From 880f39faeb8fc8e8ad26f939129fc1e5ea8f6163 Mon Sep 17 00:00:00 2001 From: Robin Salen Date: Mon, 31 Jul 2023 09:18:34 -0400 Subject: [PATCH] Assume MULTIPLICATIVE_GROUP_GENERATOR to be small for prime fields --- field/src/types.rs | 3 +++ plonky2/src/plonk/prover.rs | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/field/src/types.rs b/field/src/types.rs index 6eb5fed99d..6c1c621640 100644 --- a/field/src/types.rs +++ b/field/src/types.rs @@ -84,6 +84,9 @@ pub trait Field: const CHARACTERISTIC_TWO_ADICITY: usize; /// Generator of the entire multiplicative group, i.e. all non-zero elements. + /// + /// **For prime fields, this element is expected to fit in a u32 + /// when canonically reduced.** const MULTIPLICATIVE_GROUP_GENERATOR: Self; /// Generator of a multiplicative subgroup of order `2^TWO_ADICITY`. const POWER_OF_TWO_GENERATOR: Self; diff --git a/plonky2/src/plonk/prover.rs b/plonky2/src/plonk/prover.rs index 53dc2a7a2b..f579b11c33 100644 --- a/plonky2/src/plonk/prover.rs +++ b/plonky2/src/plonk/prover.rs @@ -697,7 +697,9 @@ fn compute_quotient_polys< let mut local_wires_batch_refs = Vec::with_capacity(xs_batch.len()); for (&i, &x) in indices_batch.iter().zip(xs_batch) { - let shifted_x = F::coset_shift() * x; + // F::coset_shift() returns the multiplicative generator, + // which fits in a u32 for `RichField`. + let shifted_x = x.mul_u32(F::coset_shift().to_noncanonical_u64() as u32); let i_next = (i + next_step) % lde_size; let local_constants_sigmas = prover_data .constants_sigmas_commitment