Add BlakeGGate AIR component with full prove+verify

Integrates the auto-generated BlakeGGate into the circuit prover:
- BlakeGGate added to ComponentList, CircuitComponents, trace writing,
  interaction trace, statement, and prover
- Preprocessed column IDs renamed to match the AIR
  (blake_g_gate_input_addr_a/b/c/d/f0/f1, blake_g_gate_output_addr_a/b/c/d,
  blake_g_gate_multiplicity)
- Padding for blake_g gates in finalize_context
- Full prove+verify test (test_prove_and_stark_verify_blake_g_gate_context)
- Updated FIBONACCI_CIRCUIT_PREPROCESSED_ROOT for N_COMPONENTS=18

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: alon-f

_typos.toml

@@ -1,6 +1,9 @@
 [files]
 extend-exclude = [
     "crates/cairo_air/src/components/",
+    "crates/circuit_air/src/circuit_eval_components/",
+    "crates/circuit_air/src/components/",
+    "crates/circuit_prover/src/witness/components/",
     "test_data/privacy/privacy_simple_bootloader_compiled.json",
 ]
 [default.extend-words]

crates/cairo_air/src/privacy.rs

@@ -21,7 +21,7 @@ pub const PRIVACY_CAIRO_VERIFIER_CONSTS_HASH: [u32; 8] =
     [628232622, 595225213, 313313883, 84916707, 1055901365, 2035362632, 1591192737, 169200];
 
 pub const PRIVACY_RECURSION_CIRCUIT_CONSTS_HASH: [u32; 8] =
-    [265232987, 822253498, 1042354533, 1199589796, 811253900, 1354313564, 985444759, 349528097];
+    [1113069059, 1898251533, 1233855572, 2065402037, 43826136, 1485963904, 73733830, 1152555881];
 
 pub const PRIVACY_RECURSION_CIRCUIT_PREPROCESSED_ROOT: [u32; 8] =
     [736666193, 671587538, 1100540541, 1401951855, 202000446, 1284259076, 1586213897, 825089717];

crates/cairo_air/src/privacy_test.rs

@@ -314,5 +314,5 @@ fn test_privacy_proof_info() {
     let proof_info = ProofInfo::from_config(&proof_config);
     println!("{proof_info}");
     // Assert the total size in bytes.
-    assert_eq!(proof_info.total_bytes(), 344348);
+    assert_eq!(proof_info.total_bytes(), 373140);
 }

crates/circuit_air/src/circuit_eval_components/m_31_to_u_32.rs

@@ -4,14 +4,8 @@ pub const N_TRACE_COLUMNS: usize = 4;
 pub const N_INTERACTION_COLUMNS: usize = 12;
 
 pub const RELATION_USES_PER_ROW: [RelationUse; 2] = [
-    RelationUse {
-        relation_id: "Gate",
-        uses: 1,
-    },
-    RelationUse {
-        relation_id: "RangeCheck_16",
-        uses: 3,
-    },
+    RelationUse { relation_id: "Gate", uses: 1 },
+    RelationUse { relation_id: "RangeCheck_16", uses: 3 },
 ];
 
 #[allow(unused_variables)]
@@ -23,44 +17,31 @@ pub fn accumulate_constraints<Value: IValue>(
 ) {
     let [input_m31_col0, input_u32_limb_0_col1, input_u32_limb_1_col2, inv_or_one_col3] =
         input.try_into().unwrap();
-    let m31_to_u32_input_addr = acc.get_preprocessed_column(&PreProcessedColumnId {
-        id: "m31_to_u32_input_addr".to_owned(),
-    });
+    let m31_to_u32_input_addr = acc
+        .get_preprocessed_column(&PreProcessedColumnId { id: "m31_to_u32_input_addr".to_owned() });
     let m31_to_u32_multiplicity = acc.get_preprocessed_column(&PreProcessedColumnId {
         id: "m31_to_u32_multiplicity".to_owned(),
     });
-    let m31_to_u32_output_addr = acc.get_preprocessed_column(&PreProcessedColumnId {
-        id: "m31_to_u32_output_addr".to_owned(),
-    });
+    let m31_to_u32_output_addr = acc
+        .get_preprocessed_column(&PreProcessedColumnId { id: "m31_to_u32_output_addr".to_owned() });
     // Use RangeCheck_16.
-    let tuple_0 = &[
-        eval!(context, 1008385708),
-        eval!(context, input_u32_limb_0_col1),
-    ];
+    let tuple_0 = &[eval!(context, 1008385708), eval!(context, input_u32_limb_0_col1)];
     let numerator_0 = eval!(context, 1);
     acc.add_to_relation(context, numerator_0, tuple_0);
 
