longfellow 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CODE_OF_CONDUCT.md +10 -0
- data/LICENSE.txt +21 -0
- data/README.md +152 -0
- data/ext/longfellow/CMakeLists.txt +76 -0
- data/ext/longfellow/extconf.rb +77 -0
- data/lib/longfellow/attribute.rb +65 -0
- data/lib/longfellow/c.rb +105 -0
- data/lib/longfellow/errors.rb +78 -0
- data/lib/longfellow/version.rb +5 -0
- data/lib/longfellow/zk_spec.rb +40 -0
- data/lib/longfellow.rb +162 -0
- data/sig/longfellow.rbs +74 -0
- data/vendor/longfellow-zk/LICENSE +203 -0
- data/vendor/longfellow-zk/lib/algebra/blas.h +121 -0
- data/vendor/longfellow-zk/lib/algebra/bogorng.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/compare.h +40 -0
- data/vendor/longfellow-zk/lib/algebra/convolution.h +219 -0
- data/vendor/longfellow-zk/lib/algebra/crt.cc +42 -0
- data/vendor/longfellow-zk/lib/algebra/crt.h +299 -0
- data/vendor/longfellow-zk/lib/algebra/crt_convolution.h +114 -0
- data/vendor/longfellow-zk/lib/algebra/crt_test.cc +371 -0
- data/vendor/longfellow-zk/lib/algebra/fft.h +104 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation.h +304 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation_test.cc +168 -0
- data/vendor/longfellow-zk/lib/algebra/fft_test.cc +257 -0
- data/vendor/longfellow-zk/lib/algebra/fp.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/fp2.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/fp24.h +342 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6.h +305 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6_test.cc +197 -0
- data/vendor/longfellow-zk/lib/algebra/fp2_test.cc +280 -0
- data/vendor/longfellow-zk/lib/algebra/fp_generic.h +533 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p128.h +91 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256k1.h +123 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p384.h +65 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p521.h +62 -0
- data/vendor/longfellow-zk/lib/algebra/fp_test.cc +522 -0
- data/vendor/longfellow-zk/lib/algebra/hash.h +39 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation.h +117 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation_test.cc +74 -0
- data/vendor/longfellow-zk/lib/algebra/limb.h +153 -0
- data/vendor/longfellow-zk/lib/algebra/limb_test.cc +75 -0
- data/vendor/longfellow-zk/lib/algebra/nat.cc +32 -0
- data/vendor/longfellow-zk/lib/algebra/nat.h +212 -0
- data/vendor/longfellow-zk/lib/algebra/nat_test.cc +183 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer_test.cc +138 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumerfp2_test.cc +139 -0
- data/vendor/longfellow-zk/lib/algebra/permutations.h +79 -0
- data/vendor/longfellow-zk/lib/algebra/poly.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/poly_test.cc +123 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon.h +150 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension.h +108 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension_test.cc +76 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_test.cc +473 -0
- data/vendor/longfellow-zk/lib/algebra/rfft.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/rfft_test.cc +102 -0
- data/vendor/longfellow-zk/lib/algebra/static_string.h +29 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep.h +495 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep_test.cc +41 -0
- data/vendor/longfellow-zk/lib/algebra/twiddle.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/utility.h +86 -0
- data/vendor/longfellow-zk/lib/algebra/utility_test.cc +86 -0
- data/vendor/longfellow-zk/lib/arrays/affine.h +56 -0
- data/vendor/longfellow-zk/lib/arrays/affine_test.cc +220 -0
- data/vendor/longfellow-zk/lib/arrays/dense.h +210 -0
- data/vendor/longfellow-zk/lib/arrays/eq.h +75 -0
- data/vendor/longfellow-zk/lib/arrays/eqs.h +137 -0
- data/vendor/longfellow-zk/lib/arrays/eqs_test.cc +151 -0
- data/vendor/longfellow-zk/lib/arrays/sparse.h +192 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder.h +323 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder_test.cc +541 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor.h +594 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck.h +110 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck_test.cc +55 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_test.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_testing.h +98 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_witness.h +312 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso2_test.cc +662 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso_test.cc +485 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan.h +104 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan_test.cc +137 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor.h +640 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_testing.h +99 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_witness.h +319 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/lexer_test.cc +120 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/mdoc_examples_test.cc +89 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_circuit_test.cc +506 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_size_test.cc +79 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_test.cc +473 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/canonicalization_test.cc +185 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/circuit_dump.h +65 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler.h +471 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler_test.cc +110 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/node.h +176 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/pdqhash.h +127 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/schedule.h +435 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_circuit.h +371 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_external_test.cc +246 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_test.cc +587 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_witness.h +201 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker.h +247 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_constants.h +35 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_encoder.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_test.cc +183 -0
