Fix bug with shifted x

2026-01-10 17:53:06 +00:00 · 2021-06-24 14:11:47 +02:00 · 2021-06-24 14:11:47 +02:00 · 31f4eee367
commit 31f4eee367
parent f215dffa9d
6 changed files with 22 additions and 12 deletions
--- a/src/field/extension_field/mod.rs
+++ b/src/field/extension_field/mod.rs
@ -1,6 +1,7 @@
-use crate::field::field::Field;
 use std::convert::TryInto;

+use crate::field::field::Field;
+
 pub mod algebra;
 pub mod quadratic;
 pub mod quartic;
--- a/src/field/field.rs
+++ b/src/field/field.rs
@ -266,6 +266,10 @@ pub trait Field:
    fn rand_vec(n: usize) -> Vec<Self> {
        (0..n).map(|_| Self::rand()).collect()
    }
+
+    fn coset_shift() -> Self {
+        Self::MULTIPLICATIVE_GROUP_GENERATOR
+    }
 }

 /// An iterator over the powers of a certain base element `b`: `b^0, b^1, b^2, ...`.
--- a/src/gates/gate.rs
+++ b/src/gates/gate.rs
@ -1,9 +1,16 @@
+use std::borrow::Borrow;
+use std::collections::HashMap;
+use std::fmt::{Debug, Error, Formatter};
 use std::hash::{Hash, Hasher};
+use std::iter::FromIterator;
+use std::ops::Index;
 use std::sync::Arc;

 use crate::circuit_builder::CircuitBuilder;
 use crate::field::extension_field::target::ExtensionTarget;
 use crate::field::extension_field::{Extendable, FieldExtension};
+use crate::field::field::Field;
+use crate::gates::gate_tree::Tree;
 use crate::generator::WitnessGenerator;
 use crate::vars::{EvaluationTargets, EvaluationVars, EvaluationVarsBase};

--- a/src/polynomial/commitment.rs
+++ b/src/polynomial/commitment.rs
@ -92,10 +92,7 @@ impl<F: Field> ListPolynomialCommitment<F> {
            .par_iter()
            .map(|p| {
                assert_eq!(p.len(), degree, "Polynomial degree invalid.");
-                p.clone()
-                    .lde(rate_bits)
-                    .coset_fft(F::MULTIPLICATIVE_GROUP_GENERATOR)
-                    .values
+                p.clone().lde(rate_bits).coset_fft(F::coset_shift()).values
            })
            .chain(if blinding {
                // If blinding, salt with two random elements to each leaf vector.
@ -111,8 +108,8 @@ impl<F: Field> ListPolynomialCommitment<F> {
    pub fn original_values(&self, index: usize) -> Vec<F> {
        self.values.iter().map(|v| v.values[index]).collect()
    }
-    pub fn get_lde_values(&self, mut index: usize) -> &[F] {
-        reverse_bits(index, self.degree_log + self.rate_bits);
+    pub fn get_lde_values(&self, index: usize) -> &[F] {
+        let index = reverse_bits(index, self.degree_log + self.rate_bits);
        let slice = &self.merkle_tree.leaves[index];
        &slice[..slice.len() - if self.blinding { SALT_SIZE } else { 0 }]
    }
--- a/src/prover.rs
+++ b/src/prover.rs
@ -238,6 +238,7 @@ fn compute_quotient_polys<'a, F: Extendable<D>, const D: usize>(
        .into_par_iter()
        .enumerate()
        .map(|(i, x)| {
+            let shifted_x = F::coset_shift() * x;
            let i_next = (i + next_step) % lde_size;
            let local_constants = get_at_index(&prover_data.constants_commitment, i);
            let s_sigmas = get_at_index(&prover_data.sigmas_commitment, i);
@ -254,7 +255,7 @@ fn compute_quotient_polys<'a, F: Extendable<D>, const D: usize>(
            };
            let mut quotient_values = eval_vanishing_poly_base(
                common_data,
-                x,
+                shifted_x,
                vars,
                local_plonk_zs,
                next_plonk_zs,
@ -264,7 +265,7 @@ fn compute_quotient_polys<'a, F: Extendable<D>, const D: usize>(
                alphas,
            );
            // TODO: We can avoid computing the exp.
-            let denominator_inv = x.exp(common_data.degree() as u64).inverse();
+            let denominator_inv = (shifted_x.exp(common_data.degree() as u64) - F::ONE).inverse();
            quotient_values
                .iter_mut()
                .for_each(|v| *v *= denominator_inv);
@ -275,6 +276,6 @@ fn compute_quotient_polys<'a, F: Extendable<D>, const D: usize>(
    transpose(&quotient_values)
        .into_iter()
        .map(PolynomialValues::new)
-        .map(|values| values.coset_ifft(F::MULTIPLICATIVE_GROUP_GENERATOR))
+        .map(|values| values.coset_ifft(F::coset_shift()))
        .collect()
 }
--- a/src/vars.rs
+++ b/src/vars.rs
@ -6,13 +6,13 @@ use crate::field::extension_field::target::{ExtensionAlgebraTarget, ExtensionTar
 use crate::field::extension_field::Extendable;
 use crate::field::field::Field;

-#[derive(Copy, Clone)]
+#[derive(Debug, Copy, Clone)]
 pub struct EvaluationVars<'a, F: Extendable<D>, const D: usize> {
    pub(crate) local_constants: &'a [F::Extension],
    pub(crate) local_wires: &'a [F::Extension],
 }

-#[derive(Copy, Clone)]
+#[derive(Debug, Copy, Clone)]
 pub struct EvaluationVarsBase<'a, F: Field> {
    pub(crate) local_constants: &'a [F],
    pub(crate) local_wires: &'a [F],