longfellow 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CODE_OF_CONDUCT.md +10 -0
- data/LICENSE.txt +21 -0
- data/README.md +152 -0
- data/ext/longfellow/CMakeLists.txt +76 -0
- data/ext/longfellow/extconf.rb +77 -0
- data/lib/longfellow/attribute.rb +65 -0
- data/lib/longfellow/c.rb +105 -0
- data/lib/longfellow/errors.rb +78 -0
- data/lib/longfellow/version.rb +5 -0
- data/lib/longfellow/zk_spec.rb +40 -0
- data/lib/longfellow.rb +162 -0
- data/sig/longfellow.rbs +74 -0
- data/vendor/longfellow-zk/LICENSE +203 -0
- data/vendor/longfellow-zk/lib/algebra/blas.h +121 -0
- data/vendor/longfellow-zk/lib/algebra/bogorng.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/compare.h +40 -0
- data/vendor/longfellow-zk/lib/algebra/convolution.h +219 -0
- data/vendor/longfellow-zk/lib/algebra/crt.cc +42 -0
- data/vendor/longfellow-zk/lib/algebra/crt.h +299 -0
- data/vendor/longfellow-zk/lib/algebra/crt_convolution.h +114 -0
- data/vendor/longfellow-zk/lib/algebra/crt_test.cc +371 -0
- data/vendor/longfellow-zk/lib/algebra/fft.h +104 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation.h +304 -0
- data/vendor/longfellow-zk/lib/algebra/fft_interpolation_test.cc +168 -0
- data/vendor/longfellow-zk/lib/algebra/fft_test.cc +257 -0
- data/vendor/longfellow-zk/lib/algebra/fp.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/fp2.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/fp24.h +342 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6.h +305 -0
- data/vendor/longfellow-zk/lib/algebra/fp24_6_test.cc +197 -0
- data/vendor/longfellow-zk/lib/algebra/fp2_test.cc +280 -0
- data/vendor/longfellow-zk/lib/algebra/fp_generic.h +533 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p128.h +91 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256.h +68 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p256k1.h +123 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p384.h +65 -0
- data/vendor/longfellow-zk/lib/algebra/fp_p521.h +62 -0
- data/vendor/longfellow-zk/lib/algebra/fp_test.cc +522 -0
- data/vendor/longfellow-zk/lib/algebra/hash.h +39 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation.h +117 -0
- data/vendor/longfellow-zk/lib/algebra/interpolation_test.cc +74 -0
- data/vendor/longfellow-zk/lib/algebra/limb.h +153 -0
- data/vendor/longfellow-zk/lib/algebra/limb_test.cc +75 -0
- data/vendor/longfellow-zk/lib/algebra/nat.cc +32 -0
- data/vendor/longfellow-zk/lib/algebra/nat.h +212 -0
- data/vendor/longfellow-zk/lib/algebra/nat_test.cc +183 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumer_test.cc +138 -0
- data/vendor/longfellow-zk/lib/algebra/nussbaumerfp2_test.cc +139 -0
- data/vendor/longfellow-zk/lib/algebra/permutations.h +79 -0
- data/vendor/longfellow-zk/lib/algebra/poly.h +240 -0
- data/vendor/longfellow-zk/lib/algebra/poly_test.cc +123 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon.h +150 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension.h +108 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_extension_test.cc +76 -0
- data/vendor/longfellow-zk/lib/algebra/reed_solomon_test.cc +473 -0
- data/vendor/longfellow-zk/lib/algebra/rfft.h +400 -0
- data/vendor/longfellow-zk/lib/algebra/rfft_test.cc +102 -0
- data/vendor/longfellow-zk/lib/algebra/static_string.h +29 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep.h +495 -0
- data/vendor/longfellow-zk/lib/algebra/sysdep_test.cc +41 -0
- data/vendor/longfellow-zk/lib/algebra/twiddle.h +59 -0
- data/vendor/longfellow-zk/lib/algebra/utility.h +86 -0
- data/vendor/longfellow-zk/lib/algebra/utility_test.cc +86 -0
- data/vendor/longfellow-zk/lib/arrays/affine.h +56 -0
- data/vendor/longfellow-zk/lib/arrays/affine_test.cc +220 -0
- data/vendor/longfellow-zk/lib/arrays/dense.h +210 -0
- data/vendor/longfellow-zk/lib/arrays/eq.h +75 -0
- data/vendor/longfellow-zk/lib/arrays/eqs.h +137 -0
- data/vendor/longfellow-zk/lib/arrays/eqs_test.cc +151 -0
- data/vendor/longfellow-zk/lib/arrays/sparse.h +192 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder.h +323 -0
