fix(franklin-crypto): range check goldilocks with naive gate (#37)

This PR adds missing range check for naive main gate that is missed during picking/dropping of previous rebase. --------- Co-authored-by: Igor Aleksanov <popzxc@yandex.ru> Co-authored-by: Oleksandr Stepanov <alexandrst88@gmail.com> Co-authored-by: olesHolem <oh@matterlabs.dev> Co-authored-by: zksync-admin-bot2 <91326834+zksync-admin-bot2@users.noreply.github.com> Co-authored-by: zksync-admin-bot2 <temp-bot@matterlabs.dev> Co-authored-by: Artem Makhortov <13339874+artmakh@users.noreply.github.com> Co-authored-by: zksync-era-bot <147085853+zksync-era-bot@users.noreply.github.com> Co-authored-by: zksync-era-bot <zksync-era-bot@users.noreply.github.com>
matter-labs · Oct 31, 2024 · 450cdfe · 450cdfe
1 parent 5d69bc6
commit 450cdfe
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/crates/fflonk/Cargo.toml b/crates/fflonk/Cargo.toml
@@ -8,7 +8,7 @@ repository.workspace = true
 license.workspace = true
 keywords.workspace = true
 categories.workspace = true
-description = "fflonk cryptographic library"
+description = "Reference implementation of fflonk prover and verifier"
 
 [dependencies]
 franklin-crypto.workspace = true
@@ -20,3 +20,7 @@ serde_json = "1"
 serde_derive = "1"
 bincode = "1.3"
 byteorder = "1"
+
+[features]
+default = ["sanity"]
+sanity = []
diff --git a/crates/franklin-crypto/src/plonk/circuit/goldilocks/mod.rs b/crates/franklin-crypto/src/plonk/circuit/goldilocks/mod.rs
@@ -57,11 +57,34 @@ pub fn range_check_for_num_bits<E: Engine, CS: ConstraintSystem<E>>(cs: &mut CS,
         // Name of the table should be checked
         if let Ok(table) = cs.get_table(BITWISE_LOGICAL_OPS_TABLE_NAME) {
             enforce_range_check_using_bitop_table(cs, &num.get_variable(), num_bits, table, true)?;
-        } else {
+        } else if <CS::Params as PlonkConstraintSystemParams<E>>::CAN_ACCESS_NEXT_TRACE_STEP {
             enforce_range_check_using_naive_approach(cs, &num.get_variable(), num_bits)?;
+        } else {
+            use crate::plonk::circuit::boolean::*;
+            let has_value = num.get_value().is_some();
+            let value = num.get_value().unwrap_or(E::Fr::zero());
+            let bits: Vec<_> = BitIterator::new(value.into_repr()).collect();
+            let allocated_bits: Vec<AllocatedBit> = bits
+                .into_iter()
+                .rev()
+                .take(num_bits)
+                .map(|bit| {
+                    let t = if has_value { Some(bit) } else { None };
+                    AllocatedBit::alloc(cs, t)
+                })
+                .collect::<Result<Vec<_>, SynthesisError>>()?;
+            let mut lc = LinearCombination::zero();
+            let mut coeff = E::Fr::one();
+            for b in allocated_bits.iter() {
+                lc.add_assign_bit_with_coeff(b, coeff);
+                coeff.double();
+            }
+            let mut minus_one = E::Fr::one();
+            minus_one.negate();
+            lc.add_assign_number_with_coeff(&num, minus_one);
+            lc.enforce_zero(cs)?;
         }
     }
-
     Ok(())
 }