Skip to content

zkWHIR 3.0 : Code Switch Protocol (part 1)#249

Open
ocdbytes wants to merge 11 commits intoWizardOfMenlo:mainfrom
ocdbytes:aj/code-switch-protocol
Open

zkWHIR 3.0 : Code Switch Protocol (part 1)#249
ocdbytes wants to merge 11 commits intoWizardOfMenlo:mainfrom
ocdbytes:aj/code-switch-protocol

Conversation

@ocdbytes
Copy link
Copy Markdown
Contributor

@ocdbytes ocdbytes commented Apr 3, 2026

Summary

Implements the code-switching IOR from Section 9.4 as a standalone sub-protocol in src/protocols/code_switch.rs.
Code switching reduces a proximity claim about oracle f w.r.t. source code C to a proximity claim about oracle g w.r.t. target code C', enabling the polylogarithmic-verifier protocol (Theorem 4) where the tested code shrinks each round.

What's implemented

  • Config: Derives target code C' from source (ℓ' = ℓ, m' from rate), optional ZK mask code C_zk, OOD sample computation from Lemma 9.9. ZK query budgets passed via Option.
  • Prover (prove): Commits target oracle g, optionally commits mask oracle s = Enc_{C_zk}((r, pad), r''), sends OOD answers, opens source oracle. Reuses irs_commit::commit and irs_commit::open with zero duplicated logic.
  • Verifier (verify): Mirrors prover transcript, computes batched target μ', builds constraint weights for output sl'. Mask weights have pre-shifted RLC coefficients via MaskClaimInfo.
  • Shared batching_challenge helper ensures prover/verifier transcript sync.
  • Shared num_ood_samples extracted to irs_commit — used by both irs_commit::Config::new and code switch.
  • Tests: Proptest over field types, sizes, rates, and ZK/non-ZK mode. Tests here just check the code switch transcript match. (Tests will be added in future PRs).

What's NOT in this PR (next PRs)

  • Integration into whir's round structure as an alternative to sumcheck-only folding
  • Implement zk sumcheck according to the construction 6.3 to include masks
  • Refactoring irs_commit to separate commitment from OOD (deferred to whir integration)
  • Parameter selection
  • Mask resolution per iteration (this makes the basecase verification simple and whole flow clean and contained)

@codspeed-hq
Copy link
Copy Markdown

codspeed-hq Bot commented Apr 3, 2026

Merging this PR will not alter performance

✅ 10 untouched benchmarks
⏩ 22 skipped benchmarks1


Comparing ocdbytes:aj/code-switch-protocol (343973a) with main (0aeaa7f)

Open in CodSpeed

Footnotes

  1. 22 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@ocdbytes ocdbytes changed the title zkWHIR 3.0 : Code Switch Protocol zkWHIR 3.0 : Code Switch Protocol (part 1) Apr 7, 2026
@ocdbytes ocdbytes marked this pull request as ready for review April 7, 2026 21:29
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs Outdated
Copy link
Copy Markdown
Collaborator

@recmo recmo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most import is we need need a proptest based on arbitrary config testing all invariants.

Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs Outdated
Comment thread src/protocols/code_switch.rs
Comment thread src/protocols/code_switch.rs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants