Update security estimator to take into account method of batching (#361)

facebook · Feb 6, 2025 · 8b2826f · 8b2826f
1 parent d503642
commit 8b2826f
Show file tree

Hide file tree

Showing 2 changed files with 378 additions and 54 deletions.
diff --git a/air/src/proof/mod.rs b/air/src/proof/mod.rs
@@ -97,7 +97,6 @@ impl Proof {
         ConjecturedSecurity::compute(
             self.context.options(),
             self.context.num_modulus_bits(),
-            self.trace_info().length(),
             H::COLLISION_RESISTANCE,
         )
     }
@@ -106,11 +105,19 @@ impl Proof {
     /// Usually, the number of queries needed for provable security is 2x - 3x higher than
     /// the number of queries needed for conjectured security at the same security level.
     pub fn proven_security<H: Hasher>(&self) -> ProvenSecurity {
+        // we need to count the number of code words appearing in the protocol as the soundness
+        // error, in the case of algebraic batching, depends on the this number.
+        // we use the blowup factor as an upper bound on the number of constraint composition
+        // polynomials.
+        let num_trace_polys = self.context.trace_info().width();
+        let num_constraint_composition_polys = self.options().blowup_factor();
+        let total_number_of_polys = num_trace_polys + num_constraint_composition_polys;
         ProvenSecurity::compute(
             self.context.options(),
             self.context.num_modulus_bits(),
             self.trace_info().length(),
             H::COLLISION_RESISTANCE,
+            total_number_of_polys,
         )
     }