Parallel circuits GKR

air/Cargo.toml

@@ -25,6 +25,7 @@ fri = { version = "0.9", path = "../fri", package = "winter-fri", default-featur
 libm = "0.2.8"
 math = { version = "0.9", path = "../math", package = "winter-math", default-features = false }
 utils = { version = "0.9", path = "../utils/core", package = "winter-utils", default-features = false }
+libc-print = "0.1.23"
 
 [dev-dependencies]
 rand-utils = { version = "0.9", path = "../utils/rand", package = "winter-rand-utils" }

air/src/air/logup_gkr/lagrange/transition.rs

@@ -62,6 +62,9 @@ impl<E: FieldElement> LagrangeKernelTransitionConstraints<E> {
         let c = lagrange_kernel_column_frame;
         let v = c.num_rows() - 1;
         let r = lagrange_kernel_rand_elements;
+        // TODO: avoid reverse()
+        let mut r = r.to_vec();
+        r.reverse();
         let k = constraint_idx + 1;
 
         (r[v - k] * c[0]) - ((E::ONE - r[v - k]) * c[v - k + 1])
@@ -130,6 +133,9 @@ impl<E: FieldElement> LagrangeKernelTransitionConstraints<E> {
         let c = lagrange_kernel_column_frame;
         let v = c.num_rows() - 1;
         let r = lagrange_kernel_rand_elements;
+        // TODO: avoid reverse()
+        let mut r = r.to_vec();
+        r.reverse();
 
         for k in 1..v + 1 {
             transition_evals[k - 1] = (r[v - k] * c[0]) - ((E::ONE - r[v - k]) * c[v - k + 1]);

air/src/air/logup_gkr/mod.rs

@@ -109,25 +109,33 @@ pub trait LogUpGkrEvaluator: Clone + Sync {
     /// [1]: https://eprint.iacr.org/2023/1284
     fn generate_univariate_iop_for_multi_linear_opening_data<E, H>(
         &self,
-        openings: Vec<E>,
+        openings: Vec<Vec<E>>,
         eval_point: Vec<E>,
         public_coin: &mut impl RandomCoin<Hasher = H, BaseField = E::BaseField>,
     ) -> GkrData<E>
     where
         E: FieldElement<BaseField = Self::BaseField>,
         H: ElementHasher<BaseField = E::BaseField>,
     {
+        let openings: Vec<E> =
+            openings[0].clone().chunks(2).flat_map(|ops| [ops[0], ops[1]]).collect();
         public_coin.reseed(H::hash_elements(&openings));
 
+        let folding_randomness: E = public_coin.draw().expect("failed to generate randomness");
+        let batched_openings: Vec<E> =
+            openings.chunks(2).map(|p| p[0] + folding_randomness * (p[1] - p[0])).collect();
+
         let mut batching_randomness = Vec::with_capacity(openings.len() - 1);
         for _ in 0..openings.len() - 1 {
             batching_randomness.push(public_coin.draw().expect("failed to generate randomness"))
         }
+        let mut eval_point = eval_point;
+        eval_point.push(folding_randomness);
 
         GkrData::new(
             LagrangeKernelRandElements::new(eval_point),
             batching_randomness,
-            openings,
+            batched_openings,
             self.get_oracles().to_vec(),
         )
     }
@@ -156,7 +164,7 @@ pub trait LogUpGkrEvaluator: Clone + Sync {
     /// Returns the periodic values used in the LogUp-GKR statement, either as base field element
     /// during circuit evaluation or as extension field element during the run of sum-check for
     /// the input layer.
-    fn build_periodic_values<E>(&self) -> PeriodicTable<E>
+    fn build_periodic_values<E>(&self, num_rows: usize) -> PeriodicTable<E>
     where
         E: FieldElement<BaseField = Self::BaseField>,
     {
@@ -166,7 +174,7 @@ pub trait LogUpGkrEvaluator: Clone + Sync {
             .map(|values| values.iter().map(|x| E::from(*x)).collect())
             .collect();
 
-        PeriodicTable { table }
+        PeriodicTable { table, num_rows }
     }
 }
 
