Optimize fri domain evaluation

.gitignore

@@ -17,4 +17,5 @@ zk_STARK/inclusion_proof_data/*
 zk_STARK/sum_proof_data/batches/*
 zk_STARK/sum_proof_data/trunk/*
 zk_STARK/user_data/*
+zk_STARK/precomputed_data/*
 .DS_Store

README.md

@@ -101,13 +101,13 @@ Verify the inclusion constraint
 
 1. To verify if your asset balance has been included as a Merkle leaf, navigate to ["Audits"](https://www.okx.com/balance/audit) and click **Details** to access your audit data.
 2. Get the data you need for verification by clicking **Copy data** and pasting the JSON string as a file in a new folder. 
-3. Download [zk-STARKValidator](https://github.com/okx/proof-of-reserves/releases/tag/v3.0.0), the OKX open-source verification tool, and save it to the same folder containing the JSON file. 
+3. Download [zk-STARKValidator](https://github.com/okx/proof-of-reserves/releases), the OKX open-source verification tool, and save it to the same folder containing the JSON file. 
 4. Open zk-STARKValidator to auto-run the JSON file you saved to check whether the inclusion constraint is satisfied. 
 
 Verify the total balance and non-negative constraints
 1. Under ["Audit files"](https://www.okx.com/proof-of-reserves/download?tab=liabilities), download the zk-STARK file from the "Liability report" tab.
 2. Unzip the file to reveal a "sum proof data" folder with branch and trunk folders containing "sum_proof.json," "sum_value.json" files.
-3. Download [zk-STARKValidator](https://github.com/okx/proof-of-reserves/releases/tag/v3.0.0), the OKX open-source verification tool, and place it in the same root folder as the "sum proof data" folder.
+3. Download [zk-STARKValidator](https://github.com/okx/proof-of-reserves/releases), the OKX open-source verification tool, and place it in the same root folder as the "sum proof data" folder.
 4. Open zk-STARKValidator to auto-run the unzipped zk-STARK file to check whether the total balance and non-negative constraints are satisfied. 
 
 

zk_STARK/constants.py

@@ -8,14 +8,11 @@
 USER_NUM_INIT = 2**10 - 1
 MAX_USER_NUM_FOR_ONE_BATCH = 2**12
 MAX_USER_VALUE = 4**30//1000
-# MAIN_COINS_NUM = 31
 
-# COINS = ["BTC", "ETH", "USDT", "XXC", "HFB", "HPR", "YPS", "QCZ", "YJE", "OUS", "TKR", "AWM", "ATD", "NFI", "ZMV", "IRZ", "YIX", "KVB", "YJA", "PZH", "BRY", "ECF", "HZW", "EGN", "BVR", "IYY", "DKA", "LEH", "RJW", "YEM", "PTO", "JOU", "DUU", "YGH", "EYP", "AJV", "FJX", "SLY", "UXQ", "WSQ", "YSN", "UCK", "DHU", "WIF", "UQY", "WWK", "CAO", "VBA", "YYM", "DIZ", "JLM", "GXT", "ORF", "KRJ", "PEQ", "AJR", "JDX", "ELU", "WTS", "UNR", "VLS", "AUF", "ZZC", "MZZ", "AVF", "EZV", "XQV", "BUK", "OQB", "KNA", "CPJ", "ASI", "AZG", "QXJ", "UUH", "QJP", "VWB", "VEY", "TQK", "GVH", "JRX", "KDE", "VNH", "OKP", "BXE", "OUI", "KQV", "DWF", "WXX", "PQE", "VVI", "WEF", "MLM", "MGE", "ZWV", "VZF", "OMS", "UTJ", "OAK", "FDJ"]
-# # COINS = ["BTC", "ETH", "USDT"]
 UTS16 = 16
 UTS32 = 32
 UTS_FOR_TRUNK = 32
 MAX_UTS = 64
 USER_DATA_PATH = "./user_data/"
 CONFIG_PATH = "./sum_proof_data/config.json"
-
+PRECOMPUTED_PATH = "./precomputed_data/"

zk_STARK/fri.py

@@ -1,7 +1,6 @@
 from permuted_tree import merkelize, mk_branch, verify_branch, mk_multi_branch, verify_multi_branch
 from utils import get_power_cycle, get_pseudorandom_indices
 from poly_utils import PrimeField
-from fft import fft
 
 
 # Generate an FRI proof that the polynomial that has the specified
@@ -37,29 +36,35 @@ def prove_low_degree(values, root_of_unity, maxdeg_plus_1, modulus, exclude_mult
     quarter_len = len(xs)//4
     x_polys = f.multi_interp_4(
         [[xs[i+quarter_len*j] for j in range(4)] for i in range(quarter_len)],
-        [[values[i+quarter_len*j] for j in range(4)] for i in range(quarter_len)]
+        [[values[i+quarter_len*j]
+            for j in range(4)] for i in range(quarter_len)]
     )
     column = [f.eval_quartic(p, special_x) for p in x_polys]
     m2 = merkelize(column)
 
-    if(len(sample_indices) == 0):
+    if (len(sample_indices) == 0):
         # Pseudo-randomly select y indices to sample
-        sample_indices = get_pseudorandom_indices(m2[1], len(column), 16, exclude_multiples_of=exclude_multiples_of)
+        sample_indices = get_pseudorandom_indices(m2[1], len(
+            column), 16, exclude_multiples_of=exclude_multiples_of)
     else:
         # fold sample indices
         sample_indices = [y % len(column) for y in sample_indices]
 