- data/vendor/longfellow-zk/lib/circuits/logic/compiler_backend.h +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter_test.cc +102 -0
- data/vendor/longfellow-zk/lib/circuits/logic/evaluation_backend.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic.h +1232 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_circuit_test.cc +310 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_test.cc +521 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp.h +68 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp_test.cc +148 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing.h +445 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing_test.cc +241 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary.h +55 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker.h +77 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_constants.h +37 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_test.cc +53 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_size_test.cc +69 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit.h +193 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit_test.cc +223 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_reference.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_witness.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/circuit_maker.cc +242 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_ids.h +311 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_circuit_id.cc +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_constants.h +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.cc +41 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_examples.h +5232 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_generate_circuit.cc +199 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_hash.h +554 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature.h +143 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature_test.cc +444 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_test_attributes.h +157 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_witness.h +863 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.cc +693 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.h +216 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk_test.cc +724 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec.cc +100 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec_test.cc +155 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit.h +330 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit_test.cc +607 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_io.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.cc +163 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.h +47 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.cc +34 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_test_values.h +389 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/ptrcred.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small.h +218 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_examples.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_io.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_test.cc +208 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_witness.h +130 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode.h +508 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_circuit_test.cc +95 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_test.cc +119 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.cc +47 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit.h +231 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit_test.cc +428 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_witness.h +102 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt.h +190 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_constants.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_test.cc +559 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_witness.h +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f.h +411 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_io.h +32 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_test.cc +364 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_witness.h +278 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation.h +146 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_constants.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_test.cc +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_witness.h +136 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr.h +250 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_test.cc +333 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_witness.h +152 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44.h +903 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_circuit_test.cc +274 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_eval_test.cc +440 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.cc +8851 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.h +93 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.cc +24 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness.h +453 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness_test.cc +49 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.cc +458 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test.cc +398 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors.inc +3618 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_pkdecode.inc +689 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_sigdecode.inc +1501 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/sigdecode_test_vectors.inc +540 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit.h +394 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit_test.cc +577 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_constants.h +90 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit.h +351 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit_test.cc +466 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.cc +207 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.h +59 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference_test.cc +153 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.cc +39 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_slicing.h +31 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.cc +83 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/shake_test_vectors.h +477 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve.h +596 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve_test.cc +548 -0
