PR feedback

src/gadgets/arithmetic_extension.rs

@@ -292,6 +292,19 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         b
     }
 
+    /// Exponentiate `base` to the power of `2^power_log`.
+    // TODO: Test
+    pub fn exp_power_of_2(
+        &mut self,
+        mut base: ExtensionTarget<D>,
+        power_log: usize,
+    ) -> ExtensionTarget<D> {
+        for _ in 0..power_log {
+            base = self.square_extension(base);
+        }
+        base
+    }
+
     /// Exponentiate `base` to the power of a known `exponent`.
     // TODO: Test
     pub fn exp_u64_extension(

src/gates/gmimc.rs

@@ -134,8 +134,7 @@ impl<F: Extendable<D>, const D: usize, const R: usize> Gate<F, D> for GMiMCGate<
         let old_index_acc = vars.local_wires[Self::WIRE_INDEX_ACCUMULATOR_OLD];
         let new_index_acc = vars.local_wires[Self::WIRE_INDEX_ACCUMULATOR_NEW];
         // computed_new_index_acc = 2 * old_index_acc + swap
-        let two = builder.two();
-        let two = builder.convert_to_ext(two);
+        let two = builder.two_extension();
         let computed_new_index_acc = builder.mul_add_extension(two, old_index_acc, swap);
         constraints.push(builder.sub_extension(computed_new_index_acc, new_index_acc));
 
@@ -436,7 +435,7 @@ mod tests {
         assert_eq!(ev.len(), ev_t.len());
         for (e, e_t) in ev.into_iter().zip(ev_t) {
             let e_c = builder.constant_extension(e);
-            builder.route_extension(e_c, e_t);
+            builder.assert_equal_extension(e_c, e_t);
         }
 
         let data = builder.build();

src/permutation_argument.rs

@@ -114,6 +114,7 @@ impl<F: Fn(Target) -> usize> TargetPartition<Target, F> {
 
 pub struct WirePartitions {
     partition: Vec<Vec<Wire>>,
+    // TODO: We don't need `indices` anymore, so we can delete it.
     indices: HashMap<Wire, usize>,
 }
 

src/recursive_verifier.rs

@@ -53,7 +53,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         let s_sigmas = &proof.openings.plonk_sigmas;
         let partial_products = &proof.openings.partial_products;
 
-        let zeta_pow_deg = self.exp_u64_extension(zeta, inner_common_data.degree() as u64);
+        let zeta_pow_deg = self.exp_power_of_2(zeta, inner_common_data.degree_bits);
         self.set_context("Evaluate the vanishing polynomial at our challenge point, zeta.");
         let vanishing_polys_zeta = eval_vanishing_poly_recursively(
             self,
@@ -72,24 +72,21 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
 
         self.set_context("Check vanishing and quotient polynomials.");
         let quotient_polys_zeta = &proof.openings.quotient_polys;
-        let zeta_pow_deg = self.exp_u64_extension(zeta, 1 << inner_common_data.degree_bits as u64);
         let mut scale = ReducingFactorTarget::new(zeta_pow_deg);
         let z_h_zeta = self.sub_extension(zeta_pow_deg, one);
         for (i, chunk) in quotient_polys_zeta
             .chunks(inner_common_data.quotient_degree_factor)
             .enumerate()
         {
-            let mut rhs = scale.reduce(chunk, self);
-            rhs = self.mul_extension(z_h_zeta, rhs);
+            let recombined_quotient = scale.reduce(chunk, self);
+            let computed_vanishing_poly = self.mul_extension(z_h_zeta, recombined_quotient);
             self.named_route_extension(
                 vanishing_polys_zeta[i],
-                rhs,
+                computed_vanishing_poly,
                 format!("Vanishing polynomial == Z_H * quotient, challenge {}", i),
             );
         }
 
-        let evaluations = proof.openings.clone();
-
         let merkle_roots = &[
             inner_verifier_data.constants_sigmas_root,
             proof.wires_root,
@@ -99,7 +96,7 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
 
         proof.opening_proof.verify(
             zeta,
-            &evaluations,
+            &proof.openings,
             merkle_roots,
             &mut challenger,
             inner_common_data,