Feat : Added parameter selection logic (Part 3)

Cargo.toml

@@ -55,6 +55,7 @@ const-oid = "0.9.6"
 arrayvec = "0.7.6"
 derive-where = { version = "1.6.0", features = ["safe"] }
 ordered-float = { version = "5.1.0", features = ["serde"] }
+thiserror = "2.0"
 
 [dev-dependencies]
 proptest = "1.0"

proptest-regressions/protocols/params/basecase.txt

@@ -0,0 +1,10 @@
+# Seeds for failure cases proptest has generated in the past. It is
+# automatically read and these particular cases re-run before any
+# novel cases are generated.
+#
+# It is recommended to check this file in to source control so that
+# everyone who runs the test benefits from these saved cases.
+cc b6e8ae0b3e6a9769901e0e0e489da34965bf0a8df7dd049aef66e0541bf10baf # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, decoding_regime: Johnson, target_security_bits: 30, pow_budget: Forbidden, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c }, (log_size, log_inv_rate) = (1, 1)
+cc a2f771fc5031440200810b95ea2d347da895f8eb2e1a87f53fd69ad224287e84 # shrinks to spec = SecuritySpec { mode: Standard, decoding_regime: Johnson, target_security_bits: 30, pow_budget: Forbidden, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c }, (log_size, log_inv_rate) = (2, 2)
+cc f66c89bc700c79bca5f4b7234f1345129962c78e5a2036a6430564f615f19b30 # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, decoding_regime: Johnson, target_security_bits: 30, pow_budget: Forbidden, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c }, (log_size, log_inv_rate) = (1, 1)
+cc 312fec8a96f6f55f5d3c0346bdb85690f23150aadf88888d453041e99b05d414 # shrinks to spec = SecuritySpec { mode: Standard, decoding_regime: Johnson, target_security_bits: 39, pow_budget: Forbidden, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c }, (log_size, log_inv_rate) = (1, 1)

proptest-regressions/protocols/params/code_switch.txt

@@ -0,0 +1,13 @@
+# Seeds for failure cases proptest has generated in the past. It is
+# automatically read and these particular cases re-run before any
+# novel cases are generated.
+#
+# It is recommended to check this file in to source control so that
+# everyone who runs the test benefits from these saved cases.
+cc 7a7df094ea650db7a295d162b75dd9da9b52d1fc36947d2b07df8150cd9d906f # shrinks to spec = SecuritySpec { mode: Standard { unique_decoding: false }, target_security_bits: 80, vector_size: 256, starting_log_inv_rate: 1, initial_folding_factor: 4, folding_factor: 4, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, log_inv_rate = 1, folding_factor = 3, num_vars = 4
+cc b42c982074a04c7110df07cf00f45156607be547e176b1ddd5f9d994ad491ddb # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, target_security_bits: 80, vector_size: 256, starting_log_inv_rate: 1, initial_folding_factor: 4, folding_factor: 4, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, log_inv_rate = 1, folding_factor = 3, num_vars = 4
+cc eaf09a2b6bdffa86026264679f008326498ca800260dd2f17d4370df9fb3f801 # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, target_security_bits: 80, vector_size: 256, starting_log_inv_rate: 1, initial_folding_factor: 4, folding_factor: 4, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, log_inv_rate = 1, folding_factor = 3, num_vars = 4
+cc 3887a5fa698c99109e8262e843dbd24ea94b9c9d420791e4520b5c9211a3eca0 # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, target_security_bits: 100, vector_size: 256, starting_log_inv_rate: 1, initial_folding_factor: 4, folding_factor: 4, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, (log_inv_rate, folding_factor, num_vars) = (3, 2, 7)
+cc b3e128084f721e6f43e263e05acf2e2de6fcd05dccf3811f063eeb0b63d78f8e # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, target_security_bits: 47, max_pow_bits: Some(15), hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c }, (log_inv_rate, folding_factor, num_vars) = (3, 2, 4)
+cc b71da9002ceac9e4a74af097a7b087557a5b916fe8da47e39c4682375d749f88 # shrinks to spec = SecuritySpec { mode: Standard, decoding_regime: Johnson, target_security_bits: 50, pow_budget: Forbidden, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c }, (log_inv_rate, folding_factor, num_vars) = (1, 2, 4)
+cc 1981509d857e56772dd4a79f8692619e968891aa3d84576ea1857f6d9a484a2d # shrinks to spec = SecuritySpec { mode: Standard, decoding_regime: Johnson, target_security_bits: 50, pow_budget: Forbidden, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c }, (log_inv_rate, folding_factor, num_vars) = (1, 2, 4)

proptest-regressions/protocols/params/derive.txt

@@ -0,0 +1,7 @@
+# Seeds for failure cases proptest has generated in the past. It is
+# automatically read and these particular cases re-run before any
+# novel cases are generated.
+#
+# It is recommended to check this file in to source control so that
+# everyone who runs the test benefits from these saved cases.
+cc 104921a4117ed8255308c1ea5d3e12c72356ef72ef0d93fc0f24ed29f93fdd3a # shrinks to tuning = TuningSpec { vector_size: 32, starting_log_inv_rate: 3, folding_factor: Constant(1) }

proptest-regressions/protocols/params/irs_commit.txt

@@ -0,0 +1,8 @@
+# Seeds for failure cases proptest has generated in the past. It is
+# automatically read and these particular cases re-run before any
+# novel cases are generated.
+#
+# It is recommended to check this file in to source control so that
+# everyone who runs the test benefits from these saved cases.
+cc 0b6dd03179c9a4e38b29b34b241b88fba69348a2c8938af7253314b7035bea82 # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, target_security_bits: 80, vector_size: 256, starting_log_inv_rate: 1, initial_folding_factor: 4, folding_factor: 4, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, ctx = RoundContext { round_index: 0, vector_size: 16, log_inv_rate: 1, folding_factor: 1, prev_round_in_domain_samples: 0, prev_round_query_error: 0.0 }, out_domain = 0, seed = 0
+cc 7e49f7a2d53f55cfa2f09114d17ab4123678b45ddf69e0cfbc646b246de2f042 # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, target_security_bits: 80, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c }, ctx = RoundContext { vector_size: 128, log_inv_rate: 2, folding_factor: 2 }, out_domain = 11

proptest-regressions/protocols/params/sumcheck.txt

@@ -0,0 +1,12 @@
+# Seeds for failure cases proptest has generated in the past. It is
+# automatically read and these particular cases re-run before any
+# novel cases are generated.
+#
+# It is recommended to check this file in to source control so that
+# everyone who runs the test benefits from these saved cases.
+cc 0ffdc71948ed0315f4cf55fb8f2dd25bf71f7e41f53cd4fe35ee9da6fb125a20 # shrinks to spec = SecuritySpec { mode: Standard { unique_decoding: false }, target_security_bits: 86, vector_size: 256, starting_log_inv_rate: 1, initial_folding_factor: 4, folding_factor: 3, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, ctx = RoundContext { round_index: 0, vector_size: 32, log_inv_rate: 2, folding_factor: 1, prev_round_in_domain_samples: 0, prev_round_query_error: 0.0 }
+cc e8ab6549772cf6bf4c3af116ebcba3dbf295ffbe2aee4a94be7df4b9f45d61ec # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, target_security_bits: 91, vector_size: 256, starting_log_inv_rate: 1, initial_folding_factor: 4, folding_factor: 3, max_pow_bits: Some(10), hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, ctx = RoundContext { round_index: 0, vector_size: 16, log_inv_rate: 1, folding_factor: 1, prev_round_in_domain_samples: 0, prev_round_query_error: 0.0 }
+cc 8c4300cc375640956f81e9da5aef9ea11ef476ddc4dd253dc560afa07609262d # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, target_security_bits: 98, vector_size: 256, starting_log_inv_rate: 1, initial_folding_factor: 4, folding_factor: 3, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, ctx = RoundContext { round_index: 0, vector_size: 16, log_inv_rate: 1, folding_factor: 1, prev_round_in_domain_samples: 0, prev_round_query_error: 0.0 }
+cc 8ea40f13c63b4c0021386369ce698a5d9289381a39dc85db43d2d69b9b4877bb # shrinks to spec = SecuritySpec { mode: Standard { unique_decoding: false }, target_security_bits: 88, vector_size: 256, starting_log_inv_rate: 1, initial_folding_factor: 4, folding_factor: 3, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, ctx = RoundContext { round_index: 0, vector_size: 16, log_inv_rate: 3, folding_factor: 1, prev_round_in_domain_samples: 0, prev_round_query_error: 0.0 }
+cc f1dca600886474c74d857c547baea0c2b4faf45b2946036f21a008106396eb1c # shrinks to spec = SecuritySpec { mode: Standard { unique_decoding: false }, target_security_bits: 80, vector_size: 256, starting_log_inv_rate: 1, initial_folding_factor: 4, folding_factor: 3, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, ctx = RoundContext { round_index: 0, vector_size: 256, log_inv_rate: 3, folding_factor: 1, prev_round_in_domain_samples: 0, prev_round_query_error: 0.0 }
+cc 36d0f5929e8099fa8644b0511229cf11634e5a7a66d99c06099c304f5f7a8c6e # shrinks to spec = SecuritySpec { mode: ZeroKnowledge, target_security_bits: 47, max_pow_bits: None, hash_id: 03e01749ebcc0477924254eb482066b864a8dd4d77252464ca6f5b6f5cc05b4c, _embedding: PhantomData<whir::algebra::embedding::Identity<ark_ff::fields::models::fp::Fp<ark_ff::fields::models::fp::montgomery_backend::MontBackend<whir::algebra::fields::FConfig64, 1>, 1>>> }, ctx = RoundContext { round_index: 0, vector_size: 128, log_inv_rate: 4, folding_factor: 1, prev_round_in_domain_samples: 0, prev_round_query_error: 0.0 }

src/bin/benchmark.rs

@@ -18,6 +18,7 @@ use whir::{
     cmdline_utils::{AvailableFields, AvailableHash},
     hash::HASH_COUNTER,
     parameters::ProtocolParameters,
+    protocols::params::DecodingRegime,
     transcript::{codecs::Empty, Codec, DomainSeparator, ProverState, VerifierState},
 };
 
