last relation

co-noir/ultrahonk/Cargo.toml

@@ -15,6 +15,7 @@ ark-ff.workspace = true
 ark-serialize.workspace = true
 eyre.workspace = true
 itertools.workspace = true
+lazy_static = "1.5"
 num-bigint.workspace = true
 sha3.workspace = true
 tracing.workspace = true

co-noir/ultrahonk/src/decider/relations/mod.rs

@@ -4,6 +4,7 @@ pub(crate) mod elliptic_relation;
 pub(crate) mod logderiv_lookup_relation;
 pub(crate) mod permutation_relation;
 pub(crate) mod poseidon2_external_relation;
+pub(crate) mod poseidon2_internal_relation;
 pub(crate) mod ultra_arithmetic_relation;
 
 use super::types::{ProverUnivariates, RelationParameters};

co-noir/ultrahonk/src/decider/relations/poseidon2_internal_relation.rs

@@ -0,0 +1,144 @@
+use std::str::FromStr;
+
+use super::Relation;
+use crate::decider::{
+    types::{ProverUnivariates, RelationParameters},
+    univariate::Univariate,
+};
+use ark_ec::pairing::Pairing;
+use ark_ff::{PrimeField, Zero};
+use lazy_static::lazy_static;
+use num_bigint::BigUint;
+
+// TODO is this the most beatiful way to do this?
+lazy_static! {
+    static ref INTERNAL_MATRIX_DIAG_0: BigUint = BigUint::from_str(
+        "7626475329478847982857743246276194948757851985510858890691733676098590062311"
+    )
+    .unwrap();
+    static ref INTERNAL_MATRIX_DIAG_1: BigUint = BigUint::from_str(
+        "5498568565063849786384470689962419967523752476452646391422913716315471115275"
+    )
+    .unwrap();
+    static ref INTERNAL_MATRIX_DIAG_2: BigUint = BigUint::from_str(
+        "148936322117705719734052984176402258788283488576388928671173547788498414613"
+    )
+    .unwrap();
+    static ref INTERNAL_MATRIX_DIAG_3: BigUint = BigUint::from_str(
+        "15456385653678559339152734484033356164266089951521103188900320352052358038155"
+    )
+    .unwrap();
+}
+
+#[derive(Clone, Debug, Default)]
+pub(crate) struct Poseidon2InternalRelationAcc<F: PrimeField> {
+    pub(crate) r0: Univariate<F, 7>,
+    pub(crate) r1: Univariate<F, 7>,
+    pub(crate) r2: Univariate<F, 7>,
+    pub(crate) r3: Univariate<F, 7>,
+}
+
+pub(crate) struct Poseidon2InternalRelation {}
+
+impl<P: Pairing> Relation<P> for Poseidon2InternalRelation {
+    type Acc = Poseidon2InternalRelationAcc<P::ScalarField>;
+    const SKIPPABLE: bool = true;
+
+    fn skip(input: &ProverUnivariates<P::ScalarField>) -> bool {
+        input.polys.precomputed.q_poseidon2_internal.is_zero()
+    }
+
+    /**
+     * @brief Expression for the poseidon2 internal round relation, based on I_i in Section 6 of
+     * https://eprint.iacr.org/2023/323.pdf.
+     * @details This relation is defined as C(in(X)...) :=
+     * q_poseidon2_internal * ( (v1 - w_1_shift) + \alpha * (v2 - w_2_shift) +
+     * \alpha^2 * (v3 - w_3_shift) + \alpha^3 * (v4 - w_4_shift) ) = 0 where:
+     *      u1 := (w_1 + q_1)^5
+     *      sum := u1 + w_2 + w_3 + w_4
+     *      v1 := u1 * D1 + sum
+     *      v2 := w_2 * D2 + sum
+     *      v3 := w_3 * D3 + sum
+     *      v4 := w_4 * D4 + sum
+     *      Di is the ith internal diagonal value - 1 of the internal matrix M_I
+     *
+     * @param evals transformed to `evals + C(in(X)...)*scaling_factor`
+     * @param in an std::array containing the fully extended Univariate edges.
+     * @param parameters contains beta, gamma, and public_input_delta, ....
+     * @param scaling_factor optional term to scale the evaluation before adding to evals.
+     */
+    fn accumulate(
+        input: &ProverUnivariates<P::ScalarField>,
