longfellow 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CODE_OF_CONDUCT.md +10 -0
- data/LICENSE.txt +21 -0
- data/README.md +152 -0
- data/ext/longfellow/CMakeLists.txt +76 -0
- data/ext/longfellow/extconf.rb +77 -0
- data/lib/longfellow/attribute.rb +65 -0
- data/lib/longfellow/c.rb +105 -0
- data/lib/longfellow/errors.rb +78 -0
- data/lib/longfellow/version.rb +5 -0
- data/lib/longfellow/zk_spec.rb +40 -0
- data/lib/longfellow.rb +162 -0
- data/sig/longfellow.rbs +74 -0
- data/vendor/longfellow-zk/LICENSE +203 -0
- data/vendor/longfellow-zk/lib/algebra/blas.h +121 -0
- data/vendor/longfellow-zk/lib/algebra/bogorng.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/compare.h +40 -0
- data/vendor/longfellow-zk/lib/algebra/convolution.h +219 -0
- data/vendor/longfellow-zk/lib/algebra/crt.cc +42 -0
- data/vendor/longfellow-zk/lib/algebra/crt.h +299 -0
- data/vendor/longfellow-zk/lib/algebra/crt_convolution.h +114 -0
- data/vendor/longfellow-zk/lib/algebra/crt_test.cc +371 -0
- data/vendor/longfellow-zk/lib/algebra/fft.h +104 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation.h +304 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation_test.cc +168 -0
- data/vendor/longfellow-zk/lib/algebra/fft_test.cc +257 -0
- data/vendor/longfellow-zk/lib/algebra/fp.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/fp2.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/fp24.h +342 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6.h +305 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6_test.cc +197 -0
- data/vendor/longfellow-zk/lib/algebra/fp2_test.cc +280 -0
- data/vendor/longfellow-zk/lib/algebra/fp_generic.h +533 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p128.h +91 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256k1.h +123 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p384.h +65 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p521.h +62 -0
- data/vendor/longfellow-zk/lib/algebra/fp_test.cc +522 -0
- data/vendor/longfellow-zk/lib/algebra/hash.h +39 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation.h +117 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation_test.cc +74 -0
- data/vendor/longfellow-zk/lib/algebra/limb.h +153 -0
- data/vendor/longfellow-zk/lib/algebra/limb_test.cc +75 -0
- data/vendor/longfellow-zk/lib/algebra/nat.cc +32 -0
- data/vendor/longfellow-zk/lib/algebra/nat.h +212 -0
- data/vendor/longfellow-zk/lib/algebra/nat_test.cc +183 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer_test.cc +138 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumerfp2_test.cc +139 -0
- data/vendor/longfellow-zk/lib/algebra/permutations.h +79 -0
- data/vendor/longfellow-zk/lib/algebra/poly.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/poly_test.cc +123 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon.h +150 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension.h +108 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension_test.cc +76 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_test.cc +473 -0
- data/vendor/longfellow-zk/lib/algebra/rfft.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/rfft_test.cc +102 -0
- data/vendor/longfellow-zk/lib/algebra/static_string.h +29 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep.h +495 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep_test.cc +41 -0
- data/vendor/longfellow-zk/lib/algebra/twiddle.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/utility.h +86 -0
- data/vendor/longfellow-zk/lib/algebra/utility_test.cc +86 -0
- data/vendor/longfellow-zk/lib/arrays/affine.h +56 -0
- data/vendor/longfellow-zk/lib/arrays/affine_test.cc +220 -0
- data/vendor/longfellow-zk/lib/arrays/dense.h +210 -0
- data/vendor/longfellow-zk/lib/arrays/eq.h +75 -0
- data/vendor/longfellow-zk/lib/arrays/eqs.h +137 -0
- data/vendor/longfellow-zk/lib/arrays/eqs_test.cc +151 -0
- data/vendor/longfellow-zk/lib/arrays/sparse.h +192 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder.h +323 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder_test.cc +541 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor.h +594 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck.h +110 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck_test.cc +55 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_test.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_testing.h +98 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_witness.h +312 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso2_test.cc +662 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso_test.cc +485 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan.h +104 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan_test.cc +137 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor.h +640 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_testing.h +99 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_witness.h +319 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/lexer_test.cc +120 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/mdoc_examples_test.cc +89 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_circuit_test.cc +506 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_size_test.cc +79 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_test.cc +473 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/canonicalization_test.cc +185 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/circuit_dump.h +65 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler.h +471 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler_test.cc +110 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/node.h +176 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/pdqhash.h +127 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/schedule.h +435 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_circuit.h +371 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_external_test.cc +246 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_test.cc +587 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_witness.h +201 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker.h +247 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_constants.h +35 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_encoder.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_test.cc +183 -0