- data/vendor/longfellow-zk/lib/cbor/host_decoder_test.cc +541 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor.h +594 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck.h +110 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_pluck_test.cc +55 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_test.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_testing.h +98 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/cbor_witness.h +312 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso2_test.cc +662 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/mso_test.cc +485 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan.h +104 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser/scan_test.cc +137 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor.h +640 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_byte_decoder_test.cc +147 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_testing.h +99 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/cbor_witness.h +319 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/lexer_test.cc +120 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/mdoc_examples_test.cc +89 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_circuit_test.cc +506 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_size_test.cc +79 -0
- data/vendor/longfellow-zk/lib/circuits/cbor_parser_v2/parser_test.cc +473 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/canonicalization_test.cc +185 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/circuit_dump.h +65 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler.h +471 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/compiler_test.cc +110 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/node.h +176 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/pdqhash.h +127 -0
- data/vendor/longfellow-zk/lib/circuits/compiler/schedule.h +435 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_circuit.h +371 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_external_test.cc +246 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_test.cc +587 -0
- data/vendor/longfellow-zk/lib/circuits/ecdsa/verify_witness.h +201 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_adder_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker.h +247 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_constants.h +35 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_encoder.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/logic/bit_plucker_test.cc +183 -0
- data/vendor/longfellow-zk/lib/circuits/logic/compiler_backend.h +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/logic/counter_test.cc +102 -0
- data/vendor/longfellow-zk/lib/circuits/logic/evaluation_backend.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic.h +1232 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_circuit_test.cc +310 -0
- data/vendor/longfellow-zk/lib/circuits/logic/logic_test.cc +521 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp.h +68 -0
- data/vendor/longfellow-zk/lib/circuits/logic/memcmp_test.cc +148 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/logic/polynomial_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing.h +445 -0
- data/vendor/longfellow-zk/lib/circuits/logic/routing_test.cc +241 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary.h +55 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker.h +77 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_constants.h +37 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_plucker_test.cc +53 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_size_test.cc +69 -0
- data/vendor/longfellow-zk/lib/circuits/logic/unary_test.cc +62 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit.h +193 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_circuit_test.cc +223 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_reference.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/mac/mac_witness.h +94 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/circuit_maker.cc +242 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_ids.h +311 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_attribute_test.cc +64 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_circuit_id.cc +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_constants.h +85 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.cc +41 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_decompress.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_examples.h +5232 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_generate_circuit.cc +199 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_hash.h +554 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature.h +143 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_signature_test.cc +444 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_test_attributes.h +157 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_witness.h +863 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.cc +693 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk.h +216 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/mdoc_zk_test.cc +724 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec.cc +100 -0
