Don't check Frobenius if D=1.

2026-01-07 16:23:12 +00:00 · 2021-05-31 18:00:53 +02:00 · 2021-05-31 18:00:53 +02:00 · 6ee9ceacd5
commit 6ee9ceacd5
parent abc0ca3bf1
2 changed files with 42 additions and 41 deletions
--- a/src/fri/verifier.rs
+++ b/src/fri/verifier.rs
@ -237,25 +237,27 @@ fn fri_combine_initial<F: Field + Extendable<D>, const D: usize>(
    dbg!(cur_alpha);
    cur_alpha = alpha.exp(poly_count);
-    let ev = proof.evals_proofs[2].0
+    if D > 1 {
-        [..proof.evals_proofs[2].0.len() - if config.blinding[2] { SALT_SIZE } else { 0 }]
+        let ev = proof.evals_proofs[2].0
-        .iter()
+            [..proof.evals_proofs[2].0.len() - if config.blinding[2] { SALT_SIZE } else { 0 }]
-        .rev()
+            .iter()
-        .fold(F::Extension::ZERO, |acc, &e| {
+            .rev()
-            poly_count += 1;
+            .fold(F::Extension::ZERO, |acc, &e| {
-            alpha * acc + e.into()
+                poly_count += 1;
-        });
+                alpha * acc + e.into()
-    let zeta_frob = zeta.frobenius();
+            });
-    let wire_evals_frob = os.wires.iter().map(|e| e.frobenius()).collect::<Vec<_>>();
+        let zeta_frob = zeta.frobenius();
-    let wires_interpol = interpolant(&[
+        let wire_evals_frob = os.wires.iter().map(|e| e.frobenius()).collect::<Vec<_>>();
-        (zeta, reduce_with_powers(&os.wires, alpha)),
+        let wires_interpol = interpolant(&[
-        (zeta_frob, reduce_with_powers(&wire_evals_frob, alpha)),
+            (zeta, reduce_with_powers(&os.wires, alpha)),
-    ]);
+            (zeta_frob, reduce_with_powers(&wire_evals_frob, alpha)),
-    let numerator = ev - wires_interpol.eval(subgroup_x.into());
+        ]);
-    let denominator = (F::Extension::from_basefield(subgroup_x) - zeta)
+        let numerator = ev - wires_interpol.eval(subgroup_x.into());
-        * (F::Extension::from_basefield(subgroup_x) - zeta_frob);
+        let denominator = (F::Extension::from_basefield(subgroup_x) - zeta)
-    e += cur_alpha * numerator / denominator;
+            * (F::Extension::from_basefield(subgroup_x) - zeta_frob);
-    cur_alpha = alpha.exp(poly_count);
+        e += cur_alpha * numerator / denominator;
        cur_alpha = alpha.exp(poly_count);
    }
    e
 }
--- a/src/polynomial/commitment.rs
+++ b/src/polynomial/commitment.rs
@ -403,27 +403,27 @@ impl<F: Field> ListPolynomialCommitment<F> {
        }
        cur_alpha = alpha.exp(poly_count);
-        let wires_composition_poly =
+        if D > 1 {
-            commitments[2]
+            let wires_composition_poly = commitments[2].polynomials.iter().rev().fold(
-                .polynomials
+                PolynomialCoeffs::empty(),
-                .iter()
+                |acc, p| {
                .rev()
                .fold(PolynomialCoeffs::empty(), |acc, p| {
                    poly_count += 1;
                    &(&acc * alpha) + &p.to_extension()
-                });
+                },
-        let wire_evals_frob = os.wires.iter().map(|e| e.frobenius()).collect::<Vec<_>>();
+            );
-        let wires_composition_evals = [
+            let wire_evals_frob = os.wires.iter().map(|e| e.frobenius()).collect::<Vec<_>>();
-            reduce_with_powers(&os.wires, alpha),
+            let wires_composition_evals = [
-            reduce_with_powers(&wire_evals_frob, alpha),
+                reduce_with_powers(&os.wires, alpha),
-        ];
+                reduce_with_powers(&wire_evals_frob, alpha),
            ];
-        let wires_quotient = Self::compute_quotient(
+            let wires_quotient = Self::compute_quotient(
-            &[zeta, zeta.frobenius()],
+                &[zeta, zeta.frobenius()],
-            &wires_composition_evals,
+                &wires_composition_evals,
-            &wires_composition_poly,
+                &wires_composition_poly,
-        );
+            );
-        final_poly = &final_poly + &(&wires_quotient * cur_alpha);
+            final_poly = &final_poly + &(&wires_quotient * cur_alpha);
        }
        dbg!(final_poly.coeffs.len());
        let lde_final_poly = final_poly.lde(config.rate_bits);
@ -551,12 +551,11 @@ mod tests {
    fn check_batch_polynomial_commitment<F: Field + Extendable<D>, const D: usize>() -> Result<()> {
        let ks = [1, 2, 3, 5, 8];
-        let degree_log = 2;
+        let degree_log = 11;
        let fri_config = FriConfig {
            proof_of_work_bits: 2,
-            rate_bits: 1,
+            rate_bits: 2,
-            // reduction_arity_bits: vec![2, 3, 1, 2],
+            reduction_arity_bits: vec![2, 3, 1, 2],
            reduction_arity_bits: vec![1],
            num_query_rounds: 3,
            blinding: vec![false, false, false, false, false],
            check_basefield: vec![false, false, false],