diff --git a/src/fri.rs b/src/fri.rs index 550560a6..30c01e03 100644 --- a/src/fri.rs +++ b/src/fri.rs @@ -1,4 +1,3 @@ -use crate::field::fft::fft; use crate::field::field::Field; use crate::field::lagrange::{barycentric_weights, interpolant, interpolate}; use crate::hash::hash_n_to_1; @@ -204,9 +203,7 @@ fn fri_prover_query_round( let mut query_steps = Vec::new(); // TODO: Challenger doesn't change between query rounds, so x is always the same. let x = challenger.get_challenge(); - let mut domain_size = n; let mut x_index = x.to_canonical_u64() as usize % n; - let mut x_index = 0; let initial_proof = initial_merkle_trees .iter() .map(|t| (t.get(x_index).to_vec(), t.prove(x_index))) @@ -215,7 +212,6 @@ fn fri_prover_query_round( let arity_bits = config.reduction_arity_bits[i]; let arity = 1 << arity_bits; let mut evals = tree.get(x_index >> arity_bits).to_vec(); - dbg!(i, x_index, x_index & (arity - 1), &evals); evals.remove(x_index & (arity - 1)); let merkle_proof = tree.prove(x_index >> arity_bits); @@ -224,7 +220,6 @@ fn fri_prover_query_round( merkle_proof, }); - domain_size >>= arity_bits; x_index >>= arity_bits; } FriQueryRound { @@ -275,13 +270,6 @@ pub fn verify_fri_proof( config: &FriConfig, ) -> Result<()> { let total_arities = config.reduction_arity_bits.iter().sum::(); - dbg!( - purported_degree_log, - log2_strict(proof.final_poly.len()) + total_arities - config.rate_bits, - log2_strict(proof.final_poly.len()), - total_arities, - config.rate_bits, - ); ensure!( purported_degree_log == log2_strict(proof.final_poly.len()) + total_arities - config.rate_bits, @@ -315,7 +303,6 @@ pub fn verify_fri_proof( "Number of reductions should be non-zero." ); - dbg!(&points); let interpolant = interpolant(points); for round_proof in &proof.query_round_proofs { fri_verifier_query_round( @@ -354,11 +341,6 @@ fn fri_combine_initial( points: &[(F, F)], subgroup_x: F, ) -> F { - dbg!(proof - .evals_proofs - .iter() - .map(|(v, _)| v) - .collect::>()); let e = proof .evals_proofs .iter() @@ -366,12 +348,8 @@ fn fri_combine_initial( .flatten() .rev() .fold(F::ZERO, |acc, &e| alpha * acc + e); - dbg!(e); let numerator = e - interpolant.eval(subgroup_x); - dbg!(numerator); - dbg!(&points); - let denominator = points.iter().fold(F::ONE, |acc, &(x, _)| subgroup_x - x); - dbg!(denominator); + let denominator = points.iter().map(|&(x, _)| subgroup_x - x).product(); numerator / denominator } @@ -391,7 +369,6 @@ fn fri_verifier_query_round( let x = challenger.get_challenge(); let mut domain_size = n; let mut x_index = x.to_canonical_u64() as usize % n; - let mut x_index = 0; fri_verify_initial_proof( x_index, &round_proof.initial_trees_proof, @@ -428,7 +405,6 @@ fn fri_verifier_query_round( // Insert P(y) into the evaluation vector, since it wasn't included by the prover. evals.insert(x_index & (arity - 1), e_x); evaluations.push(evals); - dbg!(i, &evaluations[i]); verify_merkle_proof( evaluations[i].clone(), x_index >> arity_bits, diff --git a/src/polynomial/commitment.rs b/src/polynomial/commitment.rs index 601d3b30..ee9d49c4 100644 --- a/src/polynomial/commitment.rs +++ b/src/polynomial/commitment.rs @@ -1,13 +1,11 @@ -use crate::field::fft::fft; use crate::field::field::Field; -use crate::field::lagrange::{interpolant, interpolate}; +use crate::field::lagrange::interpolant; use crate::fri::{fri_proof, verify_fri_proof, FriConfig}; -use crate::merkle_proofs::verify_merkle_proof; use crate::merkle_tree::MerkleTree; use crate::plonk_challenger::Challenger; use crate::plonk_common::reduce_with_powers; use crate::polynomial::old_polynomial::Polynomial; -use crate::polynomial::polynomial::{PolynomialCoeffs, PolynomialValues}; +use crate::polynomial::polynomial::PolynomialCoeffs; use crate::proof::{FriProof, Hash}; use crate::util::{log2_strict, reverse_index_bits_in_place, transpose}; use anyhow::Result; @@ -27,7 +25,7 @@ impl ListPolynomialCommitment { blinding: bool, ) -> Self { let degree = polynomials[0].len(); - let mut lde_values = polynomials + let lde_values = polynomials .iter() .map(|p| { assert_eq!