Skip to content

Commit 95589ac

Browse files
ayashunskyayashunsky
committed
degree reduction
1 parent e266f43 commit 95589ac

File tree

8 files changed

+94
-53
lines changed

8 files changed

+94
-53
lines changed

crypto3/libs/blueprint/include/nil/blueprint/zkevm_bbf/opcodes/exp.hpp

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,8 @@ namespace nil {
125125
// If d != 0, d_first_inv has a non-zero element
126126
constrain(d_sum * (1 - d_first_nonzero_sum));
127127
// else, the sum is 0 so it's a [D != 0] too
128-
auto &d_ne_0 = d_first_nonzero_sum;
128+
TYPE d_ne_0 = d_first_nonzero_sum;
129+
allocate(d_ne_0, 37, 2);
129130

130131
TYPE d_len;
131132
for (std::size_t i = 0; i < 16; ++i) {
@@ -143,10 +144,13 @@ namespace nil {
143144
allocate(d_is_1_w, 33, 2);
144145
constrain((D[15] - 1) * (1 - (D[15] - 1) * d_is_1_w));
145146

146-
TYPE d_is_1 = (1 - (D[15] - 1) * d_is_1_w) * D[15] * D_first_inv[15];
147-
allocate(d_is_1, 34, 2);
147+
TYPE d_is_1_aux = D[15] * D_first_inv[15];
148+
allocate(d_is_1_aux, 34, 2);
149+
// TYPE d_is_1 = (1 - (D[15] - 1) * d_is_1_w) * D[15] * D_first_inv[15];
150+
TYPE d_is_1 = (1 - (D[15] - 1) * d_is_1_w) * d_is_1_aux;
151+
allocate(d_is_1, 35, 2);
148152

149-
allocate(s, 35, 2);
153+
allocate(s, 36, 2);
150154
constrain(s * (s-1));
151155

152156
// s == 0 => d == 0 || d == 1

crypto3/libs/blueprint/include/nil/blueprint/zkevm_bbf/opcodes/mul.hpp

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,7 @@ namespace nil {
9696
std::vector<TYPE> B_64(4);
9797
std::vector<TYPE> R_64(4);
9898
TYPE C0;
99+
TYPE C0_check;
99100
std::vector<TYPE> C1(4);
100101
TYPE C2;
101102
std::vector<TYPE> C3(4);
@@ -167,7 +168,9 @@ namespace nil {
167168
allocate(C0, 26, 1);
168169

169170
constrain(C2 * (C2 - 1));
170-
constrain(C0 * (C0 - 1) * (C0 - 2) * (C0 - 3));
171+
// constrain(C0 * (C0 - 1) * (C0 - 2) * (C0 - 3));
172+
C0_check = C0 * 16384; // 16-bit range-check on C0_check <=> C0 < 4
173+
allocate(C0_check, 27, 1);
171174

172175
constrain(lo_carries - C3_64 * two_128 - C2 * two_192);
173176
constrain(hi_carries + C3_64 + C2 * two_64 - C1_64 * two_128 - C0 * two_192);

crypto3/libs/blueprint/include/nil/blueprint/zkevm_bbf/opcodes/mulmod.hpp

Lines changed: 24 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -276,7 +276,7 @@ namespace nil {
276276

277277
first_carryless =
278278
first_carryless_construct<TYPE>(Nr_64_chunks, N_64_chunks, r_64_chunks);
279-
second_carryless =
279+
second_carryless =
280280
second_carryless_construct<TYPE>(Nr_64_chunks, N_64_chunks, r_64_chunks);
281281
third_carryless =
282282
third_carryless_construct<TYPE>(Nr_64_chunks, N_64_chunks, r_64_chunks);
@@ -291,15 +291,15 @@ namespace nil {
291291
s_c_2 = static_cast<value_type>(s_first_row_carries >> 64);
292292
s_c_1_chunks = chunk_64_to_16<FieldType>(s_c_1);
293293
// no need for c_2 chunks as there is only a single chunk
294-
295-
auto s_second_row_carries =
294+
295+
auto s_second_row_carries =
296296
(s_second_carryless + s_c_1 + s_c_2 * two_64).data.base() >> 128;
297297
// computation of s = a*b product
298298

