fix for V-SCT-VUL-027

README.md

@@ -10,7 +10,7 @@ Besides the verifier, there are some Gnark implementation of circuits in this re
 
 ## Requirements
 
-- [Go (1.20.1+)](https://go.dev/doc/install)
+- [Go (1.19+)](https://go.dev/doc/install)
 
 ## Benchmark
 

fri/fri.go

@@ -73,11 +73,15 @@ func (f *Chip) ToOpenings(c variables.OpeningSet) Openings {
 }
 
 func (f *Chip) assertLeadingZeros(powWitness gl.Variable, friConfig types.FriConfig) {
-	// Asserts that powWitness'es big-endian bit representation has at least `leading_zeros` leading zeros.
+	// Asserts that powWitness'es big-endian bit representation has at least friConfig.ProofOfWorkBits leading zeros.
 	// Note that this is assuming that the Goldilocks field is being used.  Specfically that the
 	// field is 64 bits long
 	maxPowWitness := uint64(math.Pow(2, float64(64-friConfig.ProofOfWorkBits))) - 1
+
+	// TODO:  This does an un-nessary reduce, since powWitness is already range checked to be within GL field.
 	reducedPowWitness := f.gl.Reduce(powWitness)
+
+	// TODO:  Can replace with with std.rangecheck.Check.  Will probably be less contraints.
 	f.api.AssertIsLessOrEqual(reducedPowWitness.Limb, frontend.Variable(maxPowWitness))
 }
 

goldilocks/base.go

@@ -87,38 +87,41 @@ func New(api frontend.API) *Chip {
 	return &Chip{api: api, rangeChecker: rangeChecker}
 }
 
-// Adds two field elements such that x + y = z within the Golidlocks field.
+// Adds two goldilocks field elements and returns a value within the goldilocks field.
 func (p *Chip) Add(a Variable, b Variable) Variable {
 	return p.MulAdd(a, NewVariable(1), b)
 }
 
-// Adds two field elements such that x + y = z within the Golidlocks field without reducing.
+// Adds two goldilocks field elements and returns a value that may not be within the goldilocks field
+// (e.g. the sum is not reduced).
 func (p *Chip) AddNoReduce(a Variable, b Variable) Variable {
 	return NewVariable(p.api.Add(a.Limb, b.Limb))
 }
 
-// Subtracts two field elements such that x + y = z within the Golidlocks field.
+// Subracts two goldilocks field elements and returns a value within the goldilocks field.
 func (p *Chip) Sub(a Variable, b Variable) Variable {
 	return p.MulAdd(b, NegOne(), a)
 }
 
-// Subtracts two field elements such that x + y = z within the Golidlocks field without reducing.
+// Subracts two goldilocks field elements and returns a value that may not be within the goldilocks field
+// (e.g. the difference is not reduced).
 func (p *Chip) SubNoReduce(a Variable, b Variable) Variable {
 	return NewVariable(p.api.Add(a.Limb, p.api.Mul(b.Limb, NegOne().Limb)))
 }
 
-// Multiplies two field elements such that x * y = z within the Golidlocks field.
+// Multiplies two goldilocks field elements and returns a value within the goldilocks field.
 func (p *Chip) Mul(a Variable, b Variable) Variable {
 	return p.MulAdd(a, b, Zero())
 }
 
-// Multiplies two field elements such that x * y = z within the Golidlocks field without reducing.
+// Multiplies two goldilocks field elements and returns a value that may not be within the goldilocks field
+// (e.g. the product is not reduced).
 func (p *Chip) MulNoReduce(a Variable, b Variable) Variable {
 	return NewVariable(p.api.Mul(a.Limb, b.Limb))
 }
 
-// Multiplies two field elements and adds a field element such that x * y + z = c within the
-// Golidlocks field.
+// Multiplies two field elements and adds a field element (e.g. computes a * b + c).  The returned value
+// will be within the goldilocks field.
 func (p *Chip) MulAdd(a Variable, b Variable, c Variable) Variable {
 	result, err := p.api.Compiler().NewHint(MulAddHint, 2, a.Limb, b.Limb, c.Limb)
 	if err != nil {
@@ -138,8 +141,8 @@ func (p *Chip) MulAdd(a Variable, b Variable, c Variable) Variable {
 	return remainder
 }
 
-// Multiplies two field elements and adds a field element such that x * y + z = c within the
-// Golidlocks field without reducing.
+// Multiplies two field elements and adds a field element (e.g. computes a * b + c).  The returned value
+// may no be within the goldilocks field (e.g. the result is not reduced).
 func (p *Chip) MulAddNoReduce(a Variable, b Variable, c Variable) Variable {
 	cLimbCopy := p.api.Mul(c.Limb, 1)
 	return NewVariable(p.api.MulAcc(cLimbCopy, a.Limb, b.Limb))

goldilocks/quadratic_extension.go

@@ -84,7 +84,7 @@ func (p *Chip) MulAddExtensionNoReduce(a, b, c QuadraticExtensionVariable) Quadr
 	return sum
 }
 
-// Multiplies two operands a and b and subtracts to c in the Goldilocks extension field. a * b - c must
+// Subtracts two operands a and b and multiplies the diff by c in the Goldilocks extension field. (a - b) * c must
 // be less than RANGE_CHECK_NB_BITS bits.
 func (p *Chip) SubMulExtension(a, b, c QuadraticExtensionVariable) QuadraticExtensionVariable {
 	difference := p.SubExtensionNoReduce(a, b)
@@ -209,7 +209,7 @@ func (p *Chip) Lookup(
 	return NewQuadraticExtensionVariable(NewVariable(c0), NewVariable(c1))
 }
 
-// Lookup2 is similar to select2, but returns the first variable if the bit is zero and vice-versa.
+// Lookup2 is similar to Lookup2.  It returns the ith qe value (0 indexed) where i is bit decomposed to b0,b1 (little endian).
 func (p *Chip) Lookup2(
 	b0 frontend.Variable,
 	b1 frontend.Variable,

plonk/gates/random_access_gate.go

@@ -151,7 +151,7 @@ func (g *RandomAccessGate) EvalUnfiltered(
 				y := listItems[i+1]
 
 				// This is computing `if b { x } else { y }`
-				// i.e. `bx - (by-y)`.
+				// i.e. `by - (bx - x)`.
 				mul1 := glApi.MulExtension(b, x)
 				sub1 := glApi.SubExtension(mul1, x)
 

plonk/gates/reducing_extension_gate.go

@@ -12,7 +12,7 @@ import (
 var reducingExtensionGateRegex = regexp.MustCompile("ReducingExtensionGate { num_coeffs: (?P<numCoeffs>[0-9]+) }")
 
 func deserializeReducingExtensionGate(parameters map[string]string) Gate {
-	// Has the format "ReducingGate { num_coeffs: 33 }"
+	// Has the format "ReducingExtensionGate { num_coeffs: 33 }"
 	numCoeffs, hasNumCoeffs := parameters["numCoeffs"]
 	if !hasNumCoeffs {
 		panic("Missing field num_coeffs in ReducingExtensionGate")