Fix the memory CTL and implement the verifier memory bus #1026
Conversation
hratoanina
force-pushed
the
memory-ctl-verifier-bus
branch
from
7156842
to
a5e56c3
Compare
evm/src/fixed_recursive_verifier.rs
Outdated
| } | ||
|
|
||
| // Arithmetic | ||
| for _ in 0..stark_config.num_challenges { |
There was a problem hiding this comment.
Can this be done using extra_looking_products.push(vec![builder.constant(F::ONE); stark_config.num_challenges]);? Or even combining the four loops into one vec![vec![...]] expression?
There was a problem hiding this comment.
It could be, the idea is that specific functions for the other CTLs could be added here. I can't see any use case now or in the future but I wanted to leave the option to.
There was a problem hiding this comment.
Hm I see, but I think for now it should be written in a more idiomatic way
If more functions are added later, the loops can be written then
|
@npwardberkeley Hi Nick, just checking up on this PR. Is there anything you need from us? |
evm/src/verifier.rs
Outdated
| } | ||
|
|
||
| // Arithmetic | ||
| for _ in 0..config.num_challenges { |
evm/src/fixed_recursive_verifier.rs
Outdated
| builder.connect(row[3], field_target); | ||
| // values | ||
| for j in 0..VALUE_LIMBS { | ||
| builder.connect(row[j + 4], targets[j]); |
There was a problem hiding this comment.
nit: 4 + j for consistency
|
Ah sorry! No it looks ready to go, except for a few really nitpicky comments I left! |
hratoanina
force-pushed
the
memory-ctl-verifier-bus
branch
from
7c35fdc
to
4752a5d
Compare
|
@npwardberkeley We realized that with the original design the recursive circuits were not generic and were depending on the public values (because of hardsetting them in Note that this PR doesn't connect these newly created public inputs between proofs, since this is already what @Nashtare's PR (#989) is about. |
Co-authored-by: Hamy Ratoanina <[email protected]>
Nashtare
force-pushed
the
memory-ctl-verifier-bus
branch
from
003c852
to
0913e76
Compare
Nashtare
force-pushed
the
memory-ctl-verifier-bus
branch
from
0913e76
to
7a882d0
Compare
This pull request fixes the memory CTL so that it doesn't have to be disabled anymore.
It also introduces a verifier-only memory bus to check a small set of memory operations.
KeccakSpongeendiannessRelated issue: #1004
In the
KeccakSpongeSTARK, the output of the hash is stored inu32columns written in big endian format. This introduces a discrepancy with how the columns are written in theMemorySTARK, and makes the CTL check fail. The easiest solution to implement we found was to add columns inKeccakSpongefor individual bytes of the output, which can be recombined in little endian format.Verifier-only memory bus
Following Daniel's advice here, we introduced a set of memory operations which can be directly checked by the verifier by multiplying their contribution to the looked product. For the sake of generality, these extra values can be added to any CTL product though we only need it for memory.
For now, the operations checked by the verifier are the block metadata writes before kernel bootstrapping and the trie hash roots reads at the end of the execution.
Further work: