facebook · irakliyk · Oct 26, 2024 · Jun 11, 2024 · Jun 11, 2024 · Jun 11, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## 0.10.0 (2024-10-25)
+- [BREAKING] Refactored maybe-async macro into simpler maybe-async and maybe-await macros (#283).
+- [BREAKING] Introduce `VectorCommitment` abstraction (#285).
+- Added `maybe-async-trait` procedural macro (#334).
+- [BREAKING] Add options for partitioned trace commitments (#336).
+- Updated minimum supported Rust version to 1.82.
+
 ## 0.9.3 (2024-09-25) - `utils/core` and `math` crates only
 - Implemented `get_size_hint()` for default impls (#332).
 

diff --git a/air/Cargo.toml b/air/Cargo.toml
@@ -1,16 +1,16 @@
 [package]
 name = "winter-air"
-version = "0.9.0"
+version = "0.10.0"
 description = "AIR components for the Winterfell STARK prover/verifier"
 authors = ["winterfell contributors"]
 readme = "README.md"
 license = "MIT"
 repository = "https://github.com/novifinancial/winterfell"
-documentation = "https://docs.rs/winter-air/0.9.0"
+documentation = "https://docs.rs/winter-air/0.10.0"
 categories = ["cryptography", "no-std"]
 keywords = ["crypto", "arithmetization", "air"]
 edition = "2021"
-rust-version = "1.78"
+rust-version = "1.82"
 
 [lib]
 bench = false
@@ -20,14 +20,14 @@ default = ["std"]
 std = ["crypto/std", "fri/std", "math/std", "utils/std"]
 
 [dependencies]
-crypto = { version = "0.9", path = "../crypto", package = "winter-crypto", default-features = false }
-fri = { version = "0.9", path = "../fri", package = "winter-fri", default-features = false }
-libm = "0.2.8"
-math = { version = "0.9", path = "../math", package = "winter-math", default-features = false }
-utils = { version = "0.9", path = "../utils/core", package = "winter-utils", default-features = false }
+crypto = { version = "0.10", path = "../crypto", package = "winter-crypto", default-features = false }
+fri = { version = "0.10", path = "../fri", package = "winter-fri", default-features = false }
+libm = "0.2"
+math = { version = "0.10", path = "../math", package = "winter-math", default-features = false }
+utils = { version = "0.10", path = "../utils/core", package = "winter-utils", default-features = false }
 
 [dev-dependencies]
-rand-utils = { version = "0.9", path = "../utils/rand", package = "winter-rand-utils" }
+rand-utils = { version = "0.10", path = "../utils/rand", package = "winter-rand-utils" }
 
 # Allow math in docs
 [package.metadata.docs.rs]

diff --git a/air/src/air/aux.rs b/air/src/air/aux.rs
@@ -13,39 +13,83 @@ use super::lagrange::LagrangeKernelRandElements;
 
 /// Holds the randomly generated elements necessary to build the auxiliary trace.
 ///
-/// Specifically, [`AuxRandElements`] currently supports 2 types of random elements:
+/// Specifically, [`AuxRandElements`] currently supports 3 types of random elements:
 /// - the ones needed to build the Lagrange kernel column (when using GKR to accelerate LogUp),
+/// - the ones needed to build the "s" auxiliary column (when using GKR to accelerate LogUp),
 /// - the ones needed to build all the other auxiliary columns
 #[derive(Debug, Clone)]
 pub struct AuxRandElements<E> {
     rand_elements: Vec<E>,
-    lagrange: Option<LagrangeKernelRandElements<E>>,
+    gkr: Option<GkrRandElements<E>>,
 }
 
 impl<E> AuxRandElements<E> {
     /// Creates a new [`AuxRandElements`], where the auxiliary trace doesn't contain a Lagrange
     /// kernel column.
     pub fn new(rand_elements: Vec<E>) -> Self {
-        Self { rand_elements, lagrange: None }
+        Self { rand_elements, gkr: None }
     }
 
-    /// Creates a new [`AuxRandElements`], where the auxiliary trace contains a Lagrange kernel
-    /// column.
-    pub fn new_with_lagrange(
-        rand_elements: Vec<E>,
-        lagrange: Option<LagrangeKernelRandElements<E>>,
-    ) -> Self {
-        Self { rand_elements, lagrange }
+    /// Creates a new [`AuxRandElements`], where the auxiliary trace contains columns needed when
+    /// using GKR to accelerate LogUp (i.e. a Lagrange kernel column and the "s" column).
+    pub fn new_with_gkr(rand_elements: Vec<E>, gkr: GkrRandElements<E>) -> Self {
+        Self { rand_elements, gkr: Some(gkr) }
     }
 
-    /// Returns the random elements needed to build all columns other than the Lagrange kernel one.
+    /// Returns the random elements needed to build all columns other than the two GKR-related ones.
     pub fn rand_elements(&self) -> &[E] {
         &self.rand_elements
     }
 
     /// Returns the random elements needed to build the Lagrange kernel column.
     pub fn lagrange(&self) -> Option<&LagrangeKernelRandElements<E>> {
-        self.lagrange.as_ref()
+        self.gkr.as_ref().map(|gkr| &gkr.lagrange)
+    }
+
+    /// Returns the random values used to linearly combine the openings returned from the GKR proof.
+    ///
+    /// These correspond to the lambdas in our documentation.
+    pub fn gkr_openings_combining_randomness(&self) -> Option<&[E]> {
+        self.gkr.as_ref().map(|gkr| gkr.openings_combining_randomness.as_ref())
+    }
+}
+
+/// Holds all the random elements needed when using GKR to accelerate LogUp.
+///
+/// This consists of two sets of random values:
+/// 1. The Lagrange kernel random elements (expanded on in [`LagrangeKernelRandElements`]), and
+/// 2. The "openings combining randomness".
+///
+/// After the verifying the LogUp-GKR circuit, the verifier is left with unproven claims provided
+/// nondeterministically by the prover about the evaluations of the MLE of the main trace columns at
+/// the Lagrange kernel random elements. Those claims are (linearly) combined into one using the
+/// openings combining randomness.
+#[derive(Clone, Debug)]
+pub struct GkrRandElements<E> {
+    lagrange: LagrangeKernelRandElements<E>,
+    openings_combining_randomness: Vec<E>,
+}
+
+impl<E> GkrRandElements<E> {
+    /// Constructs a new [`GkrRandElements`] from [`LagrangeKernelRandElements`], and the openings
+    /// combining randomness.
+    ///
+    /// See [`GkrRandElements`] for a more detailed description.
+    pub fn new(
+        lagrange: LagrangeKernelRandElements<E>,
+        openings_combining_randomness: Vec<E>,
+    ) -> Self {
+        Self { lagrange, openings_combining_randomness }
+    }
+
+    /// Returns the random elements needed to build the Lagrange kernel column.
+    pub fn lagrange_kernel_rand_elements(&self) -> &LagrangeKernelRandElements<E> {
+        &self.lagrange
+    }
+
+    /// Returns the random values used to linearly combine the openings returned from the GKR proof.
+    pub fn openings_combining_randomness(&self) -> &[E] {
+        &self.openings_combining_randomness
     }
 }
 
@@ -66,7 +110,7 @@ pub trait GkrVerifier {
         &self,
         gkr_proof: Self::GkrProof,
         public_coin: &mut impl RandomCoin<BaseField = E::BaseField, Hasher = Hasher>,
-    ) -> Result<LagrangeKernelRandElements<E>, Self::Error>
+    ) -> Result<GkrRandElements<E>, Self::Error>
     where
         E: FieldElement,
         Hasher: ElementHasher<BaseField = E::BaseField>;
@@ -80,11 +124,11 @@ impl GkrVerifier for () {
         &self,
         _gkr_proof: Self::GkrProof,
         _public_coin: &mut impl RandomCoin<BaseField = E::BaseField, Hasher = Hasher>,
-    ) -> Result<LagrangeKernelRandElements<E>, Self::Error>
+    ) -> Result<GkrRandElements<E>, Self::Error>
     where
         E: FieldElement,
         Hasher: ElementHasher<BaseField = E::BaseField>,
     {
-        Ok(LagrangeKernelRandElements::new(Vec::new()))
+        Ok(GkrRandElements::new(LagrangeKernelRandElements::default(), Vec::new()))
     }
 }
diff --git a/air/src/air/context.rs b/air/src/air/context.rs
@@ -309,8 +309,7 @@ impl<B: StarkField> AirContext<B> {
 
