feat(verifier-ray): migrate verifier-ray extension field from E4 to E6#3168
Conversation
postman Changelog Preview (informational)[Unreleased] diff (commits touching
|
coordinator Changelog Preview (informational)[Unreleased] diff (commits touching
|
linea-besu Changelog Preview (informational)[Unreleased] diff (commits touching
|
tx-exclusion-api Changelog Preview (informational)[Unreleased] diff (commits touching
|
prover Changelog Preview (informational)[Unreleased] diff (commits touching
|
YaoJGalteland
force-pushed
the
feat/ray-ext-e6
branch
from
c150a17 to
77eb4a4
Compare
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
ivokub
left a comment
ivokub
left a comment
There was a problem hiding this comment.
Have a look if makes sense to use the concrete tower definition for E6 as E6{E2, E2, E2} instead of flattened.
| github.com/consensys/gnark-crypto v0.20.2-0.20260514182922-df0578435b08/go.mod h1:NzeBHSZ49bIM7RtrNTYYR2kymTqwvI/A4eTgQlyQc+Q= | ||
| github.com/consensys/linea-monorepo/prover-ray v0.0.0-20260518154448-1f6880839cd2 h1:Ggp+FPN2SmxdPC1k77w9YCNef4RUOL9C4algaGIUuWk= | ||
| github.com/consensys/linea-monorepo/prover-ray v0.0.0-20260518154448-1f6880839cd2/go.mod h1:HZncWpppP5LS0qB3moZR1ESi/vIbCEnkG1w65TsAojU= | ||
| github.com/consensys/linea-monorepo/prover-ray v0.0.0-20260519010204-24a53941da53 h1:DpSMTgN3kJYo7vbBGnSXGJXQx4yVVR35WUE/NFqYdWY= |
There was a problem hiding this comment.
In the future, please also run go mod tidy when updating dependencies - it will remove the stale checksums
| /// B0.A0, B0.A1, B1.A0, B1.A1 for B0 + B1*v with v^2 = u and u^2 = 3. | ||
| /// B0.A0, B0.A1, B1.A0, B1.A1, B2.A0, B2.A1 | ||
| /// for the tower F_{p^6} = F_{p^2}[v]/(v^3 - (u+1)) with F_{p^2} = F_p[u]/(u^2 - 3). | ||
| limbs: [degree]base.Element, |
There was a problem hiding this comment.
Perhaps we should follow the definition in gnark-crypto/ray i.e.
pub const Ext = struct {
B0: E2,
B1: E2,
B2: E2,
}
Memory-wise it doesn't make a difference, but corresponds more clearly to the gnark-crypto definition. And imo this makes the implementation also a bit clearer in mul where we right now manually construct E2 values.
There was a problem hiding this comment.
Good idea! That's more structured and highly readable.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 8328b17. Configure here.
| return self.mul(rhs.inverse()); | ||
| } | ||
|
|
||
| pub fn pow(self: Ext, exponent: u256) Ext { |
There was a problem hiding this comment.
I think we can keep it for now, but perhaps we should reconsider in the future if exponent should be u256 - it is correct mathematically that this bound makes sense, but in the application point of view (verifying proofs) the exponent is usually the domain size, i.e. not bigger than 2^24. So u32 should be fine.
But lets keep as is and fix in the future when it makes sense.
3 participants
This PR implements issue(s) #3148
Migrates the Zig verifier (verifier-ray) extension field from degree-4 (E4) to degree-6 (E6), matching the prover-ray migration done in PR #3111.
Closes #3148
Note
High Risk
High risk because it changes core finite-field arithmetic (
mul,inverse, serialization) and Fiat–Shamir challenge derivation, which can invalidate proofs or cause subtle consensus/verification mismatches if incorrect.Overview
Migrates
verifier-ray’s KoalaBear extension field from a 4-limb representation to a 6-limb Fp6 over Fp2 construction, introducing a dedicatedE2type and rewritingExtarithmetic (notablymul,inverse,toBytes/fromBytesCanonical, andpow).Updates the Fiat–Shamir transcript to absorb and sample the new 6-limb extension elements, refreshes golden vectors + generator to the new
prover-rayversion, and adjusts tests accordingly (including a newa^(p^6-1)=1check).Separately, adds
verifier-rayas an allowed Conventional Commit scope in.husky/commit-msg.Reviewed by Cursor Bugbot for commit 823285e. Bugbot is set up for automated code reviews on this repo. Configure here.