Merge branch 'main' into plafer-lagrange-kernel

CHANGELOG.md

@@ -1,7 +1,14 @@
 # Changelog
 
+## 0.8.3 (2024-03-15)
+* Implemented `Serializable` and `Deserializable` on `String` (#258).
+* Extended range of possible implementations of `ByteReader` and `ByteWriter`. (#262).
+
+## 0.8.2 (2024-02-27) - `utils/core` crate only
+* Extend `write_many` to support `IntoIterator` (#251)
+
 ## 0.8.1 (2024-02-21)
-* Refactored util module re-exports to comply with latest clippy updates (#250).
+* Refactored utils module re-exports to comply with latest clippy updates (#250).
 
 ## 0.8.0 (2024-02-06)
 * Added variable-length serialization and deserialization for `usize` type (#238).

README.md

@@ -326,7 +326,7 @@ pub fn prove_work() -> (BaseElement, StarkProof) {
         0,  // grinding factor
         FieldExtension::None,
         8,   // FRI folding factor
-        128, // FRI max remainder length
+        127, // FRI remainder max degree
     );
 
     // Instantiate the prover and generate the proof.

air/Cargo.toml

@@ -1,12 +1,12 @@
 [package]
 name = "winter-air"
-version = "0.8.1"
+version = "0.8.3"
 description = "AIR components for the Winterfell STARK prover/verifier"
 authors = ["winterfell contributors"]
 readme = "README.md"
 license = "MIT"
 repository = "https://github.com/novifinancial/winterfell"
-documentation = "https://docs.rs/winter-air/0.8.1"
+documentation = "https://docs.rs/winter-air/0.8.3"
 categories = ["cryptography", "no-std"]
 keywords = ["crypto", "arithmetization", "air"]
 edition = "2021"

air/src/air/assertions/mod.rs

@@ -4,12 +4,12 @@
 // LICENSE file in the root directory of this source tree.
 
 use crate::errors::AssertionError;
+use alloc::vec::Vec;
 use core::{
     cmp::Ordering,
     fmt::{Display, Formatter},
 };
 use math::FieldElement;
-use utils::collections::*;
 
 #[cfg(test)]
 mod tests;

air/src/air/assertions/tests.rs

@@ -4,9 +4,9 @@
 // LICENSE file in the root directory of this source tree.
 
 use super::{Assertion, AssertionError};
+use alloc::vec::Vec;
 use math::{fields::f128::BaseElement, FieldElement};
 use rand_utils::{rand_value, rand_vector};
-use utils::collections::*;
 
 // SINGLE ASSERTIONS
 // ================================================================================================

air/src/air/boundary/constraint.rs

@@ -6,8 +6,8 @@
 use crate::LagrangeKernelEvaluationFrame;
 
 use super::{Assertion, ExtensionOf, FieldElement};
+use alloc::{collections::BTreeMap, vec::Vec};
 use math::{fft, polynom};
-use utils::collections::*;
 
 // BOUNDARY CONSTRAINT
 // ================================================================================================

air/src/air/boundary/constraint_group.rs

@@ -4,7 +4,7 @@
 // LICENSE file in the root directory of this source tree.
 
 use super::{Assertion, BoundaryConstraint, ConstraintDivisor, ExtensionOf, FieldElement};
-use utils::collections::*;
+use alloc::{collections::BTreeMap, vec::Vec};
 
 // BOUNDARY CONSTRAINT GROUP
 // ================================================================================================

air/src/air/boundary/mod.rs

@@ -4,8 +4,11 @@
 // LICENSE file in the root directory of this source tree.
 
 use super::{AirContext, Assertion, ConstraintDivisor};
+use alloc::{
+    collections::{BTreeMap, BTreeSet},
+    vec::Vec,
+};
 use math::{ExtensionOf, FieldElement};
-use utils::collections::*;
 
 mod constraint;
 pub use constraint::{BoundaryConstraint, LagrangeKernelBoundaryConstraint};

air/src/air/boundary/tests.rs

@@ -7,10 +7,10 @@ use super::{
     super::tests::{build_prng, build_sequence_poly},
     Assertion, BoundaryConstraint,
 };
+use alloc::{collections::BTreeMap, vec::Vec};
 use crypto::{hashers::Blake3_256, DefaultRandomCoin, RandomCoin};
 use math::{fields::f64::BaseElement, polynom, FieldElement, StarkField};
 use rand_utils::{rand_value, rand_vector, shuffle};
-use utils::collections::*;
 
 // BOUNDARY CONSTRAINT TESTS
 // ================================================================================================

air/src/air/coefficients.rs

@@ -3,8 +3,8 @@
 // This source code is licensed under the MIT license found in the
 // LICENSE file in the root directory of this source tree.
 