- data/vendor/longfellow-zk/lib/circuits/logic/compiler_backend.h +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter_test.cc +102 -0
- data/vendor/longfellow-zk/lib/circuits/logic/evaluation_backend.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic.h +1232 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_circuit_test.cc +310 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_test.cc +521 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp.h +68 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp_test.cc +148 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing.h +445 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing_test.cc +241 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary.h +55 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker.h +77 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_constants.h +37 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_test.cc +53 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_size_test.cc +69 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit.h +193 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit_test.cc +223 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_reference.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_witness.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/circuit_maker.cc +242 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_ids.h +311 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_circuit_id.cc +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_constants.h +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.cc +41 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_examples.h +5232 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_generate_circuit.cc +199 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_hash.h +554 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature.h +143 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature_test.cc +444 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_test_attributes.h +157 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_witness.h +863 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.cc +693 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.h +216 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk_test.cc +724 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec.cc +100 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec_test.cc +155 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit.h +330 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit_test.cc +607 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_io.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.cc +163 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.h +47 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.cc +34 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_test_values.h +389 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/ptrcred.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small.h +218 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_examples.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_io.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_test.cc +208 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_witness.h +130 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode.h +508 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_circuit_test.cc +95 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_test.cc +119 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.cc +47 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit.h +231 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit_test.cc +428 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_witness.h +102 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt.h +190 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_constants.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_test.cc +559 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_witness.h +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f.h +411 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_io.h +32 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_test.cc +364 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_witness.h +278 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation.h +146 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_constants.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_test.cc +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_witness.h +136 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr.h +250 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_test.cc +333 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_witness.h +152 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44.h +903 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_circuit_test.cc +274 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_eval_test.cc +440 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.cc +8851 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.h +93 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.cc +24 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness.h +453 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness_test.cc +49 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.cc +458 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test.cc +398 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors.inc +3618 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_pkdecode.inc +689 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_sigdecode.inc +1501 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/sigdecode_test_vectors.inc +540 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit.h +394 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit_test.cc +577 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_constants.h +90 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit.h +351 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit_test.cc +466 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.cc +207 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.h +59 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference_test.cc +153 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.cc +39 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_slicing.h +31 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.cc +83 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/shake_test_vectors.h +477 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve.h +596 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve_test.cc +548 -0
- data/vendor/longfellow-zk/lib/ec/p256.cc +36 -0
- data/vendor/longfellow-zk/lib/ec/p256.h +60 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.cc +34 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.h +60 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128.h +503 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_bench.cc +48 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_test.cc +416 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2poly.h +74 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14.h +242 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_bench.cc +75 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon.h +127 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon_test.cc +110 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_test.cc +246 -0
- data/vendor/longfellow-zk/lib/gf2k/sysdep.h +329 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_param.h +449 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_prover.h +354 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_test.cc +136 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_transcript.h +67 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_verifier.h +272 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_commitment.h +104 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree.h +216 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree_test.cc +240 -0
- data/vendor/longfellow-zk/lib/proto/circuit.h +354 -0
- data/vendor/longfellow-zk/lib/proto/circuit_test.cc +202 -0
- data/vendor/longfellow-zk/lib/random/random.h +119 -0
- data/vendor/longfellow-zk/lib/random/random_test.cc +189 -0
- data/vendor/longfellow-zk/lib/random/secure_random_engine.h +37 -0
- data/vendor/longfellow-zk/lib/random/transcript.h +193 -0
- data/vendor/longfellow-zk/lib/random/transcript_test.cc +344 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit.h +148 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit_id.h +71 -0
- data/vendor/longfellow-zk/lib/sumcheck/equad.h +126 -0
- data/vendor/longfellow-zk/lib/sumcheck/hquad.h +115 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover.h +59 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover_layers.h +362 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad.h +227 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_builder.h +211 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_test.cc +169 -0
- data/vendor/longfellow-zk/lib/sumcheck/sumcheck_test.cc +324 -0
- data/vendor/longfellow-zk/lib/sumcheck/testing.h +69 -0
- data/vendor/longfellow-zk/lib/sumcheck/transcript_sumcheck.h +85 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier.h +84 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier_layers.h +221 -0
- data/vendor/longfellow-zk/lib/testing/test_main.cc +50 -0
- data/vendor/longfellow-zk/lib/util/ceildiv.h +164 -0
- data/vendor/longfellow-zk/lib/util/ceildiv_test.cc +152 -0
- data/vendor/longfellow-zk/lib/util/crc64.h +45 -0
- data/vendor/longfellow-zk/lib/util/crypto.cc +39 -0
- data/vendor/longfellow-zk/lib/util/crypto.h +108 -0
- data/vendor/longfellow-zk/lib/util/log.cc +110 -0
- data/vendor/longfellow-zk/lib/util/log.h +33 -0
- data/vendor/longfellow-zk/lib/util/panic.h +40 -0
- data/vendor/longfellow-zk/lib/util/readbuffer.h +67 -0
- data/vendor/longfellow-zk/lib/util/serialization.h +54 -0
- data/vendor/longfellow-zk/lib/zk/zk_common.h +455 -0
- data/vendor/longfellow-zk/lib/zk/zk_proof.h +378 -0
- data/vendor/longfellow-zk/lib/zk/zk_prover.h +202 -0
- data/vendor/longfellow-zk/lib/zk/zk_test.cc +340 -0
- data/vendor/longfellow-zk/lib/zk/zk_testing.h +154 -0
- data/vendor/longfellow-zk/lib/zk/zk_verifier.h +109 -0
- metadata +347 -0
|
@@ -0,0 +1,473 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#include "algebra/reed_solomon.h"
|
|
16
|
+
|
|
17
|
+
#include <stddef.h>
|
|
18
|
+
|
|
19
|
+
#include <cstdint>
|
|
20
|
+
#include <memory>
|
|
21
|
+
#include <vector>
|
|
22
|
+
|
|
23
|
+
#include "algebra/blas.h"
|
|
24
|
+
#include "algebra/bogorng.h"
|
|
25
|
+
#include "algebra/convolution.h"
|
|
26
|
+
#include "algebra/crt.h"
|
|
27
|
+
#include "algebra/crt_convolution.h"
|
|
28
|
+
#include "algebra/fp.h"
|
|
29
|
+
#include "algebra/fp2.h"
|
|
30
|
+
#include "algebra/fp_p128.h"
|
|
31
|
+
#include "algebra/fp_p256.h"
|
|
32
|
+
#include "algebra/interpolation.h"
|
|
33
|
+
#include "algebra/poly.h"
|
|
34
|
+
#include "benchmark/benchmark.h"
|
|
35
|
+
#include "gtest/gtest.h"
|
|
36
|
+
|
|
37
|
+
namespace proofs {
|
|
38
|
+
namespace {
|
|
39
|
+
const Fp<4> F(
|
|
40
|
+
"21888242871839275222246405745257275088548364400416034343698204186575808495"
|
|
41
|
+
"617");
|
|
42
|
+
const Fp<1> G("18446744069414584321");
|
|
43
|
+
|
|
44
|
+
const auto omegaf = F.of_string(
|
|
45
|
+
"19103219067921713944291392827692070036145651957329286315305642004821462161"
|
|
46
|
+
"904");
|
|
47
|
+
const uint64_t omegaf_order = 1ull << 28;
|
|
48
|
+
|
|
49
|
+
const auto omegag = G.of_string("1753635133440165772");
|
|
50
|
+
const uint64_t omegag_order = 1ull << 32;
|
|
51
|
+
|
|
52
|
+
static constexpr size_t N = 37; // Degree 36 polynomial
|
|
53
|
+
static constexpr size_t M = 256;
|
|
54
|
+
|
|
55
|
+
template <class Field>
|
|
56
|
+
class SlowConvolution {
|
|
57
|
+
using Elt = typename Field::Elt;
|
|
58
|
+
|
|
59
|
+
public:
|
|
60
|
+
SlowConvolution(size_t n, size_t m, const Field& f, const Elt y[/*m*/])
|
|
61
|
+
: n_(n), m_(m), f_(f), y_(m) {
|
|
62
|
+
Blas<Field>::copy(m, &y_[0], 1, y, 1);
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
// Computes z[k] = \sum_{i=0}^{n-1} x[i] y[k-i].
|
|
66
|
+
// input x has n entries.
|
|
67
|
+
// y has size m, and only the first m entries of the convolution are computed.
|
|
68
|
+
// So y can be zero padded with n zeroes to compute full convolution.