- data/vendor/longfellow-zk/lib/circuits/mdoc/zk_spec_test.cc +155 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit.h +330 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_circuit_test.cc +607 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_io.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.cc +163 -0
- data/vendor/longfellow-zk/lib/circuits/sha/flatsha256_witness.h +47 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.cc +34 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_constants.h +27 -0
- data/vendor/longfellow-zk/lib/circuits/sha/sha256_test_values.h +389 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/ptrcred.h +171 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small.h +218 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_examples.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_io.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_test.cc +208 -0
- data/vendor/longfellow-zk/lib/circuits/tests/anoncred/small_witness.h +130 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode.h +508 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_circuit_test.cc +95 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_test.cc +119 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.cc +47 -0
- data/vendor/longfellow-zk/lib/circuits/tests/base64/decode_util.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit.h +231 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_circuit_test.cc +428 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ec/pk_witness.h +102 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt.h +190 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_constants.h +26 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_test.cc +559 -0
- data/vendor/longfellow-zk/lib/circuits/tests/jwt/jwt_witness.h +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f.h +411 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_io.h +32 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_test.cc +364 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_1f_witness.h +278 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation.h +146 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_constants.h +25 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_test.cc +315 -0
- data/vendor/longfellow-zk/lib/circuits/tests/mdoc/mdoc_revocation_witness.h +136 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr.h +250 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_test.cc +333 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/bitaddr/bitaddr_witness.h +152 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44.h +903 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_circuit_test.cc +274 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_eval_test.cc +440 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.cc +8851 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_examples.h +93 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.cc +24 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_types.h +118 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness.h +453 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_44_witness_test.cc +49 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.cc +458 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref.h +150 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test.cc +398 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors.inc +3618 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_pkdecode.inc +689 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/ml_dsa_ref_test_vectors_sigdecode.inc +1501 -0
- data/vendor/longfellow-zk/lib/circuits/tests/pq/ml_dsa/sigdecode_test_vectors.inc +540 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit.h +394 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_circuit_test.cc +577 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_constants.h +90 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.cc +174 -0
- data/vendor/longfellow-zk/lib/circuits/tests/ripemd/ripemd_witness.h +140 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit.h +351 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_circuit_test.cc +466 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.cc +207 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference.h +59 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_reference_test.cc +153 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.cc +39 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_round_constants.h +29 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_slicing.h +31 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.cc +83 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/sha3_witness.h +72 -0
