diff --git a/plonky2/src/gadgets/split_base.rs b/plonky2/src/gadgets/split_base.rs index 3dca1f8f01..8bfef33907 100644 --- a/plonky2/src/gadgets/split_base.rs +++ b/plonky2/src/gadgets/split_base.rs @@ -103,7 +103,10 @@ impl, const B: usize, const D: usize> SimpleGenerat .iter() .map(|&t| witness.get_bool_target(t)) .rev() - .fold(F::ZERO, |acc, limb| acc.mul_u32(B as u32 + limb as u32)); + .fold(F::ZERO, |acc, limb| { + let t = acc.to_noncanonical_u64() as u128 * B as u128 + limb as u128; + F::from_noncanonical_u96((t as u64, (t >> 64) as u32)) + }); out_buffer.set_target(Target::wire(self.row, BaseSumGate::::WIRE_SUM), sum); } diff --git a/plonky2/src/gates/base_sum.rs b/plonky2/src/gates/base_sum.rs index 181252a2d3..40fddbe46f 100644 --- a/plonky2/src/gates/base_sum.rs +++ b/plonky2/src/gates/base_sum.rs @@ -16,7 +16,9 @@ use crate::iop::target::Target; use crate::iop::witness::{PartitionWitness, Witness, WitnessWrite}; use crate::plonk::circuit_builder::CircuitBuilder; use crate::plonk::circuit_data::{CircuitConfig, CommonCircuitData}; -use crate::plonk::plonk_common::{reduce_with_powers, reduce_with_powers_ext_circuit}; +use crate::plonk::plonk_common::{ + reduce_with_powers, reduce_with_powers_ext_circuit, reduce_with_powers_u32, +}; use crate::plonk::vars::{ EvaluationTargets, EvaluationVars, EvaluationVarsBase, EvaluationVarsBaseBatch, EvaluationVarsBasePacked, @@ -67,7 +69,7 @@ impl, const D: usize, const B: usize> Gate fo fn eval_unfiltered(&self, vars: EvaluationVars) -> Vec { let sum = vars.local_wires[Self::WIRE_SUM]; let limbs = vars.local_wires[self.limbs()].to_vec(); - let computed_sum = reduce_with_powers(&limbs, F::Extension::from_canonical_usize(B)); + let computed_sum = reduce_with_powers_u32(&limbs, B as u32); let mut constraints = vec![computed_sum - sum]; for limb in limbs { constraints.push( @@ -156,7 +158,7 @@ impl, const D: usize, const B: usize> PackedEvaluab ) { let sum = vars.local_wires[Self::WIRE_SUM]; let limbs = vars.local_wires.view(self.limbs()); - let computed_sum = reduce_with_powers(limbs, F::from_canonical_usize(B)); + let computed_sum = reduce_with_powers_u32(limbs, B as u32); yield_constr.one(computed_sum - sum);