docs: Document instructions xxdotstep and xbdotstep

Also: - Document changes resulting from their implementation. - Update documentation for CJD logarithmic derivative since it can accumulate values in the first (index 0) row. - Explain X-field. - Drop deprecated figure showing subset relations of instruction groups.
TritonVM · May 2, 2024 · 79ceb10 · 79ceb10
1 parent 2911e95
commit 79ceb10
Show file tree

Hide file tree

Showing 7 changed files with 97 additions and 88 deletions.
diff --git a/specification/src/img/instruction_groups_small.png b/specification/src/img/instruction_groups_small.png
diff --git a/specification/src/instruction-groups.md b/specification/src/instruction-groups.md
diff --git a/specification/src/instruction-specific-transition-constraints.md b/specification/src/instruction-specific-transition-constraints.md
@@ -796,7 +796,6 @@ In addition to its [instruction groups](instruction-groups.md), this instruction
 ### Description
 
 1. Numerator is quotient times denominator plus remainder: `n == q·d + r`.
-1. Stack element `st2` does not change.
 
 ### Polynomials
 
@@ -991,3 +990,25 @@ In addition to its [instruction groups](instruction-groups.md), this instruction
     `+ ind_3(hv3, hv2, hv1, hv0)·(RunningEvaluationStandardOutput' - 🧯·(🧯·(🧯·RunningEvaluationStandardOutput - st0) - st1) - st2)`<br />
     `+ ind_4(hv3, hv2, hv1, hv0)·(RunningEvaluationStandardOutput' - 🧯·(🧯·(🧯·(🧯·RunningEvaluationStandardOutput - st0) - st1) - st2) - st3)`<br />
     `+ ind_5(hv3, hv2, hv1, hv0)·(RunningEvaluationStandardOutput' - 🧯·(🧯·(🧯·(🧯·(🧯·RunningEvaluationStandardOutput - st0) - st1) - st2) - st3) - st4)`
+
+## Instruction `xxdotstep`
+
+In addition to its [instruction groups](instruction-groups.md), this instruction has the following constraints.
+
+### Description
+
+1. Store `(RAM[st0], RAM[st0+1], RAM[st0+2])` in `(hv0, hv1, hv2)`.
+1. Store `(RAM[st1], RAM[st1+1], RAM[st1+2])` in `(hv3, hv4, hv5)`.
+1. Add `(hv0 + hv1·x + hv2·x²) · (hv3 + hv4·x + hv5·x²)` into `(st2, st3, st4)`
+1. Increase the pointers: `st0` and `st1` by 3 each.
+
+## Instruction `xbdotstep`
+
+In addition to its [instruction groups](instruction-groups.md), this instruction has the following constraints.
+
+### Description
+
+1. Store `RAM[st0]` in `hv0`.
+1. Store `(RAM[st1], RAM[st1+1], RAM[st1+2])` in `(hv1, hv2, hv3)`.
+1. Add `hv0 · (hv1 + hv2·x + hv3·x²)` into `(st1, st2, st3)`
+1. Increase the pointers: `st0` and `st1` by 1 and 3, respectively.
diff --git a/specification/src/instructions.md b/specification/src/instructions.md
@@ -146,3 +146,10 @@ Triton VM cannot know the number of elements that will be absorbed.
 |:-----------------|-------:|:----------------|:----------------|:-----------------------------------------------------------------------------------------|
 | `read_io` + `n`  |     49 | e.g., `_`       | e.g., `_ c b a` | Reads `n` B-Field elements from standard input and pushes them to the stack. 1 ⩽ `n` ⩽ 5 |
 | `write_io` + `n` |     19 | e.g., `_ c b a` | e.g., `_`       | Pops `n` elements from the stack and writes them to standard output. 1 ⩽ `n` ⩽ 5         |
+
+## Many-In-One
+
+| Instruction | Opcode | old op stack    | new op stack                 | Description |
+|:------------|--------|:----------------|:-----------------------------|-------------|
+| `xxdotstep` | 72     | `_ z y x *b *a` | `_ z+p2 y+p1 x+p0 *b+3 *a+3` | Reads two extension field elements from RAM located at the addresses corresponding to the two top stack elements, multiplies the extension field elements, and adds the product `(p0, p1, p2)` to an accumulator located on stack immediately below the two pointers. Also, increase the pointers by the number of words read. |
+| `xxdotstep` | 80     | `_ z y x *b *a` | `_ z+p2 y+p1 x+p0 *b+3 *a+1` | Reads one base field element from RAM located at the addresses corresponding to the top of the stack, one extension field element from RAM located at the address of the second stack element, multiplies the field elements, and adds the product `(p0, p1, p2)` to an accumulator located on stack immediately below the two pointers. Also, increase the pointers by the number of words read. |
diff --git a/specification/src/isa.md b/specification/src/isa.md
@@ -5,6 +5,8 @@ It is a [Harvard architecture](https://en.wikipedia.org/wiki/Harvard_architectur
 The arithmetization of the VM is defined over the *B-field* $\mathbb{F}_p$ where $p$ is the Oxfoi prime, _i.e._, $2^{64}-2^{32}+1$.[^oxfoi]
 This means the registers and memory elements take values from $\mathbb{F}_p$, and the transition function gives rise to low-degree transition verification polynomials from the ring of multivariate polynomials over $\mathbb{F}_p$.
 