|
|
69
|
+
void convolution(const Elt x[/*n_*/], Elt z[/*m_*/]) const {
|
|
70
|
+
for (size_t k = 0; k < m_; ++k) {
|
|
71
|
+
Elt s = f_.zero();
|
|
72
|
+
for (size_t i = 0; (i < n_) && (k >= i); ++i) {
|
|
73
|
+
if (k >= i && (k - i) < m_) {
|
|
74
|
+
f_.add(s, f_.mulf(x[i], y_[k - i]));
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
z[k] = s;
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
private:
|
|
82
|
+
size_t n_;
|
|
83
|
+
size_t m_;
|
|
84
|
+
const Field& f_;
|
|
85
|
+
std::vector<Elt> y_;
|
|
86
|
+
};
|
|
87
|
+
|
|
88
|
+
template <class Field>
|
|
89
|
+
class SlowConvolutionFactory {
|
|
90
|
+
using Elt = typename Field::Elt;
|
|
91
|
+
|
|
92
|
+
public:
|
|
93
|
+
using Convolver = SlowConvolution<Field>;
|
|
94
|
+
|
|
95
|
+
explicit SlowConvolutionFactory(const Field& f) : f_(f) {}
|
|
96
|
+
|
|
97
|
+
std::unique_ptr<const Convolver> make(size_t n, size_t m,
|
|
98
|
+
const Elt y[/*m*/]) const {
|
|
99
|
+
return std::make_unique<const Convolver>(n, m, f_, y);
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
private:
|
|
103
|
+
const Field& f_;
|
|
104
|
+
};
|
|
105
|
+
|
|
106
|
+
template <class Field>
|
|
107
|
+
void one_field_reed_solomon(const typename Field::Elt& omega,
|
|
108
|
+
uint64_t omega_order, const Field& f) {
|
|
109
|
+
using Elt = typename Field::Elt;
|
|
110
|
+
|
|
111
|
+
using Interpolation = Interpolation<N, Field>;
|
|
112
|
+
using FFTConvolutionFactory = FFTConvolutionFactory<Field>;
|
|
113
|
+
using SlowConvolutionFactory = SlowConvolutionFactory<Field>;
|
|
114
|
+
using CrtConvolutionFactory = CrtConvolutionFactory<CRT256<Field>, Field>;
|
|
115
|
+
using Poly = Poly<N, Field>; // N-tuple, i.e., at most N-1 degree polynomial
|
|
116
|
+
|
|
117
|
+
Bogorng<Field> rng(&f);
|
|
118
|
+
Poly P;
|
|
119
|
+
// arbitrary coefficients
|
|
120
|
+
for (size_t i = 0; i < N; ++i) {
|
|
121
|
+
P[i] = f.of_scalar(i * i * i + (i & 0xF) + (i ^ (i << 2)));
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
// lagrange basis, i.e., values at first M points
|
|
125
|
+
std::vector<Elt> L(M);
|
|
126
|
+
for (size_t i = 0; i < M; ++i) {
|
|
127
|
+
Elt x = f.of_scalar(i);
|
|
128
|
+
L[i] = Interpolation::eval_monomial(P, x, f);
|
|
129
|
+
}
|
|
130
|
+
|
|
131
|
+
std::vector<Elt> L2(M);
|
|
132
|
+
for (size_t i = 0; i < N; ++i) {
|
|
133
|
+
L2[i] = L[i];
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
FFTConvolutionFactory factory(f, omega, omega_order);
|
|
137
|
+
ReedSolomon<Field, FFTConvolutionFactory> r(N, M, f, factory);
|
|
138
|
+
r.interpolate(&L2[0]);
|
|
139
|
+
for (size_t i = 0; i < M; ++i) {
|
|
140
|
+
EXPECT_EQ(L2[i], L[i]);
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
std::vector<Elt> L3(M);
|
|
144
|
+
for (size_t i = 0; i < N; ++i) {
|
|
145
|
+
L3[i] = L[i];
|
|
146
|
+
}
|
|
147
|
+
SlowConvolutionFactory slow_factory(f);
|
|
148
|
+
ReedSolomon<Field, SlowConvolutionFactory> r_slow(N, M, f, slow_factory);
|
|
149
|
+
r_slow.interpolate(&L3[0]);
|
|
150
|
+
for (size_t i = 0; i < M; ++i) {
|
|
151
|
+
EXPECT_EQ(L3[i], L[i]);
|
|
152
|
+
}
|
|
153
|
+
|
|
154
|
+
std::vector<Elt> L4(M);
|
|
155
|
+
for (size_t i = 0; i < N; ++i) {
|
|
156
|
+
L4[i] = L[i];
|
|
157
|
+
}
|
|
158
|
+
CrtConvolutionFactory crt_factory(f);
|
|
159
|
+
ReedSolomon<Field, CrtConvolutionFactory> r_crt(N, M, f, crt_factory);
|
|
160
|
+
r_crt.interpolate(&L4[0]);
|
|
161
|
+
for (size_t i = 0; i < M; ++i) {
|
|
162
|
+
EXPECT_EQ(L4[i], L[i]);
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
|
|
166
|
+
TEST(ReedSolomonTest, ReedSolomon) {
|
|
167
|
+
one_field_reed_solomon(omegaf, omegaf_order, F);
|
|
168
|
+
one_field_reed_solomon(omegag, omegag_order, G);
|
|
169
|
+
}
|
|
170
|
+
|
|
171
|
+
TEST(Reed_Solomon, Product) {
|
|
172
|
+
// Test that the product of two polynomials of degree < SMALL
|
|
173
|
+
// has degree < 2*SMALL-1. Start with A[SMALL] and B[SMALL],
|
|
174
|
+
// extend to SMALLC = 2*SMALL-1 points and compute C[i] = A[i] * B[i];
|
|
175
|
+
// extend to LARGE points and verify that C[i] == A[i] * B[i]
|
|
176
|
+
// for all i. The test fails for SMALLC < 2*SMALL-1, as expected.
