feat: FFLONK (#58)

Co-authored-by: Robert Remen <[email protected]>

Cargo.toml

@@ -6,7 +6,7 @@ resolver = "2"
 
 [workspace.package]
 # All the packages in the workspace should have the same version
-version = "0.30.11"
+version = "0.30.9"
 edition = "2021"
 authors = ["The Matter Labs Team <[email protected]>"]
 homepage = "https://zksync.io/"
@@ -17,17 +17,17 @@ categories = ["cryptography"]
 
 [workspace.dependencies]
 # Local dependencies
-bellman = { version = "=0.30.11", path = "crates/bellman", package = "zksync_bellman" }
-boojum = { version = "=0.30.11", path = "crates/boojum" }
-zksync_solidity_vk_codegen = { version = "=0.30.11", path = "crates/codegen" }
-codegen-bin = { version = "=0.30.11", path = "crates/codegen-bin" }
-cs_derive = { version = "=0.30.11", path = "crates/cs_derive", package = "zksync_cs_derive" }
-ff = { version = "=0.30.11", path = "crates/ff", package = "zksync_ff" }
-ff_derive = { version = "=0.30.11", path = "crates/ff_derive", package = "zksync_ff_derive" }
-franklin-crypto = { version = "=0.30.11", path = "crates/franklin-crypto" }
-pairing = { version = "=0.30.11", path = "crates/pairing", package = "zksync_pairing" }
-rescue_poseidon = { version = "=0.30.11", path = "crates/rescue-poseidon" }
-snark_wrapper = { version = "=0.30.11", path = "crates/snark-wrapper" }
+bellman = { version = "=0.30.9", path = "crates/bellman", package = "zksync_bellman" }
+boojum = { version = "=0.30.9", path = "crates/boojum" }
+zksync_solidity_vk_codegen = { version = "=0.30.9", path = "crates/codegen" }
+codegen-bin = { version = "=0.30.9", path = "crates/codegen-bin" }
+cs_derive = { version = "=0.30.9", path = "crates/cs_derive", package = "zksync_cs_derive" }
+ff = { version = "=0.30.9", path = "crates/ff", package = "zksync_ff" }
+ff_derive = { version = "=0.30.9", path = "crates/ff_derive", package = "zksync_ff_derive" }
+franklin-crypto = { version = "=0.30.9", path = "crates/franklin-crypto" }
+pairing = { version = "=0.30.9", path = "crates/pairing", package = "zksync_pairing" }
+rescue_poseidon = { version = "=0.30.9", path = "crates/rescue-poseidon" }
+snark_wrapper = { version = "=0.30.9", path = "crates/snark-wrapper" }
 
 [profile.release]
 debug = true

crates/boojum/src/cs/implementations/prover.rs

@@ -2111,11 +2111,9 @@ impl<
 
             let now = std::time::Instant::now();
 
+            const SEED_BITS: usize = 256;
             // pull enough challenges from the transcript
-            let mut num_challenges = 256 / F::CHAR_BITS;
-            if num_challenges % F::CHAR_BITS != 0 {
-                num_challenges += 1;
-            }
+            let num_challenges = SEED_BITS.next_multiple_of(F::CHAR_BITS) / F::CHAR_BITS;
             let challenges = transcript.get_multiple_challenges(num_challenges);
             let pow_challenge = POW::run_from_field_elements(challenges, new_pow_bits, worker);
 

crates/boojum/src/cs/implementations/verifier.rs

@@ -1958,11 +1958,9 @@ impl<F: SmallField, EXT: FieldExtension<2, BaseField = F>> Verifier<F, EXT> {
             log!("Doing PoW verification for {} bits", new_pow_bits);
             log!("Prover gave challenge 0x{:016x}", proof.pow_challenge);
 
+            const SEED_BITS: usize = 256;
             // pull enough challenges from the transcript
-            let mut num_challenges = 256 / F::CHAR_BITS;
-            if num_challenges % F::CHAR_BITS != 0 {
-                num_challenges += 1;
-            }
+            let num_challenges = SEED_BITS.next_multiple_of(F::CHAR_BITS) / F::CHAR_BITS;
             let challenges = transcript.get_multiple_challenges(num_challenges);
             let pow_challenge = proof.pow_challenge;
 

crates/boojum/src/gadgets/recursion/recursive_verifier.rs

@@ -1493,11 +1493,9 @@ impl<F: SmallField, EXT: FieldExtension<2, BaseField = F>, CS: ConstraintSystem<
             log!("Doing PoW verification for {} bits", new_pow_bits);
             // log!("Prover gave challenge 0x{:016x}", proof.pow_challenge);
 
+            const SEED_BITS: usize = 256;
             // pull enough challenges from the transcript
-            let mut num_challenges = 256 / F::CHAR_BITS;
-            if num_challenges % F::CHAR_BITS != 0 {
-                num_challenges += 1;
-            }
+            let num_challenges = SEED_BITS.next_multiple_of(F::CHAR_BITS) / F::CHAR_BITS;
             let _challenges: Vec<_> = transcript.get_multiple_challenges(cs, num_challenges);
 
             todo!()

crates/franklin-crypto/src/plonk/circuit/goldilocks/mod.rs

@@ -47,8 +47,6 @@ impl<E: Engine> Hash for GoldilocksField<E> {
 }
 
 pub fn range_check_for_num_bits<E: Engine, CS: ConstraintSystem<E>>(cs: &mut CS, num: &Num<E>, num_bits: usize) -> Result<(), SynthesisError> {
-    assert!(num_bits % 16 == 0);
-
     if let Num::Constant(value) = num {
         for el in value.into_repr().as_ref().iter().skip(1) {
             assert_eq!(0, *el)

crates/snark-wrapper/src/verifier/fri.rs

@@ -37,11 +37,9 @@ pub(crate) fn verify_fri_part<
     transcript.witness_field_elements(cs, &proof.final_fri_monomials[1])?;
 
     if constants.new_pow_bits != 0 {
+        const SEED_BITS: usize = 256;
         // pull enough challenges from the transcript
-        let mut num_challenges = 256 / GL::CHAR_BITS;
-        if num_challenges % GL::CHAR_BITS != 0 {
-            num_challenges += 1;
-        }
+        let num_challenges = SEED_BITS.next_multiple_of(GL::CHAR_BITS) / GL::CHAR_BITS;
         let challenges: Vec<_> = transcript.get_multiple_challenges(cs, num_challenges as usize)?;
         let (is_valid, pow_challenge_limbs) = POW::verify_from_field_elements(cs, challenges, proof.pow_challenge_le, constants.new_pow_bits)?;
         match is_valid.get_value() {