     # Compute the positions for the values in the polynomial
-    poly_positions = sum([[y + (len(xs) // 4) * j for j in range(4)] for y in sample_indices], [])
+    poly_positions = sum([[y + (len(xs) // 4) * j for j in range(4)]
+                         for y in sample_indices], [])
 
     # This component of the proof, including Merkle branches
-    o = [m2[1], mk_multi_branch(m2, sample_indices), mk_multi_branch(m, poly_positions)]
+    o = [m2[1], mk_multi_branch(m2, sample_indices),
+         mk_multi_branch(m, poly_positions)]
 
     # Recurse...
     return [o] + prove_low_degree(column, f.exp(root_of_unity, 4),
                                   maxdeg_plus_1 // 4, modulus, exclude_multiples_of=exclude_multiples_of, sample_indices=sample_indices)
 
 # Verify an FRI proof
+
+
 def verify_low_degree_proof(merkle_root, root_of_unity, proof, maxdeg_plus_1, modulus, exclude_multiples_of=0):
     f = PrimeField(modulus)
 
@@ -79,7 +84,7 @@ def verify_low_degree_proof(merkle_root, root_of_unity, proof, maxdeg_plus_1, mo
 
     # Verify the recursive components of the proof
     sample_indices = []
-    for prf in proof[:-1]:      
+    for prf in proof[:-1]:
         root2, column_branches, poly_branches = prf
         # print('Verifying degree <= %d' % maxdeg_plus_1)
 
@@ -89,40 +94,45 @@ def verify_low_degree_proof(merkle_root, root_of_unity, proof, maxdeg_plus_1, mo
         if (len(sample_indices) == 0):
             # Calculate the pseudo-randomly sampled y indices
             sample_indices = get_pseudorandom_indices(root2, roudeg // 4, 16,
-                                      exclude_multiples_of=exclude_multiples_of)
+                                                      exclude_multiples_of=exclude_multiples_of)
         else:
             # fold sampled indices
             sample_indices = [y % (roudeg // 4) for y in sample_indices]
 
         # Compute the positions for the values in the polynomial
-        poly_positions = sum([[y + (roudeg // 4) * j for j in range(4)] for y in sample_indices], [])
+        poly_positions = sum(
+            [[y + (roudeg // 4) * j for j in range(4)] for y in sample_indices], [])
 
         # Verify Merkle branches
-        column_values = verify_multi_branch(root2, sample_indices, column_branches)
+        column_values = verify_multi_branch(
+            root2, sample_indices, column_branches)
         # print("column_values.len", len(column_values))
-        poly_values = verify_multi_branch(merkle_root, poly_positions, poly_branches)
+        poly_values = verify_multi_branch(
+            merkle_root, poly_positions, poly_branches)
 
         # For each y coordinate, get the x coordinates on the row, the values on
         # the row, and the value at that y from the column
         xcoords = []
         rows = []
         columnvals = []
-        for i, y in enumerate(sample_indices):  
+        for i, y in enumerate(sample_indices):
             # The x coordinates from the polynomial
             x1 = f.exp(root_of_unity, y)
-            xcoords.append([(quartic_roots_of_unity[j] * x1) % modulus for j in range(4)])  
+            xcoords.append([(quartic_roots_of_unity[j] * x1) %
+                           modulus for j in range(4)])
 
             # The values from the original polynomial
-            row = [int.from_bytes(x, 'big') for x in poly_values[i*4: i*4+4]]   
-            columnvals.append(int.from_bytes(column_values[i], 'big'))  
+            row = [int.from_bytes(x, 'big') for x in poly_values[i*4: i*4+4]]
+            columnvals.append(int.from_bytes(column_values[i], 'big'))
 
         # Verify for each selected y coordinate that the four points from the
-        # polynomial and the one point from the column that are on that y 
+        # polynomial and the one point from the column that are on that y
         # coordinate are on the same deg < 4 polynomial
-        polys = f.multi_interp_4(xcoords, rows)     
+        polys = f.multi_interp_4(xcoords, rows)
 
-        for p, c in zip(polys, columnvals):         
-            assert f.eval_quartic(p, special_x) == c, "failed in low degree test"
+        for p, c in zip(polys, columnvals):
+            assert f.eval_quartic(
+                p, special_x) == c, "failed in low degree test"
 
         # Update constants to check the next proof
         merkle_root = root2
@@ -132,7 +142,7 @@ def verify_low_degree_proof(merkle_root, root_of_unity, proof, maxdeg_plus_1, mo
 
     # Verify the direct components of the proof
     data = [int.from_bytes(x, 'big') for x in proof[-1]]
- 
+
     assert maxdeg_plus_1 <= 16, "the last verification should be less than 16 degree"
 
     # Check the Merkle root matches up
@@ -150,8 +160,7 @@ def verify_low_degree_proof(merkle_root, root_of_unity, proof, maxdeg_plus_1, mo
     poly = f.lagrange_interp([powers[x] for x in pts[:maxdeg_plus_1]],
                              [data[x] for x in pts[:maxdeg_plus_1]])
     for x in pts[maxdeg_plus_1:]:
-        assert f.eval_poly_at(poly, powers[x]) == data[x], "failed in low degree test"
+        assert f.eval_poly_at(
+            poly, powers[x]) == data[x], "failed in low degree test"
 
     return True
-
-