|
|
177
|
+
constexpr size_t small = 17, large = 50, smallc = 2 * small - 1;
|
|
178
|
+
using Elt = Fp<1>::Elt;
|
|
179
|
+
using FFTConvolutionFactory = FFTConvolutionFactory<Fp<1>>;
|
|
180
|
+
using ReedSolomon = ReedSolomon<Fp<1>, FFTConvolutionFactory>;
|
|
181
|
+
|
|
182
|
+
Elt omega = omegag;
|
|
183
|
+
uint64_t omega_order = omegag_order;
|
|
184
|
+
Elt A[large], B[large];
|
|
185
|
+
Bogorng<Fp<1>> rng(&G);
|
|
186
|
+
for (size_t i = 0; i < small; ++i) {
|
|
187
|
+
A[i] = rng.next();
|
|
188
|
+
B[i] = rng.next();
|
|
189
|
+
}
|
|
190
|
+
|
|
191
|
+
FFTConvolutionFactory factory(G, omega, omega_order);
|
|
192
|
+
ReedSolomon r(small, large, G, factory);
|
|
193
|
+
r.interpolate(A);
|
|
194
|
+
r.interpolate(B);
|
|
195
|
+
|
|
196
|
+
Elt C[large];
|
|
197
|
+
for (size_t i = 0; i < smallc; ++i) {
|
|
198
|
+
C[i] = G.mulf(A[i], B[i]);
|
|
199
|
+
}
|
|
200
|
+
ReedSolomon rc(smallc, large, G, factory);
|
|
201
|
+
rc.interpolate(C);
|
|
202
|
+
for (size_t i = 0; i < large; ++i) {
|
|
203
|
+
EXPECT_EQ(G.mulf(A[i], B[i]), C[i]);
|
|
204
|
+
}
|
|
205
|
+
}
|
|
206
|
+
|
|
207
|
+
TEST(ReedSolomonTest, SlowConvolutionFactory) {
|
|
208
|
+
using Field = Fp<4>;
|
|
209
|
+
using Elt = typename Field::Elt;
|
|
210
|
+
using Interpolation = Interpolation<N, Field>;
|
|
211
|
+
using SlowConvolutionFactory = SlowConvolutionFactory<Field>;
|
|
212
|
+
using ReedSolomon = ReedSolomon<Field, SlowConvolutionFactory>;
|
|
213
|
+
using Poly = Poly<N, Field>;
|
|
214
|
+
|
|
215
|
+
Bogorng<Field> rng(&F);
|
|
216
|
+
Poly P;
|
|
217
|
+
|
|
218
|
+
// arbitrary coefficients
|
|
219
|
+
for (size_t i = 0; i < N; ++i) {
|
|
220
|
+
P[i] = F.of_scalar(i * i * i + (i & 0xF) + (i ^ (i << 2)));
|
|
221
|
+
}
|
|
222
|
+
// lagrange basis, i.e., values at first m points
|
|
223
|
+
Elt L[M];
|
|
224
|
+
for (size_t i = 0; i < M; ++i) {
|
|
225
|
+
Elt x = F.of_scalar(i);
|
|
226
|
+
L[i] = Interpolation::eval_monomial(P, x, F);
|
|
227
|
+
}
|
|
228
|
+
Elt L2[M];
|
|
229
|
+
for (size_t i = 0; i < N; ++i) {
|
|
230
|
+
L2[i] = L[i];
|
|
231
|
+
}
|
|
232
|
+
SlowConvolutionFactory factory(F);
|
|
233
|
+
ReedSolomon r(N, M, F, factory);
|
|
234
|
+
r.interpolate(L2);
|
|
235
|
+
for (size_t i = 0; i < M; ++i) {
|
|
236
|
+
EXPECT_EQ(L2[i], L[i]);
|
|
237
|
+
}
|
|
238
|
+
}
|
|
239
|
+
|
|
240
|
+
TEST(ReedSolomonTest, LowDegreePolynomial) {
|
|
241
|
+
using Field = Fp<4>;
|
|
242
|
+
using Elt = typename Field::Elt;
|
|
243
|
+
using Interpolation = Interpolation<N, Field>;
|
|
244
|
+
using FFTConvolutionFactory = FFTConvolutionFactory<Field>;
|
|
245
|
+
using ReedSolomon = ReedSolomon<Field, FFTConvolutionFactory>;
|
|
246
|
+
using Poly = Poly<N, Field>;
|
|
247
|
+
|
|
248
|
+
Elt omega = omegaf;
|
|
249
|
+
uint64_t omega_order = omegaf_order;
|
|
250
|
+
Bogorng<Field> rng(&F);
|
|
251
|
+
Poly P;
|
|
252
|
+
|
|
253
|
+
// arbitrary coefficients
|
|
254
|
+
for (size_t i = 0; i < N; ++i) {
|
|
255
|
+
P[i] = F.of_scalar(i * i * i + (i & 0xF) + (i ^ (i << 2)));
|
|
256
|
+
}
|
|
257
|
+
// lagrange basis, i.e., values at first n+m points
