Skip to content

Batched FRI soundness #273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Julek wants to merge 225 commits into
base: main
Choose a base branch
from
Draft

Batched FRI soundness #273

Julek wants to merge 225 commits into from

Conversation

@Julek
Copy link
Collaborator

@Julek Julek commented Dec 9, 2025

Blueprint of Batched FRI soundness result from "Proximity Gaps for Reed-Solomon Codes" (section 8)

Julek and others added 30 commits June 16, 2025 04:51
@Julek
small improvement to statement of h_le_1 assumption of Polishchuk_Spi…
cc2629a 
…elman lemma
@quangvdao @BoltonBailey
Update ArkLib/Data/CodingTheory/BivariatePoly.lean
1ea945c 
Co-authored-by: Bolton Bailey <bolton.bailey@gmail.com>
@Julek
WIP
4c24ea3
@Julek
degreeX_mul done
6473dd3
@ElijahVlasov
Weighted degree
3b0e419
@ElijahVlasov
Root multiplicity
ede0236
@ElijahVlasov
WIP
5412d78
@ElijahVlasov
Decoder spec
07436ca
@ElijahVlasov
WIP
36619fd
@Ferinko @ElijahVlasov
fix typeclass inference
0dd8767
@ElijahVlasov
Guruswami-Sudan blueprint.
28fb534
@ElijahVlasov
After rebase
043f26d
@ElijahVlasov
Add proximity gap paper guruswami-sudan
7462c26
@ElijahVlasov
Add non-zero condition into GS
35ad389
@ElijahVlasov
Lemma 5.4
e8ab9f3
@katyhr @Julek
split filest
036b9b4
@katyhr @Julek
PS lemma second draft
f03501a
@katyhr @Julek
some changes
90dc65b
@katyhr @Julek
edited dependency
06709ab
@katyhr @Julek
new degreeX def
ca7c5e5
@katyhr @Julek
building the lemmas database
456fa03
@katyhr @Julek
division condition fixed, moved defs, some cleanup
b9d59ae
@katyhr @Julek
major cleanup and reorg, still some sorries left
7898607
@Julek
Removed some unneeded assumptions, fixed definitions with missing arg…
910c3de 
…uments, did a bit of linting, and fixing breaks due to rename of evalX and evalY
@Julek
simplified proof of quotient_nezero
daefa87
@Julek
Filled in sorrys in monomial_xy definition
34048f5
@Julek
Added monomial_xy_def, a simple equality that acts as an effective de…
ae025f8 
…finition, allowing lemmas from Mathlib about monomial to be leveraged, completed proof of monomial_xy_degree and added missing non-zero assumption to totalDegree_prod
@ElijahVlasov @Julek
Rebased FRI implementation
1c10793
@Julek
Fixes to the FRI implementation
c845d15
@ElijahVlasov @Julek
Rebased FRI implementation
2fc64ee
Julek and others added 20 commits November 15, 2025 06:29
@Julek
8.2 done?
c5bd31b
@Julek
Initial 8.1 cleanup
e8274ef
@Julek
fix of 8.1 to use CosetDomain instead of Domain
d943d60
@Julek
A bit more cleanup of 8.2
726f922
@Julek
8.1 WIP
08ec251
@Ferinko
sum_add_one made trivial
9828dbf
@Ferinko
sum_add_one
e745507
@Ferinko
first pass on 8.x
38f3714
@Ferinko
cleanup Soundness, SingleRound and Basic
d47c820
@Ferinko
pow_inj now uses pow_inj_mod
39e68ac
@Ferinko
D_def is now simple
74bfbad
@Ferinko
cleanup the instance issues, document what's happening
51ec87a
@Ferinko
the first version of reconcile
1fc8d7f
@Ferinko
fix aesop_reconcile, now does not need arguments
b86f532
@Julek
Closing 8.1 WIP
fd73b06
@Ferinko
fix aesop_reconcile; generalise over the group
52c618d
@Julek
Completed body of proof in body of f_succ'
eff7de0
@Julek
Merge branch 'Ferinko/ElijahVlasov/fri-soundness' of github.com:Nethe…
ffccee0 
…rmindEth/ZKLibFri into Ferinko/ElijahVlasov/fri-soundness
@Julek
WIP
785bb38
@Julek
Completed 8.3 + simplification of cosets and FinType proof for domains
53c4ff5
@github-actions
Copy link

github-actions bot commented Dec 9, 2025
edited
Loading

🤖 Gemini PR Summary

This diff represents a major step towards formalizing the security of the FRI protocol, underpinned by a significant refactoring of the algebraic and field theory libraries.

Here is a summary of the key changes:

  • Refactoring of Algebra Towers:

    • The custom AlgebraTower class has been renamed and refactored into TowerOfAlgebra and AssocTowerOfAlgebra. This change is propagated throughout the codebase, particularly in the binary field tower implementation.

  • Binary Field Tower Implementation:

    • The definitions for both the abstract (BTField) and concrete (ConcreteBTField using BitVec) binary field towers have been heavily reworked for greater clarity and correctness.
    • A formal equivalence between the abstract and concrete tower constructions (AssocTowerOfAlgebraEquiv) has been introduced, though the proofs are still in progress.

  • FRI Security Proof Framework:

    • A new file, ArkLib/ProofSystem/BatchedFri/Security.lean, has been added to lay the groundwork for FRI's soundness proof, referencing the "Proximity Gaps for Reed-Solomon Codes" paper.
    • ArkLib/Data/CodingTheory/ProximityGap.lean is significantly expanded with new sections defining concepts like "correlated agreement on a curve" and "weighted agreement," which are crucial for the security analysis.

