From 2f99685a1235aee62109ee35d0b98404f791abd5 Mon Sep 17 00:00:00 2001 From: "dustin.ray" Date: Mon, 16 Dec 2024 15:02:02 -0800 Subject: [PATCH 1/2] fix: make protocol sound by moving word value evaluation into sumcheck --- crates/proof-of-sql/src/base/proof/error.rs | 3 +++ .../src/sql/proof/sumcheck_mle_evaluations.rs | 20 +++++++++++++++++++ .../src/sql/proof_gadgets/range_check.rs | 12 +++++++---- .../src/sql/proof_gadgets/range_check_test.rs | 1 + 4 files changed, 32 insertions(+), 4 deletions(-) diff --git a/crates/proof-of-sql/src/base/proof/error.rs b/crates/proof-of-sql/src/base/proof/error.rs index 5988aec56..e81edfd22 100644 --- a/crates/proof-of-sql/src/base/proof/error.rs +++ b/crates/proof-of-sql/src/base/proof/error.rs @@ -43,4 +43,7 @@ pub enum ProofSizeMismatch { /// This error occurs when the proof has too few one lengths. #[snafu(display("Proof has too few one lengths"))] TooFewOneLengths, + /// This error occurs when the proof has too few sumcheck variables. + #[snafu(display("Proof has too few sumcheck variables"))] + TooFewSumcheckVariables, } diff --git a/crates/proof-of-sql/src/sql/proof/sumcheck_mle_evaluations.rs b/crates/proof-of-sql/src/sql/proof/sumcheck_mle_evaluations.rs index 14a937250..1b2473fab 100644 --- a/crates/proof-of-sql/src/sql/proof/sumcheck_mle_evaluations.rs +++ b/crates/proof-of-sql/src/sql/proof/sumcheck_mle_evaluations.rs @@ -26,6 +26,9 @@ pub struct SumcheckMleEvaluations<'a, S: Scalar> { pub random_evaluation: S, /// The evaluations (at the random point generated by sumcheck) of the mles that are evaluated by the inner product argument. These are batched together and checked by a single IPA. pub pcs_proof_evaluations: &'a [S], + + /// Evaluation (at the random point generated by sumcheck) of the function `rho_256` that is defined by rho_256(x) = x when 0 <= x < 256 and 0 otherwise. + pub rho_256_evaluation: Option, } #[allow( @@ -46,6 +49,22 @@ impl<'a, S: Scalar> SumcheckMleEvaluations<'a, S> { sumcheck_random_scalars: &SumcheckRandomScalars, pcs_proof_evaluations: &'a [S], ) -> Self { + let rho_256_evaluation = if evaluation_point.len() < 8 { + None + } else { + let rho_256_intermediate = evaluation_point + .iter() + .take(8) + .rev() + .fold(S::ZERO, |acc, &x| acc * S::TWO + x); + Some( + evaluation_point + .iter() + .skip(8) + .fold(rho_256_intermediate, |acc, &x| acc * (S::ONE - x)), + ) + }; + assert_eq!( evaluation_point.len(), sumcheck_random_scalars.entrywise_point.len() @@ -74,6 +93,7 @@ impl<'a, S: Scalar> SumcheckMleEvaluations<'a, S> { singleton_one_evaluation, random_evaluation, pcs_proof_evaluations, + rho_256_evaluation, } } } diff --git a/crates/proof-of-sql/src/sql/proof_gadgets/range_check.rs b/crates/proof-of-sql/src/sql/proof_gadgets/range_check.rs index 7a699b0ce..5ebc7e42e 100644 --- a/crates/proof-of-sql/src/sql/proof_gadgets/range_check.rs +++ b/crates/proof-of-sql/src/sql/proof_gadgets/range_check.rs @@ -239,7 +239,6 @@ fn prove_word_values<'a, S: Scalar + 'a>( // Allocate from 0 to 255 and pertrub with verifier challenge let word_values: &mut [S] = alloc.alloc_slice_fill_with(max(256, scalars.len()), |i| S::from(&(i as u8))); - builder.produce_intermediate_mle(word_values as &[_]); // Now produce an intermediate MLE over the inverted word values + verifier challenge alpha let word_vals_inv: &mut [S] = alloc.alloc_slice_fill_with(256, |i| { @@ -274,11 +273,11 @@ fn prove_word_values<'a, S: Scalar + 'a>( /// multiplied by the inverted word value, is zero. /// /// ```text -/// ∑ (I₀ + I₁ + I₂ + I₃ - (C * IN)) = 0 +/// ∑ (I₀ + I₁ + I₂ ... Iₙ - (C * IN)) = 0 /// ``` /// /// Where: -/// - `I₀, I₁, I₂, I₃` are the inverted word columns. +/// - `I₀ + I₁ + I₂ ... Iₙ` are the inverted word columns. /// - `C` is the count of each word. /// - `IN` is the inverted word values column. #[allow(clippy::missing_panics_doc)] @@ -378,7 +377,12 @@ where "Range check failed, column contains values outside of the selected range" ); - let word_vals_eval = builder.try_consume_mle_evaluation()?; + let word_vals_eval = builder + .mle_evaluations + .rho_256_evaluation + .ok_or(ProofSizeMismatch::TooFewSumcheckVariables)?; + // Ensures that we have enough sumcheck variables + let _ = builder.try_consume_one_evaluation()?; let word_vals_plus_alpha_inv = builder.try_consume_mle_evaluation()?; let word_value_constraint = word_vals_plus_alpha_inv * (word_vals_eval + alpha); diff --git a/crates/proof-of-sql/src/sql/proof_gadgets/range_check_test.rs b/crates/proof-of-sql/src/sql/proof_gadgets/range_check_test.rs index 8bd046043..1909b2ed6 100644 --- a/crates/proof-of-sql/src/sql/proof_gadgets/range_check_test.rs +++ b/crates/proof-of-sql/src/sql/proof_gadgets/range_check_test.rs @@ -27,6 +27,7 @@ impl ProverEvaluate for RangeCheckTestPlan { table_map: &IndexMap>, ) -> Table<'a, S> { builder.request_post_result_challenges(1); + builder.produce_one_evaluation_length(256); table_map[&self.column.table_ref()].clone() } From b002bb8117d2c3145cc232800fa2b7aa27fa7c79 Mon Sep 17 00:00:00 2001 From: "dustin.ray" Date: Mon, 16 Dec 2024 15:03:32 -0800 Subject: [PATCH 2/2] fix: clippy and fmt --- crates/proof-of-sql/src/sql/proof/sumcheck_mle_evaluations.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/proof-of-sql/src/sql/proof/sumcheck_mle_evaluations.rs b/crates/proof-of-sql/src/sql/proof/sumcheck_mle_evaluations.rs index 1b2473fab..81d516113 100644 --- a/crates/proof-of-sql/src/sql/proof/sumcheck_mle_evaluations.rs +++ b/crates/proof-of-sql/src/sql/proof/sumcheck_mle_evaluations.rs @@ -27,7 +27,7 @@ pub struct SumcheckMleEvaluations<'a, S: Scalar> { /// The evaluations (at the random point generated by sumcheck) of the mles that are evaluated by the inner product argument. These are batched together and checked by a single IPA. pub pcs_proof_evaluations: &'a [S], - /// Evaluation (at the random point generated by sumcheck) of the function `rho_256` that is defined by rho_256(x) = x when 0 <= x < 256 and 0 otherwise. + /// Evaluation (at the random point generated by sumcheck) of the function `rho_256` that is defined by `rho_256(x)` = x when 0 <= x < 256 and 0 otherwise. pub rho_256_evaluation: Option, }