|
|
258
|
+
Elt L[M];
|
|
259
|
+
for (size_t i = 0; i < M; ++i) {
|
|
260
|
+
Elt x = F.of_scalar(i);
|
|
261
|
+
L[i] = Interpolation::eval_monomial(P, x, F);
|
|
262
|
+
}
|
|
263
|
+
Elt L2[N + M];
|
|
264
|
+
for (size_t i = 0; i < N; ++i) {
|
|
265
|
+
L2[i] = L[i];
|
|
266
|
+
}
|
|
267
|
+
Elt L3[N + M];
|
|
268
|
+
for (size_t i = 0; i < N + 10; ++i) {
|
|
269
|
+
L3[i] = L[i];
|
|
270
|
+
}
|
|
271
|
+
FFTConvolutionFactory factory(F, omega, omega_order);
|
|
272
|
+
ReedSolomonFactory<Field, FFTConvolutionFactory> rf(factory, F);
|
|
273
|
+
auto r = rf.make(N, M);
|
|
274
|
+
r->interpolate(L2);
|
|
275
|
+
for (size_t i = 0; i < M; ++i) {
|
|
276
|
+
EXPECT_EQ(L2[i], L[i]);
|
|
277
|
+
}
|
|
278
|
+
// Giving N + 10 points for a polynomial of degree only N-1
|
|
279
|
+
ReedSolomon r2(N + 10, M, F, factory);
|
|
280
|
+
r2.interpolate(L3);
|
|
281
|
+
for (size_t i = 0; i < M; ++i) {
|
|
282
|
+
EXPECT_EQ(L3[i], L[i]);
|
|
283
|
+
}
|
|
284
|
+
}
|
|
285
|
+
|
|
286
|
+
TEST(ReedSolomonTest, FieldExtension) {
|
|
287
|
+
using BaseField = Fp256<>;
|
|
288
|
+
using BaseElt = BaseField::Elt;
|
|
289
|
+
using ExtField = Fp2<BaseField>;
|
|
290
|
+
using ExtElt = ExtField::Elt;
|
|
291
|
+
|
|
292
|
+
const BaseField F0; // base field
|
|
293
|
+
const ExtField F_ext(F0); // p^2 field extension
|
|
294
|
+
|
|
295
|
+
using Interpolation = Interpolation<N, BaseField>;
|
|
296
|
+
using FFTExtConvolutionFactory =
|
|
297
|
+
FFTExtConvolutionFactory<BaseField, ExtField>;
|
|
298
|
+
using ReedSolomon = ReedSolomon<BaseField, FFTExtConvolutionFactory>;
|
|
299
|
+
using Poly = Poly<N, BaseField>;
|
|
300
|
+
|
|
301
|
+
ExtElt omega = F_ext.of_string(
|
|
302
|
+
"112649224146410281873500457609690258373018840430489408729223714171582664"
|
|
303
|
+
"680802",
|
|
304
|
+
"840879943585409076957404614278186605601821689971823787493130182544504602"
|
|
305
|
+
"12908");
|
|
306
|
+
uint64_t omega_order = 1ull << 31;
|
|
307
|
+
Poly P;
|
|
308
|
+
|
|
309
|
+
// arbitrary coefficients in base field
|
|
310
|
+
for (size_t i = 0; i < N; ++i) {
|
|
311
|
+
P[i] = F0.of_scalar(i * i * i + (i & 0xF) + (i ^ (i << 2)));
|
|
312
|
+
}
|
|
313
|
+
// lagrange basis, i.e., values at first n+m points
|
|
314
|
+
BaseElt L[M];
|
|
315
|
+
for (size_t i = 0; i < M; ++i) {
|
|
316
|
+
BaseElt x = F0.of_scalar(i);
|
|
317
|
+
L[i] = Interpolation::eval_monomial(P, x, F0);
|
|
318
|
+
}
|
|
319
|
+
BaseElt L2[N + M];
|
|
320
|
+
for (size_t i = 0; i < N; ++i) {
|
|
321
|
+
L2[i] = L[i];
|
|
322
|
+
}
|
|
323
|
+
|
|
324
|
+
FFTExtConvolutionFactory factory(F0, F_ext, omega, omega_order);
|
|
325
|
+
ReedSolomon r = ReedSolomon(N, M, F0, factory);
|
|
326
|
+
r.interpolate(L2);
|
|
327
|
+
for (size_t i = 0; i < M; ++i) {
|
|
328
|
+
EXPECT_EQ(L2[i], L[i]);
|
|
329
|
+
}
|
|
330
|
+
}
|
|
331
|
+
|
|
332
|
+
// ==================== Benchmarking ====================
|
|
333
|
+
|
|
334
|
+
#define BENCHMARK_SETTINGS ->RangeMultiplier(4)->Range(1 << 10, 1 << 22)
|
|
335
|
+
|
|
336
|
+
// This benchmark template works for both standard fields and field extensions.