299299
value_type s_c_3 =
300300
static_cast<value_type>(s_second_row_carries & (two_64 - 1).data.base());
301301
s_c_4 = static_cast<value_type>(s_second_row_carries >> 64);
302-
s_c_3_chunks = chunk_64_to_16<FieldType>(s_c_3);
302+
s_c_3_chunks = chunk_64_to_16<FieldType>(s_c_3);
303303
auto s_third_row_carries = s_third_carryless.data.base() >> 128;
304304

305305
value_type s_c_5 =
@@ -315,7 +315,7 @@ namespace nil {
315315
c_2 = static_cast<value_type>(first_row_carries >> 64);
316316
c_1_chunks = chunk_64_to_16<FieldType>(c_1);
317317
// no need for c_2 chunks as there is only a single chunk
318-
auto second_row_carries =
318+
auto second_row_carries =
319319
(second_carryless + c_1 + c_2 * two_64) .data.base() >> 128;
320320
value_type c_3 =
321321
static_cast<value_type>(second_row_carries & (two_64 - 1).data.base());
@@ -421,7 +421,9 @@ namespace nil {
421421
// add constraints for s_c_2/s_c_4/s_c_6: s_c_2 is 0/1, s_c_4 is 0/1/2/3,s_c_6
422422
// is 0/1
423423
constrain(s_c_2 * (s_c_2 - 1));
424-
constrain(s_c_4 * (s_c_4 - 1) * (s_c_4 - 2) * (s_c_4 - 3));
424+
// constrain(s_c_4 * (s_c_4 - 1) * (s_c_4 - 2) * (s_c_4 - 3));
425+
TYPE s_c_4_check = s_c_4 * 16384;
426+
allocate(s_c_4_check, 31, 1);
425427
constrain(s_c_6 * (s_c_6 - 1));
426428

427429
constrain(s_third_carryless + s_c_3_64 + s_c_4 * two_64 - s_c_5_64 * two128 -
@@ -505,17 +507,31 @@ namespace nil {
505507
allocate(c_2, 37, 1);
506508
allocate(c_3_64, 38, 1);
507509
allocate(c_4, 39, 1);
510+
TYPE c_4_copy1 = c_4;
511+
allocate(c_4_copy1, 39, 3);
512+
TYPE c_4_copy2 = c_4_copy1;
513+
allocate(c_4_copy2, 39, 5);
514+
515+
508516
allocate(c_5_64, 40, 1);
509517
allocate(c_6, 41, 1);
518+
TYPE c_6_copy1 = c_6;
519+
allocate(c_6_copy1, 41, 3);
520+
TYPE c_6_copy2 = c_6_copy1;
521+
allocate(c_6_copy2, 41, 5);
510522

511523
constrain((first_carryless - c_1_64 * two128 - c_2 * two192));
512524
constrain((second_carryless + c_1_64 + c_2 * two_64 - c_3_64 * two128 -
513525
c_4 * two192));
514526

515527
// add constraints for c_2/c_4/c_6: c_2 is 0/1, c_4, c_6 is 0/1/2/3
516528
constrain(c_2 * (c_2 - 1));
517-
constrain(c_4 * (c_4 - 1) * (c_4 - 2) * (c_4 - 3));
518-
constrain(c_6 * (c_6 - 1) * (c_6 - 2) * (c_6 - 3));
529+
// constrain(c_4 * (c_4 - 1) * (c_4 - 2) * (c_4 - 3));
530+
TYPE c_4_check = c_4_copy2 * 16384;
531+
allocate(c_4_check, 30, 6);
532+
// constrain(c_6 * (c_6 - 1) * (c_6 - 2) * (c_6 - 3));
533+
TYPE c_6_check = c_6_copy2 * 16384;
534+
allocate(c_6_check, 31, 6);
519535