@@ -264,16 +272,17 @@ pub enum LogUpGkrOracle {
 #[derive(Clone, Debug, Default, PartialEq, PartialOrd, Eq, Ord)]
 pub struct PeriodicTable<E: FieldElement> {
     pub table: Vec<Vec<E>>,
+    pub num_rows: usize,
 }
 
 impl<E> PeriodicTable<E>
 where
     E: FieldElement,
 {
-    pub fn new(table: Vec<Vec<E::BaseField>>) -> Self {
+    pub fn new(table: Vec<Vec<E::BaseField>>, num_rows: usize) -> Self {
         let table = table.iter().map(|col| col.iter().map(|x| E::from(*x)).collect()).collect();
 
-        Self { table }
+        Self { table, num_rows }
     }
 
     pub fn num_columns(&self) -> usize {
@@ -293,13 +302,14 @@ where
 
     pub fn bind_least_significant_variable(&mut self, round_challenge: E) {
         for col in self.table.iter_mut() {
-            if col.len() > 1 {
+            if col.len() > 1 && self.num_rows <= col.len() {
                 let num_evals = col.len() >> 1;
                 for i in 0..num_evals {
-                    col[i] = col[i << 1] + round_challenge * (col[(i << 1) + 1] - col[i << 1]);
+                    col[i] = col[i] + round_challenge * (col[i + num_evals] - col[i]);
                 }
                 col.truncate(num_evals)
             }
         }
+        self.num_rows /= 2;
     }
 }

examples/src/lib.rs

@@ -9,10 +9,10 @@ use winterfell::{
     math::fields::f128::BaseElement,
     FieldExtension, Proof, ProofOptions, VerifierError,
 };
-
 pub mod fibonacci;
 #[cfg(feature = "std")]
 pub mod lamport;
+pub mod logup_gkr;
 #[cfg(feature = "std")]
 pub mod merkle;
 pub mod rescue;
@@ -198,6 +198,12 @@ pub enum ExampleType {
         #[structopt(short = "n", default_value = "3")]
         num_signers: usize,
     },
+    /// LogUp-GKR
+    LogUpGkr {
+        /// Length of the trace; must be a power of two
+        #[structopt(short = "n", default_value = "65536")]
+        trace_length: usize,
+    },
 }
 
 /// Defines a set of hash functions available for the provided examples. Some examples may not

