Add preprocessed columns for decomposed Blake gates#344
Add preprocessed columns for decomposed Blake gates#344alon-f wants to merge 18 commits intoalon/decomposed-blake-gatesfrom
Conversation
|
This change is |
…e 23. (#346) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace hardcoded values with computed lifting_log_size to keep FRI config and preprocessed root consistent.
…limbs representation State words use packed u16 limbs in a single QM31: (low, high, 0, 0). All wire values are canonical M31. Input extraction uses Simd::unpack_idx. Introduces U32Wrapper<T> type for type-safe u32 packed-limbs wires. BLAKE2S_IV moved from circuit_air to circuits::blake (single source of truth). Includes blake_from_gates() and comparison test against monolithic blake. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove section header comments, numbered prefixes
- Extract blake_g_mixing() to deduplicate G mixing logic
- Extract read_u32() helper for U32Var -> u32 conversion
- Delete u32_to_qm31, use M31::from().into() directly
- Rename variables for clarity (prev_h, current_permutation, new_a/b/c/d)
- Extract constants (BLOCK_BYTES, WORDS_PER_BLOCK, N_G_CALLS_PER_ROUND)
- Fix docs (BlakeGGate message format, M31ToU32Gate, unpack_u32)
- Use crate::blake::{pack_u32, unpack_u32} in circuit.rs instead of duplicating
- Add independent test for blake_from_gates
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Generate address and multiplicity preprocessed columns for M31ToU32Gate (3 cols), BlakeGGate (11 cols), and TripleXorGate (5 cols). BlakeGGate uses a single shared multiplicity column for all 4 outputs, with a preprocessing-time assertion that they are identical and at most 1. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Integrates the auto-generated M31ToU32 gate AIR into the circuit prover: - Preprocessed columns for all 3 decomposed gates (m31_to_u32, blake_g, triple_xor) - M31ToU32 AIR component (circuit_eval, framework eval, witness trace) - Padding in finalize_context for m31_to_u32 - Full prove+verify test Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
alon-f
force-pushed
the
alon/decomposed-gates-preprocessed
branch
from
d06f0fc to
8ff8377
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
| log_layer_size -= step; | ||
| } | ||
| let auth_paths = AuthPaths { data: auth_paths }; | ||
|
|
There was a problem hiding this comment.
Wrong layer_commitments count in empty_fri_proof for fold_step>1
High Severity
empty_fri_proof creates config.log_trace_size layer commitments, but validate_structure now expects 1 + all_line_fold_steps.len(). When line_fold_step > 1, these differ — e.g., with log_trace_size=10 and fold_step=3, the function creates 10 commitments but only 4 are expected. This breaks the verifier circuit structure for any FRI config using fold steps greater than 1 (the test change in test.rs sets fold_step=3).
Additional Locations (1)
| pad_eq(context); | ||
| pad_qm31_ops(context); | ||
| pad_blake(context); | ||
| pad_m31_to_u32(context); |
There was a problem hiding this comment.
Missing padding for blake_g and triple_xor gates
Medium Severity
finalize_context adds pad_m31_to_u32 but omits padding for blake_g and triple_xor gates. When blake_from_gates (also added in this PR) is used, it creates blake_g and triple_xor gates whose counts are typically not powers of two (e.g., 80 blake_g calls per single-block hash). Without padding, the preprocessed columns have non-power-of-two sizes, causing ilog2 to return incorrect values and CircleEvaluation construction to panic.
6 participants
Summary
M31ToU32Gate(3 cols),BlakeGGate(11 cols),TripleXorGate(5 cols)BlakeGGateuses a single shared multiplicity column for all 4 outputs, with a preprocessing-time assertion that all output multiplicities are identical and at most 1ilog2(0)panic on downstream column size computation)Test plan
test_preprocess_decomposed_gatestest verifying column existence, lengths, and address correctnesstest_preprocess_circuitstill passes (no decomposed gates = no new columns)circuitscrate tests passcargo clippyandcargo fmtclean🤖 Generated with Claude Code
Note
Medium Risk
Medium risk: introduces new gate/component types and changes proof configuration/FRI verification logic (including leaf packing), which can affect proof soundness and verifier compatibility despite added tests.
Overview
Adds decomposed Blake gate support end-to-end. The circuit model gains
BlakeGGate,TripleXorGate, andM31ToU32Gate, plus helpers to build a decomposedblake_from_gatesand associated stats.Preprocessing/AIR/prover are extended to handle these gates.
circuit_commonnow emits preprocessed address/multiplicity columns for the three gate types (skipping when empty and assertingBlakeGGateoutput multiplicity invariants),circuit_airadds anm_31_to_u_32component and updatesEqto 4 trace columns, andcircuit_proverwrites traces/interaction traces for the new component and adjusts proof-prep APIs.Verifier and proof plumbing are updated. FRI/Merkle verification adds packed-leaf hashing and updates auth-path sizing/validation to match folding schedules;
INTERACTION_POW_BITSand Cairo privacy verifier config/root constants are updated, along with a broad dependency bump (stwo/stwo-cairo,cairo-vm,clap, etc.).Written by Cursor Bugbot for commit 8ff8377. This will update automatically on new commits. Configure here.