  • Protocol Specification and Cleanup:

    • The FRI protocol's verifier logic and domain definitions have been cleaned up. For instance, the method for generating query points was simplified.
    • The implementation of the Additive NTT (AdditiveNTT/Impl.lean) was removed, likely to streamline focus on the FRI security proof.
    • Several proofs across the coding theory library have been temporarily replaced with sorry, indicating a work-in-progress refactoring.

In essence, this diff strengthens the algebraic foundations and introduces the core theoretical components required to formally prove the security of the FRI protocol.

Analysis of Changes

Metric Count
📝 Files Changed 19
Lines Added 3003
Lines Removed 3612

sorry Tracking

  • Added: 22 sorry(s)
    • theorem weighted_correlated_agreement_for_parameterized_curves' in ArkLib/Data/CodingTheory/ProximityGap.lean
    • lemma fri_query_soundness in ArkLib/ProofSystem/BatchedFri/Security.lean
    • lemma split_join_via_add_smul_eq_iff_split {k : ℕ} (h_pos : k > 0) in ArkLib/Data/FieldTheory/BinaryField/Tower/Impl.lean
    • instance {t l : ℕ} : in ArkLib/ProofSystem/BatchedFri/Security.lean
    • theorem weighted_correlated_agreement_for_parameterized_curves in ArkLib/Data/CodingTheory/ProximityGap.lean
    • lemma isInterleaved_codeOfLinearCode : (codeOfLinearCode κ LC).isInterleaved in ArkLib/Data/CodingTheory/InterleavedCode.lean
    • lemma algebraMap_eq_zero_x {i j : ℕ} (h_le : i < j) (x : BTField i) : in ArkLib/Data/FieldTheory/BinaryField/Tower/Basic.lean
    • lemma fri_round_consistency_completeness in ArkLib/ProofSystem/BatchedFri/Security.lean
    • theorem large_agreement_set_on_curve_implies_correlated_agreement {l : ℕ} in ArkLib/Data/CodingTheory/ProximityGap.lean
    • lemma list_agreement_on_curve_implies_correlated_agreement_bound in ArkLib/Data/CodingTheory/ProximityGap.lean
    • def hli_level_diff_0 (l : ℕ) : in ArkLib/Data/FieldTheory/BinaryField/Tower/Basic.lean
    • theorem generator_is_not_lifted_to_succ (k : ℕ) : in ArkLib/Data/FieldTheory/BinaryField/Tower/Impl.lean
    • theorem weighted_correlated_agreement_over_affine_spaces' in ArkLib/Data/CodingTheory/ProximityGap.lean
    • theorem large_agreement_set_on_curve_implies_correlated_agreement' {l : ℕ} in ArkLib/Data/CodingTheory/ProximityGap.lean
    • lemma sqrt_le_J {q x : ℚ} : in ArkLib/Data/CodingTheory/JohnsonBound/Basic.lean
    • theorem unique_linear_decomposition_succ (k : ℕ) : in ArkLib/Data/FieldTheory/BinaryField/Tower/Basic.lean
    • theorem minPoly_of_powerBasisSucc_generator (k : ℕ) : in ArkLib/Data/FieldTheory/BinaryField/Tower/Impl.lean
    • theorem average_proximity_implies_proximity_of_linear_subspace [DecidableEq ι] [DecidableEq F] in ArkLib/Data/CodingTheory/ProximityGap.lean
    • lemma fri_soundness in ArkLib/ProofSystem/BatchedFri/Security.lean
    • lemma sufficiently_large_list_agreement_on_curve_implies_correlated_agreement in ArkLib/Data/CodingTheory/ProximityGap.lean
    • theorem towerEquiv_commutes_left (i j : ℕ) (h : i ≤ j) : ∀ r : ConcreteBTField i, in ArkLib/Data/FieldTheory/BinaryField/Tower/Impl.lean
    • theorem weighted_correlated_agreement_over_affine_spaces in ArkLib/Data/CodingTheory/ProximityGap.lean

Last updated: 2025-12-09 13:35 UTC. See the main CI run for build status.

Julek
Julek commented Dec 9, 2025
View reviewed changes
ArkLib/ProofSystem/BatchedFri/Security.lean
([]ₒ ++ₒ
[((BatchedFri.Spec.BatchingRound.batchSpec 𝔽 t) ++ₚ
(Spec.pSpecFold D g k s ++ₚ Spec.FinalFoldPhase.pSpec 𝔽 ++ₚ
Spec.QueryRound.pSpec D g l)).Challenge]ₒ).FiniteRange := sorry
Copy link
Collaborator Author

@Julek Julek Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alexanderlhicks @quangvdao See here for typeclass inference issue 🙂

@alexanderlhicks alexanderlhicks self-assigned this Dec 9, 2025
@Julek Julek force-pushed the Ferinko/ElijahVlasov/fri-soundness branch from c540cf3 to 265b6cb Compare December 9, 2025 13:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@quangvdao quangvdao Awaiting requested review from quangvdao

@alexanderlhicks alexanderlhicks Awaiting requested review from alexanderlhicks

@Ferinko Ferinko Awaiting requested review from Ferinko

At least 1 approving review is required to merge this pull request.

Assignees

@alexanderlhicks alexanderlhicks

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

10 participants

@Julek @alexanderlhicks @quangvdao @ElijahVlasov @Ferinko @katyhr @dhsorens @BoltonBailey @winger