- data/vendor/longfellow-zk/lib/ec/p256.cc +36 -0
- data/vendor/longfellow-zk/lib/ec/p256.h +60 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.cc +34 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.h +60 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128.h +503 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_bench.cc +48 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_test.cc +416 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2poly.h +74 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14.h +242 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_bench.cc +75 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon.h +127 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon_test.cc +110 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_test.cc +246 -0
- data/vendor/longfellow-zk/lib/gf2k/sysdep.h +329 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_param.h +449 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_prover.h +354 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_test.cc +136 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_transcript.h +67 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_verifier.h +272 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_commitment.h +104 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree.h +216 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree_test.cc +240 -0
- data/vendor/longfellow-zk/lib/proto/circuit.h +354 -0
- data/vendor/longfellow-zk/lib/proto/circuit_test.cc +202 -0
- data/vendor/longfellow-zk/lib/random/random.h +119 -0
- data/vendor/longfellow-zk/lib/random/random_test.cc +189 -0
- data/vendor/longfellow-zk/lib/random/secure_random_engine.h +37 -0
- data/vendor/longfellow-zk/lib/random/transcript.h +193 -0
- data/vendor/longfellow-zk/lib/random/transcript_test.cc +344 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit.h +148 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit_id.h +71 -0
- data/vendor/longfellow-zk/lib/sumcheck/equad.h +126 -0
- data/vendor/longfellow-zk/lib/sumcheck/hquad.h +115 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover.h +59 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover_layers.h +362 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad.h +227 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_builder.h +211 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_test.cc +169 -0
- data/vendor/longfellow-zk/lib/sumcheck/sumcheck_test.cc +324 -0
- data/vendor/longfellow-zk/lib/sumcheck/testing.h +69 -0
- data/vendor/longfellow-zk/lib/sumcheck/transcript_sumcheck.h +85 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier.h +84 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier_layers.h +221 -0
- data/vendor/longfellow-zk/lib/testing/test_main.cc +50 -0
- data/vendor/longfellow-zk/lib/util/ceildiv.h +164 -0
- data/vendor/longfellow-zk/lib/util/ceildiv_test.cc +152 -0
- data/vendor/longfellow-zk/lib/util/crc64.h +45 -0
- data/vendor/longfellow-zk/lib/util/crypto.cc +39 -0
- data/vendor/longfellow-zk/lib/util/crypto.h +108 -0
- data/vendor/longfellow-zk/lib/util/log.cc +110 -0
- data/vendor/longfellow-zk/lib/util/log.h +33 -0
- data/vendor/longfellow-zk/lib/util/panic.h +40 -0
- data/vendor/longfellow-zk/lib/util/readbuffer.h +67 -0
- data/vendor/longfellow-zk/lib/util/serialization.h +54 -0
- data/vendor/longfellow-zk/lib/zk/zk_common.h +455 -0
- data/vendor/longfellow-zk/lib/zk/zk_proof.h +378 -0
- data/vendor/longfellow-zk/lib/zk/zk_prover.h +202 -0
- data/vendor/longfellow-zk/lib/zk/zk_test.cc +340 -0
- data/vendor/longfellow-zk/lib/zk/zk_testing.h +154 -0
- data/vendor/longfellow-zk/lib/zk/zk_verifier.h +109 -0
- metadata +347 -0
|
@@ -0,0 +1,371 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#include "algebra/crt.h"
|
|
16
|
+
|
|
17
|
+
#include <cstddef>
|
|
18
|
+
#include <cstdint>
|
|
19
|
+
#include <vector>
|
|
20
|
+
|
|
21
|
+
#include "algebra/bogorng.h"
|
|
22
|
+
#include "algebra/convolution.h"
|
|
23
|
+
#include "algebra/crt_convolution.h"
|
|
24
|
+
#include "algebra/fft.h"
|
|
25
|
+
#include "algebra/fp.h"
|
|
26
|
+
#include "algebra/fp2.h"
|
|
27
|
+
#include "algebra/fp_p256.h"
|
|
28
|
+
#include "algebra/fp_p384.h"
|
|
29
|
+
#include "algebra/fp_p521.h"
|
|
30
|
+
#include "benchmark/benchmark.h"
|
|
31
|
+
#include "gtest/gtest.h"
|
|
32
|
+
|
|
33
|
+
namespace proofs {
|
|
34
|
+
|
|
35
|
+
namespace {
|
|
36
|
+
|
|
37
|
+
using Fp1 = Fp<1>;
|
|
38
|
+
Fp1 fp1("4179340454199820289");
|
|
39
|
+
|
|
40
|
+
template <class Field, class CRT>
|
|
41
|
+
void testFp(const CRT& crt, const Field& F) {
|
|
42
|
+
Bogorng<Field> rng(&F);
|
|
43
|
+
for (size_t i = 0; i < 1000; ++i) {
|
|
44
|
+
auto x = rng.next();
|
|
45
|
+
auto y = rng.next();
|
|
46
|
+
auto x_crt = crt.to_crt(x);
|
|
47
|
+
auto y_crt = crt.to_crt(y);
|
|
48
|
+
auto gxg = crt.to_field(x_crt);
|
|
49
|
+
EXPECT_EQ(x, gxg);
|
|
50
|
+
|
|
51
|
+
auto z = F.addf(x, y);
|
|
52
|
+
auto z_crt = crt.addf(x_crt, y_crt);
|
|
53
|
+
auto got = crt.to_field(z_crt);
|
|
54
|
+
EXPECT_EQ(z, got);
|
|
55
|
+
|
|
56
|
+
auto zs_crt = crt.subf(z_crt, y_crt);
|
|
57
|
+
auto x2 = crt.to_field(zs_crt);
|
|
58
|
+
EXPECT_EQ(x2, x);
|
|
59
|
+
|
|
60
|
+
auto zm = F.mulf(x, y);
|
|
61
|
+
auto zm_crt = crt.mulf(x_crt, y_crt);
|
|
62
|
+
auto gotm = crt.to_field(zm_crt);
|
|
63
|
+
EXPECT_EQ(zm, gotm);
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
// Verifies that performing a forward FFT followed by a backward FFT over the
|
|
68
|
+
// Chinese Remainder Theorem (CRT) representation recovers the original input
|
|
69
|
+
// vector, up to the expected scale factor of `n`.
