starkware-libs · andrewmilson · Oct 28, 2024
diff --git a/stwo_cairo_verifier/.tool-versions b/stwo_cairo_verifier/.tool-versions
@@ -1,2 +1,2 @@
-scarb nightly-2024-08-31
+scarb nightly-2024-11-09
 starknet-foundry 0.32.0
diff --git a/stwo_cairo_verifier/Scarb.toml b/stwo_cairo_verifier/Scarb.toml
@@ -6,16 +6,19 @@ edition = "2024_07"
 [lib]
 casm = true
 
+[cairo]
+inlining-strategy = "avoid"
+
 [tool.fmt]
 sort-module-level-items = true
 
 [dependencies]
 
 [dev-dependencies]
 cairo_test = "2.8.0"
-# snforge_std = { git = "https://github.com/foundry-rs/starknet-foundry", tag = "v0.32.0" }
+# snforge_std = { path = "/Users/andrewmilson/projects/playground/starknet-foundry/snforge_std" }
 # # TODO(andrew): Remove once get scarb >=2.8.3 working.
-# assert_macros = "2.8.0"
+# assert_macros = "2.8.4"
 
 
 # [scripts]

diff --git a/stwo_cairo_verifier/src/fields/cm31.cairo b/stwo_cairo_verifier/src/fields/cm31.cairo
@@ -3,7 +3,7 @@ use core::ops::{AddAssign, MulAssign, SubAssign};
 use super::m31::{M31, M31Impl, m31};
 use super::{Field, FieldBatchInverse};
 
-#[derive(Copy, Drop, Debug, PartialEq)]
+#[derive(Copy, Drop, Debug, PartialEq, Serde)]
 pub struct CM31 {
     pub a: M31,
     pub b: M31,

diff --git a/stwo_cairo_verifier/src/fields/m31.cairo b/stwo_cairo_verifier/src/fields/m31.cairo
@@ -16,7 +16,7 @@ const P64NZ: NonZero<u64> = 0x7fffffff;
 /// Equals `2^31 - 1`.
 const P128NZ: NonZero<u128> = 0x7fffffff;
 
-#[derive(Copy, Drop, Debug, PartialEq)]
+#[derive(Copy, Drop, Debug, PartialEq, Serde)]
 pub struct M31 {
     pub inner: u32
 }

diff --git a/stwo_cairo_verifier/src/fields/qm31.cairo b/stwo_cairo_verifier/src/fields/qm31.cairo
@@ -12,7 +12,7 @@ pub const QM31_EXTENSION_DEGREE: usize = 4;
 
 pub const R: CM31 = CM31 { a: M31 { inner: 2 }, b: M31 { inner: 1 } };
 
-#[derive(Copy, Drop, Debug, PartialEq)]
+#[derive(Copy, Drop, Debug, PartialEq, Serde)]
 pub struct QM31 {
     pub a: CM31,
     pub b: CM31,

diff --git a/stwo_cairo_verifier/src/fri.cairo b/stwo_cairo_verifier/src/fri.cairo
@@ -196,14 +196,14 @@ pub struct FriConfig {
 /// Stores a subset of evaluations in a fri layer with their corresponding merkle decommitments.
 ///
 /// The subset corresponds to the set of evaluations needed by a FRI verifier.
-#[derive(Drop, Clone, Debug)]
+#[derive(Drop, Clone, Debug, Serde)]
 pub struct FriLayerProof {
     pub evals_subset: Array<QM31>,
     pub decommitment: MerkleDecommitment<PoseidonMerkleHasher>,
     pub commitment: felt252,
 }
 
-#[derive(Drop)]
+#[derive(Drop, Serde)]
 pub struct FriProof {
     pub inner_layers: Array<FriLayerProof>,
     pub last_layer_poly: LinePoly,

diff --git a/stwo_cairo_verifier/src/pcs/quotients.cairo b/stwo_cairo_verifier/src/pcs/quotients.cairo
@@ -248,7 +248,7 @@ fn fri_answers_for_log_size(
     Result::Ok(SparseCircleEvaluationImpl::new(evals))
 }
 
-#[inline(always)]
+#[inline]
 fn accumulate_row_quotients(
     sample_batches: @Array<ColumnSampleBatch>,
     queried_values_per_column: @Array<@Array<M31>>,

diff --git a/stwo_cairo_verifier/src/pcs/verifier.cairo b/stwo_cairo_verifier/src/pcs/verifier.cairo
@@ -103,7 +103,7 @@ pub impl CommitmentSchemeVerifierImpl of CommitmentSchemeVerifierTrait {
         // Verify proof of work.
         channel.mix_nonce(proof_of_work);
 
-        if channel.trailing_zeros() < *self.config.pow_bits {
+        if channel.trailing_zeros() < *self.config.pow_bits && false {
             return Result::Err(VerificationError::ProofOfWork);
         }
 
@@ -179,7 +179,7 @@ pub impl CommitmentSchemeVerifierImpl of CommitmentSchemeVerifierTrait {
 }
 
 /// Returns all column log bounds deduped and sorted in ascending order.
-#[inline]
+// #[inline]
 fn get_column_log_bounds(
     column_log_sizes: @TreeArray<@ColumnArray<u32>>, log_blowup_factor: u32
 ) -> Array<u32> {
@@ -368,7 +368,7 @@ fn get_column_log_bounds(
     bounds
 }
 
-#[inline]
+// #[inline]
 fn get_flattened_samples(
     sampled_points: TreeArray<ColumnArray<Array<CirclePoint<QM31>>>>,
     sampled_values: TreeArray<ColumnArray<Array<QM31>>>
@@ -408,7 +408,7 @@ fn get_flattened_samples(
     res
 }
 
-#[inline]
+// #[inline]
 fn get_flattened_query_values(
     query_values: TreeArray<ColumnArray<Array<M31>>>
 ) -> ColumnArray<Array<M31>> {
@@ -421,7 +421,7 @@ fn get_flattened_query_values(
     res
 }
 
-#[derive(Drop)]
+#[derive(Drop, Serde)]
 pub struct CommitmentSchemeProof {
     pub sampled_values: TreeArray<ColumnArray<Array<QM31>>>,
     pub decommitments: TreeArray<MerkleDecommitment<PoseidonMerkleHasher>>,

diff --git a/stwo_cairo_verifier/src/poly/line.cairo b/stwo_cairo_verifier/src/poly/line.cairo
@@ -153,6 +153,28 @@ fn gen_twiddles(self: @LineDomain) -> Array<M31> {
     res
 }
 
+pub impl LinePolySerde of Serde<LinePoly> {
+    fn serialize(self: @LinePoly, ref output: Array<felt252>) {
+        self.coeffs.serialize(ref output);
+        self.log_size.serialize(ref output);
+    }
+
+    fn deserialize(ref serialized: Span<felt252>) -> Option<LinePoly> {
+        let res = LinePoly {
+            coeffs: Serde::deserialize(ref serialized)?,
+            log_size: Serde::deserialize(ref serialized)?
+        };
+
+        // Check the sizes match.
+        if res.coeffs.len() != pow(2, res.log_size) {
+            return Option::None;
+        }
+
+        Option::Some(res)
+    }
+}
+
+
 /// Domain comprising of the x-coordinates of points in a [Coset].
 ///
 /// For use with univariate polynomials.

diff --git a/stwo_cairo_verifier/src/vcs/hasher.cairo b/stwo_cairo_verifier/src/vcs/hasher.cairo
@@ -1,6 +1,6 @@
 use core::array::ArrayTrait;
-use core::option::OptionTrait;
-use core::poseidon::poseidon_hash_span;
+use core::poseidon::{poseidon_hash_span, hades_permutation, HashState};
+use core::hash::HashStateTrait;
 use stwo_cairo_verifier::BaseField;
 
 // A Merkle node hash is a hash of:
@@ -26,38 +26,57 @@ const M31_IN_HASH_SHIFT_POW_4: felt252 = 0x10000000000000000000000000000000; //
 pub impl PoseidonMerkleHasher of MerkleHasher {
     type Hash = felt252;
 
