diff --git a/src/bin/bench_recursion.rs b/src/bin/bench_recursion.rs index bb38c8aa..19068c77 100644 --- a/src/bin/bench_recursion.rs +++ b/src/bin/bench_recursion.rs @@ -37,7 +37,7 @@ fn bench_prove() { num_checks: 3, fri_config: FriConfig { proof_of_work_bits: 1, - rate_bits: 1, + rate_bits: 3, reduction_arity_bits: vec![1], num_query_rounds: 1, blinding: true, diff --git a/src/polynomial/commitment.rs b/src/polynomial/commitment.rs index 6454874e..f6371e30 100644 --- a/src/polynomial/commitment.rs +++ b/src/polynomial/commitment.rs @@ -53,6 +53,11 @@ impl ListPolynomialCommitment { } } + pub fn leaf(&self, index: usize) -> &[F] { + let leaf = &self.merkle_tree.leaves[index]; + &leaf[0..leaf.len() - if self.fri_config.blinding { 2 } else { 0 }] + } + pub fn open( &self, points: &[F], @@ -166,10 +171,14 @@ impl ListPolynomialCommitment { .map(|p| p.clone().into()) .fold(Polynomial::empty(), |acc, p| acc.scalar_mul(alpha).add(&p)); // Scale evaluations by `alpha`. - let composition_evals = evaluations + let composition_evals = &evaluations .iter() - .flatten() - .map(|e| reduce_with_powers(e, alpha)) + .map(|v| { + v.iter() + .flatten() + .rev() + .fold(F::ZERO, |acc, &e| acc * alpha + e) + }) .collect::>(); let quotient = Self::compute_quotient(points, &composition_evals, &composition_poly); @@ -256,21 +265,33 @@ impl OpeningProof { pub fn verify( &self, points: &[F], - evaluations: &[Vec], + evaluations: &[Vec>], merkle_roots: &[Hash], challenger: &mut Challenger, fri_config: &FriConfig, ) -> Result<()> { - for evals in evaluations { - challenger.observe_elements(evals); + for evals_per_point in evaluations { + for evals in evals_per_point { + challenger.observe_elements(evals); + } } let alpha = challenger.get_challenge(); let scaled_evals = evaluations .iter() - .map(|e| reduce_with_powers(e, alpha)) + .map(|v| { + v.iter() + .flatten() + .rev() + .fold(F::ZERO, |acc, &e| acc * alpha + e) + }) .collect::>(); + // let scaled_evals = evaluations + // .iter() + // .flatten() + // .map(|e| reduce_with_powers(e, alpha)) + // .collect::>(); let pairs = points .iter() @@ -334,7 +355,7 @@ mod tests { let (proof, evaluations) = lpc.open(&points, &mut Challenger::new()); proof.verify( &points, - &evaluations, + &evaluations.into_iter().map(|e| vec![e]).collect::>(), &[lpc.merkle_tree.root], &mut Challenger::new(), &fri_config, @@ -361,7 +382,7 @@ mod tests { let (proof, evaluations) = lpc.open(&points, &mut Challenger::new()); proof.verify( &points, - &evaluations, + &evaluations.into_iter().map(|e| vec![e]).collect::>(), &[lpc.merkle_tree.root], &mut Challenger::new(), &fri_config, diff --git a/src/proof.rs b/src/proof.rs index 76163bd6..ff28abc7 100644 --- a/src/proof.rs +++ b/src/proof.rs @@ -1,6 +1,6 @@ use crate::field::field::Field; use crate::merkle_proofs::{MerkleProof, MerkleProofTarget}; -use crate::polynomial::commitment::ListPolynomialCommitment; +use crate::polynomial::commitment::{ListPolynomialCommitment, OpeningProof}; use crate::polynomial::polynomial::PolynomialCoeffs; use crate::target::Target; use std::convert::TryInto; @@ -66,7 +66,7 @@ pub struct Proof { pub openings: Vec>, /// A FRI argument for each FRI query. - pub fri_proofs: Vec>, + pub opening_proof: OpeningProof, } pub struct ProofTarget { diff --git a/src/prover.rs b/src/prover.rs index 7536461f..ab7b89cb 100644 --- a/src/prover.rs +++ b/src/prover.rs @@ -89,8 +89,8 @@ pub(crate) fn prove( compute_vanishing_polys( common_data, prover_data, - &wires_commitment.merkle_tree, - &plonk_zs_commitment.merkle_tree, + &wires_commitment, + &plonk_zs_commitment, &betas, &gammas, &alphas, @@ -120,7 +120,7 @@ pub(crate) fn prove( let num_zetas = 2; let zetas = challenger.get_n_challenges(num_zetas); - let (fri_proofs, openings) = ListPolynomialCommitment::batch_open_plonk( + let (opening_proof, openings) = ListPolynomialCommitment::batch_open_plonk( &[ &prover_data.constants_commitment, &prover_data.sigmas_commitment, @@ -142,7 +142,7 @@ pub(crate) fn prove( plonk_zs_root: plonk_zs_commitment.merkle_tree.root, quotient_polys_root: quotient_polys_commitment.merkle_tree.root, openings, - fri_proofs: todo!(), + opening_proof, } } @@ -160,8 +160,8 @@ fn compute_z(common_data: &CommonCircuitData, i: usize) -> Polynomi fn compute_vanishing_polys( common_data: &CommonCircuitData, prover_data: &ProverOnlyCircuitData, - wires_tree: &MerkleTree, - plonk_zs_tree: &MerkleTree, + wires_commitment: &ListPolynomialCommitment, + plonk_zs_commitment: &ListPolynomialCommitment, betas: &[F], gammas: &[F], alphas: &[F], @@ -172,15 +172,16 @@ fn compute_vanishing_polys( let points = F::cyclic_subgroup_known_order(lde_gen, lde_size); let values: Vec> = points - .into_par_iter() + // .into_par_iter() + .into_iter() .enumerate() .map(|(i, x)| { let i_next = (i + 1) % lde_size; - let local_wires = &wires_tree.leaves[i]; - let local_constants = &prover_data.constants_commitment.merkle_tree.leaves[i]; - let local_plonk_zs = &plonk_zs_tree.leaves[i]; - let next_plonk_zs = &plonk_zs_tree.leaves[i_next]; - let s_sigmas = &prover_data.sigmas_commitment.merkle_tree.leaves[i]; + let local_wires = wires_commitment.leaf(i); + let local_constants = prover_data.constants_commitment.leaf(i); + let local_plonk_zs = plonk_zs_commitment.leaf(i); + let next_plonk_zs = plonk_zs_commitment.leaf(i); + let s_sigmas = prover_data.sigmas_commitment.leaf(i); debug_assert_eq!(local_wires.len(), common_data.config.num_wires); debug_assert_eq!(local_plonk_zs.len(), num_checks);