         // we use the identity: ceil(a/b) = (a + b - 1)/b
         let num_constraint_col =
-            (highest_constraint_degree - transition_divisior_degree + trace_length - 1)
-                / trace_length;
+            (highest_constraint_degree - transition_divisior_degree).div_ceil(trace_length);
 
         cmp::max(num_constraint_col, 1)
     }

diff --git a/air/src/air/lagrange/mod.rs b/air/src/air/lagrange/mod.rs
@@ -46,7 +46,11 @@ impl<E: FieldElement> LagrangeKernelConstraints<E> {
 }
 
 /// Holds the randomly generated elements needed to build the Lagrange kernel auxiliary column.
-#[derive(Debug, Clone)]
+///
+/// The Lagrange kernel consists of evaluating the function $eq(x, r)$, where $x$ is the binary
+/// decomposition of the row index, and $r$ is some random point. The "Lagrange kernel random
+/// elements" refer to this (multidimensional) point $r$.
+#[derive(Debug, Clone, Default)]
 pub struct LagrangeKernelRandElements<E> {
     elements: Vec<E>,
 }

diff --git a/air/src/air/mod.rs b/air/src/air/mod.rs
@@ -11,7 +11,7 @@ use math::{fft, ExtensibleField, ExtensionOf, FieldElement, StarkField, ToElemen
 use crate::ProofOptions;
 
 mod aux;
-pub use aux::{AuxRandElements, GkrVerifier};
+pub use aux::{AuxRandElements, GkrRandElements, GkrVerifier};
 
 mod trace_info;
 pub use trace_info::TraceInfo;
@@ -269,7 +269,7 @@ pub trait Air: Send + Sync {
         main_frame: &EvaluationFrame<F>,
         aux_frame: &EvaluationFrame<E>,
         periodic_values: &[F],
-        aux_rand_elements: &[E],
+        aux_rand_elements: &AuxRandElements<E>,
         result: &mut [E],
     ) where
         F: FieldElement<BaseField = Self::BaseField>,
@@ -298,7 +298,7 @@ pub trait Air: Send + Sync {
     #[allow(unused_variables)]
     fn get_aux_assertions<E: FieldElement<BaseField = Self::BaseField>>(
         &self,
-        aux_rand_elements: &[E],
+        aux_rand_elements: &AuxRandElements<E>,
     ) -> Vec<Assertion<E>> {
         Vec::new()
     }
@@ -309,7 +309,7 @@ pub trait Air: Send + Sync {
     /// Returns the [`GkrVerifier`] to be used to verify the GKR proof.
     ///
     /// Leave unimplemented if the `Air` doesn't use a GKR proof.
-    fn get_auxiliary_proof_verifier<E: FieldElement<BaseField = Self::BaseField>>(
+    fn get_gkr_proof_verifier<E: FieldElement<BaseField = Self::BaseField>>(
         &self,
     ) -> Self::GkrVerifier {
         unimplemented!("`get_auxiliary_proof_verifier()` must be implemented when the proof contains a GKR proof");
@@ -422,7 +422,7 @@ pub trait Air: Send + Sync {
     /// combination of boundary constraints during constraint merging.
     fn get_boundary_constraints<E: FieldElement<BaseField = Self::BaseField>>(
         &self,
-        aux_rand_elements: Option<&[E]>,
+        aux_rand_elements: Option<&AuxRandElements<E>>,
         composition_coefficients: &[E],
     ) -> BoundaryConstraints<E> {
         BoundaryConstraints::new(

diff --git a/air/src/lib.rs b/air/src/lib.rs
@@ -38,13 +38,13 @@ mod errors;
 pub use errors::AssertionError;
 
 mod options;
-pub use options::{FieldExtension, ProofOptions};
+pub use options::{FieldExtension, PartitionOptions, ProofOptions};
 
 mod air;
 pub use air::{
     Air, AirContext, Assertion, AuxRandElements, BoundaryConstraint, BoundaryConstraintGroup,
     BoundaryConstraints, ConstraintCompositionCoefficients, ConstraintDivisor,
-    DeepCompositionCoefficients, EvaluationFrame, GkrVerifier,
+    DeepCompositionCoefficients, EvaluationFrame, GkrRandElements, GkrVerifier,
     LagrangeConstraintsCompositionCoefficients, LagrangeKernelBoundaryConstraint,
     LagrangeKernelConstraints, LagrangeKernelEvaluationFrame, LagrangeKernelRandElements,
     LagrangeKernelTransitionConstraints, TraceInfo, TransitionConstraintDegree,