search

a16z / jolt

The simplest and most extensible zkVM. Fast and fully open source from a16z crypto and friends. ⚡
https://jolt.a16zcrypto.com
MIT License
673 stars 143 forks source link

Refactor Spartan commitments #213

Closed sragss closed 7 months ago

sragss commented 7 months ago

The circuit accepts commitments / witness segments of length padded_trace_len in the following format:

        1. io   [PC_0, step_counter_0, PC_1, step_counter_1, ...., PC_{padded_trace_len}, step_counter_{padded_trace_len}]
        2. bytecode_a
        3. bytecode_v (5 tuple poly)
        4. packed_flags
        5. memreg_a_rw
        6. memreg_v_reads
        7. chunks_x
        8. chunks_y
        9. chunks_query
        10. lookup_outputs
        11. circuit_flags
        12. aux

This PR makes this explicit through the use of wrapper types R1CSInputs which will transform to the relevant shapes within snark.rs. Additionally this pulls the commitments exclusively used by R1CS out into R1CSUniqueCommitments and formats the existing JoltCommitments with R1CSUniqueCommitments using R1CSProof::format_commitments(...).

sragss commented 7 months ago

~Still need to pull packed_flags out of bytecode_v and resolve with upstream.~ Handled.

sragss commented 7 months ago

There is also a tight relationship between R1CSInputs::clone_to_stepwise / R1CSInputs::clone_to_trace_len_chunks / R1CSProof::format_commitments now that should be enshrined either through collocation or a unit test. Plus likely some wiki documentation.