|
|
70
|
+
template <typename Field>
|
|
71
|
+
void TestFFTInverse(const Field& F) {
|
|
72
|
+
using Elt = typename Field::Elt;
|
|
73
|
+
Bogorng<Field> rng(&F);
|
|
74
|
+
|
|
75
|
+
size_t n = 1024;
|
|
76
|
+
std::vector<Elt> A(n);
|
|
77
|
+
for (size_t i = 0; i < n; ++i) {
|
|
78
|
+
A[i] = rng.next();
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
// Same over CRT.
|
|
82
|
+
using CRT = CRT256<Field>;
|
|
83
|
+
using CRTElt = typename CRT::Elt;
|
|
84
|
+
CRT crt(F);
|
|
85
|
+
auto omega_crt = crt.omega();
|
|
86
|
+
uint64_t omega_order = crt.omega_order();
|
|
87
|
+
|
|
88
|
+
std::vector<Elt> C(n);
|
|
89
|
+
std::vector<CRTElt> a_crt(n, crt.zero());
|
|
90
|
+
for (size_t i = 0; i < n; ++i) {
|
|
91
|
+
a_crt[i] = crt.to_crt(A[i]);
|
|
92
|
+
}
|
|
93
|
+
FFT<CRT>::fftf(&a_crt[0], n, omega_crt, omega_order, crt);
|
|
94
|
+
FFT<CRT>::fftb(&a_crt[0], n, omega_crt, omega_order, crt);
|
|
95
|
+
for (size_t i = 0; i < n; ++i) {
|
|
96
|
+
C[i] = crt.to_field(a_crt[i]);
|
|
97
|
+
F.mul(C[i], F.invertf(F.of_scalar(n)));
|
|
98
|
+
EXPECT_EQ(C[i], A[i]);
|
|
99
|
+
}
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
TEST(CrtTest, Fp1Test) {
|
|
103
|
+
const Fp1 fp("8380417");
|
|
104
|
+
CRT<1, Fp1> crt(fp);
|
|
105
|
+
testFp(crt, fp);
|
|
106
|
+
TestFFTInverse(fp);
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
TEST(CrtTest, Fp256Test) {
|
|
110
|
+
Fp256<> F;
|
|
111
|
+
CRT256<Fp256<>> crt(F);
|
|
112
|
+
testFp(crt, F);
|
|
113
|
+
TestFFTInverse(F);
|
|
114
|
+
}
|
|
115
|
+
|
|
116
|
+
TEST(CrtTest, Fp384Test) {
|
|
117
|
+
Fp384<> F;
|
|
118
|
+
CRT384<Fp384<>> crt(F);
|
|
119
|
+
testFp(crt, F);
|
|
120
|
+
TestFFTInverse(F);
|
|
121
|
+
}
|
|
122
|
+
|
|
123
|
+
TEST(CrtTest, Fp521Test) {
|
|
124
|
+
Fp521<> F;
|
|
125
|
+
CRT521<Fp521<>> crt(F);
|
|
126
|
+
testFp(crt, F);
|
|
127
|
+
TestFFTInverse(F);
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
TEST(CrtTest, RootOfUnity) {
|
|
131
|
+
CRT521<Fp1> crt(fp1);
|
|
132
|
+
auto omega = crt.omega();
|
|
133
|
+
|
|
134
|
+
for (size_t i = 1; i < crt.omega_order(); i *= 2) {
|
|
135
|
+
// Ensure all intermediate powers of omega are not unity.