|
|
337
|
+
template <class BaseField, class FFT, class RS, const BaseField& f,
|
|
338
|
+
const FFT& factory>
|
|
339
|
+
void BM_ReedSolomon(benchmark::State& state) {
|
|
340
|
+
using Elt = typename BaseField::Elt;
|
|
341
|
+
Bogorng<BaseField> rng(&f);
|
|
342
|
+
size_t n = state.range(0);
|
|
343
|
+
RS r = RS(n, n * 4, f, factory);
|
|
344
|
+
std::vector<Elt> L2(n + n * 4);
|
|
345
|
+
for (size_t i = 0; i < n; ++i) {
|
|
346
|
+
L2[i] = rng.next();
|
|
347
|
+
}
|
|
348
|
+
for (auto _ : state) {
|
|
349
|
+
r.interpolate(&L2[0]);
|
|
350
|
+
}
|
|
351
|
+
}
|
|
352
|
+
|
|
353
|
+
// FP 128
|
|
354
|
+
using Fp128 = Fp128<true>;
|
|
355
|
+
using FFT_p128 = FFTConvolutionFactory<Fp128>;
|
|
356
|
+
using RS_p128 = ReedSolomon<Fp128, FFT_p128>;
|
|
357
|
+
const Fp128 fp128;
|
|
358
|
+
const auto kOmega128 =
|
|
359
|
+
fp128.of_string("164956748514267535023998284330560247862");
|
|
360
|
+
const uint64_t kOmegaOrder128 = 1ull << 32;
|
|
361
|
+
const FFT_p128 fft_p128(fp128, kOmega128, kOmegaOrder128);
|
|
362
|
+
|
|
363
|
+
void BM_ReedSolomonFp128(benchmark::State& state) {
|
|
364
|
+
BM_ReedSolomon<Fp128, FFT_p128, RS_p128, fp128, fft_p128>(state);
|
|
365
|
+
}
|
|
366
|
+
BENCHMARK(BM_ReedSolomonFp128) BENCHMARK_SETTINGS;
|
|
367
|
+
|
|
368
|
+
// FP 64
|
|
369
|
+
using Fp64 = Fp<1>;
|
|
370
|
+
using FFT_p64 = FFTConvolutionFactory<Fp64>;
|
|
371
|
+
using RS_p64 = ReedSolomon<Fp64, FFT_p64>;
|
|
372
|
+
const Fp64 fp64("18446744069414584321");
|
|
373
|
+
const auto kOmega64 = fp64.of_string("2752994695033296049");
|
|
374
|
+
const uint64_t kOmegaOrder64 = 1ull << 29;
|
|
375
|
+
const FFT_p64 fft_p64(fp64, kOmega64, kOmegaOrder64);
|
|
376
|
+
|
|
377
|
+
void BM_ReedSolomonFp64(benchmark::State& state) {
|
|
378
|
+
BM_ReedSolomon<Fp64, FFT_p64, RS_p64, fp64, fft_p64>(state);
|
|
379
|
+
}
|
|
380
|
+
BENCHMARK(BM_ReedSolomonFp64) BENCHMARK_SETTINGS;
|
|
381
|
+
|
|
382
|
+
// FP p256^2
|
|
383
|
+
using Fp256 = Fp256<>;
|
|
384
|
+
using Fp256_2 = Fp2<Fp256>;
|
|
385
|
+
using FFT_p256_2 = FFTExtConvolutionFactory<Fp256, Fp256_2>;
|
|
386
|
+
using RS_p256_2 = ReedSolomon<Fp256, FFT_p256_2>;
|
|
387
|
+
const Fp256 fp256;
|
|
388
|
+
const Fp256_2 fp256_2(fp256);
|
|
389
|
+
const FFT_p256_2 fft_p256_2(
|
|
390
|
+
fp256, fp256_2,
|
|
391
|
+
fp256_2.of_string("11264922414641028187350045760969025837301884043048940872"
|
|
392
|
+
"9223714171582664680802",
|
|
393
|
+
"84087994358540907695740461427818660560182168997182378749"
|
|
394
|
+
"313018254450460212908"),
|
|
395
|
+
1ull << 31);
|
|
396
|
+
|
|
397
|
+
void BM_ReedSolomonFp256(benchmark::State& state) {
|
|
398
|
+
BM_ReedSolomon<Fp256, FFT_p256_2, RS_p256_2, fp256, fft_p256_2>(state);
|
|
399
|
+
}
|
|
400
|
+
|
|
401
|
+
BENCHMARK(BM_ReedSolomonFp256) BENCHMARK_SETTINGS;
|
|
402
|
+
|
|
403
|
+
using CRT_p256 = CrtConvolutionFactory<CRT256<Fp256>, Fp256>;
|
|
404
|
+
using RS_CRT_p256 = ReedSolomon<Fp256, CRT_p256>;
|
|
405
|
+
const CRT_p256 crt_factory(fp256);
|
|
406
|
+
|
|
407
|
+
void BM_ReedSolomonFp256_crt(benchmark::State& state) {
|
|
408
|
+
BM_ReedSolomon<Fp256, CRT_p256, RS_CRT_p256, fp256, crt_factory>(state);
|
|
409
|
+
}
|
|
410
|
+
BENCHMARK(BM_ReedSolomonFp256_crt) BENCHMARK_SETTINGS;
|
|
411
|
+
|
|
412
|
+
// 384-bit prime examples
|
|
413
|
+
// Use a prime that has a root of unity to compare against CRT.