- data/vendor/longfellow-zk/lib/circuits/tests/sha3/shake_test_vectors.h +477 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve.h +596 -0
- data/vendor/longfellow-zk/lib/ec/elliptic_curve_test.cc +548 -0
- data/vendor/longfellow-zk/lib/ec/p256.cc +36 -0
- data/vendor/longfellow-zk/lib/ec/p256.h +60 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.cc +34 -0
- data/vendor/longfellow-zk/lib/ec/p256k1.h +60 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128.h +503 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_bench.cc +48 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2_128_test.cc +416 -0
- data/vendor/longfellow-zk/lib/gf2k/gf2poly.h +74 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14.h +242 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_bench.cc +75 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon.h +127 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_reed_solomon_test.cc +110 -0
- data/vendor/longfellow-zk/lib/gf2k/lch14_test.cc +246 -0
- data/vendor/longfellow-zk/lib/gf2k/sysdep.h +329 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_param.h +449 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_prover.h +354 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_test.cc +136 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_transcript.h +67 -0
- data/vendor/longfellow-zk/lib/ligero/ligero_verifier.h +272 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_commitment.h +104 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree.h +216 -0
- data/vendor/longfellow-zk/lib/merkle/merkle_tree_test.cc +240 -0
- data/vendor/longfellow-zk/lib/proto/circuit.h +354 -0
- data/vendor/longfellow-zk/lib/proto/circuit_test.cc +202 -0
- data/vendor/longfellow-zk/lib/random/random.h +119 -0
- data/vendor/longfellow-zk/lib/random/random_test.cc +189 -0
- data/vendor/longfellow-zk/lib/random/secure_random_engine.h +37 -0
- data/vendor/longfellow-zk/lib/random/transcript.h +193 -0
- data/vendor/longfellow-zk/lib/random/transcript_test.cc +344 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit.h +148 -0
- data/vendor/longfellow-zk/lib/sumcheck/circuit_id.h +71 -0
- data/vendor/longfellow-zk/lib/sumcheck/equad.h +126 -0
- data/vendor/longfellow-zk/lib/sumcheck/hquad.h +115 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover.h +59 -0
- data/vendor/longfellow-zk/lib/sumcheck/prover_layers.h +362 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad.h +227 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_builder.h +211 -0
- data/vendor/longfellow-zk/lib/sumcheck/quad_test.cc +169 -0
- data/vendor/longfellow-zk/lib/sumcheck/sumcheck_test.cc +324 -0
- data/vendor/longfellow-zk/lib/sumcheck/testing.h +69 -0
- data/vendor/longfellow-zk/lib/sumcheck/transcript_sumcheck.h +85 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier.h +84 -0
- data/vendor/longfellow-zk/lib/sumcheck/verifier_layers.h +221 -0
- data/vendor/longfellow-zk/lib/testing/test_main.cc +50 -0
- data/vendor/longfellow-zk/lib/util/ceildiv.h +164 -0
- data/vendor/longfellow-zk/lib/util/ceildiv_test.cc +152 -0
- data/vendor/longfellow-zk/lib/util/crc64.h +45 -0
- data/vendor/longfellow-zk/lib/util/crypto.cc +39 -0
- data/vendor/longfellow-zk/lib/util/crypto.h +108 -0
- data/vendor/longfellow-zk/lib/util/log.cc +110 -0
- data/vendor/longfellow-zk/lib/util/log.h +33 -0
- data/vendor/longfellow-zk/lib/util/panic.h +40 -0
- data/vendor/longfellow-zk/lib/util/readbuffer.h +67 -0
- data/vendor/longfellow-zk/lib/util/serialization.h +54 -0
- data/vendor/longfellow-zk/lib/zk/zk_common.h +455 -0
- data/vendor/longfellow-zk/lib/zk/zk_proof.h +378 -0
- data/vendor/longfellow-zk/lib/zk/zk_prover.h +202 -0
- data/vendor/longfellow-zk/lib/zk/zk_test.cc +340 -0
- data/vendor/longfellow-zk/lib/zk/zk_testing.h +154 -0
- data/vendor/longfellow-zk/lib/zk/zk_verifier.h +109 -0
- metadata +347 -0
|
@@ -0,0 +1,304 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#ifndef PRIVACY_PROOFS_ZK_LIB_ALGEBRA_FFT_INTERPOLATION_H_
|
|
16
|
+
#define PRIVACY_PROOFS_ZK_LIB_ALGEBRA_FFT_INTERPOLATION_H_
|
|
17
|
+
|
|
18
|
+
#include <stddef.h>
|
|
19
|
+
#include <stdint.h>
|
|
20
|
+
|
|
21
|
+
#include <vector>
|
|
22
|
+
|
|
23
|
+
#include "algebra/blas.h"
|
|
24
|
+
#include "algebra/twiddle.h"
|
|
25
|
+
#include "util/panic.h"
|
|
26
|
+
|
|
27
|
+
namespace proofs {
|
|
28
|
+
template <class Field>
|
|
29
|
+
class FFTInterpolation {
|
|
30
|
+
using Elt = typename Field::Elt;
|
|
31
|
+
|
|
32
|
+
// Know a0, a1 want b0, b1
|
|
33
|
+
// Note winv = w^{-1}
|
|
34
|
+
static void a0a1(const Elt* A, Elt* B, size_t s, const Elt& winv,
|
|
35
|
+
const Field& F) {
|