+At certain points in the course of arithmetization we need an extension field over $\mathbb{F}_p$ to ensure sufficient soundness. To this end we use $\mathbb{F}_{p^3} = \frac{\mathbb{F}_p[X]}{\langle X^3 -X +1 \rangle}$, _i.e._, the quotient ring of remainders of polynomials after division by the *Shah* polynomial, $X^3 -X +1$. We refer to this field as the *X-field* for short, and its elements as *X-field elements*.
+
 Instructions have variable width:
 they either consist of one word, i.e., one B-field element, or of two words, i.e., two B-field elements.
 An example for a single-word instruction is `add`, adding the two elements on top of the stack, leaving the result as the new top of the stack.

diff --git a/specification/src/processor-table.md b/specification/src/processor-table.md
@@ -112,7 +112,7 @@ See [program attestation](program-attestation.md) for more details.
 1. `RunningEvaluationHashDigest` is 1.
 1. `RunningEvaluationSponge` is 1.
 1. `U32LookupClientLogDerivative` is 0.
-1. `ClockJumpDifferenceLookupServerLogDerivative` is 0.
+1. `ClockJumpDifferenceLookupServerLogDerivative` starts having accumulated the first contribution.
 
 ### Initial Constraints as Polynomials
 
@@ -145,7 +145,7 @@ See [program attestation](program-attestation.md) for more details.
 1. `RunningEvaluationHashDigest - 1`
 1. `RunningEvaluationSponge - 1`
 1. `U32LookupClientLogDerivative`
-1. `ClockJumpDifferenceLookupServerLogDerivative`
+1. `ClockJumpDifferenceLookupServerLogDerivative · 🪞 - cjd_mul` (Recall that `(🪞 - clk) = 🪞` because `clk = 0`.)
 
 ## Consistency Constraints
 

diff --git a/specification/src/registers.md b/specification/src/registers.md
@@ -55,6 +55,8 @@ Because they are only needed for some instructions, the helper variables are not
 For instruction group [`decompose_arg`](instruction-groups.md#group-decompose_arg) and instructions
 [`skiz`](instruction-specific-transition-constraints.md#helper-variable-definitions-for-skiz),
 [`divine_sibling`](instruction-specific-transition-constraints.md#helper-variable-definitions-for-divine_sibling),
-[`split`](instruction-specific-transition-constraints.md#helper-variable-definitions-for-split), and
+[`split`](instruction-specific-transition-constraints.md#helper-variable-definitions-for-split),
 [`eq`](instruction-specific-transition-constraints.md#helper-variable-definitions-for-eq),
+[`xxdotstep`](instruction-specific-transition-constraints.md#instruction-xxdotstep), and
+[`xbdotstep`](instruction-specific-transition-constraints.md#instruction-xbdotstep),
 the behavior is defined in the respective sections.