(p.len(), degree, "Polynomial degree invalid."); @@ -82,18 +80,12 @@ impl ListPolynomialCommitment { challenger.observe_hash(&self.merkle_tree.root); let alpha = challenger.get_challenge(); - dbg!(self - .polynomials - .iter() - .map(|p| p.eval(F::MULTIPLICATIVE_GROUP_GENERATOR)) - .collect::>()); let scaled_poly = self .polynomials .iter() .rev() .map(|p| p.clone().into()) .fold(Polynomial::empty(), |acc, p| acc.scalar_mul(alpha).add(&p)); - dbg!(scaled_poly.eval(F::MULTIPLICATIVE_GROUP_GENERATOR)); let scaled_evals = evaluations .iter() .map(|e| reduce_with_powers(e, alpha)) @@ -106,30 +98,21 @@ impl ListPolynomialCommitment { .collect::>(); debug_assert!(pairs.iter().all(|&(x, e)| scaled_poly.eval(x) == e)); - dbg!(&pairs); let interpolant: Polynomial = interpolant(&pairs).into(); let denominator = points .iter() .fold(Polynomial::from(vec![F::ONE]), |acc, &x| { acc.mul(&vec![-x, F::ONE].into()) }); - dbg!(&denominator); let numerator = scaled_poly.add(&interpolant.neg()); - for x in points { - dbg!(numerator.eval(*x)); - } - dbg!(numerator.eval(F::MULTIPLICATIVE_GROUP_GENERATOR)); - dbg!(denominator.eval(F::MULTIPLICATIVE_GROUP_GENERATOR)); - let (mut quotient, rem) = numerator.polynomial_long_division(&denominator); - dbg!(&numerator); - dbg!(quotient.mul(&denominator).add(&rem)); - dbg!("ient); - dbg!(&rem); + let (mut quotient, rem) = numerator.polynomial_division(&denominator); debug_assert!(rem.is_zero()); - quotient.pad(quotient.degree().next_power_of_two()); + quotient.pad((quotient.degree() + 1).next_power_of_two()); let lde_quotient = PolynomialCoeffs::from(quotient.clone()).lde(self.fri_config.rate_bits); - let lde_quotient_values = fft(lde_quotient.clone()); + let lde_quotient_values = lde_quotient + .clone() + .coset_fft(F::MULTIPLICATIVE_GROUP_GENERATOR); let fri_proof = fri_proof( &[self.merkle_tree.clone()], @@ -181,7 +164,6 @@ impl OpeningProof { .map(|(&x, &e)| (x, e)) .collect::>(); - dbg!(self.quotient_degree); verify_fri_proof( log2_strict(self.quotient_degree), &pairs, @@ -204,27 +186,25 @@ mod tests { fn test_polynomial_commitment() -> Result<()> { type F = CrandallField; - let k = 1; - let degree_log = 3; + let k = 10; + let degree_log = 11; let degree = 1 << degree_log; let fri_config = FriConfig { proof_of_work_bits: 2, rate_bits: 2, - reduction_arity_bits: vec![3, 2, 1], - num_query_rounds: 1, + reduction_arity_bits: vec![3, 2, 1, 2], + num_query_rounds: 3, }; let polys = (0..k) - // .map(|_| PolynomialCoeffs::new((0..degree).map(|_| F::rand()).collect())) - .map(|_| PolynomialCoeffs::new((0..degree).map(|i| F::from_canonical_u64(i)).collect())) + .map(|_| PolynomialCoeffs::new((0..degree).map(|_| F::rand()).collect())) .collect(); let lpc = ListPolynomialCommitment::new(polys, &fri_config, false); let num_points = 3; let points = (0..num_points).map(|_| F::rand()).collect::>(); - let points = vec![-F::TWO, -F::ONE - F::TWO, -F::TWO - F::TWO]; let proof = lpc.open(&points, &mut Challenger::new()); diff --git a/src/polynomial/old_polynomial.rs b/src/polynomial/old_polynomial.rs index 31002b01..dff12e2b 100644 --- a/src/polynomial/old_polynomial.rs +++ b/src/polynomial/old_polynomial.rs @@ -276,16 +276,11 @@ impl Polynomial { let cur_q_degree = remainder.degree() - b_degree; quotient[cur_q_degree] = cur_q_coeff; - dbg!(cur_q_coeff, cur_q_degree); - dbg!(&b); for (i, &div_coeff) in b.iter().enumerate() { - dbg!(i, div_coeff, remainder[cur_q_degree + i]); remainder[cur_q_degree + i] = remainder[cur_q_degree + i] - (cur_q_coeff * div_coeff); - dbg!(remainder[cur_q_degree + i]); } remainder.trim(); - dbg!(&remainder); } (quotient, remainder) }