|
36
|
+
Elt x0 = A[0];
|
|
37
|
+
Elt x1 = F.mulf(A[s], winv);
|
|
38
|
+
B[0] = F.addf(x0, x1);
|
|
39
|
+
B[s] = F.subf(x0, x1);
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
static void a0a1(const Elt* A, Elt* B, size_t s, const Field& F) {
|
|
43
|
+
Elt x0 = A[0];
|
|
44
|
+
Elt x1 = A[s];
|
|
45
|
+
B[0] = F.addf(x0, x1);
|
|
46
|
+
B[s] = F.subf(x0, x1);
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
// know b0, b1 want a0, a1
|
|
50
|
+
static void b0b1(Elt* A, const Elt* B, size_t s, const Elt& w,
|
|
51
|
+
const Field& F) {
|
|
52
|
+
Elt x0 = F.mulf(F.half(), F.addf(B[0], B[s]));
|
|
53
|
+
Elt x1 = F.mulf(F.half(), F.subf(B[0], B[s]));
|
|
54
|
+
A[0] = x0;
|
|
55
|
+
A[s] = F.mulf(x1, w);
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
static void b0b1_unscaled(Elt* A, const Elt* B, size_t s, const Elt& w,
|
|
59
|
+
const Field& F) {
|
|
60
|
+
Elt x0 = F.addf(B[0], B[s]);
|
|
61
|
+
Elt x1 = F.subf(B[0], B[s]);
|
|
62
|
+
A[0] = x0;
|
|
63
|
+
A[s] = F.mulf(x1, w);
|
|
64
|
+
}
|
|
65
|
+
static void b0b1_unscaled(Elt* A, const Elt* B, size_t s, const Field& F) {
|
|
66
|
+
Elt x0 = F.addf(B[0], B[s]);
|
|
67
|
+
Elt x1 = F.subf(B[0], B[s]);
|
|
68
|
+
A[0] = x0;
|
|
69
|
+
A[s] = x1;
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
// know: a0 and b0, want a1 and b1
|
|
73
|
+
// x0 = a0
|
|
74
|
+
// x1 = a1 * w^{-1}
|
|
75
|
+
// b0 = x0 + x1
|
|
76
|
+
// b1 = x0 - x1
|
|
77
|
+
static void a0b0(Elt* A, Elt* B, size_t s, const Elt& w, const Field& F) {
|
|
78
|
+
Elt x0 = A[0];
|
|
79
|
+
Elt x1 = F.subf(B[0], x0);
|
|
80
|
+
A[s] = F.mulf(x1, w);
|
|
81
|
+
B[s] = F.subf(x0, x1);
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
// know: a0 and b1, want a1 and b0
|
|
85
|
+
// x0 = a0
|
|
86
|
+
// x1 = a1 * w^{-1}
|
|
87
|
+
// b0 = x0 + x1
|
|
88
|
+
// b1 = x0 - x1
|
|
89
|
+
static void a0b1(Elt* A, Elt* B, size_t s, const Elt& w, const Field& F) {
|
|
90
|
+
Elt x0 = A[0];
|
|
91
|
+
Elt x1 = F.subf(x0, B[s]);
|
|
92
|
+
A[s] = F.mulf(x1, w);
|
|
93
|
+
B[0] = F.addf(x0, x1);
|
|
94
|
+
}
|
|
95
|
+
|
|
96
|
+
// B -> A
|
|
97
|
+
static void fftb(Elt A[/*n*/], const Elt B[/*n*/], size_t n,
|
|
98
|
+
const Twiddle<Field>& roots, const Field& F) {
|
|
99
|
+
for (size_t j = 0; j < n; ++j) {
|
|
100
|
+
A[j] = B[j];
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
Elt scale = F.one();
|
|
104
|
+
|
|
105
|
+
for (size_t m = n; m > 2;) {
|
|
106
|
+
m /= 2;
|
|
107
|
+
size_t ws = roots.order_ / (2 * m);
|
|
108
|
+
for (size_t k = 0; k < n; k += 2 * m) {
|
|
109
|
+
b0b1_unscaled(&A[k], &A[k], m, F); // j == 0
|
|
110
|
+
for (size_t j = 1; j < m; ++j) {
|
|
111
|
+
b0b1_unscaled(&A[k + j], &A[k + j], m, roots.w_[j * ws], F);
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
F.mul(scale, F.half());
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
if (n >= 2) {
|
|
118
|
+
for (size_t k = 0; k < n; k += 2) {
|
|
119
|
+
b0b1_unscaled(&A[k], &A[k], 1, F);
|
|
120
|
+
}
|
|
121
|
+
F.mul(scale, F.half());
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
Blas<Field>::scale(n, A, 1, scale, F);
|
|
125
|
+
}
|
|
126
|
+
|
|
127
|
+
// A -> B
|
|
128
|
+
static void fftf(const Elt A[/*n*/], Elt B[/*n*/], size_t n,
|
|
129
|
+
const Twiddle<Field>& rootsinv, const Field& F) {
|
|
130
|
+
for (size_t j = 0; j < n; ++j) {
|
|
131
|
+
B[j] = A[j];
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
// m = 1
|
|
135
|
+
if (n >= 2) {
|
|
136
|
+
for (size_t k = 0; k < n; k += 2) {
|
|
137
|
+
a0a1(&B[k], &B[k], 1, F);
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
// m > 1
|
|
142
|
+
for (size_t m = 2; m < n; m = 2 * m) {
|
|
143
|
+
size_t ws = rootsinv.order_ / (2 * m);
|
|
144
|
+
for (size_t k = 0; k < n; k += 2 * m) {
|
|
145
|
+
a0a1(&B[k], &B[k], m, F); // j = 0
|
|
146
|
+
for (size_t j = 1; j < m; ++j) {
|
|
147
|
+
a0a1(&B[k + j], &B[k + j], m, rootsinv.w_[j * ws], F);
|
|
148
|
+
}
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
static bool in_range(size_t j, size_t b0, size_t n, size_t k) {
|
|
154
|
+
size_t b1 = b0 + (n - k);
|
|
155
|
+
return (b0 <= j && j < b1) || (b0 <= j + n && j + n < b1);
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
// This is a generalization of the truncated FFT algorithm described
|
|
159
|
+
// in Joris van der Hoeven, "The Truncated Fourier Transform and
|
|
160
|
+
// Applications". See also the followup paper "Notes on the
|
|
161
|
+
// Truncated Fourier Transform", also by Joris van der Hoeven.
|
|
162
|
+
|
|
163
|
+
// Define arbitrarily an "evaluation" domain A and a "coefficient"
|
|
164
|
+
// domain B. The "forward" FFT computes the cofficients B given
