## std::crypto::stark::random_coin
| Procedure | Description |
| ----------- | ------------- |
| get_rate_1 | Return the first half of the rate portion of the random coin state
The random coin uses RPO to generate data. The RPO state is composed of 3
words, 2 words for the rate, and 1 word for the capacity. This procedure
returns the first word of the RPO state.
Input: [...]
Output: [R1, ...]
Cycles: 6
|
| get_rate_2 | Return the second half of the rate portion of the random coin state
The random coin uses RPO to generate data. The RPO state is composed of 3
words, 2 words for the rate, and 1 word for the capacity. This procedure
returns the first word of the RPO state.
Input: [...]
Output: [R2, ...]
Cycles: 6
|
| get_capacity | Return the capacity portion of the random coin state
The random coin uses RPO to generate data. The RPO state is composed of 3
words, 2 words for the rate, and 1 word for the capacity. This procedure
returns the first word of the RPO state.
Input: [...]
Output: [C, ...]
Cycles: 6
|
| init_seed | Initializes the seed for randomness generation by computing the hash of the proof context using
the trace length, number of queries, logarithm of blowup factor and the number of bits of
grinding. Currently, this part, as well as the rest of the STARK verifier assumes a blowup factor
equal to 8.
The ouput of this procedure is the capacity portion of the state after applying `hperm`.
Input: [log(trace_length), num_queries, blowup, grinding, ...]
Output: [C]
Cycles: 175
|
| reseed | Reseed the random coin with `DATA`
Input: [DATA, ...]
Ouput: [...]
Cycles: 54
|
| generate_aux_randomness | Draw a list of random extension field elements related to the auxiliary trace and store the list
in memory from `aux_rand_elem_ptr` to `aux_rand_elem_ptr + 8 - 1`
Input: [aux_rand_elem_ptr, ...]
Output: [...]
Cycles: 150
|
| generate_constraint_composition_coefficients | Draw constraint composition random coefficients and save them into memory in the region from
`compos_coef_ptr` `compos_coef_ptr + 118 - 1` as `(r1_1, r1_0, r0_1, r0_0)`
Input: [compos_coef_ptr, ...]
Output: [...]
Cycles: 1309
|
| generate_deep_composition_random_coefficients | Draw deep composition polynomial random coefficients and save them into memory in the region from
`deep_rand_coef_ptr` to `deep_rand_coef_ptr + 89 - 1` as `(0, 0, r0_1, r0_0)`
The number of coefficients is equal to:
1. (72 + 9) * 2 Felt for the main and auxiliary traces.
2. 8 * 2 Felt for constraint polynomial.
Total: 89 tuples of type (Felt, Felt)
Input: [deep_rand_coef_ptr, ...]
Output: [...]
Cycles: 1693
|
| generate_z_zN | Generate the OOD challenge point `z = (z0, z1)` and compute `z^N` where N is
the trace length. The resulting word `[(z_1, z_0)^N, z1, z0]` is stored in the
global memory address `exec.z_ptr` reservedfor it.
Input: [X, ...]
Output: [...]
Note: The top word on the stack is consumed by this procedure.
Cycles: 21 + 10 * log(N)
|
| generate_list_indices | Generate a list of `num_queries` number of random indices in the range
[0, lde_size] and store it in memory starting from `query_ptr`.
The list is stored as `(r, depth, y, y)` where `depth` is `log(lde_domain_size)`.
`depth` is needed when computing the deep queries.
TODO: the case of duplicate queries
Input: [query_ptr, num_queries, ...]
Output: [...]
Cycles: 267 + q * 236 + r * 29 where q = num_queries / 8 and r = num_queries % 8
NOTE: This procedure is called first, and right after the PoW check, thus the first element
in the rate portion of the state is discarded.
NOTE: The cycles count can be estimated, using the fact that r < 8, via the more compact formula
470 + 236 * (num_queries / 8)
|
| check_pow | Check that the Proof-of-Work contained in the nonce is equal to the required number
of bits prescribed by grinding bits. The grinding factor is assumed to be less than 32.
Input: [grinding_factor, ...]
Output: [...]
Cycles: 73
|