+use alloc::vec::Vec;
 use math::FieldElement;
-use utils::collections::*;
 
 // AUXILIARY TRACE SEGMENT RANDOMNESS
 // ================================================================================================

air/src/air/context.rs

@@ -4,9 +4,9 @@
 // LICENSE file in the root directory of this source tree.
 
 use crate::{air::TransitionConstraintDegree, ProofOptions, TraceInfo};
+use alloc::vec::Vec;
 use core::cmp;
 use math::StarkField;
-use utils::collections::*;
 
 // AIR CONTEXT
 // ================================================================================================

air/src/air/divisor.rs

@@ -4,9 +4,9 @@
 // LICENSE file in the root directory of this source tree.
 
 use crate::air::Assertion;
+use alloc::vec::Vec;
 use core::fmt::{Display, Formatter};
 use math::{FieldElement, StarkField};
-use utils::collections::*;
 
 // CONSTRAINT DIVISOR
 // ================================================================================================

air/src/air/mod.rs

@@ -4,9 +4,9 @@
 // LICENSE file in the root directory of this source tree.
 
 use crate::ProofOptions;
+use alloc::{collections::BTreeMap, vec::Vec};
 use crypto::{RandomCoin, RandomCoinError};
 use math::{fft, ExtensibleField, ExtensionOf, FieldElement, StarkField, ToElements};
-use utils::collections::*;
 
 mod trace_info;
 pub use trace_info::TraceInfo;

air/src/air/tests.rs

@@ -8,9 +8,9 @@ use super::{
     TransitionConstraintDegree,
 };
 use crate::{AuxTraceRandElements, FieldExtension};
+use alloc::{collections::BTreeMap, vec::Vec};
 use crypto::{hashers::Blake3_256, DefaultRandomCoin, RandomCoin};
 use math::{fields::f64::BaseElement, get_power_series, polynom, FieldElement, StarkField};
-use utils::collections::*;
 
 // PERIODIC COLUMNS
 // ================================================================================================

air/src/air/trace_info.rs

@@ -3,11 +3,9 @@
 // This source code is licensed under the MIT license found in the
 // LICENSE file in the root directory of this source tree.
 
+use alloc::{string::ToString, vec::Vec};
 use math::{StarkField, ToElements};
-use utils::{
-    collections::*, string::*, ByteReader, ByteWriter, Deserializable, DeserializationError,
-    Serializable,
-};
+use utils::{ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable};
 
 // CONSTANTS
 // ================================================================================================

air/src/air/transition/degree.rs

@@ -4,8 +4,8 @@
 // LICENSE file in the root directory of this source tree.
 
 use super::{super::super::ProofOptions, MIN_CYCLE_LENGTH};
+use alloc::vec::Vec;
 use core::cmp;
-use utils::collections::*;
 
 // TRANSITION CONSTRAINT DEGREE
 // ================================================================================================

air/src/air/transition/frame.rs

@@ -4,8 +4,8 @@
 // LICENSE file in the root directory of this source tree.
 
 use super::FieldElement;
+use alloc::vec::Vec;
 use math::{polynom, StarkField};
-use utils::collections::*;
 
 // EVALUATION FRAME
 // ================================================================================================

air/src/air/transition/mod.rs

@@ -4,7 +4,7 @@
 // LICENSE file in the root directory of this source tree.
 
 use super::{AirContext, ConstraintDivisor, ExtensionOf, FieldElement};
-use utils::collections::*;
+use alloc::vec::Vec;
 
 mod frame;
 pub use frame::{EvaluationFrame, LagrangeKernelEvaluationFrame};

air/src/lib.rs

@@ -27,9 +27,8 @@
 //! This crate also contains components describing STARK protocol parameters ([ProofOptions]) and
 //! proof structure ([StarkProof](proof::StarkProof)).
 
-#![cfg_attr(not(feature = "std"), no_std)]
+#![no_std]
 
-#[cfg(not(feature = "std"))]
 #[macro_use]
 extern crate alloc;
 

air/src/options.rs

@@ -3,11 +3,10 @@
 // This source code is licensed under the MIT license found in the
 // LICENSE file in the root directory of this source tree.
 
+use alloc::vec::Vec;
 use fri::FriOptions;
 use math::{StarkField, ToElements};
-use utils::{
-    collections::*, ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable,
-};
+use utils::{ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable};
 
 // CONSTANTS
 // ================================================================================================

air/src/proof/commitments.rs

@@ -3,10 +3,10 @@
 // This source code is licensed under the MIT license found in the
 // LICENSE file in the root directory of this source tree.
 
