diff --git a/tachyon/crypto/commitments/fri/fri_config.h b/tachyon/crypto/commitments/fri/fri_config.h index 5e361d29c..ec34f940c 100644 --- a/tachyon/crypto/commitments/fri/fri_config.h +++ b/tachyon/crypto/commitments/fri/fri_config.h @@ -26,10 +26,12 @@ struct FRIConfig { size_t Blowup() const { return size_t{1} << log_blowup; } }; +// NOTE(ashjeong): |kLogArity| is subject to change in the future template std::vector FoldMatrix(const ExtF& beta, const Eigen::MatrixBase& mat) { using F = typename math::ExtensionFieldTraits::BaseField; + const size_t kLogArity = 1; // We use the fact that // pₑ(x²) = (p(x) + p(-x)) / 2 // pₒ(x²) = (p(x) - p(-x)) / (2x) @@ -42,8 +44,8 @@ std::vector FoldMatrix(const ExtF& beta, // + (1/2 - β/2gᵢₙᵥⁱ)p(gⁿᐟ²⁺ⁱ) size_t rows = static_cast(mat.rows()); F w; - CHECK( - F::GetRootOfUnity(size_t{1} << (base::bits::CheckedLog2(rows) + 1), &w)); + CHECK(F::GetRootOfUnity( + size_t{1} << (base::bits::CheckedLog2(rows) + kLogArity), &w)); ExtF w_inv = ExtF(unwrap(w.Inverse())); ExtF half_beta = beta * ExtF::TwoInv(); @@ -61,26 +63,25 @@ std::vector FoldMatrix(const ExtF& beta, return ret; } -// NOTE(ashjeong): |arity| is subject to change in the future +// NOTE(ashjeong): |kLogArity| is subject to change in the future template ExtF FoldRow(size_t index, uint32_t log_num_rows, const ExtF& beta, const std::vector& evals) { using F = typename math::ExtensionFieldTraits::BaseField; - const size_t kArity = 2; const size_t kLogArity = 1; - const ExtF& e0 = evals[0]; - const ExtF& e1 = evals[1]; F w; CHECK(F::GetRootOfUnity(size_t{1} << (log_num_rows + kLogArity), &w)); - ExtF subgroup_start = - ExtF(w.Pow(base::bits::ReverseBitsLen(index, log_num_rows))); + ExtF w_inv = ExtF(unwrap(w.Inverse())); + ExtF half_beta = beta * ExtF::TwoInv(); + ExtF power = + ExtF(w_inv.Pow(base::bits::ReverseBitsLen(index, log_num_rows))) * + half_beta; - CHECK(F::GetRootOfUnity(size_t{1} << kLogArity, &w)); - std::vector xs = ExtF::GetBitRevIndexSuccessivePowersSerial( - kArity, ExtF(w), subgroup_start); - // interpolate and evaluate at beta - return e0 + unwrap((beta - xs[0]) * (e1 - e0) / (xs[1] - xs[0])); + // result(g²ⁱ) = (1/2 + β/2gᵢₙᵥⁱ)p(gⁱ) + (1/2 - β/2gᵢₙᵥⁱ)p(gⁿᐟ²⁺ⁱ) + const ExtF& lo = evals[0]; + const ExtF& hi = evals[1]; + return (ExtF::TwoInv() + power) * lo + (ExtF::TwoInv() - power) * hi; } } // namespace tachyon::crypto diff --git a/tachyon/crypto/commitments/fri/simple_fri.h b/tachyon/crypto/commitments/fri/simple_fri.h index 35c0e56f3..a631e0534 100644 --- a/tachyon/crypto/commitments/fri/simple_fri.h +++ b/tachyon/crypto/commitments/fri/simple_fri.h @@ -153,14 +153,13 @@ class SimpleFRI final // Pᵢ₊₁(X) = Pᵢ_even(X) + β * Pᵢ_odd(X) // // If the domain of Pᵢ(X) is Dᵢ = {ω⁰, ω¹, ..., ωⁿ⁻¹}, - // then the domain of Pᵢ₊₁(X) is Dᵢ₊₁ = {ω⁰, ω¹, ..., ωᵏ⁻¹}, - // where k = n / 2. + // then the domain of Pᵢ₊₁(X) is Dᵢ₊₁ = {ω⁰, ω², ..., ωⁿ⁻²}. // // As per the definition: - // Pᵢ₊₁(ωʲ) = Pᵢ_even(ωʲ) + β * Pᵢ_odd(ωʲ) + // Pᵢ₊₁(ω²ʲ) = Pᵢ_even(ω²ʲ) + β * Pᵢ_odd(ω²ʲ) // // Substituting Pᵢ_even and Pᵢ_odd: - // Pᵢ₊₁(ωʲ) = (Pᵢ(ωʲ) + Pᵢ(-ωʲ)) / 2 + β * (Pᵢ(ωʲ) - Pᵢ(-ωʲ)) / (2 * ωʲ) + // Pᵢ₊₁(ω²ʲ) = (Pᵢ(ωʲ) + Pᵢ(-ωʲ)) / 2 + β * (Pᵢ(ωʲ) - Pᵢ(-ωʲ)) / (2 * ωʲ) // = ((1 + β * ω⁻ʲ) * Pᵢ(ωʲ) + (1 - β * ω⁻ʲ) * Pᵢ(-ωʲ)) / 2 size_t leaf_index = index % domain_size; if (i == 0) { diff --git a/tachyon/math/base/semigroups.h b/tachyon/math/base/semigroups.h index 795cb3d9d..e832865bb 100644 --- a/tachyon/math/base/semigroups.h +++ b/tachyon/math/base/semigroups.h @@ -250,7 +250,7 @@ class MultiplicativeSemigroup { size_t size, const G& generator, const G& c = G::One()) { std::vector ret(size); uint32_t log_size = base::bits::CheckedLog2(size); - MulResult pow = c.IsOne() ? G::One() : c; + MulResult pow = c; for (size_t idx = 0; idx < size - 1; ++idx) { ret[base::bits::ReverseBitsLen(idx, log_size)] = pow; pow *= generator; diff --git a/tachyon/math/finite_fields/extension_field_base.h b/tachyon/math/finite_fields/extension_field_base.h index 4ff2900fb..b3c06bd59 100644 --- a/tachyon/math/finite_fields/extension_field_base.h +++ b/tachyon/math/finite_fields/extension_field_base.h @@ -69,8 +69,9 @@ class ExtensionFieldBase { using PackedField = typename PackedFieldTraits::PackedField; constexpr uint32_t kDegree = T::ExtensionDegree(); - // if |PackedField::N| = 8: - // |first_n_powers[i]| = {1, aᵢ, ..., a⁷ᵢ} + // if |PackedField::N| = 8, + // |first_n_powers| = [ 1, b, b², b³,..., b⁶, b⁷ ], where b is an extension + // field of |base|. ExtendedPackedField first_n_powers; T pow = T::One(); for (size_t i = 0; i < PackedField::N; ++i) { @@ -80,7 +81,8 @@ class ExtensionFieldBase { pow *= base; } - // |multiplier[j]| = {a⁸ⱼ, a⁸ⱼ, ..., a⁸ⱼ, a⁸ⱼ} + // |multiplier| = [ b⁸, b⁸, ..., b⁸, b⁸ ], where b is an extension field of + // |base|. #|multiplier| = 8 ExtendedPackedField multiplier; for (size_t i = 0; i < PackedField::N; ++i) { for (uint32_t j = 0; j < kDegree; ++j) { @@ -88,7 +90,8 @@ class ExtensionFieldBase { } } - // |ret[i]| = {(a⁸ᵢ)ⁱ, aᵢ * (a⁸ᵢ)ⁱ, ..., a⁷ᵢ * (a⁸ᵢ)ⁱ} + // |ret[i]| = [ b⁸ⁱ, b⁸ⁱ⁺¹, ..., b⁸ⁱ⁺⁶, b⁸ⁱ⁺⁷ ], where b is an extension + // field of |base|. std::vector ret; ret.reserve(size); ret.emplace_back(first_n_powers);