     // Use RangeCheck_16.
-    let tuple_1 = &[
-        eval!(context, 1008385708),
-        eval!(context, input_u32_limb_1_col2),
-    ];
+    let tuple_1 = &[eval!(context, 1008385708), eval!(context, input_u32_limb_1_col2)];
     let numerator_1 = eval!(context, 1);
     acc.add_to_relation(context, numerator_1, tuple_1);
 
     // Use RangeCheck_16.
-    let tuple_2 = &[
-        eval!(context, 1008385708),
-        eval!(context, (32767) - (input_u32_limb_1_col2)),
-    ];
+    let tuple_2 = &[eval!(context, 1008385708), eval!(context, (32767) - (input_u32_limb_1_col2))];
     let numerator_2 = eval!(context, 1);
     acc.add_to_relation(context, numerator_2, tuple_2);
 
     //input is zero then limb_low is zero.
-    let constraint_3_value = eval!(
-        context,
-        (((input_m31_col0) * (inv_or_one_col3)) - (1)) * (input_u32_limb_0_col1)
-    );
+    let constraint_3_value =
+        eval!(context, (((input_m31_col0) * (inv_or_one_col3)) - (1)) * (input_u32_limb_0_col1));
     acc.add_constraint(context, constraint_3_value);
 
     //input reconstruction.
@@ -164,24 +145,16 @@ mod tests {
         ];
         let preprocessed_columns = HashMap::from([
             (
-                PreProcessedColumnId {
-                    id: "m31_to_u32_input_addr".to_owned(),
-                },
+                PreProcessedColumnId { id: "m31_to_u32_input_addr".to_owned() },
                 context.constant(qm31_from_u32s(15668215, 1851966168, 874056991, 2075313468)),
             ),
             (
-                PreProcessedColumnId {
-                    id: "m31_to_u32_output_addr".to_owned(),
-                },
+                PreProcessedColumnId { id: "m31_to_u32_output_addr".to_owned() },
                 context.constant(qm31_from_u32s(701904311, 1125291129, 1904795215, 38357025)),
             ),
             (
-                PreProcessedColumnId {
-                    id: "m31_to_u32_multiplicity".to_owned(),
-                },
-                context.constant(qm31_from_u32s(
-                    1979029033, 1524573277, 1930122227, 1490762084,
-                )),
+                PreProcessedColumnId { id: "m31_to_u32_multiplicity".to_owned() },
+                context.constant(qm31_from_u32s(1979029033, 1524573277, 1930122227, 1490762084)),
             ),
         ]);
         let public_params = HashMap::from([]);

crates/circuit_air/src/components/m_31_to_u_32.rs

@@ -2,14 +2,8 @@ use crate::components::prelude::*;
 
 pub const N_TRACE_COLUMNS: usize = 4;
 pub const RELATION_USES_PER_ROW: [RelationUse; 2] = [
-    RelationUse {
-        relation_id: "Gate",
-        uses: 1,
-    },
-    RelationUse {
-        relation_id: "RangeCheck_16",
-        uses: 3,
-    },
+    RelationUse { relation_id: "Gate", uses: 1 },
+    RelationUse { relation_id: "RangeCheck_16", uses: 3 },
 ];
 
 pub struct Eval {
@@ -92,10 +86,7 @@ impl FrameworkEval for Eval {
         eval.add_to_relation(RelationEntry::new(
             &self.common_lookup_elements,
             E::EF::one(),
-            &[
-                M31_1008385708.clone(),
-                (M31_32767.clone() - input_u32_limb_1_col2.clone()),
-            ],
+            &[M31_1008385708.clone(), (M31_32767.clone() - input_u32_limb_1_col2.clone())],
         ));
 
         //input is zero then limb_low is zero.
@@ -112,11 +103,7 @@ impl FrameworkEval for Eval {
         eval.add_to_relation(RelationEntry::new(
             &self.common_lookup_elements,
             E::EF::one(),
-            &[
-                M31_378353459.clone(),
-                m31_to_u32_input_addr.clone(),
-                input_m31_col0.clone(),
-            ],
+            &[M31_378353459.clone(), m31_to_u32_input_addr.clone(), input_m31_col0.clone()],
         ));
 