|
|
165
|
+
// evaluations A, and the "backward" FFT computes the evaluations A
|
|
166
|
+
// given the coefficients B. By convention, the evaluations A are in
|
|
167
|
+
// bit-reversed order, and we put the 1/N normalization on
|
|
168
|
+
// the backward side.
|
|
169
|
+
|
|
170
|
+
// Given inputs
|
|
171
|
+
//
|
|
172
|
+
// A[j] for 0 <= j < k
|
|
173
|
+
// B[j % n] for b0 <= j < b0 + (n - k)
|
|
174
|
+
//
|
|
175
|
+
// this function fills the rest of A[] and B[], so that at the
|
|
176
|
+
// end B = fftf(A) and A = fftb(B).
|
|
177
|
+
static void bidir(size_t n, Elt A[/*n*/], Elt B[/*n*/], size_t k, size_t b0,
|
|
178
|
+
const Twiddle<Field>& roots, const Twiddle<Field>& rootsinv,
|
|
179
|
+
Elt workspace[/*2*n*/], const Field& F) {
|
|
180
|
+
check(k <= n, "k <= n");
|
|
181
|
+
check(b0 < n, "b0 < n");
|
|
182
|
+
|
|
183
|
+
if (k == 0) {
|
|
184
|
+
fftb(A, B, n, roots, F);
|
|
185
|
+
} else if (k == n) {
|
|
186
|
+
fftf(A, B, n, rootsinv, F);
|
|
187
|
+
} else if (n > 1) {
|
|
188
|
+
size_t ws = roots.order_ / n;
|
|
189
|
+
size_t n2 = n / 2;
|
|
190
|
+
|
|
191
|
+
// allocate T from workspace
|
|
192
|
+
Elt* T = workspace;
|
|
193
|
+
workspace += n;
|
|
194
|
+
|
|
195
|
+
if (k >= n2) {
|
|
196
|
+
// first half A -> T
|
|
197
|
+
fftf(A, &T[0], n2, rootsinv, F);
|
|
198
|
+
|
|
199
|
+
// diagonal butterflies T <-> B
|
|
200
|
+
for (size_t j = 0; j < n2; ++j) {
|
|
201
|
+
if (in_range(j, b0, n, k)) {
|
|
202
|
+
if (in_range(j + n2, b0, n, k)) {
|
|
203
|
+
// can't happen because the range is < n2
|
|
204
|
+
check(false, "can't happen");
|
|
205
|
+
} else {
|
|
206
|
+
a0b0(&T[j], &B[j], n2, roots.w_[j * ws], F);
|
|
207
|
+
}
|
|
208
|
+
} else {
|
|
209
|
+
if (in_range(j + n2, b0, n, k)) {
|
|
210
|
+
a0b1(&T[j], &B[j], n2, roots.w_[j * ws], F);
|
|
211
|
+
} else {
|
|
212
|
+
// done below
|
|
213
|
+
}
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
|
|
217
|
+
// second half A <-> T
|
|
218
|
+
size_t bb0 = (b0 >= n2) ? (b0 - n2) : b0;
|
|
219
|
+
bidir(n2, &A[n2], &T[n2], k - n2, bb0, roots, rootsinv, workspace, F);
|
|
220
|
+
|
|
221
|
+
// forward butterflies T -> B
|
|
222
|
+
for (size_t j = 0; j < n2; ++j) {
|
|
223
|
+
if (in_range(j, b0, n, k)) {
|
|
224
|
+
if (in_range(j + n2, b0, n, k)) {
|
|
225
|
+
// can't happen because the range is < n2
|
|
226
|
+
check(false, "can't happen");
|
|
227
|
+
} else {
|
|
228
|
+
// done above
|
|
229
|
+
}
|
|
230
|
+
} else {
|
|
231
|
+
if (in_range(j + n2, b0, n, k)) {
|
|
232
|
+
// done above
|
|
233
|
+
} else {
|
|
234
|
+
a0a1(&T[j], &B[j], n2, rootsinv.w_[j * ws], F);
|
|
235
|
+
}
|
|
236
|
+
}
|
|
237
|
+
}
|
|
238
|
+
} else {
|
|
239
|
+
// backward butterflies B -> T
|
|
240
|
+
for (size_t j = 0; j < n2; ++j) {
|
|
241
|
+
if (in_range(j, b0, n, k)) {
|
|
242
|
+
if (in_range(j + n2, b0, n, k)) {
|
|
243
|
+
b0b1(&T[j], &B[j], n2, roots.w_[j * ws], F);
|
|
244
|
+
} else {
|
|
245
|
+
// done below
|
|
246
|
+
}
|
|
247
|
+
} else {
|
|
248
|
+
// done below
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
|
|
252
|
+
// first half A <-> T
|
|
253
|
+
size_t bb0 = (b0 >= n2) ? (b0 - n2) : b0;
|
|
254
|
+
bidir(n2, &A[0], &T[0], k, bb0, roots, rootsinv, workspace, F);
|
|
255
|
+
|
|
256
|
+
// diagonal butterflies T <-> B
|
|
257
|
+
for (size_t j = 0; j < n2; ++j) {
|
|
258
|
+
if (in_range(j, b0, n, k)) {
|
|
259
|
+
if (in_range(j + n2, b0, n, k)) {
|
|
260
|
+
// done above
|
|
261
|
+
} else {
|
|
262
|
+
a0b0(&T[j], &B[j], n2, roots.w_[j * ws], F);
|
|
263
|
+
}
|
|
264
|
+
} else {
|
|
265
|
+
if (in_range(j + n2, b0, n, k)) {
|
|
266
|
+
a0b1(&T[j], &B[j], n2, roots.w_[j * ws], F);
|
|
267
|
+
} else {
|
|
268
|
+
// can't happen. Range is >= n2 so
|
|
269
|
+
// either j or j+n2 is in range
|
|
270
|
+
check(false, "can't happen");
|
|
271
|
+
}
|
|
272
|
+
}
|
|
273
|
+
}
|
|
274
|
+
|
|
275
|
+
// second half T -> A
|
|
276
|
+
fftb(&A[n2], &T[n2], n2, roots, F);
|
|
277
|
+
}
|
|
278
|
+
}
|
|
279
|
+
}
|
|
280
|
+
|
|
281
|
+
public:
|
|
282
|
+
static void interpolate(size_t n, Elt A[/*n*/], Elt B[/*n*/], size_t k,
|
|
283
|
+
size_t b0, const Elt& omega_m, uint64_t m,
|
|
284
|
+
const Field& F) {
|
|
285
|
+
if (n > 1) {
|
|
286
|
+
Elt omega_n = Twiddle<Field>::reroot(omega_m, m, n, F);
|
|
287
|
+
Twiddle<Field> roots(n, omega_n, F);
|
|
288
|
+
Twiddle<Field> rootsinv(n, F.invertf(omega_n), F);
|
|
289
|
+
std::vector<Elt> workspace(2 * n);
|
|
290
|
+
bidir(n, A, B, k, b0, roots, rootsinv, &workspace[0], F);
|
|
291
|
+
} else if (n == 1) {
|
|
292
|
+
// Twiddle(n) fails because of vector of size 0.
|
|
293
|
+
// Compute the answer directly.
|
|
294
|
+
if (k == 0) {
|
|
295
|
+
A[0] = B[0];
|
|
296
|
+
} else {
|
|
297
|
+
B[0] = A[0];
|
|
298
|
+
}
|
|
299
|
+
}
|
|
300
|
+
}
|
|
301
|
+
};
|
|
302
|
+
} // namespace proofs
|
|
303
|
+
|
|
304
|
+
#endif // PRIVACY_PROOFS_ZK_LIB_ALGEBRA_FFT_INTERPOLATION_H_
|
|
@@ -0,0 +1,168 @@
|
|
|
1
|
+
// Copyright 2026 Google LLC.
|
|
2
|
+
//
|
|
3
|
+
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
4
|
+
// you may not use this file except in compliance with the License.
|
|
5
|
+
// You may obtain a copy of the License at
|
|
6
|
+
//
|
|
7
|
+
// http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
//
|
|
9
|
+
// Unless required by applicable law or agreed to in writing, software
|
|
10
|
+
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
11
|
+
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
12
|
+
// See the License for the specific language governing permissions and
|
|
13
|
+
// limitations under the License.
|
|
14
|
+
|
|
15
|
+
#include "algebra/fft_interpolation.h"
|
|
16
|
+
|
|
17
|
+
#include <stddef.h>
|
|
18
|
+
|
|
19
|
+
#include <vector>
|
|
20
|
+
|
|
21
|
+
#include "algebra/blas.h"
|
|
22
|
+
#include "algebra/bogorng.h"
|
|
23
|
+
#include "algebra/fft.h"
|
|
24
|
+
#include "algebra/fp.h"
|
|
25
|
+
#include "algebra/fp2.h"
|
|
26
|
+
#include "algebra/fp_p256.h"
|
|
27
|
+
#include "algebra/permutations.h"
|
|
28
|
+
#include "benchmark/benchmark.h"
|
|
29
|
+
#include "gtest/gtest.h"
|
|
30
|
+
|
|
31
|
+
namespace proofs {
|
|
32
|
+
namespace {
|
|
33
|
+
|
|
34
|
+
typedef Fp<4> Field;
|
|
35
|
+
static const Field F(
|
|
36
|
+
"21888242871839275222246405745257275088548364400416034343698204186575808495"
|
|
37
|
+
"617");
|
|
38
|
+
typedef Field::Elt Elt;
|
|
39
|
+
|
|
40
|
+
// root of unity in F
|
|
41
|
+
Elt omega = F.of_string(
|
|
42
|
+
"19103219067921713944291392827692070036145651957329286315305642004821462161"
|
|
43
|
+
"904");
|
|
44
|
+
size_t omega_order = 1 << 28;
|
|
45
|
+
|
|
46
|
+
TEST(FFTInterpolation, Simple) {
|
|
47
|
+
Bogorng<Field> rng(&F);
|
|
48
|
+
for (size_t n = 1; n <= 32; n *= 2) {
|
|
49
|
+
std::vector<Elt> A(n);
|
|
50
|
+
std::vector<Elt> B(n);
|
|
51
|
+
|
|
52
|
+
for (size_t i = 0; i < n; ++i) {
|
|
53
|
+
A[i] = B[i] = rng.next();
|
|
54
|
+
}
|
|
55
|
+
FFT<Field>::fftf(&B[0], n, omega, omega_order, F);
|
|
56
|
+
|
|
57
|
+
// FFTInterpolation expects A to be in bit-reversed order
|
|
58
|
+
Permutations<Elt>::bitrev(&A[0], n);
|
|
59
|
+
|
|
60
|
+
for (size_t k = 0; k <= n; ++k) {
|
|
61
|
+
for (size_t b0 = 0; b0 < n; ++b0) {
|
|
62
|
+
std::vector<Elt> CA(n, F.zero());
|
|
63
|
+
std::vector<Elt> CB(n, F.zero());
|
|
64
|
+
for (size_t i = 0; i < k; ++i) {
|
|
65
|
+
CA[i] = A[i];
|
|
66
|
+
}
|
|
67
|
+
for (size_t i = b0; i < b0 + (n - k); ++i) {
|
|
68
|
+
CB[i % n] = B[i % n];
|
|
69
|
+
}
|
|
70
|
+
|
|
71
|
+
FFTInterpolation<Field>::interpolate(n, &CA[0], &CB[0], k, b0, omega,
|
|
72
|
+
omega_order, F);
|
|
73
|
+
|
|
74
|
+
for (size_t i = 0; i < n; ++i) {
|
|
75
|
+
EXPECT_EQ(A[i], CA[i]);
|
|
76
|
+
EXPECT_EQ(B[i], CB[i]);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
TEST(FFTInterpolation, Product) {
|
|
84
|
+
