From 02f0715040fb99e8b0650cad58a172e8e1c906af Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Wed, 14 Jul 2021 08:39:09 +0200 Subject: [PATCH] PR feedback --- src/plonk_common.rs | 24 +++++++++++++++--------- src/verifier.rs | 5 +++++ 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/src/plonk_common.rs b/src/plonk_common.rs index 5179b474..b1f29803 100644 --- a/src/plonk_common.rs +++ b/src/plonk_common.rs @@ -73,7 +73,7 @@ pub(crate) fn eval_vanishing_poly, const D: usize>( gammas: &[F], alphas: &[F], ) -> Vec { - let max_degree = common_data.quotient_degree_factor; + let partial_products_degree = common_data.quotient_degree_factor; let (num_prods, final_num_prod) = common_data.num_partial_products; let constraint_terms = @@ -113,12 +113,15 @@ pub(crate) fn eval_vanishing_poly, const D: usize>( // The partial products considered for this iteration of `i`. let current_partial_products = &partial_products[i * num_prods..(i + 1) * num_prods]; // Check the quotient partial products. - let mut partial_product_check = - check_partial_products("ient_values, current_partial_products, max_degree); + let mut partial_product_check = check_partial_products( + "ient_values, + current_partial_products, + partial_products_degree, + ); // The first checks are of the form `q - n/d` which is a rational function not a polynomial. // We multiply them by `d` to get checks of the form `q*d - n` which low-degree polynomials. denominator_values - .chunks(max_degree) + .chunks(partial_products_degree) .zip(partial_product_check.iter_mut()) .for_each(|(d, q)| { *q *= d.iter().copied().product(); @@ -160,7 +163,7 @@ pub(crate) fn eval_vanishing_poly_base, const D: usize>( alphas: &[F], z_h_on_coset: &ZeroPolyOnCoset, ) -> Vec { - let max_degree = common_data.quotient_degree_factor; + let partial_products_degree = common_data.quotient_degree_factor; let (num_prods, final_num_prod) = common_data.num_partial_products; let constraint_terms = @@ -199,13 +202,16 @@ pub(crate) fn eval_vanishing_poly_base, const D: usize>( // The partial products considered for this iteration of `i`. let current_partial_products = &partial_products[i * num_prods..(i + 1) * num_prods]; - // Check the numerator partial products. - let mut partial_product_check = - check_partial_products("ient_values, current_partial_products, max_degree); + // Check the quotient partial products. + let mut partial_product_check = check_partial_products( + "ient_values, + current_partial_products, + partial_products_degree, + ); // The first checks are of the form `q - n/d` which is a rational function not a polynomial. // We multiply them by `d` to get checks of the form `q*d - n` which low-degree polynomials. denominator_values - .chunks(max_degree) + .chunks(partial_products_degree) .zip(partial_product_check.iter_mut()) .for_each(|(d, q)| { *q *= d.iter().copied().product(); diff --git a/src/verifier.rs b/src/verifier.rs index 64d4b371..d7c96365 100644 --- a/src/verifier.rs +++ b/src/verifier.rs @@ -60,6 +60,11 @@ pub(crate) fn verify, const D: usize>( let quotient_polys_zeta = &proof.openings.quotient_polys; let zeta_pow_deg = zeta.exp_power_of_2(common_data.degree_bits); let z_h_zeta = zeta_pow_deg - F::Extension::ONE; + // `quotient_polys_zeta` holds `num_challenges * quotient_degree_factor` evaluations. + // Each chunk of `quotient_degree_factor` holds the evaluations of `t_0(zeta),...,t_{quotient_degree_factor-1}(zeta)` + // where the "real" quotient polynomial is `t(X) = t_0(X) + t_1(X)*X^n + t_2(X)*X^{2n} + ...`. + // So to reconstruct `t(zeta)` we can compute `reduce_with_powers(chunk, zeta^n)` for each + // `quotient_degree_factor`-sized chunk of the original evaluations. for (i, chunk) in quotient_polys_zeta .chunks(common_data.quotient_degree_factor) .enumerate()