+        _relation_parameters: &RelationParameters<P::ScalarField>,
+        scaling_factor: &P::ScalarField,
+    ) -> Self::Acc {
+        tracing::trace!("Accumulate Poseidon2InternalRelation");
+
+        let w_l = &input.polys.witness.w_l;
+        let w_r = &input.polys.witness.w_r;
+        let w_o = &input.polys.witness.w_o;
+        let w_4 = &input.w_4;
+        let w_l_shift = &input.polys.shifted.w_l;
+        let w_r_shift = &input.polys.shifted.w_r;
+        let w_o_shift = &input.polys.shifted.w_o;
+        let w_4_shift = &input.polys.shifted.w_4;
+        let q_l = &input.polys.precomputed.q_l;
+        let q_poseidon2_internal = &input.polys.precomputed.q_poseidon2_internal;
+
+        // add round constants
+        let s1 = w_l.to_owned() + q_l;
+
+        // apply s-box round
+        let mut u1 = s1.to_owned().sqr();
+        u1 = u1.sqr();
+        u1 *= s1;
+        let u2 = w_r.to_owned();
+        let u3 = w_o.to_owned();
+        let u4 = w_4.to_owned();
+
+        // matrix mul with v = M_I * u 4 muls and 7 additions
+        let sum = u1.to_owned() + &u2 + &u3 + &u4;
+
+        let q_pos_by_scaling = q_poseidon2_internal.to_owned() * scaling_factor;
+
+        let mut v1 = u1 * P::ScalarField::from(INTERNAL_MATRIX_DIAG_0.to_owned());
+        v1 += &sum;
+        let tmp = (v1 - w_l_shift) * &q_pos_by_scaling;
+        let mut r0 = Univariate::default();
+        for i in 0..r0.evaluations.len() {
+            r0.evaluations[i] = tmp.evaluations[i];
+        }
+
+        ///////////////////////////////////////////////////////////////////////
+
+        let mut v2 = u2 * P::ScalarField::from(INTERNAL_MATRIX_DIAG_1.to_owned());
+        v2 += &sum;
+        let tmp = (v2 - w_r_shift) * &q_pos_by_scaling;
+        let mut r1 = Univariate::default();
+        for i in 0..r1.evaluations.len() {
+            r1.evaluations[i] = tmp.evaluations[i];
+        }
+
+        ///////////////////////////////////////////////////////////////////////
+
+        let mut v3 = u3 * P::ScalarField::from(INTERNAL_MATRIX_DIAG_2.to_owned());
+        v3 += &sum;
+        let tmp = (v3 - w_o_shift) * &q_pos_by_scaling;
+        let mut r2 = Univariate::default();
+        for i in 0..r2.evaluations.len() {
+            r2.evaluations[i] = tmp.evaluations[i];
+        }
+
+        ///////////////////////////////////////////////////////////////////////
+
+        let mut v4 = u4 * P::ScalarField::from(INTERNAL_MATRIX_DIAG_3.to_owned());
+        v4 += sum;
+        let tmp = (v4 - w_4_shift) * q_pos_by_scaling;
+        let mut r3 = Univariate::default();
+        for i in 0..r3.evaluations.len() {
+            r3.evaluations[i] = tmp.evaluations[i];
+        }
+
+        Self::Acc { r0, r1, r2, r3 }
+    }
+}

co-noir/ultrahonk/src/decider/sumcheck_round.rs

@@ -13,6 +13,7 @@ use crate::{
             elliptic_relation::EllipticRelation, logderiv_lookup_relation::LogDerivLookupRelation,
             permutation_relation::UltraPermutationRelation,
             poseidon2_external_relation::Poseidon2ExternalRelation,
+            poseidon2_internal_relation::Poseidon2InternalRelation,
         },
         types::ProverUnivariates,
     },
@@ -180,6 +181,11 @@ impl SumcheckRound {
             relation_parameters,
             scaling_factor,
         );
+        let r8 = Self::accumulate_one_relation_univariates::<P, Poseidon2InternalRelation>(
+            extended_edges,
+            relation_parameters,
+            scaling_factor,
+        );
         todo!()
     }