520536
constrain(
521537
(third_carryless + c_3_64 + c_4 * two_64 - c_5_64 * two128 - c_6 * two192));

crypto3/libs/blueprint/include/nil/blueprint/zkevm_bbf/opcodes/sar.hpp

Lines changed: 22 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -255,22 +255,22 @@ namespace nil {
255255
q_64_chunks.push_back(chunk_sum_64<value_type>(q_chunks, i));
256256
}
257257
}
258-
258+
259259
first_carryless = first_carryless_construct<TYPE>(a_64_chunks, b_64_chunks,
260260
r_64_chunks, q_64_chunks);
261261
second_carryless = second_carryless_construct<TYPE>(
262262
a_64_chunks, b_64_chunks, r_64_chunks, q_64_chunks);
263263
third_carryless = third_carryless_construct<TYPE>(b_64_chunks, r_64_chunks);
264264

265-
if constexpr (stage == GenerationStage::ASSIGNMENT) {
265+
if constexpr (stage == GenerationStage::ASSIGNMENT) {
266266
// caluclate first row carries
267267
auto first_row_carries = first_carryless.data.base() >> 128;
268268
c_1 = static_cast<value_type>(first_row_carries & (two_64 - 1).data.base());
269269
c_2 = static_cast<value_type>(first_row_carries >> 64);
270270
BOOST_ASSERT(first_carryless - c_1 * two_128 - c_2 * two_192 == 0);
271271
c_1_chunks = chunk_64_to_16<FieldType>(c_1);
272272
// no need for c_2 chunks as there is only a single chunk
273-
273+
274274
c_1_64 = chunk_sum_64<TYPE>(c_1_chunks, 0);
275275

276276
// lookup constrain b0p < 16, b0pp < 16, b0ppp < 256
@@ -367,8 +367,10 @@ namespace nil {
367367
constrain(input_b_chunks[0] - b0p - 16 * b0pp - 256 * b0ppp);
368368
constrain(b0ppp * (1 - b0ppp * I1));
369369

370-
constrain(sum_part_b * (1 - sum_part_b * I2));
371-
constrain(z - (1 - b0ppp * I1) * (1 - sum_part_b * I2));
370+
TYPE op_sum_part_b_I2 = 1 - sum_part_b * I2;
371+
allocate(op_sum_part_b_I2,44,2);
372+
constrain(sum_part_b * op_sum_part_b_I2);
373+
constrain(z - (1 - b0ppp * I1) * op_sum_part_b_I2);
372374

373375
allocate(first_carryless, 39, 0);
374376
allocate(second_carryless, 40, 0);
@@ -388,6 +390,11 @@ namespace nil {
388390
allocate(a_neg, 42, 1);
389391
allocate(r_sum, 44, 0);
390392
allocate(r_sum_inverse, 45, 0);
393+
TYPE r_is_zero = 1 - r_sum * r_sum_inverse;
394+
allocate(r_is_zero, 44, 1);
395+
TYPE a_neg_r_sum = a_neg * r_sum;
396+
allocate(a_neg_r_sum,43,1);
397+
391398
constrain(1 - b_sum_inverse * b_sum - b_zero);
392399

393400
allocate(carry[0][0], 32, 1);
@@ -412,22 +419,23 @@ namespace nil {
412419
constrain((1 - a_neg) *(input_a_chunks[i] - a_chunks[i]) );
413420
}
414421

415-
constrain(r_sum * (1 - r_sum_inverse * r_sum));
422+
//constrain(r_sum * (1 - r_sum_inverse * r_sum));
423+
constrain(r_sum * r_is_zero);
416424

417425
allocate(carry[1][0], 32, 0);
418426
for (std::size_t i = 0; i < carry_amount - 1; i++) {
419427
allocate(carry[1][i + 1], 33 + i, 0);
420-
constrain(a_neg * r_sum *
428+
constrain(a_neg_r_sum *
421429
carry_on_addition_constraint(
422430
results_chunks[3 * i], results_chunks[3 * i + 1],
423431
results_chunks[3 * i + 2], r_chunks[3 * i],
424432
r_chunks[3 * i + 1], r_chunks[3 * i + 2], 0, 0, 0,
425433
carry[1][i], carry[1][i + 1], i == 0));
426-
constrain(a_neg * r_sum * carry[1][i + 1] * (1 - carry[1][i + 1]));
434+
constrain(a_neg_r_sum * carry[1][i + 1] * (1 - carry[1][i + 1]));
427435
}
428436
allocate(carry[1][carry_amount], 38, 0);
429437
constrain(
430-
a_neg * r_sum *
438+
a_neg_r_sum *
431439
last_carry_on_addition_constraint(results_chunks[3 * (carry_amount - 1)],
432440
r_chunks[3 * (carry_amount - 1)], 0,
433441
carry[1][carry_amount - 1], 1));
@@ -440,8 +448,9 @@ namespace nil {
440448
a_neg_2 = a_neg;
441449
allocate(a_neg_2, 43, 2);
442450
for (std::size_t i = 0; i < chunk_amount; i++) {
443-
constrain((1 - a_neg_2) * (results_chunks[i] - r_chunks[i]) + a_neg_2 * (1 - r_sum * r_sum_inverse) *(two_16 - 1 -results_chunks[i]));
444-
};
451+
// constrain((1 - a_neg_2) * (results_chunks[i] - r_chunks[i]) + a_neg_2 * (1 - r_sum * r_sum_inverse) *(two_16 - 1 -results_chunks[i]));
452+
constrain((1 - a_neg_2) * (results_chunks[i] - r_chunks[i]) + a_neg_2 * r_is_zero *(two_16 - 1 -results_chunks[i]));
453+
}
445454

446455
allocate(carry[2][0], 32, 2);
447456
for (std::size_t i = 0; i < carry_amount - 1; i++) {
@@ -477,8 +486,8 @@ namespace nil {
477486
Res1 = Res_128.second;
478487
allocate(A0, 46, 0);
479488
allocate(A1, 47, 0);
480-
allocate(B0, 44, 2);
481-
allocate(B1, 45, 2);
489+
allocate(B0, 46, 2);
490+
allocate(B1, 47, 2);
482491
allocate(Res0, 46, 1);
483492
allocate(Res1, 47, 1);
484493

crypto3/libs/blueprint/include/nil/blueprint/zkevm_bbf/opcodes/shl.hpp

Lines changed: 16 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -176,20 +176,20 @@ namespace nil {
176176
}
177177
}
178178

179-
179+
180180
first_carryless =
181181
first_carryless_construct<TYPE>(a_64_chunks, b_64_chunks, r_64_chunks);
182182
second_carryless =
183183
second_carryless_construct<TYPE>(a_64_chunks, b_64_chunks, r_64_chunks);
184184

185-
if constexpr (stage == GenerationStage::ASSIGNMENT) {
185+
if constexpr (stage == GenerationStage::ASSIGNMENT) {
186186
// caluclate first row carries
187187
auto first_row_carries = first_carryless.data.base() >> 128;
188188
c_1 = static_cast<value_type>(first_row_carries & (two_64 - 1).data.base());
189189
c_2 = static_cast<value_type>(first_row_carries >> 64);
190190
c_1_chunks = chunk_64_to_16<FieldType>(c_1);
191191
// no need for c_2 chunks as there is only a single chunk
192-
192+
193193
auto second_row_carries =
194194
(second_carryless + c_1 + c_2 * two_64) .data.base() >> 128;
195195
c_3 = static_cast<value_type>(second_row_carries & (two_64 - 1).data.base());
@@ -253,8 +253,10 @@ namespace nil {
253253
constrain(input_b_chunks[0] - b0p - 16 * b0pp - 256 * b0ppp);
254254
constrain(b0ppp * (1 - b0ppp * I1));
255255

