binius_core/protocols/sumcheck/
oracles.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
// Copyright 2024 Irreducible Inc.

use super::{BatchSumcheckOutput, CompositeSumClaim, Error, SumcheckClaim, ZerocheckClaim};
use crate::{
	oracle::{
		Constraint, ConstraintPredicate, ConstraintSet, MultilinearOracleSet, OracleId,
		TypeErasedComposition,
	},
	protocols::evalcheck::EvalcheckMultilinearClaim,
};

use crate::polynomial::CompositionScalarAdapter;
use binius_field::{PackedField, TowerField};
use binius_math::CompositionPolyOS;
use binius_utils::bail;
use std::iter;

#[derive(Debug)]
pub enum ConcreteClaim<P: PackedField> {
	Sumcheck(SumcheckClaim<P::Scalar, TypeErasedComposition<P>>),
	Zerocheck(ZerocheckClaim<P::Scalar, TypeErasedComposition<P>>),
}

pub struct OracleClaimMeta {
	pub n_vars: usize,
	pub oracle_ids: Vec<OracleId>,
}

/// Create a sumcheck claim out of constraint set. Fails when the constraint set contains zerochecks.
/// Returns claim and metadata used for evalcheck claim construction.
#[allow(clippy::type_complexity)]
pub fn constraint_set_sumcheck_claim<P: PackedField>(
	constraint_set: ConstraintSet<P>,
) -> Result<(SumcheckClaim<P::Scalar, impl CompositionPolyOS<P::Scalar>>, OracleClaimMeta), Error> {
	let (constraints, meta) = split_constraint_set(constraint_set);

	let mut sums = Vec::new();
	for Constraint {
		composition,
		predicate,
	} in constraints
	{
		match predicate {
			ConstraintPredicate::Sum(sum) => sums.push(CompositeSumClaim {
				composition: CompositionScalarAdapter::new(composition),
				sum,
			}),
			_ => bail!(Error::MixedBatchingNotSupported),
		}
	}

	let claim = SumcheckClaim::new(meta.n_vars, meta.oracle_ids.len(), sums)?;
	Ok((claim, meta))
}

/// Create a zerocheck claim from the constraint set. Fails when the constraint set contains regular sumchecks.
/// Returns claim and metadata used for evalcheck claim construction.
#[allow(clippy::type_complexity)]
pub fn constraint_set_zerocheck_claim<P: PackedField>(
	constraint_set: ConstraintSet<P>,
) -> Result<(ZerocheckClaim<P::Scalar, impl CompositionPolyOS<P::Scalar>>, OracleClaimMeta), Error>
{
	let (constraints, meta) = split_constraint_set(constraint_set);

	let mut zeros = Vec::new();
	for Constraint {
		composition,
		predicate,
	} in constraints
	{
		match predicate {
			ConstraintPredicate::Zero => zeros.push(CompositionScalarAdapter::new(composition)),
			_ => bail!(Error::MixedBatchingNotSupported),
		}
	}

	let claim = ZerocheckClaim::new(meta.n_vars, meta.oracle_ids.len(), zeros)?;
	Ok((claim, meta))
}

fn split_constraint_set<P: PackedField>(
	constraint_set: ConstraintSet<P>,
) -> (Vec<Constraint<P>>, OracleClaimMeta) {
	let ConstraintSet {
		oracle_ids,
		constraints,
		n_vars,
	} = constraint_set;
	let meta = OracleClaimMeta { n_vars, oracle_ids };
	(constraints, meta)
}

/// Constructs evalcheck claims from metadata returned by constraint set claim constructors.
pub fn make_eval_claims<F: TowerField>(
	oracles: &MultilinearOracleSet<F>,
	metas: impl IntoIterator<Item = OracleClaimMeta>,
	batch_sumcheck_output: BatchSumcheckOutput<F>,
) -> Result<Vec<EvalcheckMultilinearClaim<F>>, Error> {
	let metas = metas.into_iter().collect::<Vec<_>>();
	let max_n_vars = metas.first().map_or(0, |meta| meta.n_vars);

	if metas.len() != batch_sumcheck_output.multilinear_evals.len() {
		bail!(Error::ClaimProofMismatch);
	}

	if max_n_vars != batch_sumcheck_output.challenges.len() {
		bail!(Error::ClaimProofMismatch);
	}

	let mut evalcheck_claims = Vec::new();
	for (meta, prover_evals) in iter::zip(metas, batch_sumcheck_output.multilinear_evals) {
		if meta.oracle_ids.len() != prover_evals.len() {
			bail!(Error::ClaimProofMismatch);
		}

		for (oracle_id, eval) in iter::zip(meta.oracle_ids, prover_evals) {
			let poly = oracles.oracle(oracle_id);
			let eval_point = batch_sumcheck_output.challenges[max_n_vars - meta.n_vars..].to_vec();

			let claim = EvalcheckMultilinearClaim {
				poly,
				eval_point,
				eval,
			};

			evalcheck_claims.push(claim);
		}
	}

	Ok(evalcheck_claims)
}

pub struct SumcheckClaimsWithMeta<F: TowerField, C> {
	pub claims: Vec<SumcheckClaim<F, C>>,
	pub metas: Vec<OracleClaimMeta>,
}

/// Constructs sumcheck claims and metas from the vector of [`ConstraintSet`]
pub fn constraint_set_sumcheck_claims<P>(
	constraint_sets: Vec<ConstraintSet<P>>,
) -> Result<SumcheckClaimsWithMeta<P::Scalar, impl CompositionPolyOS<P::Scalar>>, Error>
where
	P: PackedField<Scalar: TowerField>,
{
	let mut claims = Vec::with_capacity(constraint_sets.len());
	let mut metas = Vec::with_capacity(constraint_sets.len());

	for constraint_set in constraint_sets {
		let (claim, meta) = constraint_set_sumcheck_claim(constraint_set)?;
		metas.push(meta);
		claims.push(claim);
	}
	Ok(SumcheckClaimsWithMeta { claims, metas })
}