chore: update and sync-up the recursive verifier (#1575)

CHANGELOG.md

@@ -21,6 +21,7 @@
 - Debug instructions can be enabled in the cli `run` command using `--debug` flag (#1502).
 - Added support for procedure annotation (attribute) syntax to Miden Assembly (#1510).
 - Make `miden-prover::prove()` method conditionally asynchronous (#1563).
+- Update and sync the recursive verifier (#1575).
 
 #### Changes
 

processor/src/operations/comb_ops.rs

@@ -14,8 +14,8 @@ impl Process {
     ///            \frac{T_i(x) - T_i(g \cdot z)}{x - g \cdot z} \right)}
     ///
     /// The instruction computes the numerators $\alpha_i \cdot (T_i(x) - T_i(z))$ and
-    /// $\alpha_i \cdot (T_i(x) - T_i(g \cdot z))$ and stores the values in two accumulators $p$
-    /// and $r$, respectively. This instruction is specialized to main trace columns i.e.
+    /// $\alpha_i \cdot (T_i(x) - T_i(g \cdot z))$ and stores the values in two accumulators $r$
+    /// and $p$, respectively. This instruction is specialized to main trace columns i.e.
     /// the values $T_i(x)$ are base field elements.
     ///
     /// The instruction is used in the context of STARK proof verification in order to compute
@@ -44,9 +44,9 @@ impl Process {
     /// 1. Ti for i in 0..=7 stands for the the value of the i-th trace polynomial for the current
     ///    query i.e. T_i(x).
     /// 2. (p0, p1) stands for an extension field element accumulating the values for the quotients
-    ///    with common denominator (x - z).
-    /// 3. (r0, r1) stands for an extension field element accumulating the values for the quotients
     ///    with common denominator (x - gz).
+    /// 3. (r0, r1) stands for an extension field element accumulating the values for the quotients
+    ///    with common denominator (x - z).
     /// 4. x_addr is the memory address from which we are loading the Ti's using the MSTREAM
     ///    instruction.
     /// 5. z_addr is the memory address to the i-th OOD evaluations at z and gz i.e. T_i(z):=
@@ -72,7 +72,7 @@ impl Process {
         // --- compute the updated accumulator values ---------------------------------------------
         let v0 = self.stack.get(7);
         let tx = QuadFelt::new(v0, ZERO);
-        let [p_new, r_new] = [p + alpha * (tx - tz), r + alpha * (tx - tgz)];
+        let [p_new, r_new] = [p + alpha * (tx - tgz), r + alpha * (tx - tz)];
 
         // --- rotate the top 8 elements of the stack ---------------------------------------------
         self.stack.set(0, t0);
@@ -258,8 +258,8 @@ mod tests {
         let a1 = a[1];
         let alpha = QuadFelt::new(a0, a1);
 
-        let p_new = p + alpha * (tx - tz);
-        let r_new = r + alpha * (tx - tgz);
+        let p_new = p + alpha * (tx - tgz);
+        let r_new = r + alpha * (tx - tz);
 
         assert_eq!(p_new.to_base_elements()[1], stack_state[8]);
         assert_eq!(p_new.to_base_elements()[0], stack_state[9]);
@@ -337,8 +337,8 @@ mod tests {
         let tz: Vec<QuadFelt> = tz_tgz.iter().step_by(2).map(|e| e.to_owned()).collect();
         let tgz: Vec<QuadFelt> = tz_tgz.iter().skip(1).step_by(2).map(|e| e.to_owned()).collect();
         for i in 0..8 {
-            p += a[i] * (QuadFelt::from(tx[i]) - tz[i]);
-            r += a[i] * (QuadFelt::from(tx[i]) - tgz[i]);
+            p += a[i] * (QuadFelt::from(tx[i]) - tgz[i]);
+            r += a[i] * (QuadFelt::from(tx[i]) - tz[i]);
         }
 
         // prepare the advice stack with the generated data

stdlib/asm/crypto/stark/constants.masm

@@ -5,6 +5,8 @@
 const.ROOT_UNITY=7277203076849721926
 const.DOMAIN_OFFSET=7
 const.DOMAIN_OFFSET_INV=2635249152773512046
+const.NUM_CONSTRAINT_COMPOSITION_COEF_MULTIPLIED_BY_TWO_ROUNDED_UP_TO_FOUR=224
+const.NUM_DEEP_COMPOSITION_COEF_MULTIPLIED_BY_TWO_ROUNDED_UP_TO_FOUR=88
 
