From 6bd197e9cf7927fd2d11e672b458f9a0c8001d69 Mon Sep 17 00:00:00 2001
From: Daniel Lubarov <daniel@lubarov.com>
Date: Thu, 22 Jul 2021 10:27:10 -0700
Subject: [PATCH] Observe public inputs (#119)

* Observe public inputs

* Observe the hash instead
---
 src/prover.rs             | 3 ++-
 src/recursive_verifier.rs | 6 ++++--
 src/verifier.rs           | 3 ++-
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/prover.rs b/src/prover.rs
index 59b3cd3d..7d209667 100644
--- a/src/prover.rs
+++ b/src/prover.rs
@@ -78,9 +78,10 @@ pub(crate) fn prove<F: Extendable<D>, const D: usize>(
     );
 
     let mut challenger = Challenger::new();
+
     // Observe the instance.
-    // TODO: Need to include public inputs as well.
     challenger.observe_hash(&common_data.circuit_digest);
+    challenger.observe_hash(&public_inputs_hash);
 
     challenger.observe_hash(&wires_commitment.merkle_tree.root);
     let betas = challenger.get_n_challenges(num_challenges);
diff --git a/src/recursive_verifier.rs b/src/recursive_verifier.rs
index 66b63e7f..0fe62a77 100644
--- a/src/recursive_verifier.rs
+++ b/src/recursive_verifier.rs
@@ -28,18 +28,20 @@ impl<F: Extendable<D>, const D: usize> CircuitBuilder<F, D> {
         } = proof_with_pis;
         let one = self.one_extension();
 
-        let public_inputs_hash = &self.hash_n_to_hash(public_inputs, true);
-
         let num_challenges = inner_config.num_challenges;
 
+        let public_inputs_hash = &self.hash_n_to_hash(public_inputs, true);
+
         let mut challenger = RecursiveChallenger::new(self);
 
         let (betas, gammas, alphas, zeta) =
             context!(self, "observe proof and generates challenges", {
+                // Observe the instance.
                 let digest = HashTarget::from_vec(
                     self.constants(&inner_common_data.circuit_digest.elements),
                 );
                 challenger.observe_hash(&digest);
+                challenger.observe_hash(&public_inputs_hash);
 
                 challenger.observe_hash(&proof.wires_root);
                 let betas = challenger.get_n_challenges(self, num_challenges);
diff --git a/src/verifier.rs b/src/verifier.rs
index 878b630a..d8af4cb4 100644
--- a/src/verifier.rs
+++ b/src/verifier.rs
@@ -25,9 +25,10 @@ pub(crate) fn verify<F: Extendable<D>, const D: usize>(
     let public_inputs_hash = &hash_n_to_hash(public_inputs, true);
 
     let mut challenger = Challenger::new();
+
     // Observe the instance.
-    // TODO: Need to include public inputs as well.
     challenger.observe_hash(&common_data.circuit_digest);
+    challenger.observe_hash(&public_inputs_hash);
 
     challenger.observe_hash(&proof.wires_root);
     let betas = challenger.get_n_challenges(num_challenges);