|
|
136
|
+
EXPECT_NE(omega, crt.one());
|
|
137
|
+
crt.mul(omega, omega);
|
|
138
|
+
}
|
|
139
|
+
EXPECT_EQ(omega, crt.one());
|
|
140
|
+
}
|
|
141
|
+
|
|
142
|
+
TEST(CrtTest, FFTInverse) {
|
|
143
|
+
using Fp = Fp<4>;
|
|
144
|
+
const Fp F(
|
|
145
|
+
"218882428718392752222464057452572750885483644004160343436982041865758084"
|
|
146
|
+
"95617");
|
|
147
|
+
TestFFTInverse(F);
|
|
148
|
+
}
|
|
149
|
+
|
|
150
|
+
// Verifies that a convolution performed using FFT over the base field `Fp`
|
|
151
|
+
// agrees with a convolution performed using the CRT approach. This test
|
|
152
|
+
// requires the target field `Fp` to have a known primitive root of unity
|
|
153
|
+
// (`omegaf`) of order `omegaf_order` large enough to support the FFT over
|
|
154
|
+
// vectors of size M + N - 1.
|
|
155
|
+
TEST(CrtTest, ConvolutionTest) {
|
|
156
|
+
using Fp = Fp<4>;
|
|
157
|
+
|
|
158
|
+
const Fp F(
|
|
159
|
+
"218882428718392752222464057452572750885483644004160343436982041865758084"
|
|
160
|
+
"95617");
|
|
161
|
+
|
|
162
|
+
const auto omegaf = F.of_string(
|
|
163
|
+
"191032190679217139442913928276920700361456519573292863153056420048214621"
|
|
164
|
+
"61904");
|
|
165
|
+
const uint64_t omegaf_order = 1ull << 28;
|
|
166
|
+
|
|
167
|
+
static constexpr size_t N = 37; // Degree 36 polynomial
|
|
168
|
+
static constexpr size_t M = 256;
|
|
169
|
+
Bogorng<Fp> rng(&F);
|
|
170
|
+
|
|
171
|
+
// Generate random input in Fp.
|
|
172
|
+
std::vector<Fp::Elt> x(N);
|
|
173
|
+
std::vector<Fp::Elt> y(M);
|
|
174
|
+
std::vector<Fp::Elt> want(M);
|
|
175
|
+
for (size_t i = 0; i < N; ++i) {
|
|
176
|
+
x[i] = rng.next();
|
|
177
|
+
}
|
|
178
|
+
for (size_t i = 0; i < M; ++i) {
|
|
179
|
+
y[i] = rng.next();
|
|
180
|
+
}
|
|
181
|
+
|
|
182
|
+
FFTConvolution<Fp> conv(N, M, F, omegaf, omegaf_order, y.data());
|
|
183
|
+
conv.convolution(x.data(), want.data());
|
|
184
|
+
|
|
185
|
+
std::vector<Fp::Elt> got(M);
|
|
186
|
+
CRTConvolution<CRT256<Fp>, Fp> crt_conv(N, M, F, y.data());
|
|
187
|
+
crt_conv.convolution(x.data(), got.data());
|
|
188
|
+
|
|
189
|
+
for (size_t i = 0; i < M; ++i) {
|
|
190
|
+
EXPECT_EQ(got[i], want[i]);
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
|
|
194
|
+
// ================= Benchmarks ===================
|
|
195
|
+
|
|
196
|
+
void BM_mul_fp1(benchmark::State& state) {
|
|
197
|
+
Fp<1> f("4179340454199820289");
|
|
198
|
+
auto x = f.two();
|
|
199
|
+
for (auto _ : state) {
|
|
200
|
+
f.mul(x, x);
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
BENCHMARK(BM_mul_fp1);
|
|
204
|
+
|
|
205
|
+
|
|
206
|
+
void BM_crt_add256(benchmark::State& state) {
|
|
207
|
+
CRT256<Fp1> crt(fp1);
|
|
208
|
+
auto a = crt.to_crt(fp1.of_scalar(112121));
|
|
209
|
+
for (auto _ : state) {
|
|
210
|
+
auto b = crt.addf(a, a);
|
|
211
|
+
benchmark::DoNotOptimize(b);
|
|
212
|
+
}
|
|
213
|
+
}
|
|
214
|
+
|
|
215
|
+
BENCHMARK(BM_crt_add256);
|
|
216
|
+
|
|
217
|
+
void BM_crt_mul256(benchmark::State& state) {