// The product of two extensions of length d should
|
|
85
|
+
// be an extension of length 2d
|
|
86
|
+
Bogorng<Field> rng(&F);
|
|
87
|
+
|
|
88
|
+
for (size_t n = 2; n <= 32; n *= 2) {
|
|
89
|
+
for (size_t d = 1; d + d < n; ++d) {
|
|
90
|
+
std::vector<Elt> A(n, F.zero());
|
|
91
|
+
std::vector<Elt> B(n, F.zero());
|
|
92
|
+
std::vector<Elt> C(n, F.zero());
|
|
93
|
+
std::vector<Elt> Z(n);
|
|
94
|
+
|
|
95
|
+
for (size_t i = 0; i < d; ++i) {
|
|
96
|
+
A[i] = rng.next();
|
|
97
|
+
B[i] = rng.next();
|
|
98
|
+
}
|
|
99
|
+
|
|
100
|
+
// extend A and B
|
|
101
|
+
Blas<Field>::clear(n, &Z[0], 1, F);
|
|
102
|
+
FFTInterpolation<Field>::interpolate(n, &A[0], &Z[0], d, d, omega,
|
|
103
|
+
omega_order, F);
|
|
104
|
+
Blas<Field>::clear(n, &Z[0], 1, F);
|
|
105
|
+
FFTInterpolation<Field>::interpolate(n, &B[0], &Z[0], d, d, omega,
|
|
106
|
+
omega_order, F);
|
|
107
|
+
|
|
108
|
+
for (size_t i = 0; i < 2 * d - 1; ++i) {
|
|
109
|
+
C[i] = F.mulf(A[i], B[i]);
|
|
110
|
+
}
|
|
111
|
+
Blas<Field>::clear(n, &Z[0], 1, F);
|
|
112
|
+
FFTInterpolation<Field>::interpolate(n, &C[0], &Z[0], 2 * d - 1,
|
|
113
|
+
2 * d - 1, omega, omega_order, F);
|
|
114
|
+
|
|
115
|
+
for (size_t i = 0; i < n; ++i) {
|
|
116
|
+
EXPECT_EQ(C[i], F.mulf(A[i], B[i]));
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
// for good measure, test that all possible extensions of A
|
|
120
|
+
// produce A again
|
|
121
|
+
for (size_t k = d; k < n; ++k) {
|
|
122
|
+
std::vector<Elt> A1(n, F.zero());
|
|
123
|
+
Blas<Field>::copy(k, &A1[0], 1, &A[0], 1);
|
|
124
|
+
|
|
125
|
+
Blas<Field>::clear(n, &Z[0], 1, F);
|
|
126
|
+
FFTInterpolation<Field>::interpolate(n, &A1[0], &Z[0], k, k, omega,
|
|
127
|
+
omega_order, F);
|
|
128
|
+
|
|
129
|
+
for (size_t i = 0; i < n; ++i) {
|
|
130
|
+
EXPECT_EQ(A[i], A1[i]);
|
|
131
|
+
}
|
|
132
|
+
}
|
|
133
|
+
}
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
} // namespace
|
|
137
|
+
|
|
138
|
+
namespace bench {
|
|
139
|
+
// benchmark the FFT over a P256^2 with a real root of unity
|
|
140
|
+
void BM_FFTInterpolationFp2(benchmark::State& state) {
|
|
141
|
+
using BaseField = Fp256<true>;
|
|
142
|
+
using Field = Fp2<BaseField>;
|
|
143
|
+
|
|
144
|
+
using Elt = Field::Elt;
|
|
145
|
+
const BaseField F0;
|
|
146
|
+
const Field F(F0);
|
|
147
|
+
const Elt OMEGA31 = F.of_string(
|
|
148
|
+
"112649224146410281873500457609690258373018840430489408729223714171582664"
|
|
149
|
+
"680802",
|
|
150
|
+
"840879943585409076957404614278186605601821689971823787493130182544504602"
|
|
151
|
+
"12908");
|
|
152
|
+
Bogorng<BaseField> rng(&F0);
|
|
153
|
+
size_t N = state.range(0);
|
|
154
|
+
std::vector<Elt> A(N);
|
|
155
|
+
std::vector<Elt> B(N);
|
|
156
|
+
for (size_t i = 0; i < N; ++i) {
|
|
157
|
+
A[i] = F.of_scalar(rng.next());
|
|
158
|
+
B[i] = F.of_scalar(rng.next());
|
|
159
|
+
}
|
|
160
|
+
for (auto _ : state) {
|
|
161
|
+
FFTInterpolation<Field>::interpolate(N, &A[0], &B[0], N / 2, 0, OMEGA31,
|
|
162
|
+
1u << 31, F);
|
|
163
|
+
}
|
|
164
|
+
}
|
|
165
|
+
BENCHMARK(BM_FFTInterpolationFp2)->RangeMultiplier(4)->Range(1024, (1 << 22));
|
|
166
|
+
|
|
167
|
+
} // namespace bench
|
|
168
|
+
} // namespace proofs
|