|
|
414
|
+
using Fp6 = Fp<6, true>;
|
|
415
|
+
using FFT_w6 = FFTConvolutionFactory<Fp6>;
|
|
416
|
+
using RS_w6 = ReedSolomon<Fp6, FFT_w6>;
|
|
417
|
+
const Fp6 fp6(
|
|
418
|
+
"20037974874267939960898896867684052278357888070333354909979956374824637627"
|
|
419
|
+
"743258099255609959785846902476153458524161");
|
|
420
|
+
const auto kOmega6 = fp6.of_string(
|
|
421
|
+
"50647606193563528288433715408802192282898918225577021459322655193419480990"
|
|
422
|
+
"14652144667694099245156866923045442095606");
|
|
423
|
+
const uint64_t kOmegaOrder6 = 1ull << 22;
|
|
424
|
+
const FFT_w6 fft_w6(fp6, kOmega6, kOmegaOrder6);
|
|
425
|
+
|
|
426
|
+
void BM_RS384_native(benchmark::State& state) {
|
|
427
|
+
BM_ReedSolomon<Fp6, FFT_w6, RS_w6, fp6, fft_w6>(state);
|
|
428
|
+
}
|
|
429
|
+
BENCHMARK(BM_RS384_native) BENCHMARK_SETTINGS;
|
|
430
|
+
|
|
431
|
+
// Same prime using CRT.
|
|
432
|
+
using CRT_p6 = CrtConvolutionFactory<CRT384<Fp6>, Fp6>;
|
|
433
|
+
using RS_CRT_p6 = ReedSolomon<Fp6, CRT_p6>;
|
|
434
|
+
const CRT_p6 crt_p6_factory(fp6);
|
|
435
|
+
|
|
436
|
+
void BM_RS384_crt(benchmark::State& state) {
|
|
437
|
+
BM_ReedSolomon<Fp6, CRT_p6, RS_CRT_p6, fp6, crt_p6_factory>(state);
|
|
438
|
+
}
|
|
439
|
+
BENCHMARK(BM_RS384_crt) BENCHMARK_SETTINGS;
|
|
440
|
+
|
|
441
|
+
// 521-bit prime examples
|
|
442
|
+
// Use a prime that has a root of unity to compare against CRT.
|
|
443
|
+
using Fp9 = Fp<9, true>;
|
|
444
|
+
using FFT_w9 = FFTConvolutionFactory<Fp9>;
|
|
445
|
+
using RS_w9 = ReedSolomon<Fp9, FFT_w9>;
|
|
446
|
+
|
|
447
|
+
const Fp9 fp9(
|
|
448
|
+
"32079476204984456963893996693749287914273772187064638495748042644433982545"
|
|
449
|
+
"37419754756860742716602395683304244565676779070886473574346574476927946442"
|
|
450
|
+
"026254337");
|
|
451
|
+
const auto kOmega9 = fp9.of_string(
|
|
452
|
+
"31823443021031919081147483961203288919826765761971511088433594166437381726"
|
|
453
|
+
"07399657243575079979889297218330863250710223139208683093312148113827665536"
|
|
454
|
+
"113183520");
|
|
455
|
+
const FFT_w9 fft_w9(fp9, kOmega9, 1ull << 22);
|
|
456
|
+
|
|
457
|
+
void BM_RS521_native(benchmark::State& state) {
|
|
458
|
+
BM_ReedSolomon<Fp9, FFT_w9, RS_w9, fp9, fft_w9>(state);
|
|
459
|
+
}
|
|
460
|
+
BENCHMARK(BM_RS521_native) BENCHMARK_SETTINGS;
|
|
461
|
+
|
|
462
|
+
// Same prime using CRT.
|
|
463
|
+
using CRT_p9 = CrtConvolutionFactory<CRT384<Fp9>, Fp9>;
|
|
464
|
+
using RS_CRT_p9 = ReedSolomon<Fp9, CRT_p9>;
|
|
465
|
+
const CRT_p9 crt_p9_factory(fp9);
|
|
466
|
+
|
|
467
|
+
void BM_RS521_crt(benchmark::State& state) {
|
|
468
|
+
BM_ReedSolomon<Fp9, CRT_p9, RS_CRT_p9, fp9, crt_p9_factory>(state);
|
|
469
|
+
}
|
|
470
|
+
BENCHMARK(BM_RS521_crt) BENCHMARK_SETTINGS;
|
|
471
|
+
|
|
472
|
+
} // namespace
|
|
473
|
+
} // namespace proofs
|