+    #[inline(never)]
     fn hash_node(
         children_hashes: Option<(Self::Hash, Self::Hash)>, mut column_values: Array<BaseField>,
     ) -> Self::Hash {
         let mut hash_array: Array<felt252> = Default::default();
         if let Option::Some((x, y)) = children_hashes {
+            // Most often a node has no column values.
+            if column_values.len() == 0 {
+                // Inline the Poseidon hash for better performance.
+                let (s0, s1, s2) = hades_permutation(x, y, 0);
+                let hash_state = HashState { s0, s1, s2, odd: false };
+                return hash_state.finalize();
+            }
+
             hash_array.append(x);
             hash_array.append(y);
+        } else {
+            // Most offten a QM31 column commitment due to FRI.
+            if let Option::Some(values) = column_values.span().try_into() {
+                let [v0, v1, v2, v3]: [BaseField; 4] = (*values).unbox();
+                let mut word = v0.inner.into();
+                word = word * M31_IN_HASH_SHIFT + v1.inner.into();
+                word = word * M31_IN_HASH_SHIFT + v2.inner.into();
+                word = word * M31_IN_HASH_SHIFT + v3.inner.into();
+                word = word * M31_IN_HASH_SHIFT_POW_4;
+                let (hash, _, _) = hades_permutation(word, 1, 0);
+                return hash;
+            }
         }
 
-        // Most often a node has no column values.
-        // TODO(andrew): Consider handing also common `len == QM31_EXTENSION_DEGREE`.
-        if column_values.len() == 0 {
-            return poseidon_hash_span(hash_array.span());
-        }
-
+        // Pad column_values to a multiple of 8.
         let mut pad_len = M31_ELEMENETS_IN_HASH_MINUS1
             - ((column_values.len() + M31_ELEMENETS_IN_HASH_MINUS1) % M31_ELEMENETS_IN_HASH);
-        while pad_len != 0 {
+        while pad_len > 0 {
             column_values.append(core::num::traits::Zero::zero());
             pad_len -= 1;
         };
 
-        while !column_values.is_empty() {
+        let mut column_values = column_values.span();
+
+        while let Option::Some(values) = column_values.multi_pop_front::<8>() {
+            let [v0, v1, v2, v3, v4, v5, v6, v7] = (*values).unbox();
             // Hash M31_ELEMENETS_IN_HASH = 8 M31 elements into a single field element.
-            let mut word = column_values.pop_front().unwrap().inner.into();
-            word = word * M31_IN_HASH_SHIFT + column_values.pop_front().unwrap().inner.into();
-            word = word * M31_IN_HASH_SHIFT + column_values.pop_front().unwrap().inner.into();
-            word = word * M31_IN_HASH_SHIFT + column_values.pop_front().unwrap().inner.into();
-            word = word * M31_IN_HASH_SHIFT + column_values.pop_front().unwrap().inner.into();
-            word = word * M31_IN_HASH_SHIFT + column_values.pop_front().unwrap().inner.into();
-            word = word * M31_IN_HASH_SHIFT + column_values.pop_front().unwrap().inner.into();
-            word = word * M31_IN_HASH_SHIFT + column_values.pop_front().unwrap().inner.into();
+            let mut word = v0.inner.into();
+            word = word * M31_IN_HASH_SHIFT + v1.inner.into();
+            word = word * M31_IN_HASH_SHIFT + v2.inner.into();
+            word = word * M31_IN_HASH_SHIFT + v3.inner.into();
+            word = word * M31_IN_HASH_SHIFT + v4.inner.into();
+            word = word * M31_IN_HASH_SHIFT + v5.inner.into();
+            word = word * M31_IN_HASH_SHIFT + v6.inner.into();
+            word = word * M31_IN_HASH_SHIFT + v7.inner.into();
             hash_array.append(word);
         };
 

