From 03d761ead6170d34e7be15b2cc82ca1f62977e38 Mon Sep 17 00:00:00 2001
From: wborgeaud <williamborgeaud@gmail.com>
Date: Thu, 6 May 2021 00:00:08 +0200
Subject: [PATCH] Double blinding

---
 src/fri/verifier.rs          |  2 +-
 src/polynomial/commitment.rs | 15 +++++++++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/fri/verifier.rs b/src/fri/verifier.rs
index 6fcae194..6fcd4b24 100644
--- a/src/fri/verifier.rs
+++ b/src/fri/verifier.rs
@@ -151,7 +151,7 @@ fn fri_combine_initial<F: Field>(
         .map(|(v, _)| v)
         .flatten()
         .rev()
-        .skip(if config.blinding { 1 } else { 0 })
+        .skip(if config.blinding { 2 } else { 0 }) // If blinding, the last two element are salt.
         .fold(F::ZERO, |acc, &e| alpha * acc + e);
     let numerator = e - interpolant.eval(subgroup_x);
     let denominator = points.iter().map(|&(x, _)| subgroup_x - x).product();
diff --git a/src/polynomial/commitment.rs b/src/polynomial/commitment.rs
index ec3f1bcc..0d1e14a3 100644
--- a/src/polynomial/commitment.rs
+++ b/src/polynomial/commitment.rs
@@ -29,11 +29,18 @@ impl<F: Field> ListPolynomialCommitment<F> {
                     .coset_fft(F::MULTIPLICATIVE_GROUP_GENERATOR)
                     .values
             })
-            .chain(fri_config.blinding.then(|| {
-                (0..(degree << fri_config.rate_bits))
-                    .map(|_| F::rand())
+            .chain(if fri_config.blinding {
+                // If blinding, salt with two random elements to each leaf vector.
+                (0..2)
+                    .map(|_| {
+                        (0..(degree << fri_config.rate_bits))
+                            .map(|_| F::rand())
+                            .collect()
+                    })
                     .collect()
-            }))
+            } else {
+                Vec::new()
+            })
             .collect::<Vec<_>>();
 
         let mut leaves = transpose(&lde_values);