+use alloc::vec::Vec;
 use crypto::Hasher;
 use utils::{
-    collections::*, ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable,
-    SliceReader,
+    ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable, SliceReader,
 };
 
 // COMMITMENTS

air/src/proof/context.rs

@@ -4,11 +4,9 @@
 // LICENSE file in the root directory of this source tree.
 
 use crate::{ProofOptions, TraceInfo};
+use alloc::{string::ToString, vec::Vec};
 use math::{StarkField, ToElements};
-use utils::{
-    collections::*, string::*, ByteReader, ByteWriter, Deserializable, DeserializationError,
-    Serializable,
-};
+use utils::{ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable};
 
 // PROOF CONTEXT
 // ================================================================================================

air/src/proof/mod.rs

@@ -6,13 +6,12 @@
 //! Contains STARK proof struct and associated components.
 
 use crate::{ProofOptions, TraceInfo};
+use alloc::vec::Vec;
 use core::cmp;
 use crypto::Hasher;
 use fri::FriProof;
 use math::FieldElement;
-use utils::{
-    collections::*, ByteReader, Deserializable, DeserializationError, Serializable, SliceReader,
-};
+use utils::{ByteReader, Deserializable, DeserializationError, Serializable, SliceReader};
 
 mod context;
 pub use context::Context;

air/src/proof/ood_frame.rs

@@ -3,10 +3,10 @@
 // This source code is licensed under the MIT license found in the
 // LICENSE file in the root directory of this source tree.
 
+use alloc::vec::Vec;
 use math::FieldElement;
 use utils::{
-    collections::*, ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable,
-    SliceReader,
+    ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable, SliceReader,
 };
 
 use crate::LagrangeKernelEvaluationFrame;

air/src/proof/queries.rs

@@ -4,11 +4,11 @@
 // LICENSE file in the root directory of this source tree.
 
 use super::Table;
+use alloc::vec::Vec;
 use crypto::{BatchMerkleProof, ElementHasher, Hasher};
 use math::FieldElement;
 use utils::{
-    collections::*, ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable,
-    SliceReader,
+    ByteReader, ByteWriter, Deserializable, DeserializationError, Serializable, SliceReader,
 };
 
 // QUERIES

air/src/proof/table.rs

@@ -4,9 +4,9 @@
 // LICENSE file in the root directory of this source tree.
 
 use super::{DeserializationError, SliceReader};
+use alloc::vec::Vec;
 use core::iter::FusedIterator;
 use math::FieldElement;
-use utils::collections::*;
 use utils::ByteReader;
 
 // CONSTANTS

crypto/Cargo.toml

@@ -1,12 +1,12 @@
 [package]
 name = "winter-crypto"
-version = "0.8.1"
+version = "0.8.3"
 description = "Cryptographic library for the Winterfell STARK prover/verifier"
 authors = ["winterfell contributors"]
 readme = "README.md"
 license = "MIT"
 repository = "https://github.com/novifinancial/winterfell"
-documentation = "https://docs.rs/winter-crypto/0.8.1"
+documentation = "https://docs.rs/winter-crypto/0.8.3"
 categories = ["cryptography", "no-std"]
 keywords = ["crypto", "merkle-tree", "hash"]
 edition = "2021"

crypto/README.md

@@ -8,7 +8,6 @@ This crate contains modules with cryptographic operations needed in STARK proof
 * BLAKE3 with either 256-bit or 192-bit output. The smaller output version can be used to reduce STARK proof size, however, it also limits proof security level to at most 96 bits.
 * Rescue Prime over a 64-bit field with 256-bit output and over a 62-bit field with 248-bit output. Rescue is an arithmetization-friendly hash function and can be used in the STARK protocol when recursive proof composition is desired. However, using this function is not yet supported by the Winterfell STARK prover and verifier.
 * Rescue Prime over the same 64-bit field as above, with 256-bit output, but using the novel [Jive compression mode](https://eprint.iacr.org/2022/840.pdf) to obtain a smaller state and faster 2-to-1 compression.
-* Griffin over the same 64-bit field as above, with 256-bit output, also using the novel [Jive compression mode](https://eprint.iacr.org/2022/840.pdf) to obtain a smaller state and faster 2-to-1 compression.
 
 ### Rescue hash function implementation
 Rescue hash function is implemented according to the Rescue Prime [specifications](https://eprint.iacr.org/2020/1143.pdf) with the following exception:
@@ -45,36 +44,19 @@ The parameters used to instantiate the functions are:
   - S-Box degree: 3.
   - Target security level: 124-bits.
 