examples/src/logup_gkr/air.rs

@@ -0,0 +1,172 @@
+// Copyright (c) Facebook, Inc. and its affiliates.
+//
+// This source code is licensed under the MIT license found in the
+// LICENSE file in the root directory of this source tree.
+
+use std::marker::PhantomData;
+
+use winterfell::{
+    math::{fields::f64::BaseElement, ExtensionOf, FieldElement, StarkField},
+    Air, AirContext, Assertion, AuxRandElements, EvaluationFrame, LogUpGkrEvaluator,
+    LogUpGkrOracle, TraceInfo, TransitionConstraintDegree,
+};
+
+use super::ProofOptions;
+
+pub const NUM_FRACTIONS: usize = 64;
+
+pub(crate) struct LogUpGkrSimpleAir {
+    context: AirContext<BaseElement, ()>,
+}
+
+impl Air for LogUpGkrSimpleAir {
+    type BaseField = BaseElement;
+    type PublicInputs = ();
+
+    fn new(trace_info: TraceInfo, _pub_inputs: Self::PublicInputs, options: ProofOptions) -> Self {
+        Self {
+            context: AirContext::new_multi_segment(
+                trace_info,
+                _pub_inputs,
+                vec![TransitionConstraintDegree::new(1)],
+                vec![],
+                1,
+                0,
+                options,
+            ),
+        }
+    }
+
+    fn context(&self) -> &AirContext<Self::BaseField, ()> {
+        &self.context
+    }
+
+    fn evaluate_transition<E: FieldElement<BaseField = Self::BaseField>>(
+        &self,
+        frame: &EvaluationFrame<E>,
+        _periodic_values: &[E],
+        result: &mut [E],
+    ) {
+        let current = frame.current()[0];
+        let next = frame.next()[0];
+
+        // increments by 1
+        result[0] = next - current - E::ONE;
+    }
+
+    fn get_assertions(&self) -> Vec<Assertion<Self::BaseField>> {
+        vec![Assertion::single(0, 0, BaseElement::ZERO)]
+    }
+
+    fn evaluate_aux_transition<F, E>(
+        &self,
+        _main_frame: &EvaluationFrame<F>,
+        _aux_frame: &EvaluationFrame<E>,
+        _periodic_values: &[F],
+        _aux_rand_elements: &AuxRandElements<E>,
+        _result: &mut [E],
+    ) where
+        F: FieldElement<BaseField = Self::BaseField>,
+        E: FieldElement<BaseField = Self::BaseField> + ExtensionOf<F>,
+    {
+        // do nothing
+    }
+
+    fn get_aux_assertions<E: FieldElement<BaseField = Self::BaseField>>(
+        &self,
+        _aux_rand_elements: &AuxRandElements<E>,
+    ) -> Vec<Assertion<E>> {
+        vec![]
+    }
+
+    fn get_logup_gkr_evaluator(
+        &self,
+    ) -> impl LogUpGkrEvaluator<BaseField = Self::BaseField, PublicInputs = Self::PublicInputs>
+    {
+        PlainLogUpGkrEval::new()
+    }
+}
+
+#[derive(Clone, Default)]
+pub struct PlainLogUpGkrEval<B: FieldElement + StarkField> {
+    oracles: Vec<LogUpGkrOracle>,
+    _field: PhantomData<B>,
+}
+
+impl<B: FieldElement + StarkField> PlainLogUpGkrEval<B> {
+    pub fn new() -> Self {
+        let committed_0 = LogUpGkrOracle::CurrentRow(0);
+        let committed_1 = LogUpGkrOracle::CurrentRow(1);
+        let committed_2 = LogUpGkrOracle::CurrentRow(2);
+        let committed_3 = LogUpGkrOracle::CurrentRow(3);
+        let committed_4 = LogUpGkrOracle::CurrentRow(4);
+        let oracles = vec![committed_0, committed_1, committed_2, committed_3, committed_4];
+        Self { oracles, _field: PhantomData }
+    }
+}
+
+impl LogUpGkrEvaluator for PlainLogUpGkrEval<BaseElement> {
+    type BaseField = BaseElement;
+
+    type PublicInputs = ();
+
+    fn get_oracles(&self) -> &[LogUpGkrOracle] {
+        &self.oracles
+    }
+
+    fn get_num_rand_values(&self) -> usize {
+        1
+    }
+
+    fn get_num_fractions(&self) -> usize {
+        NUM_FRACTIONS
+    }
+
+    fn max_degree(&self) -> usize {
+        10
+    }
+
+    fn build_query<E>(&self, frame: &EvaluationFrame<E>, query: &mut [E])
+    where
+        E: FieldElement<BaseField = Self::BaseField>,
+    {
+        query.iter_mut().zip(frame.current().iter()).for_each(|(q, f)| *q = *f)
+    }
+
+    fn evaluate_query<F, E>(
+        &self,
+        query: &[F],
+        _periodic_values: &[F],
+        rand_values: &[E],
+        numerator: &mut [E],
+        denominator: &mut [E],
+    ) where
+        F: FieldElement<BaseField = Self::BaseField>,
+        E: FieldElement<BaseField = Self::BaseField> + ExtensionOf<F>,
+    {
+        assert_eq!(numerator.len(), self.get_num_fractions());
+        assert_eq!(denominator.len(), self.get_num_fractions());
+        assert_eq!(query.len(), 5);
+
+        for i in (0..self.get_num_fractions()).step_by(4) {
+            numerator[i] = E::from(query[1]);
+            numerator[i + 1] = E::ONE;
+            numerator[i + 2] = E::ONE;
+            numerator[i + 3] = E::ONE;
+        }
+
+        for i in (0..self.get_num_fractions()).step_by(4) {
+            denominator[i] = rand_values[0] - E::from(query[0]);
+            denominator[i + 1] = -(rand_values[0] - E::from(query[2]));
+            denominator[i + 2] = -(rand_values[0] - E::from(query[3]));
+            denominator[i + 3] = -(rand_values[0] - E::from(query[4]));
+        }
+    }
+
+    fn compute_claim<E>(&self, _inputs: &Self::PublicInputs, _rand_values: &[E]) -> E
+    where
+        E: FieldElement<BaseField = Self::BaseField>,
+    {
+        E::ZERO
+    }
+}