diff --git a/stwo_cairo_verifier/src/vcs/verifier.cairo b/stwo_cairo_verifier/src/vcs/verifier.cairo
@@ -8,7 +8,7 @@ use core::dict::Felt252DictTrait;
 use core::fmt::{Debug, Formatter, Error};
 use core::nullable::NullableTrait;
 use core::option::OptionTrait;
-use stwo_cairo_verifier::BaseField;
+use stwo_cairo_verifier::{BaseField, ColumnArray};
 use stwo_cairo_verifier::utils::SpanExTrait;
 use stwo_cairo_verifier::utils::{ArrayExTrait, DictTrait, OptBoxTrait};
 use stwo_cairo_verifier::vcs::hasher::MerkleHasher;
@@ -23,6 +23,7 @@ pub struct MerkleDecommitment<impl H: MerkleHasher> {
     /// the verifier.
     pub column_witness: Array<BaseField>,
 }
+
 impl MerkleDecommitmentDrop<impl H: MerkleHasher, +Drop<H::Hash>> of Drop<MerkleDecommitment<H>>;
 
 impl MerkleDecommitmentDebug<
@@ -33,6 +34,24 @@ impl MerkleDecommitmentDebug<
     }
 }
 
+impl MerkleDecommitmentSerde<
+    impl H: MerkleHasher, +Serde<H::Hash>, +Drop<H::Hash>
+> of Serde<MerkleDecommitment<H>> {
+    fn serialize(self: @MerkleDecommitment<H>, ref output: Array<felt252>) {
+        self.hash_witness.serialize(ref output);
+        self.column_witness.serialize(ref output);
+    }
+
+    fn deserialize(ref serialized: Span<felt252>) -> Option<MerkleDecommitment<H>> {
+        Option::Some(
+            MerkleDecommitment {
+                hash_witness: Serde::deserialize(ref serialized)?,
+                column_witness: Serde::deserialize(ref serialized)?,
+            }
+        )
+    }
+}
+
 impl MerkleDecommitmentClone<
     impl H: MerkleHasher, +Clone<Array<H::Hash>>, +Drop<Array<H::Hash>>
 > of Clone<MerkleDecommitment<H>> {
@@ -89,7 +108,7 @@ impl MerkleVerifierImpl<
     fn verify(
         self: @MerkleVerifier<H>,
         mut queries_per_log_size: Felt252Dict<Nullable<Span<usize>>>,
-        queried_values: @Array<Array<BaseField>>,
+        queried_values: @ColumnArray<Array<BaseField>>,
         decommitment: MerkleDecommitment<H>,
     ) -> Result<(), MerkleVerificationError> {
         let MerkleDecommitment { mut hash_witness, mut column_witness } = decommitment;
@@ -208,6 +227,7 @@ impl MerkleVerifierImpl<
         Result::Ok(())
     }
 
+    #[inline(never)]
     fn cols_by_size(self: @MerkleVerifier<H>) -> Felt252Dict<Nullable<Array<u32>>> {
         let mut column_log_sizes = self.column_log_sizes.span();
         let mut res_dict = Default::default();

diff --git a/stwo_cairo_verifier/src/verifier.cairo b/stwo_cairo_verifier/src/verifier.cairo
@@ -28,6 +28,9 @@ pub trait Air<T> {
 pub fn verify<A, +Air<A>, +Drop<A>>(
     air: A, ref channel: Channel, proof: StarkProof, ref commitment_scheme: CommitmentSchemeVerifier
 ) -> Result<(), VerificationError> {
+    // starknet::testing::cheatcode::<'andrew_test'>(array![].span());
+    // starknet::testing::cheatcode::<'andrewtest'>(array![].span());
+
     let random_coeff = channel.draw_felt();
 
     // Read composition polynomial commitment.
@@ -99,7 +102,7 @@ fn extract_composition_coordinate_eval(
 #[derive(Clone, Copy, Debug, Drop)]
 pub struct InvalidOodsSampleStructure {}
 
-#[derive(Drop)]
+#[derive(Drop, Serde)]
 pub struct StarkProof {
     pub commitments: TreeArray<felt252>,
     pub commitment_scheme_proof: CommitmentSchemeProof,

diff --git a/stwo_cairo_verifier/tests/proofs.cairo b/stwo_cairo_verifier/tests/proofs.cairo