chore: remove computation of roots from bloblib runtime code (#11365)

This PR means that we no longer need to calculate all of the roots of unity at runtime.
AztecProtocol · Jan 30, 2025 · 0e21c99 · 0e21c99
1 parent f46897c
commit 0e21c99
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 13 deletions.
diff --git a/noir-projects/noir-protocol-circuits/crates/blob/src/blob.nr b/noir-projects/noir-protocol-circuits/crates/blob/src/blob.nr
@@ -1,7 +1,6 @@
 use crate::{
     blob_public_inputs::{BlobCommitment, BlobPublicInputs, BlockBlobPublicInputs},
     config::{D_INV, F, LOG_FIELDS_PER_BLOB, ROOTS},
-    unconstrained_config::compute_roots_of_unity,
 };
 
 use bigint::{BigNum, BigNumTrait};
@@ -184,9 +183,6 @@ pub fn evaluate_blobs(
  * @return y = p(z)
  */
 fn barycentric_evaluate_blob_at_z(z: F, ys: [F; FIELDS_PER_BLOB]) -> F {
-    // TODO(#9982): Delete below and go back to using config.nr - calculating ROOTS in unconstrained is insecure.
-    let UNCONSTRAINED_ROOTS = unsafe { compute_roots_of_unity() };
-
     // Note: it's more efficient (saving 30k constraints) to compute:
     //    ___d-1
     //    \     /    y_i    \
@@ -205,7 +201,7 @@ fn barycentric_evaluate_blob_at_z(z: F, ys: [F; FIELDS_PER_BLOB]) -> F {
     //    i=0
     //
     // perhaps because all the omega^i terms are constant witnesses?
-    let fracs = compute_fracs(z, ys, UNCONSTRAINED_ROOTS);
+    let fracs = compute_fracs(z, ys);
 
     // OK so...we can add multiple product terms into a sum...but I am not sure how many!
     // we are computing 254 * 254 bit products and we need to ensure each product limb doesn't overflow
@@ -223,8 +219,7 @@ fn barycentric_evaluate_blob_at_z(z: F, ys: [F; FIELDS_PER_BLOB]) -> F {
     //                    i=0
     let NUM_PARTIAL_SUMS = FIELDS_PER_BLOB / 8;
     /// Safety: This sum is checked by the following `BigNum::evaluate_quadratic_expression` calls.
-    let partial_sums: [F; FIELDS_PER_BLOB / 8] =
-        unsafe { __compute_partial_sums(fracs, UNCONSTRAINED_ROOTS) };
+    let partial_sums: [F; FIELDS_PER_BLOB / 8] = unsafe { __compute_partial_sums(fracs, ROOTS) };
 
     if !std::runtime::is_unconstrained() {
         // We split off the first term to check the initial sum
@@ -374,14 +369,10 @@ unconstrained fn __compute_fracs(
     fracs
 }
 
-fn compute_fracs(
-    z: F,
-    ys: [F; FIELDS_PER_BLOB],
-    unconstrained_roots: [F; FIELDS_PER_BLOB],
-) -> [F; FIELDS_PER_BLOB] {
+fn compute_fracs(z: F, ys: [F; FIELDS_PER_BLOB]) -> [F; FIELDS_PER_BLOB] {
     /// Safety: We immediately constrain these `fracs` to be correct in the following call
     /// to `BigNum::evaluate_quadratic_expression`.
-    let mut fracs: [F; FIELDS_PER_BLOB] = unsafe { __compute_fracs(z, ys, unconstrained_roots) };
+    let mut fracs: [F; FIELDS_PER_BLOB] = unsafe { __compute_fracs(z, ys, ROOTS) };
 
     if !std::runtime::is_unconstrained() {
         for i in 0..FIELDS_PER_BLOB {

diff --git a/noir-projects/noir-protocol-circuits/crates/blob/src/unconstrained_config.nr b/noir-projects/noir-protocol-circuits/crates/blob/src/unconstrained_config.nr
@@ -104,3 +104,10 @@ pub unconstrained fn compute_roots_of_unity() -> [F; FIELDS_PER_BLOB] {
     // bit_reversal_permutation(&mut roots_of_unity);
     // roots_of_unity
 }
+
+mod tests {
+    #[test]
+    unconstrained fn test_roots_correctness() {
+        assert_eq(super::compute_roots_of_unity(), crate::config::ROOTS);
+    }
+}