         eval.add_to_relation(RelationEntry::new(

crates/circuit_air/src/components/mod.rs

@@ -42,6 +42,7 @@ define_component_list! {
     BlakeG,
     BlakeOutput,
     TripleXor32,
+    BlakeGGate,
     M31ToU32,
     TripleXor,
     VerifyBitwiseXor8,
@@ -62,6 +63,7 @@ pub struct CircuitComponents {
     pub blake_g: blake_g::Component,
     pub blake_output: blake_output::Component,
     pub triple_xor_32: triple_xor_32::Component,
+    pub blake_g_gate: blake_g_gate::Component,
     pub m_31_to_u_32: m_31_to_u_32::Component,
     pub triple_xor: triple_xor::Component,
     pub verify_bitwise_xor_8: verify_bitwise_xor_8::Component,
@@ -157,6 +159,16 @@ impl CircuitComponents {
             },
             interaction_claim.claimed_sums[ComponentList::TripleXor32 as usize],
         );
+        let blake_g_gate_component = blake_g_gate::Component::new(
+            tree_span_provider,
+            blake_g_gate::Eval {
+                claim: blake_g_gate::Claim {
+                    log_size: circuit_claim.log_sizes[ComponentList::BlakeGGate as usize],
+                },
+                common_lookup_elements: interaction_elements.common_lookup_elements.clone(),
+            },
+            interaction_claim.claimed_sums[ComponentList::BlakeGGate as usize],
+        );
         let m_31_to_u_32_component = m_31_to_u_32::Component::new(
             tree_span_provider,
             m_31_to_u_32::Eval {
@@ -242,6 +254,7 @@ impl CircuitComponents {
             blake_g: blake_g_component,
             blake_output: blake_output_component,
             triple_xor_32: triple_xor_32_component,
+            blake_g_gate: blake_g_gate_component,
             m_31_to_u_32: m_31_to_u_32_component,
             triple_xor: triple_xor_component,
             verify_bitwise_xor_8: verify_bitwise_xor_8_component,
@@ -264,6 +277,7 @@ impl CircuitComponents {
             Box::new(self.blake_g) as Box<dyn Component>,
             Box::new(self.blake_output) as Box<dyn Component>,
             Box::new(self.triple_xor_32) as Box<dyn Component>,
+            Box::new(self.blake_g_gate) as Box<dyn Component>,
             Box::new(self.m_31_to_u_32) as Box<dyn Component>,
             Box::new(self.triple_xor) as Box<dyn Component>,
             Box::new(self.verify_bitwise_xor_8) as Box<dyn Component>,

crates/circuit_air/src/statement.rs

@@ -1,5 +1,5 @@
 use crate::circuit_eval_components::{
-    blake_g, blake_gate, blake_output, blake_round, blake_round_sigma, m_31_to_u_32,
+    blake_g, blake_g_gate, blake_gate, blake_output, blake_round, blake_round_sigma, m_31_to_u_32,
     range_check_15, range_check_16, triple_xor, triple_xor_32, verify_bitwise_xor_4,
     verify_bitwise_xor_7, verify_bitwise_xor_8, verify_bitwise_xor_9, verify_bitwise_xor_12,
 };
@@ -152,6 +152,7 @@ pub fn all_circuit_components<Value: IValue>() -> Vec<Box<dyn CircuitEval<Value>
         Box::new(blake_g::Component {}),
         Box::new(blake_output::Component {}),
         Box::new(triple_xor_32::Component {}),
+        Box::new(blake_g_gate::Component {}),
         Box::new(m_31_to_u_32::Component {}),
         Box::new(triple_xor::Component {}),
         Box::new(verify_bitwise_xor_8::Component {}),

crates/circuit_common/src/finalize.rs

@@ -1,6 +1,6 @@
 use crate::N_LANES;
 use circuits::blake::{HashValue, blake};
-use circuits::circuit::{M31ToU32Gate, TripleXorGate};
+use circuits::circuit::{BlakeGGate, M31ToU32Gate, TripleXorGate};
 use circuits::context::{Context, Var};
 use circuits::eval;
 use circuits::ivalue::{IValue, qm31_from_u32s};
@@ -54,6 +54,30 @@ fn pad_blake(context: &mut Context<impl IValue>) {
     }
 }
 
