From 7f6d90ee42e77e02990944e99b86cea9904af218 Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Wed, 13 Oct 2021 15:39:12 +0200 Subject: [PATCH] Clean `get_challenges` --- src/plonk/get_challenges.rs | 259 ++++++++++++++++++------------------ 1 file changed, 130 insertions(+), 129 deletions(-) diff --git a/src/plonk/get_challenges.rs b/src/plonk/get_challenges.rs index 44249f7b..bc6be2f7 100644 --- a/src/plonk/get_challenges.rs +++ b/src/plonk/get_challenges.rs @@ -2,15 +2,95 @@ use std::collections::HashSet; use crate::field::extension_field::Extendable; use crate::field::field_types::RichField; +use crate::fri::proof::{CompressedFriProof, FriProof}; use crate::fri::verifier::{compute_evaluation, fri_combine_initial, PrecomputedReducedEvals}; +use crate::hash::hash_types::HashOut; use crate::hash::hashing::hash_n_to_1; +use crate::hash::merkle_tree::MerkleCap; use crate::iop::challenger::Challenger; use crate::plonk::circuit_data::CommonCircuitData; use crate::plonk::proof::{ - CompressedProofWithPublicInputs, FriInferredElements, ProofChallenges, ProofWithPublicInputs, + CompressedProof, CompressedProofWithPublicInputs, FriInferredElements, OpeningSet, Proof, + ProofChallenges, ProofWithPublicInputs, }; +use crate::polynomial::polynomial::PolynomialCoeffs; use crate::util::reverse_bits; +fn get_challenges, const D: usize>( + public_inputs_hash: HashOut, + wires_cap: &MerkleCap, + plonk_zs_partial_products_cap: &MerkleCap, + quotient_polys_cap: &MerkleCap, + openings: &OpeningSet, + commit_phase_merkle_caps: &[MerkleCap], + final_poly: &PolynomialCoeffs, + pow_witness: F, + common_data: &CommonCircuitData, +) -> anyhow::Result> { + let config = &common_data.config; + let num_challenges = config.num_challenges; + let num_fri_queries = config.fri_config.num_query_rounds; + let lde_size = common_data.lde_size(); + + let mut challenger = Challenger::new(); + + // Observe the instance. + challenger.observe_hash(&common_data.circuit_digest); + challenger.observe_hash(&public_inputs_hash); + + challenger.observe_cap(wires_cap); + let plonk_betas = challenger.get_n_challenges(num_challenges); + let plonk_gammas = challenger.get_n_challenges(num_challenges); + + challenger.observe_cap(plonk_zs_partial_products_cap); + let plonk_alphas = challenger.get_n_challenges(num_challenges); + + challenger.observe_cap(quotient_polys_cap); + let plonk_zeta = challenger.get_extension_challenge(); + + challenger.observe_opening_set(openings); + + // Scaling factor to combine polynomials. + let fri_alpha = challenger.get_extension_challenge(); + + // Recover the random betas used in the FRI reductions. + let fri_betas = commit_phase_merkle_caps + .iter() + .map(|cap| { + challenger.observe_cap(cap); + challenger.get_extension_challenge() + }) + .collect(); + + challenger.observe_extension_elements(&final_poly.coeffs); + + let fri_pow_response = hash_n_to_1( + challenger + .get_hash() + .elements + .iter() + .copied() + .chain(Some(pow_witness)) + .collect(), + false, + ); + + let fri_query_indices = (0..num_fri_queries) + .map(|_| challenger.get_challenge().to_canonical_u64() as usize % lde_size) + .collect(); + + Ok(ProofChallenges { + plonk_betas, + plonk_gammas, + plonk_alphas, + plonk_zeta, + fri_alpha, + fri_betas, + fri_pow_response, + fri_query_indices, + }) +} + impl, const D: usize> ProofWithPublicInputs { pub(crate) fn fri_query_indices( &self, @@ -23,71 +103,31 @@ impl, const D: usize> ProofWithPublicInputs { &self, common_data: &CommonCircuitData, ) -> anyhow::Result> { - let config = &common_data.config; - let num_challenges = config.num_challenges; - let num_fri_queries = config.fri_config.num_query_rounds; - let lde_size = common_data.lde_size(); + let Proof { + wires_cap, + plonk_zs_partial_products_cap, + quotient_polys_cap, + openings, + opening_proof: + FriProof { + commit_phase_merkle_caps, + final_poly, + pow_witness, + .. + }, + } = &self.proof; - let mut challenger = Challenger::new(); - - // Observe the instance. - challenger.observe_hash(&common_data.circuit_digest); - challenger.observe_hash(&self.get_public_inputs_hash()); - - challenger.observe_cap(&self.proof.wires_cap); - let plonk_betas = challenger.get_n_challenges(num_challenges); - let plonk_gammas = challenger.get_n_challenges(num_challenges); - - challenger.observe_cap(&self.proof.plonk_zs_partial_products_cap); - let plonk_alphas = challenger.get_n_challenges(num_challenges); - - challenger.observe_cap(&self.proof.quotient_polys_cap); - let plonk_zeta = challenger.get_extension_challenge(); - - challenger.observe_opening_set(&self.proof.openings); - - // Scaling factor to combine polynomials. - let fri_alpha = challenger.get_extension_challenge(); - - // Recover the random betas used in the FRI reductions. - let fri_betas = self - .proof - .opening_proof - .commit_phase_merkle_caps - .iter() - .map(|cap| { - challenger.observe_cap(cap); - challenger.get_extension_challenge() - }) - .collect(); - - challenger.observe_extension_elements(&self.proof.opening_proof.final_poly.coeffs); - - let fri_pow_response = hash_n_to_1( - challenger - .get_hash() - .elements - .iter() - .copied() - .chain(Some(self.proof.opening_proof.pow_witness)) - .collect(), - false, - ); - - let fri_query_indices = (0..num_fri_queries) - .map(|_| challenger.get_challenge().to_canonical_u64() as usize % lde_size) - .collect(); - - Ok(ProofChallenges { - plonk_betas, - plonk_gammas, - plonk_alphas, - plonk_zeta, - fri_alpha, - fri_betas, - fri_pow_response, - fri_query_indices, - }) + get_challenges( + self.get_public_inputs_hash(), + wires_cap, + plonk_zs_partial_products_cap, + quotient_polys_cap, + openings, + commit_phase_merkle_caps, + final_poly, + *pow_witness, + common_data, + ) } } @@ -96,72 +136,33 @@ impl, const D: usize> CompressedProofWithPublicInpu &self, common_data: &CommonCircuitData, ) -> anyhow::Result> { - let config = &common_data.config; - let num_challenges = config.num_challenges; - let num_fri_queries = config.fri_config.num_query_rounds; - let lde_size = common_data.lde_size(); + let CompressedProof { + wires_cap, + plonk_zs_partial_products_cap, + quotient_polys_cap, + openings, + opening_proof: + CompressedFriProof { + commit_phase_merkle_caps, + final_poly, + pow_witness, + .. + }, + } = &self.proof; - let mut challenger = Challenger::new(); - - // Observe the instance. - challenger.observe_hash(&common_data.circuit_digest); - challenger.observe_hash(&self.get_public_inputs_hash()); - - challenger.observe_cap(&self.proof.wires_cap); - let plonk_betas = challenger.get_n_challenges(num_challenges); - let plonk_gammas = challenger.get_n_challenges(num_challenges); - - challenger.observe_cap(&self.proof.plonk_zs_partial_products_cap); - let plonk_alphas = challenger.get_n_challenges(num_challenges); - - challenger.observe_cap(&self.proof.quotient_polys_cap); - let plonk_zeta = challenger.get_extension_challenge(); - - challenger.observe_opening_set(&self.proof.openings); - - // Scaling factor to combine polynomials. - let fri_alpha = challenger.get_extension_challenge(); - - // Recover the random betas used in the FRI reductions. - let fri_betas = self - .proof - .opening_proof - .commit_phase_merkle_caps - .iter() - .map(|cap| { - challenger.observe_cap(cap); - challenger.get_extension_challenge() - }) - .collect::>(); - - challenger.observe_extension_elements(&self.proof.opening_proof.final_poly.coeffs); - - let fri_pow_response = hash_n_to_1( - challenger - .get_hash() - .elements - .iter() - .copied() - .chain(Some(self.proof.opening_proof.pow_witness)) - .collect(), - false, - ); - - let fri_query_indices = (0..num_fri_queries) - .map(|_| challenger.get_challenge().to_canonical_u64() as usize % lde_size) - .collect::>(); - - Ok(ProofChallenges { - plonk_betas, - plonk_gammas, - plonk_alphas, - plonk_zeta, - fri_alpha, - fri_betas, - fri_pow_response, - fri_query_indices, - }) + get_challenges( + self.get_public_inputs_hash(), + wires_cap, + plonk_zs_partial_products_cap, + quotient_polys_cap, + openings, + commit_phase_merkle_caps, + final_poly, + *pow_witness, + common_data, + ) } + pub(crate) fn get_inferred_elements( &self, challenges: &ProofChallenges,