Crate winter_math

source · [−]

Expand description

This crate contains modules with mathematical operations needed in STARK proof generation and verification.

Unless otherwise stated, all operations happen in finite fields.

Finite fields

Finite field modules implements arithmetic operations in STARK-friendly finite fields. The operation include:

Basic arithmetic operations: addition, multiplication, subtraction, division, inversion.
Drawing random and pseudo-random elements from the field.
Computing roots of unity of a given order.

Currently, there are two implementations of finite fields:

A 128-bit field with modulus 2¹²⁸ - 45 * 2⁴⁰ + 1. This field was not chosen with any significant thought given to performance, and the implementation of most operations is sub-optimal as well. Proofs generated in this field can support security level of ~100 bits. If higher level of security is desired, proofs must be generated in a quadratic extension of the field.
A 62-bit field with modulus 2⁶² - 111 * 2³⁹ + 1. This field supports very fast modular arithmetic including branchless multiplication and addition. To achieve adequate security (i.e. ~100 bits), proofs must be generated in a quadratic extension of this field. For higher levels of security, a cubic extension field should be used.
A 64-bit field with modulus 2⁶⁴ - 2³² + 1. This field is about 15% slower than the 62-bit field described above, but it has a number of other attractive properties. To achieve adequate security (i.e. ~100 bits), proofs must be generated in a quadratic extension of this field. For higher levels of security, a cubic extension field should be used.

Extension fields

Currently, the library provides a generic way to create quadratic and cubic extensions of supported STARK fields. This can be done by implementing ExtensibleField trait for degrees 2 and 3.

Quadratic extension fields are defined using the following irreducible polynomials:

For f62 field, the polynomial is x² - x - 1.
For f64 field, the polynomial is x² - x + 2.
For f128 field, the polynomial is x² - x - 1.

Cubic extension fields are defined using the following irreducible polynomials:

For f62 field, the polynomial is x³ + 2x + 2.
For f64 field, the polynomial is x³ - x - 1.
For f128 field, cubic extensions are not supported.

Polynomials

Polynomials module implements basic polynomial operations such as:

Evaluation of a polynomial at a single or multiple point.
Interpolation of a polynomial from a set of points (using Lagrange interpolation).
Addition, multiplication, subtraction, and division of polynomials.
Synthetic polynomial division (using Ruffini’s method).

FFT module contains operations for computing Fast Fourier transform in a prime field (also called Number-theoretic transform). This can be used to interpolate and evaluate polynomials in O(n log n) time as long as the domain of the polynomial is a multiplicative subgroup with size which is a power of 2.

Concurrent execution

When the crate is compiled with concurrent feature enabled, some operations will be executed in multiple threads (usually, as many threads as there are logical cores on the machine). These operations are: