Skip to content

Add BlakeGGate AIR component with full prove+verify#421

Open
alon-f wants to merge 9 commits intostav/blake_in_circuitfrom
alon/blake-g-gate-integration
Open

Add BlakeGGate AIR component with full prove+verify#421
alon-f wants to merge 9 commits intostav/blake_in_circuitfrom
alon/blake-g-gate-integration

Conversation

@alon-f
Copy link
Copy Markdown
Contributor

@alon-f alon-f commented Mar 24, 2026
edited by cursor bot
Loading

Summary

  • Integrates the auto-generated BlakeGGate AIR into the circuit prover (on top of M31ToU32 + TripleXor from prior work)
  • Renames preprocessed column IDs to match the AIR (blake_g_gate_input_addr_a/b/c/d/f0/f1, blake_g_gate_output_addr_a/b/c/d, blake_g_gate_multiplicity)
  • Adds padding, full prove+verify test, and updated circuit hashes for N_COMPONENTS=18

Details

This PR is based on stav/blake_in_circuit which provides the auto-generated blake_g_gate files.
All three decomposed Blake gates are now fully integrated:

  • BlakeGGate: 52 trace columns, 11 preprocessed columns, 7 relation types (Gate, VerifyBitwiseXor 4/7/8/8_B/9/12)
  • M31ToU32: 6 trace columns, 3 preprocessed columns
  • TripleXor: 20 trace columns, 5 preprocessed columns

Test plan

  • All 13 circuit-air eval tests pass (including blake_g_gate)
  • All 8 circuit-prover tests pass (including new test_prove_and_stark_verify_blake_g_gate_context)
  • Circuit verify test passes with updated preprocessed root
  • 2 circuit-common preprocessed tests pass (column name assertions updated)

🤖 Generated with Claude Code

Note

High Risk
Touches core proving/verification and preprocessing logic by adding new AIR components and changing how traces/interaction claims are built, which can break soundness or make proofs unverifiable. Also updates circuit hashing/roots, so mismatches can invalidate existing fixtures and integrations.

Overview
Integrates three new AIR components into the end-to-end circuit pipeline: BlakeGGate, M31ToU32, and TripleXor, wiring them into circuit_air’s component list/statement and the prover’s component chain so they participate in proving, interaction traces, and lookup checks.

Extends preprocessing/finalization to support these decomposed gates by adding new preprocessed columns (including renamed blake_g_gate_* IDs), enforcing a shared multiplicity invariant for BlakeGGate, and padding blake_g, m31_to_u32, and triple_xor gate lists to power-of-two sizes.

Updates the circuits layer to include new gate types plus a blake_from_gates implementation (using m31_to_u32_gate, blake_g_gate, triple_xor_gate) and a U32Wrapper, refactors prover trace construction to append evals (dropping twiddle-based interpolation), and refreshes expected constants/preprocessed roots and adds coverage tests for preprocessing and prove+verify of each new gate type.

Written by Cursor Bugbot for commit 9d9af7f. This will update automatically on new commits. Configure here.

alon-f and others added 8 commits March 24, 2026 15:09
@alon-f @claude
Add decomposed Blake gates (BlakeG, TripleXor, M31ToU32) with packed-…
9316935 
…limbs representation

State words use packed u16 limbs in a single QM31: (low, high, 0, 0).
All wire values are canonical M31. Input extraction uses Simd::unpack_idx.
Introduces U32Wrapper<T> type for type-safe u32 packed-limbs wires.
BLAKE2S_IV moved from circuit_air to circuits::blake (single source of truth).
Includes blake_from_gates() and comparison test against monolithic blake.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alon-f @claude
Address PR review: cleanup, dedup, and readability improvements
f2007f2 
- Remove section header comments, numbered prefixes
- Extract blake_g_mixing() to deduplicate G mixing logic
- Extract read_u32() helper for U32Var -> u32 conversion
- Delete u32_to_qm31, use M31::from().into() directly
- Rename variables for clarity (prev_h, current_permutation, new_a/b/c/d)
- Extract constants (BLOCK_BYTES, WORDS_PER_BLOCK, N_G_CALLS_PER_ROUND)
- Fix docs (BlakeGGate message format, M31ToU32Gate, unpack_u32)
- Use crate::blake::{pack_u32, unpack_u32} in circuit.rs instead of duplicating
- Add independent test for blake_from_gates

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alon-f @claude
Document 0x01010020 parameter block fields
ee07247 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alon-f @claude
Rename current_permutation to permutation
f1d4597 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alon-f @claude
Add preprocessed column generation for decomposed Blake gates
3e6c646 
Generate address and multiplicity preprocessed columns for M31ToU32Gate
(3 cols), BlakeGGate (11 cols), and TripleXorGate (5 cols). BlakeGGate
uses a single shared multiplicity column for all 4 outputs, with a
preprocessing-time assertion that they are identical and at most 1.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alon-f
Original m31_to_u32 gate files.
302163d
@alon-f @claude
Add M31ToU32 AIR component with full prove+verify
12a5549 
Integrates the auto-generated M31ToU32 gate AIR into the circuit prover:
- Preprocessed columns for all 3 decomposed gates (m31_to_u32, blake_g, triple_xor)
- M31ToU32 AIR component (circuit_eval, framework eval, witness trace)
- Padding in finalize_context for m31_to_u32
- Full prove+verify test

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alon-f @claude
Add TripleXor AIR component with full prove+verify
fd97a69 
Integrates the auto-generated TripleXor gate AIR into the circuit prover:
- New triple_xor component (framework eval, circuit eval, witness trace)
- Preprocessed column IDs renamed to match new AIR (triple_xor_input_addr_0/1/2,
  triple_xor_output_addr, triple_xor_multiplicity)
- Padding in finalize_context for triple_xor gates
- Full prove+verify test
- Updated FIBONACCI_CIRCUIT_PREPROCESSED_ROOT for N_COMPONENTS=17

The old triple_xor_32 component stays alongside (blake_gate depends on it
via the TripleXor32 relation). The new triple_xor operates independently
through the Gate relation with preprocessed address columns.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@reviewable-StarkWare
Copy link
Copy Markdown
Collaborator

reviewable-StarkWare commented Mar 24, 2026

This change is Reviewable

@alon-f alon-f force-pushed the alon/blake-g-gate-integration branch from 5428926 to 3fee2b4 Compare March 24, 2026 14:53
@alon-f @claude
Add BlakeGGate AIR component with full prove+verify
9d9af7f 
Integrates the auto-generated BlakeGGate into the circuit prover:
- BlakeGGate added to ComponentList, CircuitComponents, trace writing,
  interaction trace, statement, and prover
- Preprocessed column IDs renamed to match the AIR
  (blake_g_gate_input_addr_a/b/c/d/f0/f1, blake_g_gate_output_addr_a/b/c/d,
  blake_g_gate_multiplicity)
- Padding for blake_g gates in finalize_context
- Full prove+verify test (test_prove_and_stark_verify_blake_g_gate_context)
- Updated FIBONACCI_CIRCUIT_PREPROCESSED_ROOT for N_COMPONENTS=18

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@alon-f alon-f force-pushed the alon/blake-g-gate-integration branch from 3fee2b4 to 9d9af7f Compare March 24, 2026 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alon-f @reviewable-StarkWare