-### Griffin hash function implementation
-Griffin hash function is implemented according to the Griffin [specifications](https://eprint.iacr.org/2022/403.pdf) with the following differences:
-* We set the number of rounds to 7, which implies a 15% security margin instead of the 20% margin used in the specifications (a 20% margin rounds up to 8 rounds), similarly to the motivation on Rescue above.
-* When hashing a sequence of elements, we follow the [Hirose padding](https://www.researchgate.net/publication/325706626_Sequential_Hashing_with_Minimum_Padding) specification, similarly to RPJive64_256 instantiation. However, this means that our instantiation of Griffin cannot be used in a stream mode as the number of elements to be hashed must be known upfront.
-* For instantiation `GriffinJive64_256`, we also make the following modifications:
-  - Instead of using the matrix suggested by the Griffin specification paper, we use a methodology developed by Polygon Zero to find an MDS matrix with coefficients which are small powers of two in frequency domain. This allows us to dramatically reduce MDS matrix multiplication time. We claim without proof that using a different MDS matrix does not affect security of the hash function.
-  - We use Jive as compression mode for 2-to-1 hashing. Similarly to `RpJive64_256` above, the output of the hash function is not the same when we hash 8 field elements as a sequence of elements using `hash_elements()` function and when we compress 8 field elements into 4 (e.g., for building a Merkle tree) using the 2-to-1 Jive compression mode.
-
-The parameters used to instantiate the function are:
-* For `GriffinJive64_256`:
-  - Field: 64-bit prime field with modulus 2<sup>64</sup> - 2<sup>32</sup> + 1.
-  - State width: 8 field elements.
-  - Capacity size: 4 field elements.
-  - Digest size: 4 field elements (can be serialized into 32 bytes).
-  - Number of founds: 7.
-  - S-Box degree: 7.
-  - Target security level: 128-bits.
 
 ### Hash function performance
 One of the core operations performed during STARK proof generation is construction of Merkle trees. We care greatly about building these trees as quickly as possible, and thus, for the purposes of STARK protocol, 2-to-1 hash operation (e.g., computing a hash of two 32-byte values) is especially important. The table below contains rough benchmarks for computing a 2-to-1 hash for all currently implemented hash functions.
 
-| CPU                         | BLAKE3_256 | SHA3_256 | RP64_256 | RPJ64_256 | RP62_248 | GriffinJ64_256 |
-| --------------------------- | :--------: | :------: | :------: | :-------: | :------: | :------------: |
-| Apple M1 Pro                | 76 ns      | 227 ns   | 5.1 us   | 3.8 us    | 7.1 us   | 2.2 us         |
-| AMD Ryzen 9 5950X @ 3.4 GHz | 62 ns      | 310 ns   | 5.2 us   | 3.9 us    | 6.9 us   | 1.5 us         |
-| Core i9-9980KH @ 2.4 GHz    | 66 ns      | 400 ns   | -        | -         | 6.6 us   | -              |
-| Core i5-7300U @ 2.6 GHz     | 81 ns      | 540 ns   | -        | -         | 9.5 us   | -              |
-| Core i5-4300U @ 1.9 GHz     | 106 ns     | 675 ns   | -        | -         | 13.9 us  | -              |
+| CPU                         | BLAKE3_256 | SHA3_256 | RP64_256 | RPJ64_256 | RP62_248 |
+| --------------------------- | :--------: | :------: | :------: | :-------: | :------: |
+| Apple M1 Pro                | 76 ns      | 227 ns   | 5.1 us   | 3.8 us    | 7.1 us   |
+| AMD Ryzen 9 5950X @ 3.4 GHz | 62 ns      | 310 ns   | 5.2 us   | 3.9 us    | 6.9 us   |
+| Core i9-9980KH @ 2.4 GHz    | 66 ns      | 400 ns   | -        | -         | 6.6 us   |
+| Core i5-7300U @ 2.6 GHz     | 81 ns      | 540 ns   | -        | -         | 9.5 us   |
+| Core i5-4300U @ 1.9 GHz     | 106 ns     | 675 ns   | -        | -         | 13.9 us  |
 
-As can be seen from the table, BLAKE3 is by far the fastest hash function, while our implementations of algebraic hashes are between 30x (Griffin) and 70x (Rescue-Prime) slower than BLAKE3 and between 10x (Griffin) and 20x (Rescue-Prime) slower than SHA3.
+As can be seen from the table, BLAKE3 is by far the fastest hash function, while our implementations of algebraic hashes are 70x slower than BLAKE3 and 20x slower than SHA3.
 
 ## Merkle
 [Merkle](src/merkle) module contains an implementation of a Merkle tree which supports batch proof generation and verification. Batch proofs are based on the Octopus algorithm described [here](https://eprint.iacr.org/2017/933).