From 044eb597c288055167351d038c9e67a1d54d6031 Mon Sep 17 00:00:00 2001
From: Nicholas Ward <npward@berkeley.edu>
Date: Tue, 27 Jul 2021 13:18:42 -0700
Subject: [PATCH] added eval_unfiltered_base

---
 src/gates/exponentiation.rs | 41 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/src/gates/exponentiation.rs b/src/gates/exponentiation.rs
index b3233db3..92bd0805 100644
--- a/src/gates/exponentiation.rs
+++ b/src/gates/exponentiation.rs
@@ -8,7 +8,7 @@ use crate::gates::gate::Gate;
 use crate::generator::{GeneratedValues, SimpleGenerator, WitnessGenerator};
 use crate::plonk_common::reduce_with_powers;
 use crate::target::Target;
-use crate::vars::{EvaluationTargets, EvaluationVars};
+use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};
 use crate::wire::Wire;
 use crate::witness::PartialWitness;
 
@@ -98,6 +98,45 @@ impl<F: Extendable<D>, const D: usize> Gate<F, D> for ExponentiationGate<F, D> {
         constraints
     }
 
+    fn eval_unfiltered_base(&self, vars: EvaluationVarsBase<F>) -> Vec<F> {
+        let base = vars.local_wires[self.wires_base()];
+        let power = vars.local_wires[self.wires_power()];
+
+        let power_bits: Vec<_> = (0..self.num_power_bits)
+            .map(|i| vars.local_wires[self.wires_power_bit(i)])
+            .collect();
+        let intermediate_values: Vec<_> = (0..self.num_power_bits)
+            .map(|i| vars.local_wires[self.wires_intermediate_value(i)])
+            .collect();
+
+        let output = vars.local_wires[self.wires_output()];
+
+        let mut constraints = Vec::new();
+
+        let computed_power = reduce_with_powers(&power_bits, F::TWO);
+        constraints.push(power - computed_power);
+
+        for i in 0..self.num_power_bits {
+            let prev_intermediate_value = if i == 0 {
+                F::ONE
+            } else {
+                intermediate_values[i - 1].square()
+            };
+
+            // power_bits is in LE order, but we accumulate in BE order.
+            let cur_bit = power_bits[self.num_power_bits - i - 1];
+
+            let not_cur_bit = F::ONE - cur_bit;
+            let computed_intermediate_value =
+                prev_intermediate_value * (cur_bit * base + not_cur_bit);
+            constraints.push(computed_intermediate_value - intermediate_values[i]);
+        }
+
+        constraints.push(output - intermediate_values[self.num_power_bits - 1]);
+
+        constraints
+    }
+
     fn eval_unfiltered_recursively(
         &self,
         builder: &mut CircuitBuilder<F, D>,