@@ -48,8 +49,8 @@ struct Args {
     #[arg(short = 'k', long = "fold", default_value = "4")]
     folding_factor: usize,
 
-    #[arg(long = "unique-decoding", default_value_t = false)]
-    unique_decoding: bool,
+    #[arg(long = "decoding-regime", default_value = "Johnson")]
+    decoding_regime: DecodingRegime,
 
     #[arg(short = 'f', long = "field", default_value = "Goldilocks3")]
     field: AvailableFields,
@@ -67,7 +68,7 @@ struct BenchmarkOutput {
     repetitions: usize,
     initial_folding_factor: usize,
     folding_factor: usize,
-    unique_decoding: bool,
+    decoding_regime: DecodingRegime,
     field: AvailableFields,
     hash: AvailableHash,
 
@@ -117,7 +118,7 @@ where
     let reps = args.verifier_repetitions;
     let folding_factor = args.folding_factor;
     let first_round_folding_factor = args.first_round_folding_factor;
-    let unique_decoding = args.unique_decoding;
+    let decoding_regime = args.decoding_regime;
 
     std::fs::create_dir_all("outputs").unwrap();
 
@@ -128,7 +129,7 @@ where
         pow_bits,
         initial_folding_factor: first_round_folding_factor,
         folding_factor,
-        unique_decoding,
+        decoding_regime,
         starting_log_inv_rate: starting_rate,
         batch_size: 1,
         hash_id: args.hash.hash_id(),
@@ -298,7 +299,7 @@ where
         repetitions: reps,
         initial_folding_factor: first_round_folding_factor,
         folding_factor,
-        unique_decoding,
+        decoding_regime,
         field: args.field,
         hash: args.hash,
 

src/bin/main.rs

@@ -14,6 +14,7 @@ use whir::{
     cmdline_utils::{AvailableFields, AvailableHash},
     hash::HASH_COUNTER,
     parameters::ProtocolParameters,
+    protocols::params::DecodingRegime,
     transcript::{codecs::Empty, Codec, DomainSeparator, ProverState, VerifierState},
 };
 
@@ -48,9 +49,9 @@ struct Args {
     #[arg(short = 'k', long = "fold", default_value = "4")]
     folding_factor: usize,
 
-    /// Restrict PCS to the Unique Decoding regime. LDT is always UD.
-    #[arg(long = "unique-decoding", default_value_t = false)]
-    unique_decoding: bool,
+    /// Reed–Solomon decoding regime: Unique or Johnson (list-decoding).
+    #[arg(long = "decoding-regime", default_value = "Johnson")]
+    decoding_regime: DecodingRegime,
 
     #[arg(short = 'f', long = "field", default_value = "Goldilocks3")]
     field: AvailableFields,
@@ -109,7 +110,7 @@ where
     let reps = args.verifier_repetitions;
     let first_round_folding_factor = args.first_round_folding_factor;
     let folding_factor = args.folding_factor;
-    let unique_decoding = args.unique_decoding;
+    let decoding_regime = args.decoding_regime;
     let num_evaluations = args.num_evaluations;
     let num_linear_constraints = args.num_linear_constraints;
     let hash_id = args.hash.hash_id();
@@ -125,7 +126,7 @@ where
         pow_bits,
         initial_folding_factor: first_round_folding_factor,
         folding_factor,
-        unique_decoding,
+        decoding_regime,
         starting_log_inv_rate: starting_rate,
         batch_size: 1,
         hash_id,
@@ -254,7 +255,7 @@ where
     let num_coeffs = 1 << num_variables;
 
     let whir_params = ProtocolParameters {
-        unique_decoding: args.unique_decoding,
+        decoding_regime: args.decoding_regime,
         security_level,
         pow_bits,
         initial_folding_factor: first_round_folding_factor,

src/parameters.rs

@@ -2,13 +2,13 @@ use std::fmt::{Debug, Display};
 
 use serde::{Deserialize, Serialize};
 
-use crate::engines::EngineId;
+use crate::{engines::EngineId, protocols::params::DecodingRegime};
 
 /// Configuration parameters for WHIR proofs.
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
 pub struct ProtocolParameters {
-    /// Whether to require unique decoding.
-    pub unique_decoding: bool,
+    /// Reed–Solomon decoding regime: `Unique` or `Johnson` (list-decoding).
+    pub decoding_regime: DecodingRegime,
     /// The logarithmic inverse rate for sampling.
     pub starting_log_inv_rate: usize,
     /// Folding factor for the initial round.
@@ -30,13 +30,7 @@ impl Display for ProtocolParameters {
         writeln!(
             f,
             "Targeting {}-bits of security with {}-bits of PoW using {} decoding",
-            self.security_level,
-            self.pow_bits,
-            if self.unique_decoding {
-                "unique"
-            } else {
-                "list"
-            }
+            self.security_level, self.pow_bits, self.decoding_regime,
         )?;
         writeln!(
             f,