feat(common): add Goldilocks (Field64_3) field support — Phase 1#453
Open
BornPsych wants to merge 11 commits into
Open
feat(common): add Goldilocks (Field64_3) field support — Phase 1#453BornPsych wants to merge 11 commits into
BornPsych wants to merge 11 commits into
Conversation
- `provekit-common` gains mutually-informed `bn254` (default) and `goldilocks` field features; `bn254` takes precedence when both are on so `--all-features` builds as BN254. `provekit_ntt` now implies `bn254`. - `mavros-vm`/`mavros-artifacts` become optional deps tied to `bn254`. - Root manifest sets `provekit-common`/`provekit-verifier` to `default-features = false`; every consumer crate re-enables `bn254` explicitly so the goldilocks build can opt out with `--no-default-features --features goldilocks`.
…1CSSchemeBuilder - Split the `FieldElement` alias: `ark_bn254::Fr` under `bn254`, `whir::algebra::fields::Field64_3` under `goldilocks`. Gate the BN254-only modules (mavros, noir_proof_scheme, ntt, optimize, poseidon2, prover, skyscraper, verifier) and the Skyscraper/Poseidon2 engine registrations in `register_ntt`. - Move `WhirR1CSSchemeBuilder` (and the `MIN_*` consts) from `r1cs-compiler` into `common`, re-exporting it from both crates. The move rides here because the crate-root re-export and the field split touch the same `lib.rs`. The Mavros constructor stays `bn254`-gated.
- Gate the Skyscraper/Poseidon2 `HashConfig` and `TranscriptSponge` variants behind `bn254`; the goldilocks default hash is `Sha256`. - Add Goldilocks twins for the field<->byte bridges (`field_to_bytes_le` -> 24 bytes, digest-to-field via the base subfield) and switch the sumcheck `HALF` constant to a `LazyLock`.
- Gate the Noir/BN254-coupled witness modules (binops, digits, limbs, ram, scheduling, witness builders) and the `NoirProof`/scheme `FileFormat` impls behind `bn254`; the field-agnostic IO machinery and `PublicInputs` stay shared. - Add the goldilocks `PublicInputs::hash_bytes` twin (24 -> 32 pad).
… test - Gate the `Prove`/`Verify` traits, Noir/Mavros prover paths, and EC/ bigint gadgets behind `bn254`; expose `whir_r1cs` publicly under goldilocks (and in the verifier) so hand-built R1CS instances can be proved/verified directly. - Add `roundtrip_tests.rs`: a `Field64_3` `x*y=z` prove/verify roundtrip plus soundness negatives, the Phase-1 milestone.
… hash, and guard field unification
…mitment The Mavros builder was relocated from r1cs-compiler into common before v2's fix landing, so new_from_dimensions still derived m from next_power_of_two( num_witnesses). v2 (PR worldfnd#443) changed it to max(npot(w1_size), npot(w2_size)), since w1 and w2 are committed separately. Carry that split (already present in new_for_r1cs) into new_from_dimensions, the Mavros path, and port v2's four dimension tests, adapted for the now-fallible constructors.
BornPsych
force-pushed
the
ys/goldilocks-field64-3-phase1
branch
from
5715493 to
d9cd553
Compare
|
@BornPsych is attempting to deploy a commit to the World Foundation Team on Vercel. A member of the Team first needs to authorize it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
goldilocksCargo feature alongside the defaultbn254, running the entire proofsystem (witness, R1CS, challenges, sumcheck) in the ~192-bit Goldilocks cubic extension
Field64_3. This is Phase 1 — the validation milestone — which keeps a single fieldtype in play (Identity embedding, zero WHIR changes).
bn254stays the default and is behaviorally unchanged (same transcripts/proofs).goldilocksis an opt-in, off-chain, crate-scoped build:--no-default-features --features goldilocksover common + prover + verifier only.frontend, witness builders, Skyscraper/Poseidon2, EC/bigint, Mavros) are cfg-gated out;
the goldilocks default hash is
Sha256.WhirR1CSSchemeBuilderfromr1cs-compilerintocommon(the goldilocks buildexcludes
r1cs-compiler).Field64_3x*y=zprove/verify roundtrip plus soundness negatives.Commits
Verification
bn254build + tests: green (regression gate).--no-default-features --features goldilocks): green.