256-
constrain(sum_b * (1 - sum_b * I2));
257-
constrain(z - (1 - b0ppp * I1) * (1 - sum_b * I2));
256+
TYPE op_sum_b_I2 = 1 - sum_b * I2;
257+
allocate(op_sum_b_I2,36,0);
258+
constrain(sum_b * op_sum_b_I2);
259+
constrain(z - (1 - b0ppp * I1) * op_sum_b_I2);
258260

259261
allocate(first_carryless, 16, 2);
260262
allocate(second_carryless, 17, 2);
@@ -268,7 +270,9 @@ namespace nil {
268270
c_4 * two_192);
269271
// add constraints for c_2/c_4: c_2 is 0/1, c_4 is 0/1/2/3
270272
constrain(c_2 * (c_2 - 1));
271-
constrain(c_4 * (c_4 - 1) * (c_4 - 2) * (c_4 - 3));
273+
// constrain(c_4 * (c_4 - 1) * (c_4 - 2) * (c_4 - 3));
274+
TYPE c_4_check = c_4 * 16384; // 16-bit range-check on c_4_check <=> c_4 < 4
275+
allocate(c_4_check, 22, 2);
272276

273277
auto A_128 = chunks16_to_chunks128_reversed<TYPE>(a_chunks);
274278
auto B_128 = chunks16_to_chunks128_reversed<TYPE>(input_b_chunks);
@@ -281,12 +285,12 @@ namespace nil {
281285
B1 = B_128.second;
282286
Res0 = Res_128.first;
283287
Res1 = Res_128.second;
284-
allocate(A0, 36, 0);
285-
allocate(A1, 37, 0);
286-
allocate(B0, 38, 0);
287-
allocate(B1, 39, 0);
288-
allocate(Res0, 40, 0);
289-
allocate(Res1, 41, 0);
288+
allocate(A0, 37, 0);
289+
allocate(A1, 38, 0);
290+
allocate(B0, 39, 0);
291+
allocate(B1, 40, 0);
292+
allocate(Res0, 41, 0);
293+
allocate(Res1, 42, 0);
290294

291295
if constexpr (stage == GenerationStage::CONSTRAINTS) {
292296
constrain(current_state.pc_next() - current_state.pc(2) -

crypto3/libs/blueprint/include/nil/blueprint/zkevm_bbf/opcodes/shr.hpp

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -243,7 +243,7 @@ namespace nil {
243243
second_carryless = second_carryless_construct<TYPE>(
244244
a_64_chunks, b_64_chunks, r_64_chunks, q_64_chunks);
245245
third_carryless = third_carryless_construct<TYPE>(b_64_chunks, r_64_chunks);
246-
246+
247247
if constexpr (stage == GenerationStage::ASSIGNMENT) {
248248
// caluclate first row carries
249249
auto first_row_carries = first_carryless.data.base() >> 128;
@@ -319,8 +319,10 @@ namespace nil {
319319
constrain(input_b_chunks[0] - b0p - 16 * b0pp - 256 * b0ppp);
320320
constrain(b0ppp * (1 - b0ppp * I1));
321321

322-
constrain(sum_part_b * (1 - sum_part_b * I2));
323-
constrain(z - (1 - b0ppp * I1) * (1 - sum_part_b * I2));
322+
TYPE op_sum_part_b_I2 = 1 - sum_part_b * I2;
323+
allocate(op_sum_part_b_I2,43,1);
324+
constrain(sum_part_b * op_sum_part_b_I2);
325+
constrain(z - (1 - b0ppp * I1) * op_sum_part_b_I2);
324326

325327
allocate(first_carryless, 35, 0);
326328
allocate(second_carryless, 36, 0);

0 commit comments

Comments
 (0)