winter_math/lib.rs
1// Copyright (c) Facebook, Inc. and its affiliates.
2//
3// This source code is licensed under the MIT license found in the
4// LICENSE file in the root directory of this source tree.
5
6//! This crate contains modules with mathematical operations needed in STARK proof generation
7//! and verification.
8//!
9//! Unless otherwise stated, all operations happen in [finite fields](https://en.wikipedia.org/wiki/Finite_field).
10//!
11//! # Finite fields
12//! [Finite field](fields) modules implements arithmetic operations in STARK-friendly finite
13//! fields. The operation include:
14//!
15//! * Basic arithmetic operations: addition, multiplication, subtraction, division, inversion.
16//! * Drawing random and pseudo-random elements from the field.
17//! * Computing roots of unity of a given order.
18//!
19//! Currently, there are two implementations of finite fields:
20//!
21//! * A 128-bit field with modulus 2<sup>128</sup> - 45 * 2<sup>40</sup> + 1. This field was not
22//! chosen with any significant thought given to performance, and the implementation of most
23//! operations is sub-optimal as well. Proofs generated in this field can support security level
24//! of ~100 bits. If higher level of security is desired, proofs must be generated in a quadratic
25//! extension of the field.
26//! * A 62-bit field with modulus 2<sup>62</sup> - 111 * 2<sup>39</sup> + 1. This field supports
27//! very fast modular arithmetic including branchless multiplication and addition. To achieve
28//! adequate security (i.e. ~100 bits), proofs must be generated in a quadratic extension of this
29//! field. For higher levels of security, a cubic extension field should be used.
30//! * A 64-bit field with modulus 2<sup>64</sup> - 2<sup>32</sup> + 1. This field is about 15%
31//! slower than the 62-bit field described above, but it has a number of other attractive
32//! properties. To achieve adequate security (i.e. ~100 bits), proofs must be generated in a
33//! quadratic extension of this field. For higher levels of security, a cubic extension field
34//! should be used.
35//!
36//! ## Extension fields
37//!
38//! Currently, the library provides a generic way to create quadratic and cubic extensions of
39//! supported STARK fields. This can be done by implementing [ExtensibleField] trait for
40//! degrees 2 and 3.
41//!
42//! Quadratic extension fields are defined using the following irreducible polynomials:
43//! * For [f62](crate::fields::f62) field, the polynomial is x<sup>2</sup> - x - 1.
44//! * For [f64](crate::fields::f64) field, the polynomial is x<sup>2</sup> - x + 2.
45//! * For [f128](crate::fields::f128) field, the polynomial is x<sup>2</sup> - x - 1.
46//!
47//! Cubic extension fields are defined using the following irreducible polynomials:
48//! * For [f62](crate::fields::f62) field, the polynomial is x<sup>3</sup> + 2x + 2.
49//! * For [f64](crate::fields::f64) field, the polynomial is x<sup>3</sup> - x - 1.
50//! * For [f128](crate::fields::f128) field, cubic extensions are not supported.
51//!
52//! # Polynomials
53//! [Polynomials](polynom) module implements basic polynomial operations such as:
54//!
55//! * Evaluation of a polynomial at a single or multiple point.
56//! * Interpolation of a polynomial from a set of points (using [Lagrange](https://en.wikipedia.org/wiki/Lagrange_polynomial)
57//! interpolation).
58//! * Addition, multiplication, subtraction, and division of polynomials.
59//! * Synthetic polynomial division (using [Ruffini's](https://en.wikipedia.org/wiki/Ruffini%27s_rule)
60//! method).
61//!
62//! # Fast Fourier transform
63//! [FFT](fft) module contains operations for computing Fast Fourier transform in a prime
64//! field (also called [Number-theoretic transform](https://en.wikipedia.org/wiki/Discrete_Fourier_transform_(general)#Number-theoretic_transform)).
65//! This can be used to interpolate and evaluate polynomials in *O(n log n)* time as long as
66//! the domain of the polynomial is a multiplicative subgroup with size which is a power of 2.
67//!
68//! # Concurrent execution
69//!
70//! When the crate is compiled with `concurrent` feature enabled, some operations will be
71//! executed in multiple threads (usually, as many threads as there are logical cores on
72//! the machine). These operations are:
73//!
74//! * crate:
75//! - [get_power_series()]
76//! - [get_power_series_with_offset()]
77//! - [add_in_place()]
78//! - [mul_acc()]
79//! - [batch_inversion()]
80//! * `fft` module:
81//! - [evaluate_poly()](fft::evaluate_poly())
82//! - [evaluate_poly_with_offset()](fft::evaluate_poly_with_offset())
83//! - [interpolate_poly()](fft::interpolate_poly())
84//! - [interpolate_poly_with_offset()][fft::interpolate_poly_with_offset()]
85//! - [get_twiddles()](fft::get_twiddles())
86//! - [get_inv_twiddles()](fft::get_twiddles())
87//!
88//! Number of threads can be configured via `RAYON_NUM_THREADS` environment variable
89
90#![no_std]
91
92#[macro_use]
93extern crate alloc;
94
95pub mod fft;
96pub mod polynom;
97
98mod field;
99pub use field::{ExtensibleField, ExtensionOf, FieldElement, StarkField, ToElements};
100pub mod fields {
101 //! Finite field implementations.
102 //!
103 //! This module contains concrete implementations of base STARK fields as well as extensions
104 //! of these field.
105
106 pub use super::field::{f128, f62, f64, CubeExtension, QuadExtension};
107}
108
109mod utils;
110pub use crate::utils::{
111 add_in_place, batch_inversion, get_power_series, get_power_series_with_offset, mul_acc,
112};