Working blinding in LPC

2026-01-20 14:43:08 +00:00 · 2021-05-05 17:00:47 +02:00 · 2021-05-05 17:00:47 +02:00 · 6820c1849a
commit 6820c1849a
parent 6dbd39de80
2 changed files with 55 additions and 20 deletions
--- a/src/fri.rs
+++ b/src/fri.rs
@ -28,6 +28,9 @@ pub struct FriConfig {

    /// Number of query rounds to perform.
    pub num_query_rounds: usize,
+
+    /// True if the last element of the Merkle trees' leaf vectors is a blinding element.
+    pub blinding: bool,
 }

 fn fri_delta(rate_log: usize, conjecture: bool) -> f64 {
@ -340,6 +343,7 @@ fn fri_combine_initial<F: Field>(
    interpolant: &PolynomialCoeffs<F>,
    points: &[(F, F)],
    subgroup_x: F,
+    config: &FriConfig,
 ) -> F {
    let e = proof
        .evals_proofs
@ -347,6 +351,7 @@ fn fri_combine_initial<F: Field>(
        .map(|(v, _)| v)
        .flatten()
        .rev()
+        .skip(if config.blinding { 1 } else { 0 })
        .fold(F::ZERO, |acc, &e| alpha * acc + e);
    let numerator = e - interpolant.eval(subgroup_x);
    let denominator = points.iter().map(|&(x, _)| subgroup_x - x).product();
@ -389,6 +394,7 @@ fn fri_verifier_query_round<F: Field>(
                interpolant,
                points,
                subgroup_x,
+                config,
            )
        } else {
            let last_evals = &evaluations[i - 1];
@ -472,6 +478,7 @@ mod tests {
            rate_bits,
            proof_of_work_bits: 2,
            reduction_arity_bits,
+            blinding: false,
        };
        let tree = {
            let mut leaves = coset_lde
--- a/src/polynomial/commitment.rs
+++ b/src/polynomial/commitment.rs
@ -15,15 +15,10 @@ struct ListPolynomialCommitment<F: Field> {
    pub fri_config: FriConfig,
    pub merkle_tree: MerkleTree<F>,
    pub degree: usize,
-    pub blinding: bool,
 }

 impl<F: Field> ListPolynomialCommitment<F> {
-    pub fn new(
-        polynomials: Vec<PolynomialCoeffs<F>>,
-        fri_config: &FriConfig,
-        blinding: bool,
-    ) -> Self {
+    pub fn new(polynomials: Vec<PolynomialCoeffs<F>>, fri_config: &FriConfig) -> Self {
        let degree = polynomials[0].len();
        let lde_values = polynomials
            .iter()
@ -34,7 +29,7 @@ impl<F: Field> ListPolynomialCommitment<F> {
                    .coset_fft(F::MULTIPLICATIVE_GROUP_GENERATOR)
                    .values
            })
-            .chain(blinding.then(|| {
+            .chain(fri_config.blinding.then(|| {
                (0..(degree << fri_config.rate_bits))
                    .map(|_| F::rand())
                    .collect()
@ -43,7 +38,6 @@ impl<F: Field> ListPolynomialCommitment<F> {

        let mut leaves = transpose(&lde_values);
        reverse_index_bits_in_place(&mut leaves);
-        // let merkle_tree = MerkleTree::new(transpose(&lde_values), false);
        let merkle_tree = MerkleTree::new(leaves, false);

        Self {
@ -51,7 +45,6 @@ impl<F: Field> ListPolynomialCommitment<F> {
            fri_config: fri_config.clone(),
            merkle_tree,
            degree,
-            blinding,
        }
    }

@ -182,32 +175,67 @@ mod tests {
    use crate::field::crandall_field::CrandallField;
    use anyhow::Result;

+    fn rand_vec<F: Field>(n: usize) -> Vec<F> {
+        (0..n).map(|_| F::rand()).collect()
+    }
+
+    fn gen_random_test_case<F: Field>(
+        k: usize,
+        degree_log: usize,
+        num_points: usize,
+    ) -> (Vec<PolynomialCoeffs<F>>, Vec<F>) {
+        let degree = 1 << degree_log;
+
+        let polys = (0..k)
+            .map(|_| PolynomialCoeffs::new(rand_vec(degree)))
+            .collect();
+        let mut points = rand_vec::<F>(num_points);
+        while points.iter().any(|&x| x.exp_usize(degree).is_one()) {
+            points = rand_vec(num_points);
+        }
+
+        (polys, points)
+    }
+
    #[test]
    fn test_polynomial_commitment() -> Result<()> {
        type F = CrandallField;

        let k = 10;
        let degree_log = 11;
-        let degree = 1 << degree_log;
-
+        let num_points = 3;
        let fri_config = FriConfig {
            proof_of_work_bits: 2,
            rate_bits: 2,
            reduction_arity_bits: vec![3, 2, 1, 2],
            num_query_rounds: 3,
+            blinding: false,
        };
+        let (polys, points) = gen_random_test_case::<F>(k, degree_log, num_points);

-        let polys = (0..k)
-            .map(|_| PolynomialCoeffs::new((0..degree).map(|_| F::rand()).collect()))
-            .collect();
-
-        let lpc = ListPolynomialCommitment::new(polys, &fri_config, false);
-
-        let num_points = 3;
-        let points = (0..num_points).map(|_| F::rand()).collect::<Vec<_>>();
-
+        let lpc = ListPolynomialCommitment::new(polys, &fri_config);
        let proof = lpc.open(&points, &mut Challenger::new());
+        proof.verify(&points, &mut Challenger::new(), &fri_config)
+    }

+    #[test]
+    fn test_polynomial_commitment_blinding() -> Result<()> {
+        type F = CrandallField;
+
+        let k = 10;
+        let degree_log = 11;
+        let num_points = 3;
+        let fri_config = FriConfig {
+            proof_of_work_bits: 2,
+            rate_bits: 2,
+            reduction_arity_bits: vec![3, 2, 1, 2],
+            num_query_rounds: 3,
+            blinding: true,
+        };
+        let (polys, points) = gen_random_test_case::<F>(k, degree_log, num_points);
+
+        let lpc = ListPolynomialCommitment::new(polys, &fri_config);
+        let proof = lpc.open(&points, &mut Challenger::new());
        proof.verify(&points, &mut Challenger::new(), &fri_config)
    }
 }