+fn pad_blake_g(context: &mut Context<impl IValue>) {
+    let n_rows = context.circuit.blake_g.len();
+    let padded = std::cmp::max(n_rows.next_power_of_two(), N_LANES);
+    let zero = context.zero();
+    for _ in n_rows..padded {
+        let out_a = context.new_var(IValue::from_qm31(0.into()));
+        let out_b = context.new_var(IValue::from_qm31(0.into()));
+        let out_c = context.new_var(IValue::from_qm31(0.into()));
+        let out_d = context.new_var(IValue::from_qm31(0.into()));
+        context.circuit.blake_g.push(BlakeGGate {
+            a: zero.idx,
+            b: zero.idx,
+            c: zero.idx,
+            d: zero.idx,
+            m0: zero.idx,
+            m1: zero.idx,
+            out_a: out_a.idx,
+            out_b: out_b.idx,
+            out_c: out_c.idx,
+            out_d: out_d.idx,
+        });
+    }
+}
+
 fn pad_m31_to_u32(context: &mut Context<impl IValue>) {
     let n_rows = context.circuit.m31_to_u32.len();
     let padded = std::cmp::max(n_rows.next_power_of_two(), N_LANES);
@@ -72,10 +96,12 @@ fn pad_triple_xor(context: &mut Context<impl IValue>) {
     for _ in n_rows..padded {
         // Pad with gates that XOR zeros: 0 ^ 0 ^ 0 = 0.
         let out = context.new_var(IValue::from_qm31(0.into()));
-        context
-            .circuit
-            .triple_xor
-            .push(TripleXorGate { a: zero.idx, b: zero.idx, c: zero.idx, out: out.idx });
+        context.circuit.triple_xor.push(TripleXorGate {
+            a: zero.idx,
+            b: zero.idx,
+            c: zero.idx,
+            out: out.idx,
+        });
     }
 }
 
@@ -102,6 +128,7 @@ pub fn finalize_context(context: &mut Context<impl IValue>) {
     pad_eq(context);
     pad_qm31_ops(context);
     pad_blake(context);
+    pad_blake_g(context);
     pad_m31_to_u32(context);
     pad_triple_xor(context);
 }

crates/circuit_common/src/preprocessed.rs

@@ -397,11 +397,7 @@ fn add_m31_to_u32_to_preprocessed_trace(
     let mut columns: [_; N_M31_TO_U32_PP_COLUMNS] = std::array::from_fn(|_| vec![]);
     fill_m31_to_u32_columns(&circuit.m31_to_u32, multiplicities, &mut columns);
 
-    let ids = [
-        "m31_to_u32_input_addr",
-        "m31_to_u32_output_addr",
-        "m31_to_u32_multiplicity",
-    ];
+    let ids = ["m31_to_u32_input_addr", "m31_to_u32_output_addr", "m31_to_u32_multiplicity"];
     for (id, column) in zip_eq(ids, columns) {
         pp_trace.push_column(PreProcessedColumnId { id: id.to_owned() }, column);
     }
@@ -459,17 +455,17 @@ fn add_blake_g_to_preprocessed_trace(
     fill_blake_g_columns(&circuit.blake_g, multiplicities, &mut columns);
 
     let ids = [
-        "blake_g_a_address",
-        "blake_g_b_address",
-        "blake_g_c_address",
-        "blake_g_d_address",
-        "blake_g_m0_address",
-        "blake_g_m1_address",
-        "blake_g_out_a_address",
-        "blake_g_out_b_address",
-        "blake_g_out_c_address",
-        "blake_g_out_d_address",
-        "blake_g_mult",
+        "blake_g_gate_input_addr_a",
+        "blake_g_gate_input_addr_b",
+        "blake_g_gate_input_addr_c",
+        "blake_g_gate_input_addr_d",
+        "blake_g_gate_input_addr_f0",
+        "blake_g_gate_input_addr_f1",
+        "blake_g_gate_output_addr_a",
+        "blake_g_gate_output_addr_b",
+        "blake_g_gate_output_addr_c",
+        "blake_g_gate_output_addr_d",
+        "blake_g_gate_multiplicity",
     ];
     for (id, column) in zip_eq(ids, columns) {
         pp_trace.push_column(PreProcessedColumnId { id: id.to_owned() }, column);

crates/circuit_common/src/preprocessed_test.rs

@@ -196,10 +196,12 @@ fn test_preprocess_decomposed_gates() {
     assert!(m31_mult.iter().all(|&m| m > 0));
 
     // Verify BlakeG columns exist and have correct addresses.
-    let bg_a = pp_trace.get_column(&PreProcessedColumnId { id: "blake_g_a_address".to_owned() });
+    let bg_a =
+        pp_trace.get_column(&PreProcessedColumnId { id: "blake_g_gate_input_addr_a".to_owned() });
     let bg_out_a =
-        pp_trace.get_column(&PreProcessedColumnId { id: "blake_g_out_a_address".to_owned() });
-    let bg_mult = pp_trace.get_column(&PreProcessedColumnId { id: "blake_g_mult".to_owned() });
+        pp_trace.get_column(&PreProcessedColumnId { id: "blake_g_gate_output_addr_a".to_owned() });
+    let bg_mult =
+        pp_trace.get_column(&PreProcessedColumnId { id: "blake_g_gate_multiplicity".to_owned() });
     assert_eq!(bg_a.len(), 16);
     assert_eq!(bg_a[0], 16); // First gate's a = wire 16.
     assert_eq!(bg_out_a[0], 32); // First gate's out_a = wire 32.