 
 # MEMORY POINTERS
@@ -17,15 +19,15 @@ const.TRACE_DOMAIN_GENERATOR_PTR=4294799999
 const.PUBLIC_INPUTS_PTR=4294800000
 
 # OOD Frames
-# (72 + 9 + 8) * 2 * 2 Felt for current and next trace rows and 8 * 2 Felt for constraint composition
-# polynomials. Total memory slots required: ((72 + 9 + 8) * 2 * 2 + 8 * 2) / 4 = 93
+# (70 + 7) * 2 * 2 Felt for current and next trace rows and 8 * 2 Felt for constraint composition
+# polynomials. Total memory slots required: ((70 + 7) * 2 * 2 + 8 * 2) / 4 = 81
 const.OOD_TRACE_PTR=4294900000
-const.OOD_CONSTRAINT_EVALS_PTR=4294900081
+const.OOD_CONSTRAINT_EVALS_PTR=4294900077
 
 # Current trace row
-# 72 Felt for main portion of trace, 9 * 2 Felt for auxiliary portion of trace and 8 * 2 Felt for
+# 70 Felt for main portion of trace, 7 * 2 Felt for auxiliary portion of trace and 8 * 2 Felt for
 # constraint composition polynomials. Since we store these with the padding to make each of the
-# three portions a multiple of 8, the number of slots required is (80 + 24 + 16) / 4 = 30
+# three portions a multiple of 8, the number of slots required is (72 + 16 + 16) / 4 = 26
 const.CURRENT_TRACE_ROW_PTR=4294900100
 
 # Random elements
@@ -36,7 +38,7 @@ const.AUX_RAND_ELEM_PTR=4294900150
 const.COMPOSITION_COEF_PTR=4294900200
 
 # We need 2 Felt for each trace column and each of the 8 constraint composition columns. We thus need
-# (72 + 9 + 8) * 2 Felt i.e. 44 memory slots.
+# (70 + 7 + 8) * 2 Felt i.e. 43 memory slots.
 const.DEEP_RAND_CC_PTR=4294903000
 
 # FRI
@@ -80,7 +82,6 @@ const.GRINDING_FACTOR_PTR=4294903308
 
 # RPO capacity initialization words
 const.ZERO_WORD_PTR=4294903309
-const.ZERO_ZERO_ZERO_ONE_PTR=4294903310
 
 # State of RPO-based random coin
 const.C_PTR=4294903311
@@ -106,7 +107,7 @@ const.TMP8=4294903322
 #   | TRACE_DOMAIN_GENERATOR_PTR               |       4294799999        |
 #   | PUBLIC_INPUTS_PTR                        |       4294800000        |
 #   | OOD_TRACE_PTR                            |       4294900000        |
-#   | OOD_CONSTRAINT_EVALS_PTR                 |       4294900081        |
+#   | OOD_CONSTRAINT_EVALS_PTR                 |       4294900077        |
 #   | CURRENT_TRACE_ROW_PTR                    |       4294900100        |
 #   | AUX_RAND_ELEM_PTR                        |       4294900150        |
 #   | COMPOSITION_COEF_PTR                     |       4294900200        |
@@ -160,6 +161,14 @@ export.domain_offset_inv
     push.DOMAIN_OFFSET_INV
 end
 
+export.num_constraint_composition_coef_multiplied_by_two_and_rounded_up_to_4
+    push.NUM_CONSTRAINT_COMPOSITION_COEF_MULTIPLIED_BY_TWO_ROUNDED_UP_TO_FOUR
+end
+
+export.num_deep_composition_coef_multiplied_by_two_and_rounded_up_to_4
+    push.NUM_DEEP_COMPOSITION_COEF_MULTIPLIED_BY_TWO_ROUNDED_UP_TO_FOUR
+end
+
 export.public_inputs_ptr
     push.PUBLIC_INPUTS_PTR
 end
@@ -238,10 +247,6 @@ export.zero_word
     push.ZERO_WORD_PTR
 end
 
-export.zero_zero_zero_one_word
-    push.ZERO_ZERO_ZERO_ONE_PTR
-end
-
 #! Returns the pointer to the capacity word of the random coin.
 #!
 #! Note: The random coin is implemented using a hash function, this returns the