|
|
218
|
+
CRT256<Fp1> crt(fp1);
|
|
219
|
+
auto a = crt.to_crt(fp1.of_scalar(112121));
|
|
220
|
+
for (auto _ : state) {
|
|
221
|
+
auto b = crt.mulf(a, a);
|
|
222
|
+
benchmark::DoNotOptimize(b);
|
|
223
|
+
}
|
|
224
|
+
}
|
|
225
|
+
BENCHMARK(BM_crt_mul256);
|
|
226
|
+
|
|
227
|
+
void BM_crt_mul384(benchmark::State& state) {
|
|
228
|
+
CRT384<Fp1> crt(fp1);
|
|
229
|
+
auto a = crt.to_crt(fp1.of_scalar(112121));
|
|
230
|
+
for (auto _ : state) {
|
|
231
|
+
auto b = crt.mulf(a, a);
|
|
232
|
+
benchmark::DoNotOptimize(b);
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
BENCHMARK(BM_crt_mul384);
|
|
236
|
+
|
|
237
|
+
void BM_crt_mul521(benchmark::State& state) {
|
|
238
|
+
CRT521<Fp1> crt(fp1);
|
|
239
|
+
auto a = crt.to_crt(fp1.of_scalar(112121));
|
|
240
|
+
for (auto _ : state) {
|
|
241
|
+
auto b = crt.mulf(a, a);
|
|
242
|
+
benchmark::DoNotOptimize(b);
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
BENCHMARK(BM_crt_mul521);
|
|
246
|
+
|
|
247
|
+
template <class CRT, class Field>
|
|
248
|
+
void benchmark_tofield(benchmark::State& state, const CRT& crt,
|
|
249
|
+
const Field& F) {
|
|
250
|
+
Bogorng<Field> rng(&F);
|
|
251
|
+
auto x = rng.next();
|
|
252
|
+
auto x_crt = crt.to_crt(x);
|
|
253
|
+
for (auto _ : state) {
|
|
254
|
+
auto want = crt.to_field(x_crt);
|
|
255
|
+
benchmark::DoNotOptimize(want);
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
|
|
259
|
+
void BM_ToField_p256(benchmark::State& state) {
|
|
260
|
+
Fp256<> F;
|
|
261
|
+
CRT256<Fp256<>> crt(F);
|
|
262
|
+
benchmark_tofield(state, crt, F);
|
|
263
|
+
}
|
|
264
|
+
BENCHMARK(BM_ToField_p256);
|
|
265
|
+
|
|
266
|
+
void BM_ToField_p384(benchmark::State& state) {
|
|
267
|
+
Fp384<> F;
|
|
268
|
+
CRT384<Fp384<>> crt(F);
|
|
269
|
+
benchmark_tofield(state, crt, F);
|
|
270
|
+
}
|
|
271
|
+
BENCHMARK(BM_ToField_p384);
|
|
272
|
+
|
|
273
|
+
void BM_ToField_p521(benchmark::State& state) {
|
|
274
|
+
Fp521<> F;
|
|
275
|
+
CRT521<Fp521<>> crt(F);
|
|
276
|
+
benchmark_tofield(state, crt, F);
|
|
277
|
+
}
|
|
278
|
+
BENCHMARK(BM_ToField_p521);
|
|
279
|
+
|
|
280
|
+
|
|
281
|
+
void BM_conv(benchmark::State& state) {
|
|
282
|
+
using Fp256 = Fp256<>;
|
|
283
|
+
using Fp256_2 = Fp2<Fp256>;
|
|
284
|
+
using FFT_p256_2 = FFTExtConvolutionFactory<Fp256, Fp256_2>;
|
|
285
|
+
const Fp256 fp256;
|
|
286
|
+
const Fp256_2 fp256_2(fp256);
|
|
287
|
+
const FFT_p256_2 fft_p256_2(
|
|
288
|
+
fp256, fp256_2,
|
|
289
|
+
fp256_2.of_string(
|
|
290
|
+
"11264922414641028187350045760969025837301884043048940872"
|
|
291
|
+
"9223714171582664680802",
|
|
292
|
+
"84087994358540907695740461427818660560182168997182378749313018254450"
|
|
293
|
+
"460212908"),
|
|
294
|
+
1ull << 31);
|
|
295
|
+
|
|
296
|
+
static constexpr size_t N = 800; // Degree 36 polynomial
|
|
297
|
+
static constexpr size_t M = 32768;
|
|
298
|
+
Bogorng<Fp256> rng(&fp256);
|
|
299
|
+
|
|
300
|
+
// Generate random input in Fp.
|
|
301
|
+
std::vector<Fp256::Elt> x(N);
|
|
302
|
+
std::vector<Fp256::Elt> y(M);
|
|
303
|
+
std::vector<Fp256::Elt> want(M);
|
|
304
|
+
for (size_t i = 0; i < N; ++i) {
|
|
305
|
+
x[i] = rng.next();
|
|
306
|
+
}
|
|
307
|
+
for (size_t i = 0; i < M; ++i) {
|
|
308
|
+
y[i] = rng.next();
|
|
309
|
+
}
|
|
310
|
+
|
|
311
|
+
FFTExtConvolution<Fp256, Fp256_2> conv(
|
|
312
|
+
N, M, fp256, fp256_2,
|
|
313
|
+
fp256_2.of_string(
|
|
314
|
+
"11264922414641028187350045760969025837301884043048940872"
|
|
315
|
+
"9223714171582664680802",
|
|
316
|
+
"84087994358540907695740461427818660560182168997182378749313018254450"
|
|
317
|
+
"460212908"),
|
|
318
|
+
1ull << 31, y.data());
|
|
319
|
+
|
|
320
|
+
for (auto _ : state) {
|
|
321
|
+
conv.convolution(x.data(), want.data());
|
|
322
|
+
benchmark::DoNotOptimize(want);
|
|
323
|
+
}
|
|
324
|
+
}
|
|
325
|
+
BENCHMARK(BM_conv);
|
|
326
|
+
|
|
327
|
+
template <class CRT, class Field>
|
|
328
|
+
void benchmarkCRTConv(benchmark::State& state, const Field& F) {
|
|
329
|
+
static constexpr size_t N = 800;
|
|
330
|
+
static constexpr size_t M = 32768;
|
|
331
|
+
Bogorng<Field> rng(&F);
|
|
332
|
+
|
|
333
|
+
// Generate random input in Fp.
|
|
334
|
+
std::vector<typename Field::Elt> x(N);
|
|
335
|
+
std::vector<typename Field::Elt> y(M);
|
|
336
|
+
for (size_t i = 0; i < N; ++i) {
|
|
337
|
+
x[i] = rng.next();
|
|
338
|
+
}
|
|
339
|
+
for (size_t i = 0; i < M; ++i) {
|
|
340
|
+
y[i] = rng.next();
|
|
341
|
+
}
|
|
342
|
+
|
|
343
|
+
std::vector<typename Field::Elt> got(M);
|
|
344
|
+
CRTConvolution<CRT, Field> crt_conv(N, M, F, y.data());
|
|
345
|
+
for (auto _ : state) {
|
|
346
|
+
crt_conv.convolution(x.data(), got.data());
|
|
347
|
+
benchmark::DoNotOptimize(got);
|
|
348
|
+
}
|
|
349
|
+
}
|
|
350
|
+
|
|
351
|
+
void BM_crtconv_p256(benchmark::State& state) {
|
|
352
|
+
Fp256<> F;
|
|
353
|
+
benchmarkCRTConv<CRT256<Fp256<>>, Fp256<>>(state, F);
|
|
354
|
+
}
|
|
355
|
+
BENCHMARK(BM_crtconv_p256);
|
|
356
|
+
|
|
357
|
+
void BM_crtconv_p384(benchmark::State& state) {
|
|
358
|
+
Fp384<> F;
|
|
359
|
+
benchmarkCRTConv<CRT384<Fp384<>>, Fp384<>>(state, F);
|
|
360
|
+
}
|
|
361
|
+
BENCHMARK(BM_crtconv_p384);
|
|
362
|
+
|
|
363
|
+
void BM_crtconv_p521(benchmark::State& state) {
|
|
364
|
+
Fp521<> F;
|
|
365
|
+
benchmarkCRTConv<CRT521<Fp521<>>, Fp521<>>(state, F);
|
|
366
|
+
}
|
|
367
|
+
BENCHMARK(BM_crtconv_p521);
|
|
368
|
+
|
|
369
|
+
|
|
370
|
+
} // namespace
|
|
371
|
+
} // namespace proofs
|
|
@@ -0,0 +1,104 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#ifndef PRIVACY_PROOFS_ZK_LIB_ALGEBRA_FFT_H_
|
|
16
|
+
#define PRIVACY_PROOFS_ZK_LIB_ALGEBRA_FFT_H_
|
|
17
|
+
|
|
18
|
+
#include <stddef.h>
|
|
19
|
+
#include <stdint.h>
|
|
20
|
+
|
|
21
|
+
#include "algebra/permutations.h"
|
|
22
|
+
#include "algebra/twiddle.h"
|
|
23
|
+
|
|
24
|
+
namespace proofs {
|
|
25
|
+
/*
|
|
26
|
+
Fast Fourier Transform (FFT).
