-
Polygon zkEVM FFT和多项式evaluate计算的circom约束
1. 引言
前序博客:
代码见:
2. FFT运算的circom约束
const pgroup_c = F.ifft(pgroup_e); // Adjustable parametees const maxBlockBits = 16; const minBlockBits = 12; //const maxBlockBits = 2; //const minBlockBits = 2; const blocksPerThread = 8; async function _fft(buffSrc, nPols, nBits, buffDst, inverse) { const n = 1 << nBits; const tmpBuff = new BigBuffer(n*nPols); const outBuff = buffDst; let bIn, bOut; const pool = workerpool.pool(__dirname + '/fft_worker.js'); const idealNBlocks = pool.maxWorkers*blocksPerThread; let blockBits = log2(n*nPols/idealNBlocks); if (blockBits < minBlockBits) blockBits = minBlockBits; if (blockBits > maxBlockBits) blockBits = maxBlockBits; blockBits = Math.min(nBits, blockBits); const blockSize = 1 << blockBits; const nBlocks = n / blockSize; let nTrasposes; if (nBits == blockBits) { nTrasposes = 0; } else { nTrasposes = Math.floor((nBits-1) / blockBits)+1; } if (nTrasposes & 1) { bOut = tmpBuff; bIn = outBuff; } else { bOut = outBuff; bIn = tmpBuff; } if (inverse) { await invBitReverse(bOut, buffSrc, nPols, nBits); } else { await bitReverse(bOut, buffSrc, nPols, nBits); } [bIn, bOut] = [bOut, bIn]; for (let i=0; i<nBits; i+= blockBits) { const sInc = Math.min(blockBits, nBits-i); const promisesFFT = []; // let results = []; for (j=0; j<nBlocks; j++) { const bb = bIn.slice(j*blockSize*nPols, (j+1)*blockSize*nPols); promisesFFT.push(pool.exec("fft_block", [bb, j*blockSize, nPols, nBits, i+sInc, blockBits, sInc])); // results[j] = await fft_block(bb, j*blockSize, nPols, nBits, i+sInc, blockBits, sInc); } const results = await Promise.all(promisesFFT); for (let i=0; i<results.length; i++) { bIn.set(results[i], i*blockSize*nPols) } if (sInc < nBits) { // Do not transpose if it's the same await traspose(bOut, bIn, nPols, nBits, sInc); [bIn, bOut] = [bOut, bIn]; } } await pool.terminate(); } async function fft(buffSrc, nPols, nBits, buffDst) { await _fft(buffSrc, nPols, nBits, buffDst, false) } async function ifft(buffSrc, nPols, nBits, buffDst) { await _fft(buffSrc, nPols, nBits, buffDst, true) }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
Goldilocks域 p = 2 64 − 2 32 + 1 p= 2^{64} - 2^{32} + 1 p=264−232+1。其支持最大FFT运算degree为32:【
roots[i]对应为 2 i 2^i 2i-th root of unity。】var roots[33] = [ 1, // 2^0-th root of unity 18446744069414584320, // 2^1-th root of unity 281474976710656, // 2^2-th root of unity 18446744069397807105, 17293822564807737345, 70368744161280, 549755813888, 17870292113338400769, 13797081185216407910, 1803076106186727246, 11353340290879379826, 455906449640507599, 17492915097719143606, 1532612707718625687, 16207902636198568418, 17776499369601055404, 6115771955107415310, 12380578893860276750, 9306717745644682924, 18146160046829613826, 3511170319078647661, 17654865857378133588, 5416168637041100469, 16905767614792059275, 9713644485405565297, 5456943929260765144, 17096174751763063430, 1213594585890690845, 6414415596519834757, 16116352524544190054, 9123114210336311365, 4614640910117430873, 1753635133440165772 // 2^{32}-th root of unity ];- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
FFT(nBits, eSize, inv , shift)中inv为1表示iFFT,为0表示FFT。nBits表示对应 2 nBits − 1 2^{\text{nBits}}-1 2nBits−1 degree多项式。eSize表示每个元素的宽度。shift表示偏移。template FFT(nBits, eSize, inv , shift) { var n = 1<- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
3. 多项式evaluate计算circom约束
const ev = evalPol(F, pgroup_c, F.mul(special_x[si], sinv)); module.exports.evalPol = function evalPol(F, p, x) { if (p.length == 0) return F.zero; let res = p[p.length-1]; for (let i=p.length-2; i>=0; i--) { res = F.add(F.mul(res, x), p[i]); } return res; }- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
template EvalPol(n) { signal input pol[n][3]; signal input x[3]; signal output out[3]; signal acc[n][3]; component cmul[n-1]; for (var e=0; e<3; e++) { acc[0][e] <== pol[n-1][e]; } for (var i=1; i- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
附录:Polygon Hermez 2.0 zkEVM系列博客
- ZK-Rollups工作原理
- Polygon zkEVM——Hermez 2.0简介
- Polygon zkEVM网络节点
- Polygon zkEVM 基本概念
- Polygon zkEVM Prover
- Polygon zkEVM工具——PIL和CIRCOM
- Polygon zkEVM节点代码解析
- Polygon zkEVM的pil-stark Fibonacci状态机初体验
- Polygon zkEVM的pil-stark Fibonacci状态机代码解析
- Polygon zkEVM PIL编译器——pilcom 代码解析
- Polygon zkEVM Arithmetic状态机
- Polygon zkEVM中的常量多项式
- Polygon zkEVM Binary状态机
- Polygon zkEVM Memory状态机
- Polygon zkEVM Memory Align状态机
- Polygon zkEVM zkASM编译器——zkasmcom
- Polygon zkEVM哈希状态机——Keccak-256和Poseidon
- Polygon zkEVM zkASM语法
- Polygon zkEVM可验证计算简单状态机示例
- Polygon zkEVM zkASM 与 以太坊虚拟机opcode 对应集合
- Polygon zkEVM zkROM代码解析(1)
- Polygon zkEVM zkASM中的函数集合
- Polygon zkEVM zkROM代码解析(2)
- Polygon zkEVM zkROM代码解析(3)
- Polygon zkEVM公式梳理
- Polygon zkEVM中的Merkle tree
- Polygon zkEVM中Goldilocks域元素circom约束
- Polygon zkEVM Merkle tree的circom约束
C#集合的使用
wkhtmltopdf命令行示例
SQL Server 入门知识
java毕业设计成都某4S店销售管理系统Mybatis+系统+数据库+调试部署
【系统设计与实现】智慧教室在线监考系统,实时视频推理(vue前端+java管理后台+cpp深度学习算法后台)
MP4 格式:最少加载多少数据就能渲染出视频首帧?优化短视频播放体验必须先了解它丨音视频基础
1. XAML简单的划分区域
ajax请求
多层串联拼接网络