@ mod tests { let num_queries = 30; let collision_resistance = 128; let trace_length = 2_usize.pow(20); - let num_polys = 2; + let num_committed_polys = 2; let num_constraints = 100; let mut options = ProofOptions::new( @@ -958,7 +958,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); let blowup_factor = 16; @@ -982,7 +982,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert!(security_1 < security_2); @@ -999,7 +999,7 @@ mod tests { let num_queries = 120; let collision_resistance = 128; let trace_length = 2_usize.pow(16); - let num_polys = 1 << 1; + let num_committed_polys = 1 << 1; let num_constraints = 100; let mut options = ProofOptions::new( @@ -1021,7 +1021,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_1, 106); @@ -1029,7 +1029,7 @@ mod tests { // when the FRI batching error is not largest when compared to the other soundness error // terms, increasing the number of committed polynomials might not lead to a degradation // in the round-by-round soundness of the protocol - let num_polys = 1 << 2; + let num_committed_polys = 1 << 2; options = ProofOptions::new( num_queries, blowup_factor, @@ -1049,13 +1049,13 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_2, 106); // but after a certain point, there will be a degradation - let num_polys = 1 << 5; + let num_committed_polys = 1 << 5; options = ProofOptions::new( num_queries, blowup_factor, @@ -1075,14 +1075,14 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_2, 104); // and this degradation is on the order of log2(N - 1) where N is the number of // committed polynomials - let num_polys = num_polys << 3; + let num_committed_polys = num_committed_polys << 3; options = ProofOptions::new( num_queries, blowup_factor, @@ -1102,7 +1102,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_2, 101); @@ -1119,7 +1119,7 @@ mod tests { let num_queries = 120; let collision_resistance = 128; let trace_length = 2_usize.pow(22); - let num_polys = 1 << 1; + let num_committed_polys = 1 << 1; let num_constraints = 100; let mut options = ProofOptions::new( @@ -1141,7 +1141,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_1, 126); @@ -1149,8 +1149,8 @@ mod tests { // increasing the number of committed polynomials might lead to a degradation // in the round-by-round soundness of the protocol on the order of log2(N - 1) where // N is the number of committed polynomials. This happens when the FRI batching error - // is the largest among all erros - let num_polys = 1 << 8; + // is the largest among all errors + let num_committed_polys = 1 << 8; options = ProofOptions::new( num_queries, blowup_factor, @@ -1170,7 +1170,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_2, 118); @@ -1187,7 +1187,7 @@ mod tests { let num_queries = 120; let collision_resistance = 128; let trace_length = 2_usize.pow(16); - let num_polys = 1 << 1; + let num_committed_polys = 1 << 1; let num_constraints = 100; let mut options = ProofOptions::new( @@ -1209,7 +1209,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_1, 108); @@ -1237,7 +1237,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_2, 108); @@ -1263,7 +1263,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_2, 107); @@ -1290,7 +1290,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_2, 105); @@ -1307,7 +1307,7 @@ mod tests { let num_queries = 120; let collision_resistance = 128; let trace_length = 2_usize.pow(22); - let num_polys = 1 << 1; + let num_committed_polys = 1 << 1; let num_constraints = 100; let mut options = ProofOptions::new( @@ -1329,7 +1329,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_1, 126); @@ -1357,7 +1357,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_2, 126); @@ -1383,7 +1383,7 @@ mod tests { trace_length, collision_resistance, num_constraints, - num_polys, + num_committed_polys, ); assert_eq!(security_3, 125);