|
|
27
|
+
|
|
28
|
+
We use FFTPACK/FFTW/MATLAB conventions where the FFT
|
|
29
|
+
has a negative sign in the exponent. For root of unity
|
|
30
|
+
W, input ("time") T and output ("frequency") F, the
|
|
31
|
+
"forward" FFT computes
|
|
32
|
+
|
|
33
|
+
F[k] = SUM_{j} T[j] W^{-jk}
|
|
34
|
+
|
|
35
|
+
and the "backward" fft computes
|
|
36
|
+
|
|
37
|
+
T[j] = SUM_{k} F[k] W^{jk}
|
|
38
|
+
|
|
39
|
+
A forward transform followed by a backward transform
|
|
40
|
+
multiplies the array by N.
|
|
41
|
+
|
|
42
|
+
Matlab and engineers call the forward transform the FFT.
|
|
43
|
+
Mathematicians tend to call the backward transform the FFT.
|
|
44
|
+
*/
|
|
45
|
+
template <class Field>
|
|
46
|
+
class FFT {
|
|
47
|
+
using Elt = typename Field::Elt;
|
|
48
|
+
|
|
49
|
+
static void butterfly(Elt* A, size_t s, const Field& F) {
|
|
50
|
+
Elt t = A[s];
|
|
51
|
+
A[s] = A[0];
|
|
52
|
+
F.add(A[0], t);
|
|
53
|
+
F.sub(A[s], t);
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
static void butterflytw(Elt* A, size_t s, const Elt& twiddle,
|
|
57
|
+
const Field& F) {
|
|
58
|
+
Elt t = A[s];
|
|
59
|
+
F.mul(t, twiddle);
|
|
60
|
+
A[s] = A[0];
|
|
61
|
+
F.add(A[0], t);
|
|
62
|
+
F.sub(A[s], t);
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
public:
|
|
66
|
+
// Backward FFT.
|
|
67
|
+
// N (the length of A) must be a power of 2
|
|
68
|
+
static void fftb(Elt A[/*n*/], size_t n, const Elt& omega,
|
|
69
|
+
uint64_t omega_order, const Field& F) {
|
|
70
|
+
if (n <= 1) {
|
|
71
|
+
return;
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
Elt omega_n = Twiddle<Field>::reroot(omega, omega_order, n, F);
|
|
75
|
+
Twiddle<Field> roots(n, omega_n, F);
|
|
76
|
+
|
|
77
|
+
Permutations<Elt>::bitrev(A, n);
|
|
78
|
+
|
|
79
|
+
// m=1 iteration
|
|
80
|
+
for (size_t k = 0; k < n; k += 2) {
|
|
81
|
+
butterfly(&A[k], 1, F);
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
// m>1 iterations
|
|
85
|
+
for (size_t m = 2; m < n; m = 2 * m) {
|
|
86
|
+
size_t ws = n / (2 * m);
|
|
87
|
+
for (size_t k = 0; k < n; k += 2 * m) {
|
|
88
|
+
butterfly(&A[k], m, F); // j==0
|
|
89
|
+
for (size_t j = 1; j < m; ++j) {
|
|
90
|
+
butterflytw(&A[k + j], m, roots.w_[j * ws], F);
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
// forward transform
|
|
97
|
+
static void fftf(Elt A[/*n*/], size_t n, const Elt& omega,
|
|
98
|
+
uint64_t omega_order, const Field& F) {
|
|
99
|
+
fftb(A, n, F.invertf(omega), omega_order, F);
|
|
100
|
+
}
|
|
101
|
+
};
|
|
102
|
+
} // namespace proofs
|
|
103
|
+
|
|
104
|
+
#endif // PRIVACY_PROOFS_ZK_LIB_ALGEBRA_FFT_H_
|