From f325586beb88c575918ba2dc99b4cb5ec7ee8104 Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Fri, 23 Jul 2021 14:58:41 +0200 Subject: [PATCH 1/2] Replace `exp_from_complement_bits` with simpler method --- src/fri/recursive_verifier.rs | 10 ++++++---- src/gadgets/arithmetic.rs | 21 --------------------- 2 files changed, 6 insertions(+), 25 deletions(-) diff --git a/src/fri/recursive_verifier.rs b/src/fri/recursive_verifier.rs index 7592bc1f..60cb0b7c 100644 --- a/src/fri/recursive_verifier.rs +++ b/src/fri/recursive_verifier.rs @@ -25,18 +25,20 @@ impl, const D: usize> CircuitBuilder { last_evals: &[ExtensionTarget], beta: ExtensionTarget, ) -> ExtensionTarget { - debug_assert_eq!(last_evals.len(), 1 << arity_bits); + let arity = 1 << arity_bits; + debug_assert_eq!(last_evals.len(), arity); let g = F::primitive_root_of_unity(arity_bits); - let gt = self.constant(g); + let g_inv = g.exp((arity as u64) - 1); + let g_inv_t = self.constant(g_inv); // The evaluation vector needs to be reordered first. let mut evals = last_evals.to_vec(); reverse_index_bits_in_place(&mut evals); // Want `g^(arity - rev_old_x_index)` as in the out-of-circuit version. // Compute it as `g^(arity-1-rev_old_x_index) * g`, where the first term is gotten using two's complement. - let start = self.exp_from_complement_bits(gt, old_x_index_bits.iter().rev()); - let coset_start = self.mul_many(&[start, gt, x]); + let start = self.exp_from_bits(g_inv_t, old_x_index_bits.iter().rev()); + let coset_start = self.mul(start, x); // The answer is gotten by interpolating {(x*g^i, P(x*g^i))} and evaluating at beta. let points = g diff --git a/src/gadgets/arithmetic.rs b/src/gadgets/arithmetic.rs index cfeef82e..370f9900 100644 --- a/src/gadgets/arithmetic.rs +++ b/src/gadgets/arithmetic.rs @@ -188,27 +188,6 @@ impl, const D: usize> CircuitBuilder { product } - // TODO: Optimize this, maybe with a new gate. - // TODO: Test - /// Exponentiate `base` to the power of `2^bit_length-1-exponent`, given by its little-endian bits. - pub fn exp_from_complement_bits( - &mut self, - base: Target, - exponent_bits: impl Iterator>, - ) -> Target { - let mut current = base; - let one = self.one(); - let mut product = one; - - for bit in exponent_bits { - let multiplicand = self.select(*bit.borrow(), one, current); - product = self.mul(product, multiplicand); - current = self.mul(current, current); - } - - product - } - // TODO: Optimize this, maybe with a new gate. // TODO: Test /// Exponentiate `base` to the power of `exponent`, where `exponent < 2^num_bits`. From 19140e39b21b2636c6d747cb79615ca4f148eda7 Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Fri, 23 Jul 2021 15:01:45 +0200 Subject: [PATCH 2/2] Update comment --- src/fri/recursive_verifier.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/fri/recursive_verifier.rs b/src/fri/recursive_verifier.rs index 60cb0b7c..262d91a2 100644 --- a/src/fri/recursive_verifier.rs +++ b/src/fri/recursive_verifier.rs @@ -35,8 +35,7 @@ impl, const D: usize> CircuitBuilder { // The evaluation vector needs to be reordered first. let mut evals = last_evals.to_vec(); reverse_index_bits_in_place(&mut evals); - // Want `g^(arity - rev_old_x_index)` as in the out-of-circuit version. - // Compute it as `g^(arity-1-rev_old_x_index) * g`, where the first term is gotten using two's complement. + // Want `g^(arity - rev_old_x_index)` as in the out-of-circuit version. Compute it as `(g^-1)^rev_old_x_index`. let start = self.exp_from_bits(g_inv_t, old_x_index_bits.iter().rev()); let coset_start = self.mul(start, x);